[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 18/20] target/i386/tcg: check for correct busy state before switch
|
From: |
Paolo Bonzini |
|
Subject: |
[PULL 18/20] target/i386/tcg: check for correct busy state before switching to a new task |
|
Date: |
Wed, 17 Jul 2024 07:03:28 +0200 |
This step is listed in the Intel manual: "Checks that the new task is available
(call, jump, exception, or interrupt) or busy (IRET return)".
The AMD manual lists the same operation under the "Preventing recursion"
paragraph of "12.3.4 Nesting Tasks", though it is not clear if the processor
checks the busy bit in the IRET case.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/tcg/seg_helper.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/target/i386/tcg/seg_helper.c b/target/i386/tcg/seg_helper.c
index 8a6d92b3583..a5d5ce61f59 100644
--- a/target/i386/tcg/seg_helper.c
+++ b/target/i386/tcg/seg_helper.c
@@ -369,6 +369,11 @@ static int switch_tss_ra(CPUX86State *env, int
tss_selector,
old_tss_limit_max = 43;
}
+ /* new TSS must be busy iff the source is an IRET instruction */
+ if (!!(e2 & DESC_TSS_BUSY_MASK) != (source == SWITCH_TSS_IRET)) {
+ raise_exception_err_ra(env, EXCP0A_TSS, tss_selector & 0xfffc,
retaddr);
+ }
+
/* read all the registers from the new TSS */
if (type & 8) {
/* 32 bit */
--
2.45.2
- [PULL 06/20] scsi: fix regression and honor bootindex again for legacy drives, (continued)
- [PULL 06/20] scsi: fix regression and honor bootindex again for legacy drives, Paolo Bonzini, 2024/07/17
- [PULL 07/20] qemu/timer: Add host ticks function for LoongArch, Paolo Bonzini, 2024/07/17
- [PULL 05/20] hw/scsi/lsi53c895a: bump instruction limit in scripts processing to fix regression, Paolo Bonzini, 2024/07/17
- [PULL 09/20] hpet: fix clamping of period, Paolo Bonzini, 2024/07/17
- [PULL 08/20] docs: Update description of 'user=username' for '-run-with', Paolo Bonzini, 2024/07/17
- [PULL 11/20] target/i386/tcg: fix POP to memory in long mode, Paolo Bonzini, 2024/07/17
- [PULL 10/20] hpet: fix HPET_TN_SETVAL for high 32-bits of the comparator, Paolo Bonzini, 2024/07/17
- [PULL 13/20] target/i386/tcg: Allow IRET from user mode to user mode with SMAP, Paolo Bonzini, 2024/07/17
- [PULL 14/20] target/i386/tcg: use PUSHL/PUSHW for error code, Paolo Bonzini, 2024/07/17
- [PULL 15/20] target/i386/tcg: Reorg push/pop within seg_helper.c, Paolo Bonzini, 2024/07/17
- [PULL 18/20] target/i386/tcg: check for correct busy state before switching to a new task,
Paolo Bonzini <=
- [PULL 20/20] target/i386/tcg: save current task state before loading new one, Paolo Bonzini, 2024/07/17
- [PULL 16/20] target/i386/tcg: Introduce x86_mmu_index_{kernel_,}pl, Paolo Bonzini, 2024/07/17
- [PULL 19/20] target/i386/tcg: use X86Access for TSS access, Paolo Bonzini, 2024/07/17
- [PULL 17/20] target/i386/tcg: Compute MMU index once, Paolo Bonzini, 2024/07/17
- [PULL 12/20] target/i386/tcg: Remove SEG_ADDL, Paolo Bonzini, 2024/07/17
- Re: [PULL 00/20] i386, bugfix changes for QEMU 9.1 soft freeze, Richard Henderson, 2024/07/17