> On Jun 25, 2020, at 11:59 AM, Nadav Amit <nadav.amit@xxxxxxxxx> wrote:
>
>> On Jun 24, 2020, at 9:54 AM, Paolo Bonzini <pbonzini@xxxxxxxxxx> wrote:
>>
>> Address 0 is also used for the SIPI vector (which is probably something worth
>> changing as well), and now that we call setup_idt very early the SIPI vector
>> overwrites the first few bytes of the IDT, and in particular the #DE handler.
>>
>> Fix this for both 32-bit and 64-bit, even though the different form of the
>> descriptors meant that only 32-bit showed a failure.
>>
>> Reported-by: Thomas Huth <thuth@xxxxxxxxxx>
>> Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
>> ---
>> x86/cstart.S | 10 +++++++---
>> x86/cstart64.S | 11 ++++++++++-
>> 2 files changed, 17 insertions(+), 4 deletions(-)
>>
>> diff --git a/x86/cstart.S b/x86/cstart.S
>> index 77dc34d..e93dbca 100644
>> --- a/x86/cstart.S
>> +++ b/x86/cstart.S
>> @@ -4,8 +4,6 @@
>> .globl boot_idt
>> .global online_cpus
>>
>> -boot_idt = 0
>> -
>
> I think that there is a hidden assumption about the IDT location in
> realmode’s test_int(), which this would break.
[ Sorry for the previous wrong quote of my attempt the fix ]
The original offending code:
static void test_int(void)
{
init_inregs(NULL);
*(u32 *)(0x11 * 4) = 0x1000; /* Store a pointer to address 0x1000 in IDT entry 0x11 */
*(u8 *)(0x1000) = 0xcf; /* 0x1000 contains an IRET instruction */
MK_INSN(int11, "int $0x11\n\t");
exec_in_big_real_mode(&insn_int11);
report("int 1", 0, 1);
}
static void test_sti_inhibit(void)
{
init_inregs(NULL);
*(u32 *)(0x73 * 4) = 0x1000; /* Store IRQ 11 handler in the IDT */
*(u8 *)(0x1000) = 0xcf; /* 0x1000 contains an IRET instruction */
MK_INSN(sti_inhibit, "cli\n\t"
"movw $0x200b, %dx\n\t"
"movl $1, %eax\n\t"
"outl %eax, %dx\n\t" /* Set IRQ11 */
"movl $0, %eax\n\t"
"outl %eax, %dx\n\t" /* Clear IRQ11 */
"sti\n\t"
"hlt\n\t");
exec_in_big_real_mode(&insn_sti_inhibit);
report("sti inhibit", ~0, 1);
}
