From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: Roman Bolshakov <r.bolshakov@yadro.com>
Subject: [Qemu-devel] [PULL 14/48] i386: hvf: Fix register refs if REX is present
Date: Thu, 18 Oct 2018 22:31:41 +0200 [thread overview]
Message-ID: <1539894735-14232-15-git-send-email-pbonzini@redhat.com> (raw)
In-Reply-To: <1539894735-14232-1-git-send-email-pbonzini@redhat.com>
From: Roman Bolshakov <r.bolshakov@yadro.com>
According to Intel(R)64 and IA-32 Architectures Software Developer's
Manual, the following one-byte registers should be fetched when REX
prefix is present (sorted by reg encoding index):
AL, CL, DL, BL, SPL, BPL, SIL, DIL, R8L - R15L
The first 8 are fetched if REX.R is zero, the last 8 if non-zero.
The following registers should be fetched for instructions without REX
prefix (also sorted by reg encoding index):
AL, CL, DL, BL, AH, CH, DH, BH
Current emulation code doesn't handle accesses to SPL, BPL, SIL, DIL
when REX is present, thefore an instruction 40883e "mov %dil,(%rsi)" is
decoded as "mov %bh,(%rsi)".
That caused an infinite loop in vp_reset:
https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg03293.html
Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com>
Message-Id: <20181018134401.44471-1-r.bolshakov@yadro.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/hvf/x86_decode.c | 67 +++++++++++++++++++++++++-------------------
target/i386/hvf/x86_decode.h | 6 ++--
2 files changed, 42 insertions(+), 31 deletions(-)
diff --git a/target/i386/hvf/x86_decode.c b/target/i386/hvf/x86_decode.c
index 2d7540f..2e33b69 100644
--- a/target/i386/hvf/x86_decode.c
+++ b/target/i386/hvf/x86_decode.c
@@ -113,7 +113,8 @@ static void decode_modrm_reg(CPUX86State *env, struct x86_decode *decode,
{
op->type = X86_VAR_REG;
op->reg = decode->modrm.reg;
- op->ptr = get_reg_ref(env, op->reg, decode->rex.r, decode->operand_size);
+ op->ptr = get_reg_ref(env, op->reg, decode->rex.rex, decode->rex.r,
+ decode->operand_size);
}
static void decode_rax(CPUX86State *env, struct x86_decode *decode,
@@ -121,7 +122,8 @@ static void decode_rax(CPUX86State *env, struct x86_decode *decode,
{
op->type = X86_VAR_REG;
op->reg = R_EAX;
- op->ptr = get_reg_ref(env, op->reg, 0, decode->operand_size);
+ op->ptr = get_reg_ref(env, op->reg, decode->rex.rex, 0,
+ decode->operand_size);
}
static inline void decode_immediate(CPUX86State *env, struct x86_decode *decode,
@@ -263,16 +265,16 @@ static void decode_incgroup(CPUX86State *env, struct x86_decode *decode)
{
decode->op[0].type = X86_VAR_REG;
decode->op[0].reg = decode->opcode[0] - 0x40;
- decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.b,
- decode->operand_size);
+ decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.rex,
+ decode->rex.b, decode->operand_size);
}
static void decode_decgroup(CPUX86State *env, struct x86_decode *decode)
{
decode->op[0].type = X86_VAR_REG;
decode->op[0].reg = decode->opcode[0] - 0x48;
- decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.b,
- decode->operand_size);
+ decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.rex,
+ decode->rex.b, decode->operand_size);
}
static void decode_incgroup2(CPUX86State *env, struct x86_decode *decode)
@@ -288,16 +290,16 @@ static void decode_pushgroup(CPUX86State *env, struct x86_decode *decode)
{
decode->op[0].type = X86_VAR_REG;
decode->op[0].reg = decode->opcode[0] - 0x50;
- decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.b,
- decode->operand_size);
+ decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.rex,
+ decode->rex.b, decode->operand_size);
}
static void decode_popgroup(CPUX86State *env, struct x86_decode *decode)
{
decode->op[0].type = X86_VAR_REG;
decode->op[0].reg = decode->opcode[0] - 0x58;
- decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.b,
- decode->operand_size);
+ decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.rex,
+ decode->rex.b, decode->operand_size);
}
static void decode_jxx(CPUX86State *env, struct x86_decode *decode)
@@ -378,16 +380,16 @@ static void decode_xchgroup(CPUX86State *env, struct x86_decode *decode)
{
decode->op[0].type = X86_VAR_REG;
decode->op[0].reg = decode->opcode[0] - 0x90;
- decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.b,
- decode->operand_size);
+ decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.rex,
+ decode->rex.b, decode->operand_size);
}
static void decode_movgroup(CPUX86State *env, struct x86_decode *decode)
{
decode->op[0].type = X86_VAR_REG;
decode->op[0].reg = decode->opcode[0] - 0xb8;
- decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.b,
- decode->operand_size);
+ decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.rex,
+ decode->rex.b, decode->operand_size);
decode_immediate(env, decode, &decode->op[1], decode->operand_size);
}
@@ -402,8 +404,8 @@ static void decode_movgroup8(CPUX86State *env, struct x86_decode *decode)
{
decode->op[0].type = X86_VAR_REG;
decode->op[0].reg = decode->opcode[0] - 0xb0;
- decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.b,
- decode->operand_size);
+ decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.rex,
+ decode->rex.b, decode->operand_size);
decode_immediate(env, decode, &decode->op[1], decode->operand_size);
}
@@ -412,7 +414,8 @@ static void decode_rcx(CPUX86State *env, struct x86_decode *decode,
{
op->type = X86_VAR_REG;
op->reg = R_ECX;
- op->ptr = get_reg_ref(env, op->reg, decode->rex.b, decode->operand_size);
+ op->ptr = get_reg_ref(env, op->reg, decode->rex.rex, decode->rex.b,
+ decode->operand_size);
}
struct decode_tbl {
@@ -639,8 +642,8 @@ static void decode_bswap(CPUX86State *env, struct x86_decode *decode)
{
decode->op[0].type = X86_VAR_REG;
decode->op[0].reg = decode->opcode[1] - 0xc8;
- decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.b,
- decode->operand_size);
+ decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.rex,
+ decode->rex.b, decode->operand_size);
}
static void decode_d9_4(CPUX86State *env, struct x86_decode *decode)
@@ -1686,7 +1689,8 @@ calc_addr:
}
}
-target_ulong get_reg_ref(CPUX86State *env, int reg, int is_extended, int size)
+target_ulong get_reg_ref(CPUX86State *env, int reg, int rex, int is_extended,
+ int size)
{
target_ulong ptr = 0;
int which = 0;
@@ -1698,7 +1702,7 @@ target_ulong get_reg_ref(CPUX86State *env, int reg, int is_extended, int size)
switch (size) {
case 1:
- if (is_extended || reg < 4) {
+ if (is_extended || reg < 4 || rex) {
which = 1;
ptr = (target_ulong)&RL(env, reg);
} else {
@@ -1714,10 +1718,11 @@ target_ulong get_reg_ref(CPUX86State *env, int reg, int is_extended, int size)
return ptr;
}
-target_ulong get_reg_val(CPUX86State *env, int reg, int is_extended, int size)
+target_ulong get_reg_val(CPUX86State *env, int reg, int rex, int is_extended,
+ int size)
{
target_ulong val = 0;
- memcpy(&val, (void *)get_reg_ref(env, reg, is_extended, size), size);
+ memcpy(&val, (void *)get_reg_ref(env, reg, rex, is_extended, size), size);
return val;
}
@@ -1739,7 +1744,8 @@ static target_ulong get_sib_val(CPUX86State *env, struct x86_decode *decode,
if (base_reg == R_ESP || base_reg == R_EBP) {
*sel = R_SS;
}
- base = get_reg_val(env, decode->sib.base, decode->rex.b, addr_size);
+ base = get_reg_val(env, decode->sib.base, decode->rex.rex,
+ decode->rex.b, addr_size);
}
if (decode->rex.x) {
@@ -1747,7 +1753,8 @@ static target_ulong get_sib_val(CPUX86State *env, struct x86_decode *decode,
}
if (index_reg != R_ESP) {
- scaled_index = get_reg_val(env, index_reg, decode->rex.x, addr_size) <<
+ scaled_index = get_reg_val(env, index_reg, decode->rex.rex,
+ decode->rex.x, addr_size) <<
decode->sib.scale;
}
return base + scaled_index;
@@ -1776,7 +1783,8 @@ void calc_modrm_operand32(CPUX86State *env, struct x86_decode *decode,
