From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1KJZ5s-00010d-Ee for qemu-devel@nongnu.org; Thu, 17 Jul 2008 15:24:48 -0400 Received: from [199.232.76.173] (port=34059 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1KJZ5r-000108-Sh for qemu-devel@nongnu.org; Thu, 17 Jul 2008 15:24:47 -0400 Received: from mx1.polytechnique.org ([129.104.30.34]:39137) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1KJZ5r-0000Dz-JJ for qemu-devel@nongnu.org; Thu, 17 Jul 2008 15:24:47 -0400 Received: from fbe1.dev.netgem.com (gw.netgem.com [195.68.2.34]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ssl.polytechnique.org (Postfix) with ESMTP id A1DD733172 for ; Thu, 17 Jul 2008 21:24:44 +0200 (CEST) Message-ID: <487F9C7C.3070304@bellard.org> Date: Thu, 17 Jul 2008 21:24:44 +0200 From: Fabrice Bellard MIME-Version: 1.0 Subject: Re: [Qemu-devel] [RFC][PATCH] x86: CS limit checks References: <487F3393.3040609@siemens.com> <200807171437.13717.paul@codesourcery.com> <487F6F0F.4010507@siemens.com> <200807171845.45005.paul@codesourcery.com> In-Reply-To: <200807171845.45005.paul@codesourcery.com> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Paul Brook wrote: >> To me it looks like as if the generator can so far raise a PF >> prematurely when it steps on an invalid code address while building a >> new TB. This probably has to fix the same way as the limit check is >> realized: by injecting an exception (PF or GP) into the generated code >> at the correct PC. Hmm, the PF-during-translation issue is probably not >> just limited to x86... > > Alpha, PPC, SPARC, SH and ARM avoid the problem by having fixed length word > aligned instructions. Thumb-1 has special handling for the cross-boundary > case (Instructions aren't really variable length, we just treat them that way > as an optimisation). > > Thumb-2, m68k, cris and x86 all look like they may incorrectly fetch code from > the next page. For x86 it is an expected behavior, not a bug. However, I agree that it would be safer to explicitely generate the exception. My plan has always been to suppress the ldx_code functions and to explicitly handle the PF and the cs_limit cases. Jocelyn Mayer submitted some time ago a patch to go in that direction. Fabrice.