* [Qemu-devel] [PATCH] Add missing bit for SSE instr in VEX decoding
@ 2018-04-06 13:41 Eugene Minibaev
2018-04-06 16:43 ` Paolo Bonzini
0 siblings, 1 reply; 2+ messages in thread
From: Eugene Minibaev @ 2018-04-06 13:41 UTC (permalink / raw)
To: qemu-devel; +Cc: pbonzini, rth, ehabkost
Signed-off-by: Eugene Minibaev <mail@kitsu.me>
---
It seems that x86 vector instructions encoded in VEX are not properly
decoded because of missing bit, here is the example:
IN:
0x08048060: c5 f9 6f c1 vmovdqa %xmm1, %xmm0
0x08048064: b8 01 00 00 00 movl $1, %eax
0x08048069: bb 00 00 00 00 movl $0, %ebx
0x0804806e: cd 80 int $0x80
OUT: [size=191]
0x604370c0: 41 8b 6e ec movl -0x14(%r14), %ebp
0x604370c4: 85 ed testl %ebp, %ebp
0x604370c6: 0f 8c a9 00 00 00 jl 0x60437175
0x604370cc: 41 8b 6e 08 movl 8(%r14), %ebp
0x604370d0: 0f b7 ed movzwl %bp, %ebp
0x604370d3: 49 8b fe movq %r14, %rdi
0x604370d6: 8b f5 movl %ebp, %esi
0x604370d8: e8 24 7f cd ff callq 0x6010f001
0x604370dd: 41 8b 6e 18 movl 0x18(%r14), %ebp
0x604370e1: 65 67 0f b7 6d 00 movzwl %gs:(%ebp), %ebp
0x604370e7: 41 8b 5e 08 movl 8(%r14), %ebx
0x604370eb: 0f b7 db movzwl %bx, %ebx
0x604370ee: 49 8b fe movq %r14, %rdi
0x604370f1: 8b f3 movl %ebx, %esi
0x604370f3: 8b d5 movl %ebp, %edx
0x604370f5: e8 b1 06 cd ff callq 0x601077ab
0x604370fa: 41 8b 6e 38 movl 0x38(%r14), %ebp
0x604370fe: d1 e5 shll $1, %ebp
0x60437100: 41 8b 5e 18 movl 0x18(%r14), %ebx
...
0x6043716b: ba 02 00 00 00 movl $2, %edx
0x60437170: e8 20 8d cb ff callq 0x600efe95
0x60437175: b8 43 70 43 60 movl $0x60437043, %eax
0x6043717a: e9 99 fe ff ff jmp 0x60437018
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
make: *** [Makefile:6: run] Segmentation fault (core dumped)
---
target/i386/translate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/i386/translate.c b/target/i386/translate.c
index 0135415d92..e2ce7e4061 100644
--- a/target/i386/translate.c
+++ b/target/i386/translate.c
@@ -4564,7 +4564,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu)
rex_r = (~vex2 >> 4) & 8;
if (b == 0xc5) {
vex3 = vex2;
- b = x86_ldub_code(env, s);
+ b = x86_ldub_code(env, s) | 0x100;
} else {
#ifdef TARGET_X86_64
s->rex_x = (~vex2 >> 3) & 8;
--
2.16.3
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [Qemu-devel] [PATCH] Add missing bit for SSE instr in VEX decoding
2018-04-06 13:41 [Qemu-devel] [PATCH] Add missing bit for SSE instr in VEX decoding Eugene Minibaev
@ 2018-04-06 16:43 ` Paolo Bonzini
0 siblings, 0 replies; 2+ messages in thread
From: Paolo Bonzini @ 2018-04-06 16:43 UTC (permalink / raw)
To: Eugene Minibaev, qemu-devel; +Cc: rth, ehabkost
On 06/04/2018 15:41, Eugene Minibaev wrote:
> Signed-off-by: Eugene Minibaev <mail@kitsu.me>
> ---
> It seems that x86 vector instructions encoded in VEX are not properly
> decoded because of missing bit, here is the example:
Applied, thanks!
Paolo
> IN:
> 0x08048060: c5 f9 6f c1 vmovdqa %xmm1, %xmm0
> 0x08048064: b8 01 00 00 00 movl $1, %eax
> 0x08048069: bb 00 00 00 00 movl $0, %ebx
> 0x0804806e: cd 80 int $0x80
>
> OUT: [size=191]
> 0x604370c0: 41 8b 6e ec movl -0x14(%r14), %ebp
> 0x604370c4: 85 ed testl %ebp, %ebp
> 0x604370c6: 0f 8c a9 00 00 00 jl 0x60437175
> 0x604370cc: 41 8b 6e 08 movl 8(%r14), %ebp
> 0x604370d0: 0f b7 ed movzwl %bp, %ebp
> 0x604370d3: 49 8b fe movq %r14, %rdi
> 0x604370d6: 8b f5 movl %ebp, %esi
> 0x604370d8: e8 24 7f cd ff callq 0x6010f001
> 0x604370dd: 41 8b 6e 18 movl 0x18(%r14), %ebp
> 0x604370e1: 65 67 0f b7 6d 00 movzwl %gs:(%ebp), %ebp
> 0x604370e7: 41 8b 5e 08 movl 8(%r14), %ebx
> 0x604370eb: 0f b7 db movzwl %bx, %ebx
> 0x604370ee: 49 8b fe movq %r14, %rdi
> 0x604370f1: 8b f3 movl %ebx, %esi
> 0x604370f3: 8b d5 movl %ebp, %edx
> 0x604370f5: e8 b1 06 cd ff callq 0x601077ab
> 0x604370fa: 41 8b 6e 38 movl 0x38(%r14), %ebp
> 0x604370fe: d1 e5 shll $1, %ebp
> 0x60437100: 41 8b 5e 18 movl 0x18(%r14), %ebx
> ...
> 0x6043716b: ba 02 00 00 00 movl $2, %edx
> 0x60437170: e8 20 8d cb ff callq 0x600efe95
> 0x60437175: b8 43 70 43 60 movl $0x60437043, %eax
> 0x6043717a: e9 99 fe ff ff jmp 0x60437018
>
> qemu: uncaught target signal 11 (Segmentation fault) - core dumped
> make: *** [Makefile:6: run] Segmentation fault (core dumped)
> ---
> target/i386/translate.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/target/i386/translate.c b/target/i386/translate.c
> index 0135415d92..e2ce7e4061 100644
> --- a/target/i386/translate.c
> +++ b/target/i386/translate.c
> @@ -4564,7 +4564,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu)
> rex_r = (~vex2 >> 4) & 8;
> if (b == 0xc5) {
> vex3 = vex2;
> - b = x86_ldub_code(env, s);
> + b = x86_ldub_code(env, s) | 0x100;
> } else {
> #ifdef TARGET_X86_64
> s->rex_x = (~vex2 >> 3) & 8;
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-04-06 16:43 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-04-06 13:41 [Qemu-devel] [PATCH] Add missing bit for SSE instr in VEX decoding Eugene Minibaev
2018-04-06 16:43 ` Paolo Bonzini
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).