[Qemu-devel] [PATCH] fix exception precision for cmpxchg8b
In qemu-0.9.0, an exception in cmpxchg8b (e.g. page fault due to a missing TLB entry) causes the wrong eip value to be pushed onto the exception stack -- it seems to be the eip of the last exception or the start of the translation block, whichever happened last. This makes it impossible to resume execution after such an exception. The simple patch below fixes it, by explicitly saving the current eip before invoking the cmpxchg8b helper; the same approach appears to be taken in many other instructions before generating code that could raise an exception. Apologies for the non-tab-clean patch, but it's simple enough to apply by hand. I can't quite understand what's generating the equivalent piece of code (to save pc_start into eip) for the cmpxchgl instruction (defined right above cmpxchg8b in translate.c). I'd be thankful if someone could explain to me where it's getting saved. Nickolai. --- qemu-0.9.0/target-i386/translate.c 2007-02-05 15:01:54.0 -0800 +++ /home/nickolai/build/qemu-0.9.0/target-i386/translate.c 2007-04-24 19:33:47.0 -0700 @@ -3800,6 +3800,7 @@ if (s-cc_op != CC_OP_DYNAMIC) gen_op_set_cc_op(s-cc_op); gen_lea_modrm(s, modrm, reg_addr, offset_addr); +gen_jmp_im(pc_start - s-cs_base); gen_op_cmpxchg8b(); s-cc_op = CC_OP_EFLAGS; break;
Re: [Qemu-devel] [PATCH] fix exception precision for cmpxchg8b
a patch like this was posted about 6 weeks ago. the only difference I can see between this and the previous patch is the location of the inserted function. take a look at http://lists.gnu.org/archive/html/qemu-devel/2007-03/msg00123.html for hints. This patch fixed the Solaris/express install in a qemu guest. Ben Nickolai Zeldovich [EMAIL PROTECTED] wrote: In qemu-0.9.0, an exception in cmpxchg8b (e.g. page fault due to a missing TLB entry) causes the wrong eip value to be pushed onto the exception stack -- it seems to be the eip of the last exception or the start of the translation block, whichever happened last. This makes it impossible to resume execution after such an exception. The simple patch below fixes it, by explicitly saving the current eip before invoking the cmpxchg8b helper; the same approach appears to be taken in many other instructions before generating code that could raise an exception. Apologies for the non-tab-clean patch, but it's simple enough to apply by hand. I can't quite understand what's generating the equivalent piece of code (to save pc_start into eip) for the cmpxchgl instruction (defined right above cmpxchg8b in translate.c). I'd be thankful if someone could explain to me where it's getting saved. Nickolai. --- qemu-0.9.0/target-i386/translate.c2007-02-05 15:01:54.0 -0800 +++ /home/nickolai/build/qemu-0.9.0/target-i386/translate.c 2007-04-24 19:33:47.0 -0700 @@ -3800,6 +3800,7 @@ if (s-cc_op != CC_OP_DYNAMIC) gen_op_set_cc_op(s-cc_op); gen_lea_modrm(s, modrm, reg_addr, offset_addr); +gen_jmp_im(pc_start - s-cs_base); gen_op_cmpxchg8b(); s-cc_op = CC_OP_EFLAGS; break;
Re: [Qemu-devel] [PATCH] fix exception precision for cmpxchg8b
Thanks. Looks like inline-generated instructions use cpu_restore_state() to invert the translated PC into the simulated PC. Nickolai.
