| Message ID | 20240710062920.73063-9-pbonzini@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [01/10] target/i386/tcg: Remove SEG_ADDL | expand |
On 7/9/24 23:29, Paolo Bonzini wrote: > This step is listed in the Intel manual: "Checks that the new task is available > (call, jump, exception, or interrupt) or busy (IRET return)". > > The AMD manual lists the same operation under the "Preventing recursion" > paragraph of "12.3.4 Nesting Tasks", though it is not clear if the processor > checks the busy bit in the IRET case. > > Signed-off-by: Paolo Bonzini<pbonzini@redhat.com> > --- > target/i386/tcg/seg_helper.c | 5 +++++ > 1 file changed, 5 insertions(+) Reviewed-by: Richard Henderson <richard.henderson@linaro.org> r!
diff --git a/target/i386/tcg/seg_helper.c b/target/i386/tcg/seg_helper.c index 1430f477c43..25af9d4a4ec 100644 --- a/target/i386/tcg/seg_helper.c +++ b/target/i386/tcg/seg_helper.c @@ -306,6 +306,11 @@ static int switch_tss_ra(CPUX86State *env, int tss_selector, old_tss_limit_max = 43; } + /* new TSS must be busy iff the source is an IRET instruction */ + if (!!(e2 & DESC_TSS_BUSY_MASK) != (source == SWITCH_TSS_IRET)) { + raise_exception_err_ra(env, EXCP0A_TSS, tss_selector & 0xfffc, retaddr); + } + /* read all the registers from the new TSS */ if (type & 8) { /* 32 bit */
This step is listed in the Intel manual: "Checks that the new task is available (call, jump, exception, or interrupt) or busy (IRET return)". The AMD manual lists the same operation under the "Preventing recursion" paragraph of "12.3.4 Nesting Tasks", though it is not clear if the processor checks the busy bit in the IRET case. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> --- target/i386/tcg/seg_helper.c | 5 +++++ 1 file changed, 5 insertions(+)