From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HbGTm-00041u-1g for qemu-devel@nongnu.org; Tue, 10 Apr 2007 09:33:50 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HbGTk-0003vT-Bt for qemu-devel@nongnu.org; Tue, 10 Apr 2007 09:33:49 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HbGTk-0003uz-7X for qemu-devel@nongnu.org; Tue, 10 Apr 2007 09:33:48 -0400 Received: from os.inf.tu-dresden.de ([141.76.48.99]) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1HbGPn-0008Vz-8S for qemu-devel@nongnu.org; Tue, 10 Apr 2007 09:29:43 -0400 Received: from chrom.inf.tu-dresden.de ([141.76.48.24]) by os.inf.tu-dresden.de with esmtps (TLSv1:AES256-SHA:256) (Exim 4.66) id 1HbGPj-0002Xb-Eq for qemu-devel@nongnu.org; Tue, 10 Apr 2007 15:29:39 +0200 Received: from kauer by chrom.inf.tu-dresden.de with local (Exim 4.63) (envelope-from ) id 1HbGQn-0006iG-3b for qemu-devel@nongnu.org; Tue, 10 Apr 2007 15:30:45 +0200 Date: Tue, 10 Apr 2007 15:30:45 +0200 Message-ID: <20070410133045.GC6046@chrom.inf.tu-dresden.de> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="WhfpMioaduB5tiZL" Content-Disposition: inline From: Bernhard Kauer Subject: [Qemu-devel] Patch: ptable calculation broken for 32bit code under x86_64 Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org --WhfpMioaduB5tiZL Content-Type: text/plain; charset=us-ascii Content-Disposition: inline The calculation of pdpe and pde addresses is broken, when running 32bit code under x86_64-qemu. The code assumes that the addr parameter is 32bit wide. This assumption does not hold for x86_64 as target. Bernhard Kauer --WhfpMioaduB5tiZL Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename="qemu_pte_bug.diff" Index: target-i386/helper2.c =================================================================== RCS file: /sources/qemu/qemu/target-i386/helper2.c,v retrieving revision 1.46 diff -u -r1.46 helper2.c --- target-i386/helper2.c 7 Apr 2007 11:21:28 -0000 1.46 +++ target-i386/helper2.c 10 Apr 2007 13:28:02 -0000 @@ -670,7 +670,7 @@ #endif { /* XXX: load them when cr3 is loaded ? */ - pdpe_addr = ((env->cr[3] & ~0x1f) + ((addr >> 30) << 3)) & + pdpe_addr = ((env->cr[3] & ~0x1f) + ((addr >> 27) & 0x18)) & env->a20_mask; pdpe = ldq_phys(pdpe_addr); if (!(pdpe & PG_PRESENT_MASK)) { @@ -765,7 +765,7 @@ uint32_t pde; /* page directory entry */ - pde_addr = ((env->cr[3] & ~0xfff) + ((addr >> 20) & ~3)) & + pde_addr = ((env->cr[3] & ~0xfff) + ((addr >> 20) & 0xffc)) & env->a20_mask; pde = ldl_phys(pde_addr); if (!(pde & PG_PRESENT_MASK)) { @@ -910,7 +910,7 @@ } else #endif { - pdpe_addr = ((env->cr[3] & ~0x1f) + ((addr >> 30) << 3)) & + pdpe_addr = ((env->cr[3] & ~0x1f) + ((addr >> 27) & 0x18)) & env->a20_mask; pdpe = ldl_phys(pdpe_addr); if (!(pdpe & PG_PRESENT_MASK)) @@ -940,7 +940,7 @@ page_size = 4096; } else { /* page directory entry */ - pde_addr = ((env->cr[3] & ~0xfff) + ((addr >> 20) & ~3)) & env->a20_mask; + pde_addr = ((env->cr[3] & ~0xfff) + ((addr >> 20) & 0xffc)) & env->a20_mask; pde = ldl_phys(pde_addr); if (!(pde & PG_PRESENT_MASK)) return -1; --WhfpMioaduB5tiZL--