From: Fabrice Bellard <fabrice@bellard.org>
To: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] Bug in emulation of 'bound' x86 instruction?
Date: Sun, 15 Aug 2004 16:51:49 +0200 [thread overview]
Message-ID: <411F7885.6060302@bellard.org> (raw)
In-Reply-To: <2h4qnuevha.fsf@vserver.cs.uit.no>
Hi,
I just fixed the bug you mentionned regarding the 'bound' instruction.
Any code using the bound instruction was likely to fail, so this fix may
allow new OSes or programs to run...
Thank you for the bug report !
Fabrice.
Frode Vatvedt Fjeld wrote:
> I'm suspecting that there's a bug in Qemu's emulation of the x86
> 'bound' instruction. The effect of this bug seems to be to add 1 to
> the ESP register, which of course havocs everything.
>
> I'm not confident I understand the information in /tmp/qemu.log, but
> as I said I suspect that the following in_asm is the culprit:
>
> 0x0015d716: bound %esp,%fs:0xffffffe7(%edi)
>
> This instruction, in 32-bit protected mode, is intended to verify that
> ESP is within some bounds. These bounds are located at the physical
> address 0x100054, which is the result of the instruction's address
> because EDI=0x6d and the FS selector points to a segment that starts
> at 0x100000.
>
> I have verified that the exact same thing happens when the FS-override
> instruction prefix is removed from the bounds instruction above, so
> that the DS segment, which happens to be identical to the FS segment,
> is used.
>
> The following is a piece of /tmp/qemu.log that I hope provides the
> relevant context. As you can see, the value of ESP appears to change
> to an odd value for no good reason.
next prev parent reply other threads:[~2004-08-15 14:56 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-07-26 13:41 [Qemu-devel] Bug in emulation of 'bound' x86 instruction? Frode Vatvedt Fjeld
2004-08-04 22:10 ` [Qemu-devel] " Frode Vatvedt Fjeld
2004-08-15 14:51 ` Fabrice Bellard [this message]
2004-08-16 19:34 ` Frode Vatvedt Fjeld
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=411F7885.6060302@bellard.org \
--to=fabrice@bellard.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).