From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:42615) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bWrkn-0004gm-JY for qemu-devel@nongnu.org; Mon, 08 Aug 2016 17:06:36 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bWrkk-0006Fu-Le for qemu-devel@nongnu.org; Mon, 08 Aug 2016 17:06:33 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:46048) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bWrkk-0006Fa-CW for qemu-devel@nongnu.org; Mon, 08 Aug 2016 17:06:30 -0400 Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.11/8.16.0.11) with SMTP id u78Kxkat121711 for ; Mon, 8 Aug 2016 17:06:29 -0400 Received: from e33.co.us.ibm.com (e33.co.us.ibm.com [32.97.110.151]) by mx0a-001b2d01.pphosted.com with ESMTP id 24nce8fv6a-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Mon, 08 Aug 2016 17:06:29 -0400 Received: from localhost by e33.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 8 Aug 2016 15:06:29 -0600 From: Michael Roth Date: Mon, 8 Aug 2016 16:04:25 -0500 In-Reply-To: <1470690267-31454-1-git-send-email-mdroth@linux.vnet.ibm.com> References: <1470690267-31454-1-git-send-email-mdroth@linux.vnet.ibm.com> Message-Id: <1470690267-31454-55-git-send-email-mdroth@linux.vnet.ibm.com> Subject: [Qemu-devel] [PATCH 54/56] target-i386: fix typo in xsetbv implementation List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Dave Hansen , Eduardo Habkost , Paolo Bonzini From: Dave Hansen QEMU 2.6 added support for the XSAVE family of instructions, which includes the XSETBV instruction which allows setting the XCR0 register. But, when booting Linux kernels with XSAVE support enabled, I was getting very early crashes where the instruction pointer was set to 0x3. I tracked it down to a jump instruction generated by this: gen_jmp_im(s->pc - pc_start); where s->pc is pointing to the instruction after XSETBV and pc_start is pointing _at_ XSETBV. Subtract the two and you get 0x3. Whoops. The fix is to replace this typo with the pattern found everywhere else in the file when folks want to end the translation buffer. Richard Henderson confirmed that this is a bug and that this is the correct fix. Signed-off-by: Dave Hansen Cc: qemu-stable@nongnu.org Cc: Eduardo Habkost Reviewed-by: Richard Henderson Signed-off-by: Paolo Bonzini (cherry picked from commit ba03584f4f88082368b2562e515c3d60421b68ce) Signed-off-by: Michael Roth --- target-i386/translate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target-i386/translate.c b/target-i386/translate.c index 69760b4..922347c 100644 --- a/target-i386/translate.c +++ b/target-i386/translate.c @@ -7170,7 +7170,7 @@ static target_ulong disas_insn(CPUX86State *env, DisasContext *s, tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_regs[R_ECX]); gen_helper_xsetbv(cpu_env, cpu_tmp2_i32, cpu_tmp1_i64); /* End TB because translation flags may change. */ - gen_jmp_im(s->pc - pc_start); + gen_jmp_im(s->pc - s->cs_base); gen_eob(s); break; -- 1.9.1