[Qemu-devel] call insn not truncated on x86_64

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Kevin O'Connor <kevin@koconnor.net>
To: qemu-devel@nongnu.org
Subject: [Qemu-devel] call insn not truncated on x86_64
Date: Sat, 2 Jan 2010 13:26:54 -0500	[thread overview]
Message-ID: <20100102182654.GA20848@morn.localdomain> (raw)

I'm running into an issue with SeaBIOS compiled with older versions of
gcc.  I'm seeing:

$ qemu-system-x86_64 -d in_asm,int,exec,cpu,pcall

IN: 
0x00000000000f1096:  mov    %ebx,%eax
0x00000000000f1098:  call   0xffff0f80

qemu: fatal: Trying to execute code outside RAM or ROM at 0xffffffffffff0f80

The emulator dies at this point.  This code sequence is used to jump
into the copy of SeaBIOS at the permanent rom location (at
0xfffe0000-0xffffffff) so it can safely enable ram in the
0xe0000-0x100000 memory area.  The call insn looks okay to me:

   f1098:       e8 e3 fe ef ff          calll  ffff0f80

So, I'm not sure why qemu dies.  This is what I see on the i386
version of qemu:

$ qemu -d in_asm,int,exec,cpu,pcall

IN: 
0x000f1096:  mov    %ebx,%eax
0x000f1098:  call   0xffff0f80

IN: 
0xffff0f80:  push   %ebp
0xffff0f81:  push   %edi
[...]

Newer versions of gcc emit code a little different and thus don't run
into the issue - I see:

$ qemu-system-x86_64 -d in_asm,int,exec,cpu,pcall

IN: 
0x00000000000f365e:  mov    %ecx,%eax
0x00000000000f3660:  mov    $0xfffeddea,%edx
0x00000000000f3665:  call   *%edx

IN: 
0x00000000fffeddea:  push   %ebp
0x00000000fffeddeb:  push   %edi
[...]

and:

$ qemu -d in_asm,int,exec,cpu,pcall

IN: 
0x000f365e:  mov    %ecx,%eax
0x000f3660:  mov    $0xfffeddea,%edx
0x000f3665:  call   *%edx

IN: 
0xfffeddea:  push   %ebp
0xfffeddeb:  push   %edi
[...]

As a guess, qemu is not truncating the instruction pointer to 32bits
in the 64bit emulator.  In all of the above cases, the machine was in
32bit mode and running 32bit only code.

It should be possible to reproduce this problem by downloading SeaBIOS
and compiling with gcc34:

git clone git://git.linuxtogo.org/home/kevin/seabios.git
cd seabios
CC=gcc34 make
cp out/bios.bin /path/to/qemu/bios/

-Kevin

next             reply	other threads:[~2010-01-02 18:27 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-01-02 18:26 Kevin O'Connor [this message]
2010-01-02 20:35 ` [Qemu-devel] call insn not truncated on x86_64 Aurelien Jarno
2010-01-02 22:28   ` Kevin O'Connor

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20100102182654.GA20848@morn.localdomain \
    --to=kevin@koconnor.net \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).