Re: LEAVE emulation infinite loop
On 04/25/2011 12:05 PM, Matteo Signorini wrote: Hi to All, I fixed the previously highlighted error, calling the right pop emulation function but still get the same error, an infinite leave emulation loop. IMHO this is not an emulation error since x86_decode_insn and x86_emulate_insn return a correct value ( r=0 ) so I don't understand what I'm doing wrong... could you please give me an hint to fix it? No idea, sorry, you'll have to debug it. -- error compiling committee.c: too many arguments to function -- To unsubscribe from this list: send the line unsubscribe kvm in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: LEAVE emulation infinite loop
Hi to All, I fixed the previously highlighted error, calling the right pop emulation function but still get the same error, an infinite leave emulation loop. IMHO this is not an emulation error since x86_decode_insn and x86_emulate_insn return a correct value ( r=0 ) so I don't understand what I'm doing wrong... could you please give me an hint to fix it? Thank you in advance, Matteo *** emulate.c 2011-04-21 13:19:11.535663092 +0200 --- myemulate.c 2011-04-21 13:34:21.490313650 +0200 *** static struct opcode opcode_table[256] = *** 2504,2510 D(DstReg | SrcMemFAddr | ModRM | No64), D(DstReg | SrcMemFAddr | ModRM | No64), G(ByteOp, group11), G(0, group11), /* 0xC8 - 0xCF */ ! N, N, N, D(ImplicitOps | Stack), D(ImplicitOps), D(SrcImmByte), D(ImplicitOps | No64), D(ImplicitOps), /* 0xD0 - 0xD7 */ D2bv(DstMem | SrcOne | ModRM), D2bv(DstMem | ModRM), --- 2504,2510 D(DstReg | SrcMemFAddr | ModRM | No64), D(DstReg | SrcMemFAddr | ModRM | No64), G(ByteOp, group11), G(0, group11), /* 0xC8 - 0xCF */ ! N, D(ImplicitOps | SrcNone), N, D(ImplicitOps | Stack), D(ImplicitOps), D(SrcImmByte), D(ImplicitOps | No64), D(ImplicitOps), /* 0xD0 - 0xD7 */ D2bv(DstMem | SrcOne | ModRM), D2bv(DstMem | ModRM), *** special_insn: *** 3259,3264 --- 3259,3268 case 0xc5: /* lds */ rc = emulate_load_segment(ctxt, ops, VCPU_SREG_DS); break; + case 0xc9: /* leave */ + c-regs[VCPU_REGS_RSP] = c-regs[VCPU_REGS_RBP]; + rc = emulate_pop(ctxt, ops, c-regs[VCPU_REGS_RBP], c-op_bytes); + goto done; case 0xcb: /* ret far */ rc = emulate_ret_far(ctxt, ops); break; 2011/4/24 Avi Kivity a...@redhat.com On 04/24/2011 10:08 AM, Matteo Signorini wrote: Hello everybody, I have a problem with an opcode emulation not yet emulated in kvm-kmod 2.6.38-rc7. The opcode is the LEAVE that as Intel Manual says: Set RSP to RBP, then pop RBP The problem is that despite to the fact that the opcode of the leave (C9) is correctly fetched and decoded, it falls in an infinite loop (found by some printk debug prints) Now I'm wondering...the eip needed in order to continue the vm execution is moved-on by the insns_fetch operation so after the first byte decode of the LEAVE opcode I shouldn't execute it again...so what I'm doing wrong? I posted here the diff output so you can see which changes I made on kvm original source code case 0xc5: /* lds */ rc = emulate_load_segment(ctxt, ops, VCPU_SREG_DS); break; + case 0xc9: /* leave */ + c-regs[VCPU_REGS_RSP] = c-regs[VCPU_REGS_RBP]; + rc = emulate_pop_sreg(ctxt, ops, VCPU_REGS_RBP); + goto done; case 0xcb: /* ret far */ rc = emulate_ret_far(ctxt, ops); break; Why are you calling emulate_pop_sreg()? RBP is not a segment register. -- I have a truly marvellous patch that fixes the bug which this signature is too narrow to contain. -- To unsubscribe from this list: send the line unsubscribe kvm in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line unsubscribe kvm in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
