From: Thiemo Seufer <ths@networkno.de>
To: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [Bug] [Patch] MIPS code fails at branch instruction
Date: Mon, 19 Mar 2007 21:34:45 +0000 [thread overview]
Message-ID: <20070319213445.GJ28895@networkno.de> (raw)
In-Reply-To: <45FEFAC0.4060901@mail.berlios.de>
Stefan Weil wrote:
> Thank you, Paul, for your explanation which clarified Thiemo's statement.
>
> I now checked how my published test code could contribute to a DoS attack.
>
> Current QEMU HEAD:
>
> * The code "hangs" as I wrote before. This is from a user's point of view.
> "Hanging" means, that the test process runs in an infinite loop using any
> CPU time it can get in the virtual machine. QEMU uses all available
> CPU time from the host CPU.
This is a bug in qemu, since it doesn't match CPU behaviour. While the
architecture spec claims UNPREDICTABLE, such a code sequence shouldn't
impede other processes on the same CPU. Throwing an RI exception should
suffice for the general case (i.e. not AR7).
> With single stepping enabled or in the debugger, the test code won't
> hang but give a random result.
>
> Patched QEMU HEAD (see appended patch file):
>
> * The code works in a well defined way. An optional message in the log file
> will show the faulty statement. It won't amount to a DoS because it
> is disabled by default.
Sorry, but I missed the "well defined". What does the jump in the branch
delay slot exactly _do_ now? Where does the PC point to when it was a
conditional branch which wasn't taken?
[snip]
> * show optional message when any branch bits in hflags are already set
> before a branch instruction is generated (so we have a branch in the
> delay slot)
Agreed on that, since it is debug output which is only written when
asked for.
Thiemo
next prev parent reply other threads:[~2007-03-19 21:42 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-03-16 23:12 [Qemu-devel] [Bug] MIPS code fails at branch instruction Stefan Weil
2007-03-17 0:46 ` Thiemo Seufer
2007-03-17 11:37 ` Stefan Weil
2007-03-17 14:31 ` Thiemo Seufer
2007-03-17 18:57 ` Stefan Weil
2007-03-17 20:32 ` Paul Brook
2007-03-19 21:04 ` [Qemu-devel] [Bug] [Patch] " Stefan Weil
2007-03-19 21:34 ` Thiemo Seufer [this message]
2007-03-19 22:34 ` Thiemo Seufer
2007-03-20 7:54 ` Alexander Voropay
2007-03-20 9:51 ` Thiemo Seufer
2007-03-20 18:27 ` Stefan Weil
2007-03-25 0:22 ` Thiemo Seufer
2007-03-25 1:43 ` Aurelien Jarno
2007-03-25 12:51 ` Stuart Brady
2007-03-25 16:26 ` Thiemo Seufer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070319213445.GJ28895@networkno.de \
--to=ths@networkno.de \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.