On 29/06/19 07:16, Andy Lutomirski wrote:
> If I do SYSCALL with EFLAGS.TF set from compat mode on Intel hardware
> with -cpu host and no other funny business, the guest kernel seems to
> get #DB with the stored IP pointing at the SYSCALL instruction. This
> is wrong -- SYSCALL is #UD, which is a *fault*, so there shouldn't be
> a single-step trap.
Yeah, the emulator doesn't try too hard to emulate Intel vs. AMD
differences. But emulate_ud()'s mishandling
> Unless I'm missing something in the code, emulate_ud() is mishandled
> in general -- it seems to make cause inject_emulated_exception() to
> return false here:
>
> if (ctxt->have_exception) {
> r = EMULATE_DONE;
> if (inject_emulated_exception(vcpu))
> return r;
>
> and then we land here:
>
> if (r == EMULATE_DONE && ctxt->tf)
> kvm_vcpu_do_singlestep(vcpu, &r);
>
> if TF was set, which is wrong.
>
> You can test this by applying the attached patch, building x86
> selftests, and running syscall_arg_fault_32 in a VM. It hangs. It
> should complete successfully, and it does on bare metal.
Ok, this is helpful. inject_emulated_exception should return one of
vmexit (currently true), fault (the incorrect case), none (currently
false). Thanks!
Paolo
