I ran into an error when testing some code that would generate protection faults. I had my exception handler setup so that it expected the EIP and Stack not to change, standard behavior on native CPU. But on QEMU both the ESP and EIP are changed at fault generation time.
The OS is 32-bit, so the error case is related to jumps out of the CS segment.
Digging into the QEMU code, it seems though the EIP and ESP are set after raise_exception_error is called within helper_ret_protected. So, I am at a loss to understand why I am seeing a different behavior in the guest.
Am I not understanding how QEMU generates exceptions, is there another step that occurs after ret_protected methods are called ?