diff options
| author | Paolo Bonzini <pbonzini@redhat.com> | 2017-02-16 12:30:05 +0100 |
|---|---|---|
| committer | Paolo Bonzini <pbonzini@redhat.com> | 2017-02-16 18:37:01 +0100 |
| commit | 65c9d60a3ad3249784348824eca69acac455bc02 (patch) | |
| tree | b0fb43c0c2841ae1f62b5342e376a4d46accc9e9 /target/i386/excp_helper.c | |
| parent | f47291b7a7ffa8854300283d4773ed17d5d581c1 (diff) | |
| download | qemu-65c9d60a3ad3249784348824eca69acac455bc02.zip | |
target-i386: correctly propagate retaddr into SVM helpers
Commit 2afbdf8 ("target-i386: exception handling for memory helpers",
2015-09-15) changed tlb_fill's cpu_restore_state+raise_exception_err
to raise_exception_err_ra. After this change, the cpu_restore_state
and raise_exception_err's cpu_loop_exit are merged into
raise_exception_err_ra's cpu_loop_exit_restore.
This actually fixed some bugs, but when SVM is enabled there is a
second path from raise_exception_err_ra to cpu_loop_exit. This is
the VMEXIT path, and now cpu_vmexit is called without a
cpu_restore_state before.
The fix is to pass the retaddr to cpu_vmexit (via
cpu_svm_check_intercept_param). All helpers can now use GETPC() to pass
the correct retaddr, too.
Cc: qemu-stable@nongnu.org
Fixes: 2afbdf84807d673eb682cb78158e11cdacbf4673
Reported-by: Alexander Boettcher <alexander.boettcher@genode-labs.com>
Tested-by: Alexander Boettcher <alexander.boettcher@genode-labs.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'target/i386/excp_helper.c')
| -rw-r--r-- | target/i386/excp_helper.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/target/i386/excp_helper.c b/target/i386/excp_helper.c index f0dc4996c1..ee596c6082 100644 --- a/target/i386/excp_helper.c +++ b/target/i386/excp_helper.c @@ -39,7 +39,8 @@ void helper_raise_exception(CPUX86State *env, int exception_index) * needed. It should only be called, if this is not an interrupt. * Returns the new exception number. */ -static int check_exception(CPUX86State *env, int intno, int *error_code) +static int check_exception(CPUX86State *env, int intno, int *error_code, + uintptr_t retaddr) { int first_contributory = env->old_exception == 0 || (env->old_exception >= 10 && @@ -53,7 +54,7 @@ static int check_exception(CPUX86State *env, int intno, int *error_code) #if !defined(CONFIG_USER_ONLY) if (env->old_exception == EXCP08_DBLE) { if (env->hflags & HF_SVMI_MASK) { - cpu_vmexit(env, SVM_EXIT_SHUTDOWN, 0); /* does not return */ + cpu_vmexit(env, SVM_EXIT_SHUTDOWN, 0, retaddr); /* does not return */ } qemu_log_mask(CPU_LOG_RESET, "Triple fault\n"); @@ -93,10 +94,10 @@ static void QEMU_NORETURN raise_interrupt2(CPUX86State *env, int intno, if (!is_int) { cpu_svm_check_intercept_param(env, SVM_EXIT_EXCP_BASE + intno, - error_code); - intno = check_exception(env, intno, &error_code); + error_code, retaddr); + intno = check_exception(env, intno, &error_code, retaddr); } else { - cpu_svm_check_intercept_param(env, SVM_EXIT_SWINT, 0); + cpu_svm_check_intercept_param(env, SVM_EXIT_SWINT, 0, retaddr); } cs->exception_index = intno; |