[Qemu-devel] bug: enter fails if level > 0

[Stefan Kisdaroczi <kisda@hispeed.ch>]

[-- Attachment #1: Type: text/plain, Size: 767 bytes --]

Hi,

Instruction: enter esp_addend,level

If level is greater than 0, the enter instruction fails.

1) The Stack-Pointer (esp) is decremented too much
2) too many values are put on the stack
3) the values are wrong.

I changed this two lines in gen_enter() (target-i386/translate.c) :

... fixes 2)
-       while (level--) {
+       while (---level) {

... fixes 1)
-    addend -= opsize * (level1 + 1);
+    addend -= opsize * (level1);
...

level = 1 is now ok, but for 3) the following line inside the while loop
is wrong :
     gen_op_st_T0_A0[ot + s->mem_index]();

This copies T0, but it should copy the value where T0 points to.
How can i fix this ?

merci beaucoup

kisda

A log is attached...( Its a 16bit App, but the Bug seems not to be
16-Bit specific.)


[-- Attachment #2: enter.log --]
[-- Type: text/x-log, Size: 7046 bytes --]

----------------
IN: 
0x010d2fb2:  enter  $0x4,$0x2
0x010d2fb6:  movb   $0x0,-7(%bp)
0x010d2fba:  mov    $0x32,%ax
0x010d2fbd:  push   %ax
0x010d2fbe:  mov    -2(%bp),%si
0x010d2fc1:  lea    %ss:-63(%si),%cx
0x010d2fc5:  push   %ss
0x010d2fc6:  push   %cx
0x010d2fc7:  lcall  $0xb088,$0x143a

