From: Paolo Bonzini <pbonzini@redhat.com>
To: Richard Henderson <richard.henderson@linaro.org>
Cc: qemu-devel@nongnu.org, qemu-stable@nongnu.org
Subject: Re: [PATCH] target/i386: always go through gen_eob*()
Date: Sat, 25 May 2024 10:57:55 +0200 [thread overview]
Message-ID: <CABgObfZSt9HT+1ogJaa48=FWYNHM3bES8DFZVypN8e06Qo4oxA@mail.gmail.com> (raw)
In-Reply-To: <d41e0504-aa75-4d88-93c4-a30843ea3942@linaro.org>
On Fri, May 24, 2024 at 6:51 PM Richard Henderson
<richard.henderson@linaro.org> wrote:
> > static void gen_set_hflag(DisasContext *s, uint32_t mask)
> > @@ -2354,7 +2354,7 @@ static void gen_jmp_rel(DisasContext *s, MemOp ot, int diff, int tb_num)
> > tcg_gen_movi_tl(cpu_eip, new_eip);
> > }
> > tcg_gen_exit_tb(s->base.tb, tb_num);
> > - s->base.is_jmp = DISAS_NORETURN;
> > + s->base.is_jmp = DISAS_EOB_ONLY;
>
> This is wrong because exit_tb exits, and anything you add after is unreachable.
> I think you simply want to remove the exit_tb call as well, but there may be more cleanup
> possible in the wider context; I haven't checked.
Ok, I'll check this one more closely.
> > @@ -3769,7 +3769,7 @@ static void disas_insn_old(DisasContext *s, CPUState *cpu, int b)
> > gen_helper_vmrun(tcg_env, tcg_constant_i32(s->aflag - 1),
> > cur_insn_len_i32(s));
> > tcg_gen_exit_tb(NULL, 0);
> > - s->base.is_jmp = DISAS_NORETURN;
> > + s->base.is_jmp = DISAS_EOB_ONLY;
>
> Calls exit_tb, which is probably bogus here and EOB_ONLY is correct.
> But I'd need to look deeper into what vmrun does.
This is correct, but do_vmexit() needs to clear RF and handle
singlestep, and the helper needs to clear HF_INHIBIT_IRQ_MASK. In this
respect VMRUN/vmexit are is not unlike SYSRET/SYSCALL respectively,
except that EFLAGS.TF is never set right after VMRUN. That is, the
guest EFLAGS value has its effect only after the first instruction in
the guest, while the SYSCALL EFLAGS value interrupts before the first
instruction in CPL0.
> > @@ -1642,7 +1642,7 @@ static void gen_HLT(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
> > gen_update_cc_op(s);
> > gen_update_eip_cur(s);
> > gen_helper_hlt(tcg_env, cur_insn_len_i32(s));
> > - s->base.is_jmp = DISAS_NORETURN;
> > + s->base.is_jmp = DISAS_EOB_ONLY;
>
> noreturn.
>
> > @@ -4022,7 +4022,7 @@ static void gen_XCHG(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
> > gen_update_cc_op(s);
> > gen_update_eip_cur(s);
> > gen_helper_pause(tcg_env, cur_insn_len_i32(s));
> > - s->base.is_jmp = DISAS_NORETURN;
> > + s->base.is_jmp = DISAS_EOB_ONLY;
>
> noreturn.
But these should handle HF_INHIBIT_IRQ_MASK/RF/TF and they don't
(except for HLT clearing HF_INHIBIT_IRQ_MASK). So there is a bug but
it's in the helpers.
Paolo
prev parent reply other threads:[~2024-05-25 8:59 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-24 15:33 [PATCH] target/i386: always go through gen_eob*() Paolo Bonzini
2024-05-24 16:50 ` Richard Henderson
2024-05-25 8:57 ` Paolo Bonzini [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CABgObfZSt9HT+1ogJaa48=FWYNHM3bES8DFZVypN8e06Qo4oxA@mail.gmail.com' \
--to=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
--cc=richard.henderson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).