From: Andreas Gustafsson <gson@gson.org>
To: qemu-devel@nongnu.org
Cc: Alexander Graf <agraf@suse.de>
Subject: [Qemu-devel] [PATCH] target-i386: fix cmpxchg instruction emulation
Date: Sat, 10 Dec 2011 11:59:11 +0200 (EET) [thread overview]
Message-ID: <20111210095911.AE7BE75E5D@guava.gson.org> (raw)
When the i386 cmpxchg instruction is executed with a memory operand
and the comparison result is "unequal", do the memory write before
changing the accumulator instead of the other way around, because
otherwise the new accumulator value will incorrectly be used in the
comparison when the instruction is restarted after a page fault.
This bug was originally reported on 2010-04-25 as
https://bugs.launchpad.net/qemu/+bug/569760
Signed-off-by: Andreas Gustafsson <gson@gson.org>
---
--- translate.c.orig 2011-12-09 18:21:28.000000000 +0200
+++ translate.c 2011-12-09 18:21:24.000000000 +0200
@@ -4870,20 +4870,23 @@ static target_ulong disas_insn(DisasCont
tcg_gen_sub_tl(t2, cpu_regs[R_EAX], t0);
gen_extu(ot, t2);
tcg_gen_brcondi_tl(TCG_COND_EQ, t2, 0, label1);
+ label2 = gen_new_label();
if (mod == 3) {
- label2 = gen_new_label();
gen_op_mov_reg_v(ot, R_EAX, t0);
tcg_gen_br(label2);
gen_set_label(label1);
gen_op_mov_reg_v(ot, rm, t1);
- gen_set_label(label2);
} else {
- tcg_gen_mov_tl(t1, t0);
+ /* perform no-op store cycle like physical cpu; must be
+ before changing accumulator to ensure idempotency if
+ the store faults and the instruction is restarted */
+ gen_op_st_v(ot + s->mem_index, t0, a0);
gen_op_mov_reg_v(ot, R_EAX, t0);
+ tcg_gen_br(label2);
gen_set_label(label1);
- /* always store */
gen_op_st_v(ot + s->mem_index, t1, a0);
}
+ gen_set_label(label2);
tcg_gen_mov_tl(cpu_cc_src, t0);
tcg_gen_mov_tl(cpu_cc_dst, t2);
s->cc_op = CC_OP_SUBB + ot;
next reply other threads:[~2011-12-10 9:59 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-12-10 9:59 Andreas Gustafsson [this message]
2011-12-10 10:29 ` [Qemu-devel] [PATCH] target-i386: fix cmpxchg instruction emulation malc
2011-12-10 11:51 ` Andreas Gustafsson
2011-12-10 12:34 ` malc
2011-12-10 14:15 ` Andreas Gustafsson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20111210095911.AE7BE75E5D@guava.gson.org \
--to=gson@gson.org \
--cc=agraf@suse.de \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).