[PATCH v2] target/i386: fix stack size when delivering real mode interrupts

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [PATCH v2] target/i386: fix stack size when delivering real mode interrupts
@ 2025-11-15  1:54 Paolo Bonzini
  2025-11-15 12:25 ` Richard Henderson
  0 siblings, 1 reply; 3+ messages in thread
From: Paolo Bonzini @ 2025-11-15  1:54 UTC (permalink / raw)
  To: qemu-devel

The stack can be 32-bit even in real mode, and in this case
the stack pointer must be updated in its entirety rather than
just the bottom 16 bits.  The same is true of real mode IRET,
for which there was even a comment suggesting the right thing
to do.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1506
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 target/i386/tcg/seg_helper.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/i386/tcg/seg_helper.c b/target/i386/tcg/seg_helper.c
index 667b1c38696..227336c4ef2 100644
--- a/target/i386/tcg/seg_helper.c
+++ b/target/i386/tcg/seg_helper.c
@@ -1161,7 +1161,7 @@ static void do_interrupt_real(CPUX86State *env, int intno, int is_int,
     sa.env = env;
     sa.ra = 0;
     sa.sp = env->regs[R_ESP];
-    sa.sp_mask = 0xffff;
+    sa.sp_mask = get_sp_mask(env->segs[R_SS].flags);
     sa.ss_base = env->segs[R_SS].base;
     sa.mmu_index = x86_mmu_index_pl(env, 0);
 
@@ -1964,7 +1964,7 @@ void helper_iret_real(CPUX86State *env, int shift)
     sa.env = env;
     sa.ra = GETPC();
     sa.mmu_index = x86_mmu_index_pl(env, 0);
-    sa.sp_mask = 0xffff; /* XXXX: use SS segment size? */
+    sa.sp_mask = get_sp_mask(env->segs[R_SS].flags);
     sa.sp = env->regs[R_ESP];
     sa.ss_base = env->segs[R_SS].base;
 
-- 
2.51.1



^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH v2] target/i386: fix stack size when delivering real mode interrupts
  2025-11-15  1:54 [PATCH v2] target/i386: fix stack size when delivering real mode interrupts Paolo Bonzini
@ 2025-11-15 12:25 ` Richard Henderson
  2025-11-17  8:48   ` Paolo Bonzini
  0 siblings, 1 reply; 3+ messages in thread
From: Richard Henderson @ 2025-11-15 12:25 UTC (permalink / raw)
  To: Paolo Bonzini, qemu-devel

On 11/15/25 02:54, Paolo Bonzini wrote:
> The stack can be 32-bit even in real mode, and in this case
> the stack pointer must be updated in its entirety rather than
> just the bottom 16 bits.  The same is true of real mode IRET,
> for which there was even a comment suggesting the right thing
> to do.
> 
> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1506
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
>   target/i386/tcg/seg_helper.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)


Applied, thanks.  Please update https://wiki.qemu.org/ChangeLog/10.2 as appropriate.

r~

> 
> diff --git a/target/i386/tcg/seg_helper.c b/target/i386/tcg/seg_helper.c
> index 667b1c38696..227336c4ef2 100644
> --- a/target/i386/tcg/seg_helper.c
> +++ b/target/i386/tcg/seg_helper.c
> @@ -1161,7 +1161,7 @@ static void do_interrupt_real(CPUX86State *env, int intno, int is_int,
>       sa.env = env;
>       sa.ra = 0;
>       sa.sp = env->regs[R_ESP];
> -    sa.sp_mask = 0xffff;
> +    sa.sp_mask = get_sp_mask(env->segs[R_SS].flags);
>       sa.ss_base = env->segs[R_SS].base;
>       sa.mmu_index = x86_mmu_index_pl(env, 0);
>   
> @@ -1964,7 +1964,7 @@ void helper_iret_real(CPUX86State *env, int shift)
>       sa.env = env;
>       sa.ra = GETPC();
>       sa.mmu_index = x86_mmu_index_pl(env, 0);
> -    sa.sp_mask = 0xffff; /* XXXX: use SS segment size? */
> +    sa.sp_mask = get_sp_mask(env->segs[R_SS].flags);
>       sa.sp = env->regs[R_ESP];
>       sa.ss_base = env->segs[R_SS].base;
>   



^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH v2] target/i386: fix stack size when delivering real mode interrupts
  2025-11-15 12:25 ` Richard Henderson
@ 2025-11-17  8:48   ` Paolo Bonzini
  0 siblings, 0 replies; 3+ messages in thread
From: Paolo Bonzini @ 2025-11-17  8:48 UTC (permalink / raw)
  To: Richard Henderson, qemu-stable; +Cc: qemu-devel

On Sat, Nov 15, 2025 at 1:25 PM Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> On 11/15/25 02:54, Paolo Bonzini wrote:
> > The stack can be 32-bit even in real mode, and in this case
> > the stack pointer must be updated in its entirety rather than
> > just the bottom 16 bits.  The same is true of real mode IRET,
> > for which there was even a comment suggesting the right thing
> > to do.
> >
> > Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1506
> > Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> > ---
> >   target/i386/tcg/seg_helper.c | 4 ++--
> >   1 file changed, 2 insertions(+), 2 deletions(-)
>
> Applied, thanks.  Please update https://wiki.qemu.org/ChangeLog/10.2 as appropriate.

Cc: qemu-stable@nongnu.org



^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2025-11-17  8:49 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-11-15  1:54 [PATCH v2] target/i386: fix stack size when delivering real mode interrupts Paolo Bonzini
2025-11-15 12:25 ` Richard Henderson
2025-11-17  8:48   ` Paolo Bonzini

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).