[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Re: [PATCH] [HVM] [x86_emulate] Disallow setting EFLAGS_TF through POPF

Trolle,

This is indeed bogus, since POPF certainly can be used to set TF. I don't
believe that real mode is a special case in this respect.

What it could be is that the instruction that sets TF should not itself
cause a debug exception when it is retired. So, if the end of the #DB
handler is POPF ; IRET, and the POPF is setting EFLAGS.TF, then this would
explain the endless (actually nested) handler execution.

Could test this by changing the EXC_DB injection in x86_emulate.c to check
ctxt->regs->eflags for TF before the line '*ctxt->regs = _regs'. This would
correctly correspond to using the value of EFLAGS.TF before the instruction
was executed.

 -- Keir

On 23/5/08 18:12, "Trolle Selander" <trolle.selander@xxxxxxxxxxxxx> wrote:

> This patch fixes the issue with running Freedos with HIMEM.SYS enabled.
> 
> The issue turns out to be that it sets the trap flag through a push &
> subsequent popf. This causes x86_emulate to later inject a hw_exception,
> which results in the observed badness with the emulation spinning
> endlessly on the same IRET.
> 
> Note that disallowing TF to be set in this way appears not to match the
> described behavior of POPF according to the Intel manuals.  It also
> results in POPF ending up always _clearing_ TF, which may not be the
> right thing to do either. However, for what it's worth, it does appear
> to be the way QEMU deals with this code in Freedos/HIMEM.SYS. It might
> be a good idea to take a look at real hardware and see what the behavior
> is there - it wouldn't be the first time that documentation does not
> match reality.
> A different and possibly more correct solution (that matches the
> documentation) would be to not use TF on its own as the trigger for
> inject_hw_exception, if POPF is going to be allowed to set the TF flag
> without a real trap having happened, but for now, this solves the
> Freedos/HIMEM issue in the simplest way possible.
> 
> Signed-off-by: Trolle Selander <trolle.selander@xxxxxxxxxxxxx
> <mailto:trolle.selander@xxxxxxxxx>>
> diff -uNr xen-unstable.hg/xen/arch/x86/x86_emulate/x86_emulate.c
> xen-unstable.hg-patched/xen/arch/x86/x86_emulate/x86_emulate.c
> --- xen-unstable.hg/xen/arch/x86/x86_emulate/x86_emulate.c 2008-05-23
> 17:33:51.000000000 +0100
> +++ xen-unstable.hg-patched/xen/arch/x86/x86_emulate/x86_emulate.c 2008-05-23
> 17:41:59.000000000 +0100
> @@ -2465,7 +2465,7 @@
>          goto push;
>  
>      case 0x9d: /* popf */ {
> -        uint32_t mask = EFLG_VIP | EFLG_VIF | EFLG_VM;
> +        uint32_t mask = EFLG_VIP | EFLG_VIF | EFLG_VM | EFLG_TF;
>          if ( !mode_ring0() )
>              mask |= EFLG_IOPL;
>          if ( !mode_iopl() )



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.