From: Dave Hansen <dave.hansen@intel.com>
To: dave@sr71.net, qemu-devel@nongnu.org
Cc: Dave Hansen <dave.hansen@intel.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Eduardo Habkost <ehabkost@redhat.com>,
Richard Henderson <rth@twiddle.net>
Subject: [Qemu-devel] [PATCH] i386 translation: fix typo in xsetbv implementation
Date: Wed, 20 Jul 2016 08:57:40 -0700 [thread overview]
Message-ID: <1469030260-28448-1-git-send-email-dave.hansen@intel.com> (raw)
QEMU 2.6 added support for the XSAVE family of instructions, which
includes the XSETBV instruction which allows setting the 'XCR0'
register.
But, when booting Linux kernels with XSAVE support enabled, I was
getting very early crashes where the instruction pointer was set
to 0x3. I tracked it down to a jump instruction generated by this:
gen_jmp_im(s->pc - pc_start);
where s->pc is pointing to the instruction after XSETBV and pc_start
is pointing _at_ XSETBV. Subtract the two and you get 0x3. Whoops.
The fix is to replace this typo with the pattern found everywhere
else in the file when folks want to end the translation buffer.
Richard Henderson confirmed that this is a bug and that this is the
correct fix.
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Eduardo Habkost <ehabkost@redhat.com>
Cc: Richard Henderson <rth@twiddle.net>
---
target-i386/translate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target-i386/translate.c b/target-i386/translate.c
index 1a1214d..53a065c 100644
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -7170,7 +7170,7 @@ static target_ulong disas_insn(CPUX86State *env, DisasContext *s,
tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_regs[R_ECX]);
gen_helper_xsetbv(cpu_env, cpu_tmp2_i32, cpu_tmp1_i64);
/* End TB because translation flags may change. */
- gen_jmp_im(s->pc - pc_start);
+ gen_jmp_im(s->pc - s->cs_base);
gen_eob(s);
break;
--
1.9.1
next reply other threads:[~2016-07-20 16:26 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-20 15:57 Dave Hansen [this message]
2016-07-23 1:31 ` [Qemu-devel] [PATCH] i386 translation: fix typo in xsetbv implementation Richard Henderson
2016-07-23 7:51 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1469030260-28448-1-git-send-email-dave.hansen@intel.com \
--to=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=dave@sr71.net \
--cc=ehabkost@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=rth@twiddle.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).