[Qemu-devel] CC_DST problem

[Alexander Graf]

Hi,

I'm still trying to implement SVM correctly and hit a serious problem.
If I set CC_OP to EFLAGS / DYNAMIC after each instruction (so most
conditional operations are based on EFLAGS) everything works as expected.
If using CC_OP==CC_OP_EFLAGS only CC_SRC should be used and CC_DST is
supposed to be completely ignored.

So I set CC_DST to 0 (this happens when leaving and rejoining the
virtual machine, so this is the real problem) and if I do that, I get
funny segmentation faults in x86_64 guest userspace programs running in
the virtual machine (this is exactly what I see in kvm with my current
patchset as well), while 32 bit userspace programs simply hang.
So I guess this is the real problem.

Is there any logical reason CC_DST could be used with CC_OP==CC_OP_EFLAGS?

Attached to this email you will find a small patch that triggers this
problem.

Thanks for any reply that could help on this,

Alexander Graf

Index: qemu/target-i386/op.c
===================================================================
--- qemu.orig/target-i386/op.c
+++ qemu/target-i386/op.c
@@ -1248,6 +1248,13 @@ void OPPROTO op_movl_crN_T0(void)
     helper_movl_crN_T0(PARAM1);
 }
 
+void OPPROTO op_geneflags(void)
+{
+    CC_SRC = cc_table[CC_OP].compute_all();
+    CC_DST = 0;
+    CC_OP = CC_OP_EFLAGS;
+}
+
 #if !defined(CONFIG_USER_ONLY) 
 void OPPROTO op_movtl_T0_cr8(void)
 {
Index: qemu/target-i386/translate.c
===================================================================
--- qemu.orig/target-i386/translate.c
+++ qemu/target-i386/translate.c
@@ -3154,6 +3154,12 @@ static target_ulong disas_insn(DisasCont
     target_ulong next_eip, tval;
     int rex_w, rex_r;
 
+ ////// DEBUG
+                if (s->cc_op != CC_OP_DYNAMIC)
+                    gen_op_set_cc_op(s->cc_op);
+               gen_op_geneflags();
+               s->cc_op = CC_OP_DYNAMIC;
+ ///////////////////
     s->pc = pc_start;
     prefixes = 0;
     aflag = s->code32;