diff options
| author | UNIDY2002 <[email protected]> | 2022-05-12 17:02:56 +0800 |
|---|---|---|
| committer | UNIDY2002 <[email protected]> | 2022-05-12 17:02:56 +0800 |
| commit | 06f72425ddefdf5822382f2a4a4957fa419433c0 (patch) | |
| tree | 60e03b4d16d059efbdb8200b9ae04e249a21aff6 | |
| parent | 3248d2e7212e68330a783b056370ca0052862d3e (diff) | |
Now uipi_sample.c can sometimes exit successfully
| -rw-r--r-- | accel/tcg/cpu-exec.c | 6 | ||||
| -rw-r--r-- | target/i386/tcg/seg_helper.c | 2 | ||||
| -rw-r--r-- | target/i386/tcg/translate.c | 2 |
3 files changed, 7 insertions, 3 deletions
diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c index d819e87f47..a5cfeb5e02 100644 --- a/accel/tcg/cpu-exec.c +++ b/accel/tcg/cpu-exec.c @@ -343,7 +343,7 @@ const void *HELPER(lookup_tb_ptr)(CPUArchState *env) * TCG is not considered a security-sensitive part of QEMU so this does not * affect the impact of CFI in environment with high security requirements */ -// extern bool uiret_called; +extern bool uiret_called; // extern bool senduipi_called; static inline TranslationBlock * QEMU_DISABLE_CFI cpu_tb_exec(CPUState *cpu, TranslationBlock *itb, int *tb_exit) @@ -1009,6 +1009,10 @@ int cpu_exec(CPUState *cpu) // if (block_id > 10000)qemu_log("BLOCK: %d size:%d icont:%d \n", block_id,tb->size,tb->icount); // block_id ++; cpu_loop_exec_tb(cpu, tb, &last_tb, &tb_exit); + if (uiret_called) { + helper_uiret(cpu->env_ptr); + uiret_called = false; + } /* Try to align the host and virtual clocks if the guest is in advance */ diff --git a/target/i386/tcg/seg_helper.c b/target/i386/tcg/seg_helper.c index c2b4699c94..0e3d65c762 100644 --- a/target/i386/tcg/seg_helper.c +++ b/target/i386/tcg/seg_helper.c @@ -897,8 +897,8 @@ void helper_uiret(CPUX86State *env){ if(Debug)qemu_log("helper uiret called, now eip: 0x%lx\n", env->eip); qemu_log("qemu: now esp is: 0x%lx\n",env->regs[R_ESP]); target_ulong temprip, temprfalgs, temprsp, uirrv; + env->regs[R_ESP] &= ~0xfLL; /* align stack */ target_ulong esp = env->regs[R_ESP]; - esp += 0x60; POPQ(esp, uirrv); POPQ(esp, temprip); POPQ(esp, temprfalgs); diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 026b3fdae5..c1f7e33710 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -7766,7 +7766,7 @@ static inline void gen_op_ld_v(DisasContext *s, int idx, TCGv t0, TCGv a0) qemu_log("before: pc_start: 0x%lx sc_base:%lx pc: 0x%lx pc.next:0x%lx rip:0x%lx\n",s->pc_start,s->cs_base, s->pc, s->base.pc_next, env->eip); - helper_uiret(env); + // helper_uiret(env); uiret_called = true; // gen_jmp_im(s, env->eip); // gen_jmp(s, env->eip); |