OUT: [size=722]
0x08d78e30:  mov    0x10(%ebp),%edi
0x08d78e33:  add    $0xfffffffe,%edi
0x08d78e39:  mov    %edi,%esi
0x08d78e3b:  mov    0xe8(%ebp),%eax
0x08d78e41:  add    %eax,%edi
0x08d78e43:  mov    0x14(%ebp),%ebx
0x08d78e46:  mov    %edi,%edx
0x08d78e48:  mov    %edi,%eax
0x08d78e4a:  shr    $0x9,%edx
0x08d78e4d:  and    $0xfffff001,%eax
0x08d78e52:  and    $0x7f8,%edx
0x08d78e58:  lea    0x1268(%edx,%ebp,1),%edx
0x08d78e5f:  cmp    (%edx),%eax
0x08d78e61:  mov    %edi,%eax
0x08d78e63:  je     0x8d78e72
0x08d78e65:  movzwl %bx,%edx
0x08d78e68:  push   $0x0
0x08d78e6a:  call   0x80b77d0
0x08d78e6f:  pop    %eax
0x08d78e70:  jmp    0x8d78e78
0x08d78e72:  add    0x4(%edx),%eax
0x08d78e75:  mov    %bx,(%eax)
0x08d78e78:  add    $0xfffffffe,%edi
0x08d78e7e:  add    $0xfffffffe,%ebx
0x08d78e84:  mov    %edi,%edx
0x08d78e86:  mov    %edi,%eax
0x08d78e88:  shr    $0x9,%edx
0x08d78e8b:  and    $0xfffff001,%eax
0x08d78e90:  and    $0x7f8,%edx
0x08d78e96:  lea    0x1268(%edx,%ebp,1),%edx
0x08d78e9d:  cmp    (%edx),%eax
0x08d78e9f:  mov    %edi,%eax
0x08d78ea1:  je     0x8d78eb0
0x08d78ea3:  movzwl %bx,%edx
0x08d78ea6:  push   $0x0
0x08d78ea8:  call   0x80b77d0
0x08d78ead:  pop    %eax
0x08d78eae:  jmp    0x8d78eb6
0x08d78eb0:  add    0x4(%edx),%eax
0x08d78eb3:  mov    %bx,(%eax)
0x08d78eb6:  add    $0xfffffffe,%edi
0x08d78ebc:  add    $0xfffffffe,%ebx
0x08d78ec2:  mov    %edi,%edx
0x08d78ec4:  mov    %edi,%eax
0x08d78ec6:  shr    $0x9,%edx
0x08d78ec9:  and    $0xfffff001,%eax
0x08d78ece:  and    $0x7f8,%edx
0x08d78ed4:  lea    0x1268(%edx,%ebp,1),%edx
0x08d78edb:  cmp    (%edx),%eax
0x08d78edd:  mov    %edi,%eax
0x08d78edf:  je     0x8d78eee
0x08d78ee1:  movzwl %bx,%edx
0x08d78ee4:  push   $0x0
0x08d78ee6:  call   0x80b77d0
0x08d78eeb:  pop    %eax
0x08d78eec:  jmp    0x8d78ef4
0x08d78eee:  add    0x4(%edx),%eax
0x08d78ef1:  mov    %bx,(%eax)
0x08d78ef4:  add    $0xfffffffe,%edi
0x08d78efa:  mov    %edi,%edx
0x08d78efc:  mov    %edi,%eax
0x08d78efe:  shr    $0x9,%edx
0x08d78f01:  and    $0xfffff001,%eax
0x08d78f06:  and    $0x7f8,%edx
0x08d78f0c:  lea    0x1268(%edx,%ebp,1),%edx
0x08d78f13:  cmp    (%edx),%eax
0x08d78f15:  mov    %edi,%eax
0x08d78f17:  je     0x8d78f26
0x08d78f19:  movzwl %si,%edx
0x08d78f1c:  push   $0x0
0x08d78f1e:  call   0x80b77d0
0x08d78f23:  pop    %eax
0x08d78f24:  jmp    0x8d78f2c
0x08d78f26:  add    0x4(%edx),%eax
0x08d78f29:  mov    %si,(%eax)
0x08d78f2c:  mov    %si,0x14(%ebp)
0x08d78f30:  add    $0xfffffff6,%esi
0x08d78f36:  mov    %si,0x10(%ebp)
0x08d78f3a:  mov    0x14(%ebp),%edi
0x08d78f3d:  add    $0xfffffff9,%edi
0x08d78f43:  and    $0xffff,%edi
0x08d78f49:  mov    0xe8(%ebp),%eax
0x08d78f4f:  add    %eax,%edi
0x08d78f51:  mov    $0x0,%ebx
0x08d78f56:  mov    %edi,%edx
0x08d78f58:  mov    %edi,%eax
0x08d78f5a:  shr    $0x9,%edx
0x08d78f5d:  and    $0xfffff000,%eax
0x08d78f62:  and    $0x7f8,%edx
0x08d78f68:  lea    0x1268(%edx,%ebp,1),%edx
0x08d78f6f:  cmp    (%edx),%eax
0x08d78f71:  mov    %edi,%eax
0x08d78f73:  je     0x8d78f82
0x08d78f75:  movzbl %bl,%edx
0x08d78f78:  push   $0x0
0x08d78f7a:  call   0x80b7330
0x08d78f7f:  pop    %eax
0x08d78f80:  jmp    0x8d78f87
0x08d78f82:  add    0x4(%edx),%eax
0x08d78f85:  mov    %bl,(%eax)
0x08d78f87:  mov    $0x32,%ebx
0x08d78f8c:  mov    %bx,0x0(%ebp)
0x08d78f90:  mov    0x0(%ebp),%ebx
0x08d78f93:  mov    0x10(%ebp),%edi
0x08d78f96:  sub    $0x2,%edi
