From: Jamie Lokier <jamie@shareable.org>
To: Avi Kivity <avi@redhat.com>
Cc: Clemens Kolbitsch <ck@iseclab.org>, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] i386 emulation bug: mov reg, [addr]
Date: Tue, 15 Dec 2009 21:21:27 +0000 [thread overview]
Message-ID: <20091215212127.GB26319@shareable.org> (raw)
In-Reply-To: <4B27E95C.8040903@redhat.com>
Avi Kivity wrote:
> On 12/15/2009 08:48 PM, Clemens Kolbitsch wrote:
> >Hi list,
> >
> >I'm experiencing a strange emulation bug with the op-code below. The
> >instruction raises a segfault in the application (running on the guest),
> >however, if I enable KVM to run the exact same application, no segfault is
> >raised.
> >
> >0x0080023b: 8b 04 65 11 22 33 44 mov regEAX, [0x44332211]
> >
> >where "11 22 33 44" is just some address. According to gdb (on a 32bit
> >little-
> >endian machine), this instruction can be disassembled as a "mov address to
> >reg-eax".
> >
>
> This is an odd encoding for this instruction, since there is a shorter
> one possible (8b 05 11 22 33 44). So it is possible there is a bug in
> qemu that has never been triggered because compilers/assemblers don't
> generate this encoding.
>
> btw, binutils disassembles this as
>
> 8b 04 65 11 22 33 44 mov 0x44332211(,%eiz,2),%eax
>
> I guess %eiz is some mnemonic for a "zero register" so the assembly can
> be reassembled into a 7-byte instruction later.
That's right. Gas accepts it if given the undocumented -mindex-reg
flag, apparently. %eiz / eiz appears to be a Gas-specific invention,
not standard AT&T or Intel syntax.
-- Jamie
next prev parent reply other threads:[~2009-12-15 21:21 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-12-15 18:48 [Qemu-devel] i386 emulation bug: mov reg, [addr] Clemens Kolbitsch
2009-12-15 19:54 ` Avi Kivity
2009-12-15 21:21 ` Jamie Lokier [this message]
2009-12-16 8:56 ` Clemens Kolbitsch
2009-12-16 9:05 ` Avi Kivity
2009-12-16 9:28 ` [Qemu-devel] " Paolo Bonzini
2009-12-15 21:26 ` [Qemu-devel] " Jamie Lokier
2009-12-15 22:24 ` malc
2009-12-15 23:37 ` [Qemu-devel] " Paolo Bonzini
2009-12-16 10:07 ` [Qemu-devel] " Avi Kivity
2010-03-06 17:02 ` Aurelien Jarno
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20091215212127.GB26319@shareable.org \
--to=jamie@shareable.org \
--cc=avi@redhat.com \
--cc=ck@iseclab.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).