[Qemu-devel] x86_64: iret in long mode resets %fs and %gs base (doesn't on real CPUs)
Hi,
I've been investigating why some of my code failed on qemu, but
succeeded in bochs and on real hardware. In particular, it turns out
that qemu would reset the FS/GS_BASE_MSR whenever I did iret from ring
0 to 3.
I traced it down to this bit of code (in target-i386/op_helper.c):
static inline void validate_seg(int seg_reg, int cpl)
{
int dpl;
uint32_t e2;
/* XXX: on x86_64, we do not want to nullify FS and GS because
they may still contain a valid base. I would be interested to
know how a real x86_64 CPU behaves */
if ((seg_reg == R_FS || seg_reg == R_GS)
(env-segs[seg_reg].selector 0xfffc) == 0)
return;
So the reason why this didn't work in qemu for me was that I was
loading the selector as 8 -- which fails the above test and
validate_seg() proceeds to clear the segment base value. Changing my
own code to only load 0 into %gs from the start fixed the problem for
me.
However, qemu is clearly doing something differently from the real
hardware. I tested both versions (loading 0 or 8 into %gs) on my Intel
P4, and GS_BASE_MSR is preserved in both cases. Perhaps the condition
on the selector value should be removed? (Or perhaps the calls to
validate_seg() for R_FS/R_GS should be removed from
helper_ret_protected()?)
Just a heads up.
Vegard
[Qemu-devel] FXSAVE doesn't #GP on alignment error
Hello, I am not sure if this should be treated as an error or not (it definitely isn't critical), but I'll post it as an extra information if it is useful or you think it should be fixed. According to Intel manuals, the FXSAVE instruction requires the argument to be 16-byte aligned. On a real machine, violating this constraint results in a #GP. From experience, qemu will not enforce this alignment constraint. Kind regards, Vegard Nossum
Re: [Qemu-devel] i386 debug exception should set BS of DR6 when single-stepping
On Nov 17, 2007 8:46 PM, Ben Taylor [EMAIL PROTECTED] wrote: Vegard Nossum [EMAIL PROTECTED] wrote: Hi, I experience the following problem: Setting the trap flag (TF) of the EFLAGS register correctly calls the debug exception DE. However, the DR6 register does not have the single step (BS) flag set. I remember this getting submitted. which version of Qemu are you running? 0.9.0 or 0.9.0-cvs? This patch fixes things for me, and I think it deserves some more attention given that it had no replies at that time and it's not in the latest release. http://lists.gnu.org/archive/html/qemu-devel/2007-03/msg00126.html This patch was added to CVS on June 26, 07 Ben Right, thanks. I couldn't find any view-cvs interface and the cvs snapshot didn't download. I was using the 0.9.0 release, yes. Vegard
