From: Richard Henderson <rth@twiddle.net>
To: Yongbok Kim <yongbok.kim@imgtec.com>, qemu-devel@nongnu.org
Cc: peter.maydell@linaro.org, leon.alrae@imgtec.com
Subject: Re: [Qemu-devel] [PATCH] tcg: fix segfault when MO_UNALN is set
Date: Tue, 26 May 2015 09:10:26 -0700 [thread overview]
Message-ID: <55649AF2.4080006@twiddle.net> (raw)
In-Reply-To: <556497D8.7030708@imgtec.com>
On 05/26/2015 08:57 AM, Yongbok Kim wrote:
> On 26/05/2015 16:49, Richard Henderson wrote:
>> On 05/26/2015 05:46 AM, Yongbok Kim wrote:
>>> MO_UNALN caused segfaults when it is set, it reached out of boundary of
>>> load/ store function pointer arrays in tcg_out_qemu_{ld,st}_slow_path()
>>> or its equivalents.
>>
>> I'd like to know more about this crash please. Where does it happen?
>>
>>
>> r~
>>
>
> tcg/i386/tcg-target.c
>
>> static void * const qemu_st_helpers[16] = {
>> [MO_UB] = helper_ret_stb_mmu,
>> [MO_LEUW] = helper_le_stw_mmu,
>> [MO_LEUL] = helper_le_stl_mmu,
>> [MO_LEQ] = helper_le_stq_mmu,
>> [MO_BEUW] = helper_be_stw_mmu,
>> [MO_BEUL] = helper_be_stl_mmu,
>> [MO_BEQ] = helper_be_stq_mmu,
>> };
>
> ...
>
>> static void tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
>> {
>
>> TCGMemOp opc = get_memop(oi);
>
>> /* "Tail call" to the helper, with the return address back inline. */
>> tcg_out_push(s, retaddr);
>> tcg_out_jmp(s, qemu_st_helpers[opc]);
>
> Here is the crashing point...
Ah, I think I'd masked things in there. But clearly not.
Your patch has the nice property of not having to modify all the backends, but
it has the unfortunate property that make* and get* become asymmetrical.
I'll try to come up with an alternative soon, and we'll see how messy it gets.
r~
prev parent reply other threads:[~2015-05-26 16:10 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-26 12:46 [Qemu-devel] [PATCH] tcg: fix segfault when MO_UNALN is set Yongbok Kim
2015-05-26 15:49 ` Richard Henderson
2015-05-26 15:57 ` Yongbok Kim
2015-05-26 16:10 ` Richard Henderson [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55649AF2.4080006@twiddle.net \
--to=rth@twiddle.net \
--cc=leon.alrae@imgtec.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=yongbok.kim@imgtec.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.