qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] target/i386: ensure EXCP0D_GPF is propagated back to the gue

From: Mark Cave-Ayland
Subject: Re: [PATCH] target/i386: ensure EXCP0D_GPF is propagated back to the guest
Date: Mon, 1 Nov 2021 21:11:17 +0000
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0 
On 30/10/2021 14:29, Mark Cave-Ayland wrote:


In the case where mmu_translate() returns EXCP0D_GPF ensure that 
handle_mmu_fault()
returns immediately to propagate the fault back to the guest instead of 
returning
EXCP0E_PAGE.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Fixes: 661ff4879e ("target/i386: extract mmu_translate")
Closes: https://gitlab.com/qemu-project/qemu/-/issues/394
---

[Paolo: this appears to fix the regression booting Windows 7 on TCG that 
appeared in 6.1
  as per the above Gitlab issue. Unfortunately as I'm not really familiar with 
x86 it will
  probably need a better implementation/description but it should at least 
indicate what
  the problem is.]

  target/i386/tcg/sysemu/excp_helper.c | 4 ++++
  1 file changed, 4 insertions(+)

diff --git a/target/i386/tcg/sysemu/excp_helper.c 
b/target/i386/tcg/sysemu/excp_helper.c
index 7af887be4d..0170f7f791 100644
--- a/target/i386/tcg/sysemu/excp_helper.c
+++ b/target/i386/tcg/sysemu/excp_helper.c
@@ -439,6 +439,10 @@ static int handle_mmu_fault(CPUState *cs, vaddr addr, int 
size,
                                  prot, mmu_idx, page_size);
          return 0;
      } else {
+        if (cs->exception_index == EXCP0D_GPF) {
+            return 1;
+        }
+
          if (env->intercept_exceptions & (1 << EXCP0E_PAGE)) {
              /* cr2 is not modified in case of exceptions */
              x86_stq_phys(cs,
Revisiting this I think the real issue is that mmu_translate() sets env->error_code to 0 and cs->exception_index to EXCP0D_GPF in target/i386/tcg/sysemu/excp_helper.c at line 102, so if this path is taken then mmu_translate() can change the vCPU state which doesn't seem right.
Presumably the real solution is to update the code in handle_mmu_fault() to detect when mmu_translate() returns 1 and check certain flags in env to determine whether either a EXCP0D_GPF or EXCP0E_PAGE exception should be generated? 


ATB,

Mark.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]