if (decode->modrm.rm == R_EBP || decode->modrm.rm == R_ESP) {
seg = R_SS;
}
- ptr += get_reg_val(env, decode->modrm.rm, decode->rex.b, addr_size);
+ ptr += get_reg_val(env, decode->modrm.rm, decode->rex.rex,
+ decode->rex.b, addr_size);
}
if (X86_DECODE_CMD_LEA == decode->cmd) {
@@ -1805,7 +1813,8 @@ void calc_modrm_operand64(CPUX86State *env, struct x86_decode *decode,
} else if (0 == mod && 5 == rm) {
ptr = RIP(env) + decode->len + (int32_t) offset;
} else {
- ptr = get_reg_val(env, src, decode->rex.b, 8) + (int64_t) offset;
+ ptr = get_reg_val(env, src, decode->rex.rex, decode->rex.b, 8) +
+ (int64_t) offset;
}
if (X86_DECODE_CMD_LEA == decode->cmd) {
@@ -1822,8 +1831,8 @@ void calc_modrm_operand(CPUX86State *env, struct x86_decode *decode,
if (3 == decode->modrm.mod) {
op->reg = decode->modrm.reg;
op->type = X86_VAR_REG;
- op->ptr = get_reg_ref(env, decode->modrm.rm, decode->rex.b,
- decode->operand_size);
+ op->ptr = get_reg_ref(env, decode->modrm.rm, decode->rex.rex,
+ decode->rex.b, decode->operand_size);
return;
}
diff --git a/target/i386/hvf/x86_decode.h b/target/i386/hvf/x86_decode.h
index 5ab6f31..ef4bcab 100644
--- a/target/i386/hvf/x86_decode.h
+++ b/target/i386/hvf/x86_decode.h
@@ -303,8 +303,10 @@ uint64_t sign(uint64_t val, int size);
uint32_t decode_instruction(CPUX86State *env, struct x86_decode *decode);
-target_ulong get_reg_ref(CPUX86State *env, int reg, int is_extended, int size);
-target_ulong get_reg_val(CPUX86State *env, int reg, int is_extended, int size);
+target_ulong get_reg_ref(CPUX86State *env, int reg, int rex, int is_extended,
+ int size);
+target_ulong get_reg_val(CPUX86State *env, int reg, int rex, int is_extended,
+ int size);
void calc_modrm_operand(CPUX86State *env, struct x86_decode *decode,
struct x86_decode_op *op);
target_ulong decode_linear_addr(CPUX86State *env, struct x86_decode *decode,
--
1.8.3.1
next prev parent reply other threads:[~2018-10-18 20:32 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-18 20:31 [Qemu-devel] [PULL 00/48] Miscellaneous patches for 2018-10-18 Paolo Bonzini
2018-10-18 20:31 ` [Qemu-devel] [PULL 01/48] es1370: more fixes for ADC_FRAMEADR and ADC_FRAMECNT Paolo Bonzini
2018-10-18 20:31 ` [Qemu-devel] [PULL 02/48] Revert some patches from recent [PATCH v6] "Fixing record/replay and adding reverse debugging" Paolo Bonzini
2018-10-18 20:31 ` [Qemu-devel] [PULL 03/48] qemu-timer: introduce timer attributes Paolo Bonzini
2018-11-05 23:16 ` Eric Blake
2018-11-06 5:01 ` Artem Pisarenko
2018-11-06 9:45 ` Paolo Bonzini
2018-11-07 20:21 ` Eric Blake
2018-11-08 9:37 ` Peter Maydell
2018-10-18 20:31 ` [Qemu-devel] [PULL 04/48] qemu-timer: avoid checkpoints for virtual clock timers in external subsystems Paolo Bonzini
2018-10-18 20:31 ` [Qemu-devel] [PULL 05/48] qemu-timer: optimize record/replay checkpointing for all clocks Paolo Bonzini
2018-10-19 6:59 ` Artem Pisarenko
2018-10-18 20:31 ` [Qemu-devel] [PULL 06/48] target-i386: kvm: do not initialize padding fields Paolo Bonzini
2018-10-19 9:03 ` Peter Maydell
2018-10-19 11:44 ` Paolo Bonzini
2018-10-18 20:31 ` [Qemu-devel] [PULL 07/48] linux-headers: update to 4.20-rc1 Paolo Bonzini
2018-10-18 20:31 ` [Qemu-devel] [PULL 08/48] target-i386 : add coalesced_pio API Paolo Bonzini
2018-10-18 20:31 ` [Qemu-devel] [PULL 09/48] target-i386: add rtc 0x70 port as coalesced_pio Paolo Bonzini
2018-10-18 20:31 ` [Qemu-devel] [PULL 10/48] target-i386: add i440fx 0xcf8 " Paolo Bonzini
2018-10-18 20:31 ` [Qemu-devel] [PULL 11/48] target-i386: add q35 " Paolo Bonzini
2018-10-18 20:31 ` [Qemu-devel] [PULL 12/48] replay: don't process events at virtual clock checkpoint Paolo Bonzini
2018-10-18 20:31 ` [Qemu-devel] [PULL 13/48] i386/kvm: add support for Hyper-V IPI send Paolo Bonzini
2018-10-18 20:31 ` Paolo Bonzini [this message]
