QEMU

Incorrect handling of icebp

Bug #1119686 reported by Francois Gouget
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
QEMU
Fix Released
Undecided
Unassigned

Bug Description

Wine conformance suite tests the behavior of various low-level Windows API functions. One of the tests involves checking the interaction of breakpoints and exceptions, and in particular the 'icebp' breakpoint. This test works on a Windows XP machine running either on the metal or in VMware ESX but fails when run in QEmu.

To reproduce the issue grab the attached 'exception.exe' file and run it. If you get 'Test failed' lines like below then it means the problem is still present:

    exception.c:202: exception 0: 80000004 flags:0 addr:003F0000
    exception.c:208: Test failed: 0: Wrong exception address 003F0000/003F0001
    exception.c:214: this is the last test seen before the exception
    exception: unhandled exception 80000004 at 003F0000
    exception.c:202: exception 0: c0000027 flags:2 addr:7C80E0B9
    exception.c:205: Test failed: 0: Wrong exception code c0000027/80000004
    exception.c:208: Test failed: 0: Wrong exception address 7C80E0B9/003F0001

Note that this bug was not present in QEmu 1.1.2+dfsg-5 (Debian Testing) but is now present in 1.4.0~rc0+dfsg-1exp (Debian Experimental).

Revision history for this message
Francois Gouget (fgouget) wrote :
Revision history for this message
Francois Gouget (fgouget) wrote :

This bug is still present in QEMU 1.6.0 (as per Debian's qemu-system-x86 1.6.0+dfsg-1 package).

Revision history for this message
Francois Gouget (fgouget) wrote :

This bug is still present in QEMU 1.7.0 (as per Debian's qemu-system-x86 1.7.0+dfsg-3 package).

Revision history for this message
Paolo Bonzini (bonzini) wrote :

The patch submitted upstream was for the kernel. Is this also a bug in QEMU when TCG is disabled?

Revision history for this message
Paolo Bonzini (bonzini) wrote :

s/TCG/KVM/ - Is this also a bug when KVM is disabled?

Thomas Huth (th-huth)
Changed in qemu:
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for QEMU because there has been no activity for 60 days.]

Changed in qemu:
status: Incomplete → Expired
Revision history for this message
Francois Gouget (fgouget) wrote :

Actually this got fixed by the following Linux kernel commit:

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fd2a445a94d2ab6b39fb623dc02fee48d01a565a

commit fd2a445a94d2ab6b39fb623dc02fee48d01a565a (patch)

KVM: VMX: Advance rip to after an ICEBP instruction
When entering an exception after an ICEBP, the saved instruction
pointer should point to after the instruction.

This fixes the bug here: https://bugs.launchpad.net/qemu/+bug/1119686

Signed-off-by: Huw Davies <email address hidden>
Reviewed-by: Jan Kiszka <email address hidden>
Signed-off-by: Marcelo Tosatti <email address hidden>

Changed in qemu:
status: Expired → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers