From mboxrd@z Thu Jan  1 00:00:00 1970
From: Fabio Fantoni <fabio.fantoni@m2r.biz>
Subject: Re: [PATCH] x86_emulate: properly do IP updates and
 other side effects on success
Date: Thu, 07 Aug 2014 16:40:32 +0200
Message-ID: <53E38FE0.8010704@m2r.biz>
References: <53E35543020000780002A09C@mail.emea.novell.com>
	<53E37E19.4000006@m2r.biz>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta5.messagelabs.com ([195.245.231.135])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <fabio.fantoni@m2r.biz>) id 1XFOrk-0004PP-Io
	for xen-devel@lists.xenproject.org; Thu, 07 Aug 2014 14:40:28 +0000
Received: by mail-wi0-f169.google.com with SMTP id n3so1128998wiv.4
	for <xen-devel@lists.xenproject.org>;
	Thu, 07 Aug 2014 07:40:26 -0700 (PDT)
In-Reply-To: <53E37E19.4000006@m2r.biz>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Jan Beulich <JBeulich@suse.com>, xen-devel <xen-devel@lists.xenproject.org>
Cc: Keir Fraser <keir@xen.org>
List-Id: xen-devel@lists.xenproject.org

Il 07/08/2014 15:24, Fabio Fantoni ha scritto:
> Il 07/08/2014 10:30, Jan Beulich ha scritto:
>> The two MMX/SSE/AVX code blocks failed to update IP properly, and these
>> as well as get_reg_refix(), which "manually" updated IP so far, failed
>> to do the TF and RF processing needed at the end of successfully
>> emulated instructions.
>>
>> Reported-by: Andrei LUTAS <vlutas@bitdefender.com>
>> Signed-off-by: Jan Beulich <jbeulich@suse.com>
>> Tested-by: Razvan Cojocaru <rcojocaru@bitdefender.com>
>
> Thanks for the patch, I tested it to see if solves also qxl on linux 
> domUs problem but with this patch the domU crashes and I cannot get a 
> backtrace or specific errors.
> xl create is ok, gdb on qemu close on domU's crash without having 
> backtrace and in xl dmesg I not saw errors.
> Setting preserve always in xl cfg I can only see that crash and do a 
> core dump but I not know how to use it to take a backtrace or any 
> other useful information.
> Someone can explain how to debug the problem for post all useful 
> informations please?
> In attachment for now I put xl -vvv create and xl dmesg output.
>
> Thanks for any reply and sorry for my bad english.

Now I also tried gdbsx:
gdbsx -a 2 64 9999
...
(gdb) target remote localhost:9999
Remote debugging using localhost:9999
[Switching to Remote target]
0x66666666 in ?? ()
(gdb) c
Continuing.

Program received signal SIGINT, Interrupt.
0x000000ff in ?? ()
(gdb) bt full
#0  0x000000ff in ?? ()
No symbol table info available.
Cannot access memory at address 0x6d2966c0

I not know if what I did is correct.

>
>>
>> --- a/xen/arch/x86/x86_emulate/x86_emulate.c
>> +++ b/xen/arch/x86/x86_emulate/x86_emulate.c
>> @@ -720,29 +720,26 @@ do{ uint8_t stub[] = { _bytes, 0xc3 };
>> put_fpu(&fic); \
>>   } while (0)
>>   -static unsigned long __get_rep_prefix(
>> -    struct cpu_user_regs *int_regs,
>> -    struct cpu_user_regs *ext_regs,
>> +static unsigned long _get_rep_prefix(
>> +    const struct cpu_user_regs *int_regs,
>>       int ad_bytes)
>>   {
>> -    unsigned long ecx = ((ad_bytes == 2) ? (uint16_t)int_regs->ecx :
>> -                         (ad_bytes == 4) ? (uint32_t)int_regs->ecx :
>> -                         int_regs->ecx);
>> -
>> -    /* Skip the instruction if no repetitions are required. */
>> -    if ( ecx == 0 )
>> -        ext_regs->eip = int_regs->eip;
>> -
>> -    return ecx;
>> +    return (ad_bytes == 2) ? (uint16_t)int_regs->ecx :
>> +           (ad_bytes == 4) ? (uint32_t)int_regs->ecx :
>> +           int_regs->ecx;
>>   }
>>     #define get_rep_prefix() 
>> ({                                             \
>>       unsigned long max_reps = 
>> 1;                                         \
>>       if ( rep_prefix() 
>> )                                                 \
>> -        max_reps = __get_rep_prefix(&_regs, ctxt->regs, 
>> ad_bytes);      \
>> +        max_reps = _get_rep_prefix(&_regs, 
>> ad_bytes);                   \
>>       if ( max_reps == 0 
>> )                                                \
>> -        goto 
>> done;                                                      \
>> - max_reps; \
>> + { \
>> +        /* Skip the instruction if no repetitions are required. 
>> */      \
>> +        dst.type = 
>> OP_NONE;                                             \
>> +        goto 
>> writeback;                                                 \
>> + } \
>> + max_reps; \
>>   })
>>     static void __put_rep_prefix(
>> @@ -3921,7 +3918,8 @@ x86_emulate(
>>           if ( !rc && (b & 1) && (ea.type == OP_MEM) )
>>               rc = ops->write(ea.mem.seg, ea.mem.off, mmvalp,
>>                               ea.bytes, ctxt);
>> -        goto done;
>> +        dst.type = OP_NONE;
>> +        break;
>>       }
>>         case 0x20: /* mov cr,reg */
>> @@ -4188,7 +4186,8 @@ x86_emulate(
>>           if ( !rc && (b != 0x6f) && (ea.type == OP_MEM) )
>>               rc = ops->write(ea.mem.seg, ea.mem.off, mmvalp,
>>                               ea.bytes, ctxt);
>> -        goto done;
>> +        dst.type = OP_NONE;
>> +        break;
>>       }
>>         case 0x80 ... 0x8f: /* jcc (near) */ {
>>
>>
>>
>>
>