[Qemu-devel] [PATCH] i386 translation: fix typo in xsetbv implementation

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [Qemu-devel] [PATCH] i386 translation: fix typo in xsetbv implementation
@ 2016-07-20 15:57 Dave Hansen
  2016-07-23  1:31 ` Richard Henderson
  0 siblings, 1 reply; 3+ messages in thread
From: Dave Hansen @ 2016-07-20 15:57 UTC (permalink / raw)
  To: dave, qemu-devel
  Cc: Dave Hansen, Dave Hansen, Paolo Bonzini, Eduardo Habkost,
	Richard Henderson

QEMU 2.6 added support for the XSAVE family of instructions, which
includes the XSETBV instruction which allows setting the 'XCR0'
register.

But, when booting Linux kernels with XSAVE support enabled, I was
getting very early crashes where the instruction pointer was set
to 0x3.  I tracked it down to a jump instruction generated by this:

	gen_jmp_im(s->pc - pc_start);

where s->pc is pointing to the instruction after XSETBV and pc_start
is pointing _at_ XSETBV.  Subtract the two and you get 0x3.  Whoops.

The fix is to replace this typo with the pattern found everywhere
else in the file when folks want to end the translation buffer.

Richard Henderson confirmed that this is a bug and that this is the
correct fix.

Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Eduardo Habkost <ehabkost@redhat.com>
Cc: Richard Henderson <rth@twiddle.net>
---
 target-i386/translate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target-i386/translate.c b/target-i386/translate.c
index 1a1214d..53a065c 100644
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -7170,7 +7170,7 @@ static target_ulong disas_insn(CPUX86State *env, DisasContext *s,
             tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_regs[R_ECX]);
             gen_helper_xsetbv(cpu_env, cpu_tmp2_i32, cpu_tmp1_i64);
             /* End TB because translation flags may change.  */
-            gen_jmp_im(s->pc - pc_start);
+            gen_jmp_im(s->pc - s->cs_base);
             gen_eob(s);
             break;

-- 
1.9.1

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [Qemu-devel] [PATCH] i386 translation: fix typo in xsetbv implementation
  2016-07-20 15:57 [Qemu-devel] [PATCH] i386 translation: fix typo in xsetbv implementation Dave Hansen
@ 2016-07-23  1:31 ` Richard Henderson
  2016-07-23  7:51   ` Paolo Bonzini
  0 siblings, 1 reply; 3+ messages in thread
From: Richard Henderson @ 2016-07-23  1:31 UTC (permalink / raw)
  To: Dave Hansen, dave, qemu-devel; +Cc: Dave Hansen, Eduardo Habkost, Paolo Bonzini

On 07/20/2016 09:27 PM, Dave Hansen wrote:
> QEMU 2.6 added support for the XSAVE family of instructions, which
> includes the XSETBV instruction which allows setting the 'XCR0'
> register.
>
> But, when booting Linux kernels with XSAVE support enabled, I was
> getting very early crashes where the instruction pointer was set
> to 0x3.  I tracked it down to a jump instruction generated by this:
>
> 	gen_jmp_im(s->pc - pc_start);
>
> where s->pc is pointing to the instruction after XSETBV and pc_start
> is pointing _at_ XSETBV.  Subtract the two and you get 0x3.  Whoops.
>
> The fix is to replace this typo with the pattern found everywhere
> else in the file when folks want to end the translation buffer.
>
> Richard Henderson confirmed that this is a bug and that this is the
> correct fix.
>
> Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Cc: Eduardo Habkost <ehabkost@redhat.com>
> Cc: Richard Henderson <rth@twiddle.net>
> ---
>  target-i386/translate.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Richard Henderson <rth@twiddle.net>


r~

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [Qemu-devel] [PATCH] i386 translation: fix typo in xsetbv implementation
  2016-07-23  1:31 ` Richard Henderson
@ 2016-07-23  7:51   ` Paolo Bonzini
  0 siblings, 0 replies; 3+ messages in thread
From: Paolo Bonzini @ 2016-07-23  7:51 UTC (permalink / raw)
  To: Richard Henderson
  Cc: Dave Hansen, dave, qemu-devel, Dave Hansen, Eduardo Habkost,
	qemu-stable

> On 07/20/2016 09:27 PM, Dave Hansen wrote:
> > QEMU 2.6 added support for the XSAVE family of instructions, which
> > includes the XSETBV instruction which allows setting the 'XCR0'
> > register.
> >
> > But, when booting Linux kernels with XSAVE support enabled, I was
> > getting very early crashes where the instruction pointer was set
> > to 0x3.  I tracked it down to a jump instruction generated by this:
> >
> > 	gen_jmp_im(s->pc - pc_start);
> >
> > where s->pc is pointing to the instruction after XSETBV and pc_start
> > is pointing _at_ XSETBV.  Subtract the two and you get 0x3.  Whoops.
> >
> > The fix is to replace this typo with the pattern found everywhere
> > else in the file when folks want to end the translation buffer.
> >
> > Richard Henderson confirmed that this is a bug and that this is the
> > correct fix.
> >
> > Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
> > Cc: Paolo Bonzini <pbonzini@redhat.com>
> > Cc: Eduardo Habkost <ehabkost@redhat.com>
> > Cc: Richard Henderson <rth@twiddle.net>
> > ---
> >  target-i386/translate.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> Reviewed-by: Richard Henderson <rth@twiddle.net>

Thanks, queued and CCed qemu-stable.

Paolo

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2016-07-23  7:52 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-07-20 15:57 [Qemu-devel] [PATCH] i386 translation: fix typo in xsetbv implementation Dave Hansen
2016-07-23  1:31 ` Richard Henderson
2016-07-23  7:51   ` Paolo Bonzini

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).