2018-10-18 20:31 ` [Qemu-devel] [PULL 15/48] i386: hvf: Remove hvf_disabled Paolo Bonzini
2018-10-18 20:31 ` [Qemu-devel] [PULL 16/48] vl: improve/fix documentation related to RTC function Paolo Bonzini
2018-10-18 20:31 ` [Qemu-devel] [PULL 17/48] vl: refactor -rtc option references Paolo Bonzini
2018-10-18 20:31 ` [Qemu-devel] [PULL 18/48] Fixes RTC bug with base datetime shifts in clock=vm Paolo Bonzini
2018-10-18 20:31 ` [Qemu-devel] [PULL 19/48] vl, qapi: offset calculation in RTC_CHANGE event reverted Paolo Bonzini
2018-10-18 20:31 ` [Qemu-devel] [PULL 20/48] call HotplugHandler->plug() as the last step in device realization Paolo Bonzini
2018-10-18 20:31 ` [Qemu-devel] [PULL 21/48] hw: edu: drop DO_UPCAST Paolo Bonzini
2018-10-18 20:31 ` [Qemu-devel] [PULL 22/48] scsi-disk: fix double completion of failing passthrough requests Paolo Bonzini
2018-10-18 20:31 ` [Qemu-devel] [PULL 23/48] scsi-disk: fix rerror/werror=ignore Paolo Bonzini
2018-10-18 20:31 ` [Qemu-devel] [PULL 24/48] hyperv_testdev: refactor for better maintainability Paolo Bonzini
2018-10-18 20:31 ` [Qemu-devel] [PULL 25/48] hyperv_testdev: drop unnecessary includes Paolo Bonzini
2018-10-18 20:31 ` [Qemu-devel] [PULL 26/48] hyperv: cosmetic: g_malloc -> g_new Paolo Bonzini
2018-10-18 20:31 ` [Qemu-devel] [PULL 27/48] hyperv: synic: only setup ack notifier if there's a callback Paolo Bonzini
2018-10-18 20:31 ` [Qemu-devel] [PULL 28/48] hyperv: allow passing arbitrary data to sint ack callback Paolo Bonzini
2018-10-18 20:31 ` [Qemu-devel] [PULL 29/48] hyperv: address HvSintRoute by X86CPU pointer Paolo Bonzini
2018-10-18 20:31 ` [Qemu-devel] [PULL 30/48] hyperv: make HvSintRoute reference-counted Paolo Bonzini
2018-10-18 20:31 ` [Qemu-devel] [PULL 31/48] hyperv: rename kvm_hv_sint_route_set_sint Paolo Bonzini
2018-10-18 20:31 ` [Qemu-devel] [PULL 32/48] hyperv: split hyperv-proto.h into x86 and arch-independent parts Paolo Bonzini
2018-10-18 20:32 ` [Qemu-devel] [PULL 33/48] hyperv: make hyperv_vp_index inline Paolo Bonzini
2018-10-18 20:32 ` [Qemu-devel] [PULL 34/48] hyperv: factor out arch-independent API into hw/hyperv Paolo Bonzini
2018-10-18 20:32 ` [Qemu-devel] [PULL 35/48] default-configs: collect CONFIG_HYPERV* in hyperv.mak Paolo Bonzini
2018-10-18 20:32 ` [Qemu-devel] [PULL 36/48] i386: add hyperv-stub for CONFIG_HYPERV=n Paolo Bonzini
2018-10-18 20:32 ` [Qemu-devel] [PULL 37/48] hyperv:synic: split capability testing and setting Paolo Bonzini
2018-10-18 20:32 ` [Qemu-devel] [PULL 39/48] hyperv: only add SynIC in compatible configurations Paolo Bonzini
2018-10-18 20:32 ` [Qemu-devel] [PULL 40/48] hyperv: make overlay pages for SynIC Paolo Bonzini
2018-10-18 20:32 ` [Qemu-devel] [PULL 41/48] hyperv: add synic message delivery Paolo Bonzini
2018-10-18 20:32 ` [Qemu-devel] [PULL 42/48] hyperv: add synic event flag signaling Paolo Bonzini
2018-10-18 20:32 ` [Qemu-devel] [PULL 43/48] hyperv: process SIGNAL_EVENT hypercall Paolo Bonzini
2018-10-18 20:32 ` [Qemu-devel] [PULL 44/48] hyperv: add support for KVM_HYPERV_EVENTFD Paolo Bonzini
2018-10-18 20:32 ` [Qemu-devel] [PULL 45/48] hyperv: process POST_MESSAGE hypercall Paolo Bonzini
2018-10-18 20:32 ` [Qemu-devel] [PULL 46/48] hyperv_testdev: add SynIC message and event testmodes Paolo Bonzini
2018-10-18 20:32 ` [Qemu-devel] [PULL 47/48] target/i386: kvm: just return after migrate_add_blocker failed Paolo Bonzini
2018-10-18 20:32 ` [Qemu-devel] [PULL 48/48] replay: pass raw icount value to replay_save_clock Paolo Bonzini
2018-10-19 7:32 ` [Qemu-devel] [PULL 00/48] Miscellaneous patches for 2018-10-18 Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1539894735-14232-15-git-send-email-pbonzini@redhat.com \
--to=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=r.bolshakov@yadro.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).