0x08d78f99:  mov    %edi,%esi
0x08d78f9b:  mov    0xe8(%ebp),%eax
0x08d78fa1:  add    %eax,%edi
0x08d78fa3:  mov    %edi,%edx
0x08d78fa5:  mov    %edi,%eax
0x08d78fa7:  shr    $0x9,%edx
0x08d78faa:  and    $0xfffff001,%eax
0x08d78faf:  and    $0x7f8,%edx
0x08d78fb5:  lea    0x1268(%edx,%ebp,1),%edx
0x08d78fbc:  cmp    (%edx),%eax
0x08d78fbe:  mov    %edi,%eax
0x08d78fc0:  je     0x8d78fcf
0x08d78fc2:  movzwl %bx,%edx
0x08d78fc5:  push   $0x0
0x08d78fc7:  call   0x80b77d0
0x08d78fcc:  pop    %eax
0x08d78fcd:  jmp    0x8d78fd5
0x08d78fcf:  add    0x4(%edx),%eax
0x08d78fd2:  mov    %bx,(%eax)
0x08d78fd5:  mov    %esi,0x10(%ebp)
0x08d78fd8:  mov    0x14(%ebp),%edi
0x08d78fdb:  add    $0xfffffffe,%edi
0x08d78fe1:  and    $0xffff,%edi
0x08d78fe7:  mov    0xe8(%ebp),%eax
0x08d78fed:  add    %eax,%edi
0x08d78fef:  mov    %edi,%edx
0x08d78ff1:  mov    %edi,%eax
0x08d78ff3:  shr    $0x9,%edx
0x08d78ff6:  and    $0xfffff001,%eax
0x08d78ffb:  and    $0x7f8,%edx
0x08d79001:  lea    0x268(%edx,%ebp,1),%edx
0x08d79008:  cmp    (%edx),%eax
0x08d7900a:  mov    %edi,%eax
0x08d7900c:  je     0x8d7901a
0x08d7900e:  push   $0x0
0x08d79010:  call   0x80b7570
0x08d79015:  pop    %edx
0x08d79016:  mov    %eax,%ebx
0x08d79018:  jmp    0x8d79020
0x08d7901a:  add    0x4(%edx),%eax
0x08d7901d:  movzwl (%eax),%ebx
0x08d79020:  mov    %bx,0x18(%ebp)
0x08d79024:  mov    0x18(%ebp),%edi
0x08d79027:  add    $0xffffffc1,%edi
0x08d7902d:  and    $0xffff,%edi
0x08d79033:  mov    %di,0x4(%ebp)
0x08d79037:  mov    $0x2,%eax
0x08d7903c:  shl    $0x4,%eax
0x08d7903f:  mov    0xc4(%ebp,%eax,1),%ebx
0x08d79046:  mov    0x10(%ebp),%edi
0x08d79049:  sub    $0x2,%edi
0x08d7904c:  mov    %edi,%esi
0x08d7904e:  mov    0xe8(%ebp),%eax
0x08d79054:  add    %eax,%edi
0x08d79056:  mov    %edi,%edx
0x08d79058:  mov    %edi,%eax
0x08d7905a:  shr    $0x9,%edx
0x08d7905d:  and    $0xfffff001,%eax
0x08d79062:  and    $0x7f8,%edx
0x08d79068:  lea    0x1268(%edx,%ebp,1),%edx
0x08d7906f:  cmp    (%edx),%eax
0x08d79071:  mov    %edi,%eax
0x08d79073:  je     0x8d79082
0x08d79075:  movzwl %bx,%edx
0x08d79078:  push   $0x0
0x08d7907a:  call   0x80b77d0
0x08d7907f:  pop    %eax
0x08d79080:  jmp    0x8d79088
0x08d79082:  add    0x4(%edx),%eax
0x08d79085:  mov    %bx,(%eax)
0x08d79088:  mov    %esi,0x10(%ebp)
0x08d7908b:  mov    0x4(%ebp),%ebx
0x08d7908e:  mov    0x10(%ebp),%edi
0x08d79091:  sub    $0x2,%edi
0x08d79094:  mov    %edi,%esi
0x08d79096:  mov    0xe8(%ebp),%eax
0x08d7909c:  add    %eax,%edi
0x08d7909e:  mov    %edi,%edx
0x08d790a0:  mov    %edi,%eax
0x08d790a2:  shr    $0x9,%edx
0x08d790a5:  and    $0xfffff001,%eax
0x08d790aa:  and    $0x7f8,%edx
0x08d790b0:  lea    0x1268(%edx,%ebp,1),%edx
0x08d790b7:  cmp    (%edx),%eax
0x08d790b9:  mov    %edi,%eax
0x08d790bb:  je     0x8d790ca
0x08d790bd:  movzwl %bx,%edx
0x08d790c0:  push   $0x0
0x08d790c2:  call   0x80b77d0
0x08d790c7:  pop    %eax
0x08d790c8:  jmp    0x8d790d0
0x08d790ca:  add    0x4(%edx),%eax
0x08d790cd:  mov    %bx,(%eax)
0x08d790d0:  mov    %esi,0x10(%ebp)
0x08d790d3:  mov    $0xb088,%ebx
0x08d790d8:  mov    $0x143a,%esi
0x08d790dd:  movl   $0x307,0x20(%ebp)
0x08d790e4:  sub    $0x8,%esp
0x08d790e7:  mov    $0x30c,%ecx
0x08d790ec:  mov    %ecx,0x4(%esp,1)
0x08d790f0:  movl   $0x0,(%esp,1)
0x08d790f7:  call   0x80b2f30
0x08d790fc:  add    $0x8,%esp
0x08d790ff:  xor    %ebx,%ebx
0x08d79101:  ret