From mboxrd@z Thu Jan 1 00:00:00 1970 From: Avi Kivity Subject: Re: LEAVE emulation infinite loop Date: Sun, 24 Apr 2011 10:14:43 +0300 Message-ID: <4DB3CDE3.6050404@redhat.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: kvm@vger.kernel.org To: Matteo Signorini Return-path: Received: from mx1.redhat.com ([209.132.183.28]:30349 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750807Ab1DXHOs (ORCPT ); Sun, 24 Apr 2011 03:14:48 -0400 In-Reply-To: Sender: kvm-owner@vger.kernel.org List-ID: On 04/24/2011 10:08 AM, Matteo Signorini wrote: > Hello everybody, > I have a problem with an opcode emulation not yet emulated in kvm-kmod > 2.6.38-rc7. > The opcode is the "LEAVE" that as Intel Manual says: > > "Set RSP to RBP, then pop RBP" > > The problem is that despite to the fact that the opcode of the leave > (C9) is correctly fetched and decoded, it falls in an infinite loop > (found by some printk debug prints) > > Now I'm wondering...the eip needed in order to continue the vm > execution is moved-on by the insns_fetch operation so after the first > byte decode of the LEAVE opcode I shouldn't execute it again...so what > I'm doing wrong? > > I posted here the diff output so you can see which changes I made on > kvm original source code > > > case 0xc5: /* lds */ > rc = emulate_load_segment(ctxt, ops, VCPU_SREG_DS); > break; > + case 0xc9: /* leave */ > + c->regs[VCPU_REGS_RSP] = c->regs[VCPU_REGS_RBP]; > + rc = emulate_pop_sreg(ctxt, ops, VCPU_REGS_RBP); > + goto done; > case 0xcb: /* ret far */ > rc = emulate_ret_far(ctxt, ops); > break; > > Why are you calling emulate_pop_sreg()? RBP is not a segment register. -- I have a truly marvellous patch that fixes the bug which this signature is too narrow to contain.