[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [RFC][PATCH] x86: CS limit checks
|
From: |
Paul Brook |
|
Subject: |
Re: [Qemu-devel] [RFC][PATCH] x86: CS limit checks |
|
Date: |
Thu, 17 Jul 2008 14:37:13 +0100 |
|
User-agent: |
KMail/1.9.9 |
On Thursday 17 July 2008, Jan Kiszka wrote:
> Paul Brook wrote:
> > On Thursday 17 July 2008, Jan Kiszka wrote:
> >> + if (s->pc < s->cs_base || s->pc - s->cs_base > s->cs_limit) {
> >> + /* At least some of the opcode fetches violate the CS limit.
> >> + Overwrite the generated code with a GPF raising one. */
> >> + gen_opc_ptr = gen_opc_start;
> >> + gen_opparam_ptr = gen_opparam_start;
> >> + gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
> >> + }
> >
> > I'm fairly sure this is wrong. The TB may fault before it gets to the end
> > of the segment. Likewise if the instruction spanning the limit happens to
> > be an illegal op you will generate the wrong kind of exception.
>
> What a pity, it looked so easy. OK, will think about those aspects
> again. BTW, what happens when the translator hits an unresolvable
> address and faults?
Looks like that's also broken. In practice I guess a page fault occuring
early is usually less harmful than a GPF.
Paul
Re: [Qemu-devel] [RFC][PATCH] x86: CS limit checks, Fabrice Bellard, 2008/07/17