LEAVE emulation infinite loop

Matteo Signorini <signorinimatteo@xxxxxxxxx> · Sun, 24 Apr 2011 09:08:27 +0200

Hello everybody,
I have a problem with an opcode emulation not yet emulated in kvm-kmod
2.6.38-rc7.
The opcode is the "LEAVE" that as Intel Manual says:

"Set RSP to RBP, then pop RBP"

The problem is that despite to the fact that the opcode of the leave
(C9) is correctly fetched and decoded, it falls in an infinite loop
(found by some printk debug prints)

Now I'm wondering...the eip needed in order to continue the vm
execution is moved-on by the insns_fetch operation so after the first
byte decode of the LEAVE opcode I shouldn't execute it again...so what
I'm doing wrong?

I posted here the diff output so you can see which changes I made on
kvm original source code

*** emulate.c   2011-04-21 13:19:11.535663092 +0200

--- myemulate.c 2011-04-21 13:34:21.490313650 +0200
*************** static struct opcode opcode_table[256] =
*** 2504,2510 ****
        D(DstReg | SrcMemFAddr | ModRM | No64), D(DstReg | SrcMemFAddr
| ModRM | No64),
        G(ByteOp, group11), G(0, group11),
        /* 0xC8 - 0xCF */
!       N, N, N, D(ImplicitOps | Stack),
        D(ImplicitOps), D(SrcImmByte), D(ImplicitOps | No64),
D(ImplicitOps),
        /* 0xD0 - 0xD7 */
        D2bv(DstMem | SrcOne | ModRM), D2bv(DstMem | ModRM),
--- 2504,2510 ----
        D(DstReg | SrcMemFAddr | ModRM | No64), D(DstReg | SrcMemFAddr
| ModRM | No64),
        G(ByteOp, group11), G(0, group11),
        /* 0xC8 - 0xCF */
!       N, D(ImplicitOps | SrcNone), N, D(ImplicitOps | Stack),
        D(ImplicitOps), D(SrcImmByte), D(ImplicitOps | No64),
D(ImplicitOps),
        /* 0xD0 - 0xD7 */
        D2bv(DstMem | SrcOne | ModRM), D2bv(DstMem | ModRM),
*************** special_insn:
*** 3259,3264 ****
--- 3259,3268 ----
        case 0xc5:              /* lds */
                rc = emulate_load_segment(ctxt, ops, VCPU_SREG_DS);
                break;
+       case 0xc9:              /* leave */
+               c->regs[VCPU_REGS_RSP] = c->regs[VCPU_REGS_RBP];
+               rc = emulate_pop_sreg(ctxt, ops, VCPU_REGS_RBP);
+               goto done;
        case 0xcb:              /* ret far */
                rc = emulate_ret_far(ctxt, ops);
                break;

Thank you in advance,
Matteo
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html