From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: rrh.henry@gmail.com, richard.henderson@linaro.org
Subject: [PATCH 08/10] target/i386/tcg: check for correct busy state before switching to a new task
Date: Wed, 10 Jul 2024 08:29:18 +0200 [thread overview]
Message-ID: <20240710062920.73063-9-pbonzini@redhat.com> (raw)
In-Reply-To: <20240710062920.73063-1-pbonzini@redhat.com>
This step is listed in the Intel manual: "Checks that the new task is available
(call, jump, exception, or interrupt) or busy (IRET return)".
The AMD manual lists the same operation under the "Preventing recursion"
paragraph of "12.3.4 Nesting Tasks", though it is not clear if the processor
checks the busy bit in the IRET case.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/tcg/seg_helper.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/target/i386/tcg/seg_helper.c b/target/i386/tcg/seg_helper.c
index 1430f477c43..25af9d4a4ec 100644
--- a/target/i386/tcg/seg_helper.c
+++ b/target/i386/tcg/seg_helper.c
@@ -306,6 +306,11 @@ static int switch_tss_ra(CPUX86State *env, int tss_selector,
old_tss_limit_max = 43;
}
+ /* new TSS must be busy iff the source is an IRET instruction */
+ if (!!(e2 & DESC_TSS_BUSY_MASK) != (source == SWITCH_TSS_IRET)) {
+ raise_exception_err_ra(env, EXCP0A_TSS, tss_selector & 0xfffc, retaddr);
+ }
+
/* read all the registers from the new TSS */
if (type & 8) {
/* 32 bit */
--
2.45.2
next prev parent reply other threads:[~2024-07-10 6:30 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-10 6:29 [PATCH 00/10] target/i386/tcg: fixes for seg_helper.c Paolo Bonzini
2024-07-10 6:29 ` [PATCH 01/10] target/i386/tcg: Remove SEG_ADDL Paolo Bonzini
2024-07-10 6:29 ` [PATCH 02/10] target/i386/tcg: Allow IRET from user mode to user mode with SMAP Paolo Bonzini
2024-07-10 15:22 ` Richard Henderson
2024-07-10 6:29 ` [PATCH 03/10] target/i386/tcg: use PUSHL/PUSHW for error code Paolo Bonzini
2024-07-10 15:24 ` Richard Henderson
2024-07-10 6:29 ` [PATCH 04/10] target/i386/tcg: Reorg push/pop within seg_helper.c Paolo Bonzini
2024-07-10 6:29 ` [PATCH 05/10] target/i386/tcg: Introduce x86_mmu_index_{kernel_,}pl Paolo Bonzini
2024-07-10 6:29 ` [PATCH 06/10] target/i386/tcg: Compute MMU index once Paolo Bonzini
2024-07-10 15:55 ` Richard Henderson
2024-07-10 6:29 ` [PATCH 07/10] target/i386/tcg: Use DPL-level accesses for interrupts and call gates Paolo Bonzini
2024-07-10 15:57 ` Richard Henderson
2024-10-18 16:02 ` Michael Tokarev
2024-10-25 15:26 ` Michael Tokarev
2024-10-25 15:28 ` Paolo Bonzini
2024-10-25 15:31 ` Michael Tokarev
2024-07-10 6:29 ` Paolo Bonzini [this message]
2024-07-10 15:58 ` [PATCH 08/10] target/i386/tcg: check for correct busy state before switching to a new task Richard Henderson
2024-07-10 6:29 ` [PATCH 09/10] target/i386/tcg: use X86Access for TSS access Paolo Bonzini
2024-07-10 16:45 ` Richard Henderson
2024-07-10 18:40 ` Paolo Bonzini
2024-07-11 6:28 ` Paolo Bonzini
2024-07-11 15:30 ` Richard Henderson
2024-07-10 6:29 ` [PATCH 10/10] target/i386/tcg: save current task state before loading new one Paolo Bonzini
2024-07-10 16:50 ` Richard Henderson
2024-07-10 21:00 ` [PATCH 00/10] target/i386/tcg: fixes for seg_helper.c Robert Henry
2024-07-10 21:08 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240710062920.73063-9-pbonzini@redhat.com \
--to=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=rrh.henry@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).