mirror of https://github.com/xemu-project/xemu.git
0bd385e7e3
This fixes a bug wherein i386/tcg assumed an interrupt return using the IRET instruction was always returning from kernel mode to either kernel mode or user mode. This assumption is violated when IRET is used as a clever way to restore thread state, as for example in the dotnet runtime. There, IRET returns from user mode to user mode. This bug is that stack accesses from IRET and RETF, as well as accesses to the parameters in a call gate, are normal data accesses using the current CPL. This manifested itself as a page fault in the guest Linux kernel due to SMAP preventing the access. This bug appears to have been in QEMU since the beginning. Analyzed-by: Robert R. Henry <rrh.henry@gmail.com> Co-developed-by: Robert R. Henry <rrh.henry@gmail.com> Signed-off-by: Robert R. Henry <rrh.henry@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> |
||
|---|---|---|
| .. | ||
| alpha | ||
| arm | ||
| avr | ||
| cris | ||
| hexagon | ||
| hppa | ||
| i386 | ||
| loongarch | ||
| m68k | ||
| microblaze | ||
| mips | ||
| openrisc | ||
| ppc | ||
| riscv | ||
| rx | ||
| s390x | ||
| sh4 | ||
| sparc | ||
| tricore | ||
| xtensa | ||
| Kconfig | ||
| meson.build | ||