From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: Richard Henderson <richard.henderson@linaro.org>
Subject: [Qemu-devel] [PULL 10/15] target/i386: Generate #UD when applying LOCK to a register destination
Date: Tue, 27 Nov 2018 15:36:32 +0100 [thread overview]
Message-ID: <1543329397-48407-11-git-send-email-pbonzini@redhat.com> (raw)
In-Reply-To: <1543329397-48407-1-git-send-email-pbonzini@redhat.com>
From: Richard Henderson <richard.henderson@linaro.org>
Fixes a TCG crash due to attempting the atomic operation without
having set up the address first. This does not attempt to fix
all of the other missing checks for LOCK.
Fixes: a7cee522f35
Fixes: https://bugs.launchpad.net/qemu/+bug/1803160
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20181113193510.24862-1-richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/translate.c | 35 ++++++++++++++++++++---------------
1 file changed, 20 insertions(+), 15 deletions(-)
diff --git a/target/i386/translate.c b/target/i386/translate.c
index f8bc768..0dd5fbe 100644
--- a/target/i386/translate.c
+++ b/target/i386/translate.c
@@ -1268,10 +1268,30 @@ static void gen_helper_fp_arith_STN_ST0(int op, int opreg)
}
}
+static void gen_exception(DisasContext *s, int trapno, target_ulong cur_eip)
+{
+ gen_update_cc_op(s);
+ gen_jmp_im(s, cur_eip);
+ gen_helper_raise_exception(cpu_env, tcg_const_i32(trapno));
+ s->base.is_jmp = DISAS_NORETURN;
+}
+
+/* Generate #UD for the current instruction. The assumption here is that
+ the instruction is known, but it isn't allowed in the current cpu mode. */
+static void gen_illegal_opcode(DisasContext *s)
+{
+ gen_exception(s, EXCP06_ILLOP, s->pc_start - s->cs_base);
+}
+
/* if d == OR_TMP0, it means memory operand (address in A0) */
static void gen_op(DisasContext *s1, int op, TCGMemOp ot, int d)
{
if (d != OR_TMP0) {
+ if (s1->prefix & PREFIX_LOCK) {
+ /* Lock prefix when destination is not memory. */
+ gen_illegal_opcode(s1);
+ return;
+ }
gen_op_mov_v_reg(s1, ot, s1->T0, d);
} else if (!(s1->prefix & PREFIX_LOCK)) {
gen_op_ld_v(s1, ot, s1->T0, s1->A0);
@@ -2469,21 +2489,6 @@ static void gen_leave(DisasContext *s)
gen_op_mov_reg_v(s, a_ot, R_ESP, s->T1);
}
-static void gen_exception(DisasContext *s, int trapno, target_ulong cur_eip)
-{
- gen_update_cc_op(s);
- gen_jmp_im(s, cur_eip);
- gen_helper_raise_exception(cpu_env, tcg_const_i32(trapno));
- s->base.is_jmp = DISAS_NORETURN;
-}
-
-/* Generate #UD for the current instruction. The assumption here is that
- the instruction is known, but it isn't allowed in the current cpu mode. */
-static void gen_illegal_opcode(DisasContext *s)
-{
- gen_exception(s, EXCP06_ILLOP, s->pc_start - s->cs_base);
-}
-
/* Similarly, except that the assumption here is that we don't decode
the instruction at all -- either a missing opcode, an unimplemented
feature, or just a bogus instruction stream. */
--
1.8.3.1
next prev parent reply other threads:[~2018-11-27 14:37 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-27 14:36 [Qemu-devel] [PULL v2 00/15] Misc patches for QEMU 3.1-rc3 Paolo Bonzini
2018-11-27 14:36 ` [Qemu-devel] [PULL 01/15] target/i386: kvm: add VMX migration blocker Paolo Bonzini
2018-11-27 14:36 ` [Qemu-devel] [PULL 02/15] cpus: run work items for all vCPUs if single-threaded Paolo Bonzini
2018-11-27 14:36 ` [Qemu-devel] [PULL 03/15] lsi: Reselection needed to remove pending commands from queue Paolo Bonzini
2018-11-27 14:36 ` [Qemu-devel] [PULL 04/15] migration: savevm: consult migration blockers Paolo Bonzini
2018-11-27 14:36 ` [Qemu-devel] [PULL 05/15] vmstate: constify VMStateField Paolo Bonzini
2018-11-27 14:36 ` [Qemu-devel] [PULL 06/15] vl: Improve error message when we can't load fw_cfg from file Paolo Bonzini
2018-11-27 14:36 ` [Qemu-devel] [PULL 07/15] vhost-user-bridge: fix recvmsg iovlen Paolo Bonzini
2018-11-27 14:36 ` [Qemu-devel] [PULL 08/15] vl.c: remove outdated comment Paolo Bonzini
2018-11-27 14:36 ` [Qemu-devel] [PULL 09/15] checkpatch: g_test_message does not need a trailing newline Paolo Bonzini
2018-11-27 14:36 ` Paolo Bonzini [this message]
2018-11-27 14:36 ` [Qemu-devel] [PULL 11/15] MAINTAINERS: Add some missing entries related to accelerators Paolo Bonzini
2018-11-27 14:36 ` [Qemu-devel] [PULL 12/15] MAINTAINERS: Add an entry for the Firmware Configuration (fw_cfg) device Paolo Bonzini
2018-11-27 14:36 ` [Qemu-devel] [PULL 13/15] configure: fix elf2dmp check Paolo Bonzini
2018-11-27 14:36 ` [Qemu-devel] [PULL 14/15] hostmem-memfd: honour share=on/off property Paolo Bonzini
2018-11-27 14:36 ` [Qemu-devel] [PULL 15/15] hostmem: no need to check for host_memory_backend_mr_inited() in alloc() Paolo Bonzini
2018-11-27 15:43 ` [Qemu-devel] [PULL v2 00/15] Misc patches for QEMU 3.1-rc3 Peter Maydell
2018-11-27 15:47 ` Laurent Vivier
2018-11-27 15:59 ` Paolo Bonzini
2018-11-27 18:36 ` Peter Maydell
-- strict thread matches above, loose matches on Subject: below --
2018-11-26 19:40 [Qemu-devel] [PULL " Paolo Bonzini
2018-11-26 19:40 ` [Qemu-devel] [PULL 10/15] target/i386: Generate #UD when applying LOCK to a register destination Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1543329397-48407-11-git-send-email-pbonzini@redhat.com \
--to=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).