This patch fixes the i386/tcg implementation of the IRET instruction so that IRET can return from user space to user space, as used by the dotnet runtime to switch threads.
This fixes https://gitlab.com/qemu-project/qemu/-/issues/249 I debugged this issue 4+ years ago, and wrote this patch then. At the time, I did not fully understand the nuances of the priority levels in the TCG emulation of the x86, nor of the x86 itself. I understand less now! I do not recall exactly how I was led to the conclusion that an unhandled page fault in kernel space was due to a bug in the code executed in the tcg emulator for IRET. Eventually, my approach to debugging was to modify the source for the dotnet runtime so that immediately prior to the IRET I executed an x87 fpatan2 instruction, knowing that no modern program used that instruction, and that there was a single point in QEMU source code that emulated that, making it a convenient place to put gdb breakpoints to enable further breakpoints in the IRET emulation code. With this change the page faults go away, and that the dotnet program completes as expected. For the curious, https://github.com/dotnet/runtime/blob/main/src/coreclr/pal/src/arch/amd64/context2.S#L241 shows how the dotnet runtime uses iret. I have booted BSD, solaris and macosX with this change, and await results for booting Windows from the Windows kernel team. I have not tested this with other modern JITers, such as Java, v8, or HHVM. Robert R. Henry (1): i386/tcg: Allow IRET from user mode to user mode for dotnet runtime target/i386/tcg/seg_helper.c | 78 ++++++++++++++++++++++-------------- 1 file changed, 47 insertions(+), 31 deletions(-) -- 2.34.1