LEAVE emulation infinite loop
Hello everybody, I have a problem with an opcode emulation not yet emulated in kvm-kmod 2.6.38-rc7. The opcode is the LEAVE that as Intel Manual says: Set RSP to RBP, then pop RBP The problem is that despite to the fact that the opcode of the leave (C9) is correctly fetched and decoded, it falls in an infinite loop (found by some printk debug prints) Now I'm wondering...the eip needed in order to continue the vm execution is moved-on by the insns_fetch operation so after the first byte decode of the LEAVE opcode I shouldn't execute it again...so what I'm doing wrong? I posted here the diff output so you can see which changes I made on kvm original source code *** emulate.c 2011-04-21 13:19:11.535663092 +0200 --- myemulate.c 2011-04-21 13:34:21.490313650 +0200 *** static struct opcode opcode_table[256] = *** 2504,2510 D(DstReg | SrcMemFAddr | ModRM | No64), D(DstReg | SrcMemFAddr | ModRM | No64), G(ByteOp, group11), G(0, group11), /* 0xC8 - 0xCF */ ! N, N, N, D(ImplicitOps | Stack), D(ImplicitOps), D(SrcImmByte), D(ImplicitOps | No64), D(ImplicitOps), /* 0xD0 - 0xD7 */ D2bv(DstMem | SrcOne | ModRM), D2bv(DstMem | ModRM), --- 2504,2510 D(DstReg | SrcMemFAddr | ModRM | No64), D(DstReg | SrcMemFAddr | ModRM | No64), G(ByteOp, group11), G(0, group11), /* 0xC8 - 0xCF */ ! N, D(ImplicitOps | SrcNone), N, D(ImplicitOps | Stack), D(ImplicitOps), D(SrcImmByte), D(ImplicitOps | No64), D(ImplicitOps), /* 0xD0 - 0xD7 */ D2bv(DstMem | SrcOne | ModRM), D2bv(DstMem | ModRM), *** special_insn: *** 3259,3264 --- 3259,3268 case 0xc5: /* lds */ rc = emulate_load_segment(ctxt, ops, VCPU_SREG_DS); break; + case 0xc9: /* leave */ + c-regs[VCPU_REGS_RSP] = c-regs[VCPU_REGS_RBP]; + rc = emulate_pop_sreg(ctxt, ops, VCPU_REGS_RBP); + goto done; case 0xcb: /* ret far */ rc = emulate_ret_far(ctxt, ops); break; Thank you in advance, Matteo -- To unsubscribe from this list: send the line unsubscribe kvm in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: LEAVE emulation infinite loop
On 04/24/2011 10:08 AM, Matteo Signorini wrote: Hello everybody, I have a problem with an opcode emulation not yet emulated in kvm-kmod 2.6.38-rc7. The opcode is the LEAVE that as Intel Manual says: Set RSP to RBP, then pop RBP The problem is that despite to the fact that the opcode of the leave (C9) is correctly fetched and decoded, it falls in an infinite loop (found by some printk debug prints) Now I'm wondering...the eip needed in order to continue the vm execution is moved-on by the insns_fetch operation so after the first byte decode of the LEAVE opcode I shouldn't execute it again...so what I'm doing wrong? I posted here the diff output so you can see which changes I made on kvm original source code case 0xc5: /* lds */ rc = emulate_load_segment(ctxt, ops, VCPU_SREG_DS); break; + case 0xc9: /* leave */ + c-regs[VCPU_REGS_RSP] = c-regs[VCPU_REGS_RBP]; + rc = emulate_pop_sreg(ctxt, ops, VCPU_REGS_RBP); + goto done; case 0xcb: /* ret far */ rc = emulate_ret_far(ctxt, ops); break; Why are you calling emulate_pop_sreg()? RBP is not a segment register. -- I have a truly marvellous patch that fixes the bug which this signature is too narrow to contain. -- To unsubscribe from this list: send the line unsubscribe kvm in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
