[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen master] x86emul: correct EFLAGS.TF handling

commit 14a6be89ec04bfadba978dc4c2f1e7f96db8cdf0
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Wed Jan 11 13:43:04 2017 +0100
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Wed Jan 11 13:43:04 2017 +0100

    x86emul: correct EFLAGS.TF handling
    
    For repeated string instructions we should not emulate multiple
    iterations in one go when a single step trap needs injecting (which
    needs to happen after every iteration).
    
    For all non-branch instructions as well as not taken conditional
    branches we additionally need to take DebugCtl.BTF into consideration.
    
    For mov-to/pop-into %ss there should be no #DB at all (EFLAGS.TF
    remaining set means there'll be #DB after the next instruction).
    
    Additionally retire.sti should remain clear when retire.singlestep gets
    set to true.
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
 xen/arch/x86/x86_emulate/x86_emulate.c | 30 +++++++++++++++++++++++++++---
 1 file changed, 27 insertions(+), 3 deletions(-)

diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c 
b/xen/arch/x86/x86_emulate/x86_emulate.c
index 6f34d0c..45cdc24 100644
--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -415,6 +415,8 @@ typedef union {
 #define MSR_SYSENTER_CS  0x00000174
 #define MSR_SYSENTER_ESP 0x00000175
 #define MSR_SYSENTER_EIP 0x00000176
+#define MSR_DEBUGCTL     0x000001d9
+#define DEBUGCTL_BTF     (1 << 1)
 #define MSR_EFER         0xc0000080
 #define MSR_STAR         0xc0000081
 #define MSR_LSTAR        0xc0000082
@@ -755,6 +757,7 @@ do {                                                        
            \
     rc = ops->insn_fetch(x86_seg_cs, ip, NULL, 0, ctxt);                \
     if ( rc ) goto done;                                                \
     _regs.r(ip) = ip;                                                   \
+    singlestep = _regs._eflags & EFLG_TF;                               \
 } while (0)
 
 #define validate_far_branch(cs, ip) ({                                  \
@@ -771,6 +774,7 @@ do {                                                        
            \
 #define commit_far_branch(cs, newip) ({                                 \
     validate_far_branch(cs, newip);                                     \
     _regs.r(ip) = (newip);                                              \
+    singlestep = _regs._eflags & EFLG_TF;                               \
     ops->write_segment(x86_seg_cs, cs, ctxt);                           \
 })
 
@@ -951,6 +955,9 @@ static inline void put_loop_count(
         }                                                               \
         goto no_writeback;                                              \
     }                                                                   \
+    if ( max_reps > 1 && (_regs._eflags & EFLG_TF) &&                   \
+         !is_branch_step(ctxt, ops) )                                   \
+        max_reps = 1;                                                   \
     max_reps;                                                           \
 })
 
@@ -1672,6 +1679,16 @@ static bool is_aligned(enum x86_segment seg, unsigned 
long offs,
     return !((reg.base + offs) & (size - 1));
 }
 
+static bool is_branch_step(struct x86_emulate_ctxt *ctxt,
+                           const struct x86_emulate_ops *ops)
+{
+    uint64_t debugctl;
+
+    return ops->read_msr &&
+           ops->read_msr(MSR_DEBUGCTL, &debugctl, ctxt) == X86EMUL_OKAY &&
+           (debugctl & DEBUGCTL_BTF);
+}
+
 static bool umip_active(struct x86_emulate_ctxt *ctxt,
                         const struct x86_emulate_ops *ops)
 {
@@ -2516,7 +2533,7 @@ x86_emulate(
     struct x86_emulate_state state;
     int rc;
     uint8_t b, d;
-    bool singlestep = _regs._eflags & EFLG_TF;
+    bool singlestep = (_regs._eflags & EFLG_TF) && !is_branch_step(ctxt, ops);
     struct operand src = { .reg = PTR_POISON };
     struct operand dst = { .reg = PTR_POISON };
     enum x86_swint_type swint_type;
@@ -3206,6 +3223,7 @@ x86_emulate(
             goto done;
 
         _regs.r(ip) = imm1;
+        singlestep = _regs._eflags & EFLG_TF;
         break;
 
     case 0x9b:  /* wait/fwait */
@@ -5085,6 +5103,7 @@ x86_emulate(
             goto done;
         _regs.r(sp) = lm ? msr_content : (uint32_t)msr_content;
 
+        singlestep = _regs._eflags & EFLG_TF;
         break;
     }
 
@@ -5125,6 +5144,8 @@ x86_emulate(
 
         _regs.r(ip) = op_bytes == 8 ? _regs.r(dx) : _regs._edx;
         _regs.r(sp) = op_bytes == 8 ? _regs.r(cx) : _regs._ecx;
+
+        singlestep = _regs._eflags & EFLG_TF;
         break;
     }
 
@@ -5750,8 +5771,11 @@ x86_emulate(
         _regs.r(ip) = _regs._eip;
 
     /* Should a singlestep #DB be raised? */
-    if ( rc == X86EMUL_OKAY )
-        ctxt->retire.singlestep = singlestep;
+    if ( rc == X86EMUL_OKAY && singlestep && !ctxt->retire.mov_ss )
+    {
+        ctxt->retire.singlestep = true;
+        ctxt->retire.sti = false;
+    }
 
     if ( rc != X86EMUL_DONE )
         *ctxt->regs = _regs;
--
generated by git-patchbot for /home/xen/git/xen.git#master

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.