From: Avi Kivity <avi@redhat.com>
To: Clemens Kolbitsch <ck@iseclab.org>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] i386 emulation bug: mov reg, [addr]
Date: Wed, 16 Dec 2009 11:05:57 +0200 [thread overview]
Message-ID: <4B28A2F5.5060402@redhat.com> (raw)
In-Reply-To: <200912160956.10748.ck@iseclab.org>
On 12/16/2009 10:56 AM, Clemens Kolbitsch wrote:
> On Tuesday 15 December 2009 08:54:04 pm Avi Kivity wrote:
>
>> On 12/15/2009 08:48 PM, Clemens Kolbitsch wrote:
>>
>>> Hi list,
>>>
>>> I'm experiencing a strange emulation bug with the op-code below. The
>>> instruction raises a segfault in the application (running on the guest),
>>> however, if I enable KVM to run the exact same application, no segfault
>>> is raised.
>>>
>>> 0x0080023b: 8b 04 65 11 22 33 44 mov regEAX, [0x44332211]
>>>
>>> where "11 22 33 44" is just some address. According to gdb (on a 32bit
>>> little- endian machine), this instruction can be disassembled as a "mov
>>> address to reg-eax".
>>>
>> This is an odd encoding for this instruction, since there is a shorter
>> one possible (8b 05 11 22 33 44). So it is possible there is a bug in
>> qemu that has never been triggered because compilers/assemblers don't
>> generate this encoding.
>>
>> btw, binutils disassembles this as
>>
>> 8b 04 65 11 22 33 44 mov 0x44332211(,%eiz,2),%eax
>>
>> I guess %eiz is some mnemonic for a "zero register" so the assembly can
>> be reassembled into a 7-byte instruction later.
>>
> Hi all,
> thanks for the quick replies. I also saw that the instruction is disassembled
> to the above instruction, but did not want to complicate my problem
> description :)
> Is there anything I can provide to help testing possible patches?
>
A good first step is to write those possible patches. It shouldn't be
difficult, start in target-i386/translate.c:disas_insn().
--
error compiling committee.c: too many arguments to function
next prev parent reply other threads:[~2009-12-16 9:06 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-12-15 18:48 [Qemu-devel] i386 emulation bug: mov reg, [addr] Clemens Kolbitsch
2009-12-15 19:54 ` Avi Kivity
2009-12-15 21:21 ` Jamie Lokier
2009-12-16 8:56 ` Clemens Kolbitsch
2009-12-16 9:05 ` Avi Kivity [this message]
2009-12-16 9:28 ` [Qemu-devel] " Paolo Bonzini
2009-12-15 21:26 ` [Qemu-devel] " Jamie Lokier
2009-12-15 22:24 ` malc
2009-12-15 23:37 ` [Qemu-devel] " Paolo Bonzini
2009-12-16 10:07 ` [Qemu-devel] " Avi Kivity
2010-03-06 17:02 ` Aurelien Jarno
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B28A2F5.5060402@redhat.com \
--to=avi@redhat.com \
--cc=ck@iseclab.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).