Hi Zero,
On 6/8/25 09:58, Zero Tang wrote:
Replaces "long" with "int64_t" during canonicalization.
---
In Linux GCC, "long" has 8 bytes. However, in msys2 GCC, "long" has 4
bytes. In this case, canonicalization would set all high bits to 1 when
the segment base is bigger than 0x7FFF (assuming 48-bit linear address).
This is why QEMU-TCG in Windows cannot boot a bluepill-like hypervisor
in UEFI, in that the guest IDT and GDT bases are above 0x7FFF, thereby
resulting in incorrect bases. When an interrupt arrives, it would
trigger a #PF exception; the #PF would trigger again, resulting in a #DF
exception; the #PF would trigger for the third time, resulting in
triple-fault, and eventually causes the shutdown VM-Exit to the
bluepill hypervisor right after it boots.
In summary, this patch replaces "long" with "int64_t" in order to enforce
the canonicalization with 64-bit signed integers.
Signed-off-by: Zero Tang <zero.tang...@gmail.com
<mailto:zero.tang...@gmail.com>>
---
target/i386/tcg/system/svm_helper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/i386/tcg/system/svm_helper.c b/target/i386/tcg/
system/svm_helper.c
index b27049b9ed..1ccfccf419 100644
--- a/target/i386/tcg/system/svm_helper.c
+++ b/target/i386/tcg/system/svm_helper.c
@@ -49,7 +49,7 @@ static void svm_save_seg(CPUX86State *env, int
mmu_idx, hwaddr addr,
static inline void svm_canonicalization(CPUX86State *env,
target_ulong *seg_base)
{
uint16_t shift_amt = 64 - cpu_x86_virtual_addr_width(env);
- *seg_base = ((((long) *seg_base) << shift_amt) >> shift_amt);
+ *seg_base = ((((int64_t) *seg_base) << shift_amt) >> shift_amt);\
Alternatively:
*seg_base = sextract64(*seg_base, 0, 64 -
cpu_x86_virtual_addr_width(env));
}
static void svm_load_seg(CPUX86State *env, int mmu_idx, hwaddr addr,
---
base-commit: e0006a86615baa70bc9d8b183e528aed91c1ac90
change-id: 20250806-fix-tcg-svm-canon-adbea9508073
Best regards,
--
Zero Tang <zero.tang...@gmail.com <mailto:zero.tang...@gmail.com>>
