[Qemu-devel] FPU x86 instructions error

[Qemu-devel] FPU x86 instructions error

[Clemens Kolbitsch]

Hi guys,

we recently had an issue with running a program using FPU instructions
to obtain the current EIP (basically a weird way of "call 0; pop eax")
that was not working on QEMU (with TCG).

Looking at the problem, we found this patch to be useful/fixing the issue:

https://launchpadlibrarian.net/140457932/patch-qemu-1.5.0-fpip.diff

Looking through the DEVEL archives, I found this patch

http://lists.nongnu.org/archive/html/qemu-devel/2011-06/msg01206.html

that adds the FPU flags to the environment, but is only using them for KVM.

I was wondering - since the above patch is rather old, you have
probably come across it before - if there was a reason for not
including it in QEMU (I checked in git:master and it's not applied).
If there isn't, maybe it'd be worth re-considering :)

thanks!
-Clemens


--
Clemens Kolbitsch
Security Researcher
kolbitsch@lastline.com

Lastline, Inc.
6950 Hollister Avenue, Suite 101
Goleta, CA 93117

www.lastline.com

Re: [Qemu-devel] FPU x86 instructions error

[Paolo Bonzini]

Il 24/05/2013 23:39, Clemens Kolbitsch ha scritto:
> Hi guys,
> 
> we recently had an issue with running a program using FPU instructions
> to obtain the current EIP (basically a weird way of "call 0; pop eax")
> that was not working on QEMU (with TCG).
> 
> Looking at the problem, we found this patch to be useful/fixing the issue:
> 
> https://launchpadlibrarian.net/140457932/patch-qemu-1.5.0-fpip.diff
> 
> Looking through the DEVEL archives, I found this patch
> 
> http://lists.nongnu.org/archive/html/qemu-devel/2011-06/msg01206.html
> 
> that adds the FPU flags to the environment, but is only using them for KVM.
> 
> I was wondering - since the above patch is rather old, you have
> probably come across it before - if there was a reason for not
> including it in QEMU (I checked in git:master and it's not applied).
> If there isn't, maybe it'd be worth re-considering :)

For the TCG patch, there is no Signed-off-by and using a helper is not
necessary.

For the KVM patch, it simply fell through the cracks, I believe.

Paolo

Re: [Qemu-devel] FPU x86 instructions error

[Andreas Färber]

Hi,

Am 24.05.2013 23:44, schrieb Paolo Bonzini:
> Il 24/05/2013 23:39, Clemens Kolbitsch ha scritto:
>> we recently had an issue with running a program using FPU instructions
>> to obtain the current EIP (basically a weird way of "call 0; pop eax")
>> that was not working on QEMU (with TCG).
>>
>> Looking at the problem, we found this patch to be useful/fixing the issue:
>>
>> https://launchpadlibrarian.net/140457932/patch-qemu-1.5.0-fpip.diff
>>
>> Looking through the DEVEL archives, I found this patch
>>
>> http://lists.nongnu.org/archive/html/qemu-devel/2011-06/msg01206.html
>>
>> that adds the FPU flags to the environment, but is only using them for KVM.
>>
>> I was wondering - since the above patch is rather old, you have
>> probably come across it before - if there was a reason for not
>> including it in QEMU (I checked in git:master and it's not applied).
>> If there isn't, maybe it'd be worth re-considering :)
> 
> For the TCG patch, there is no Signed-off-by and using a helper is not
> necessary.

Clemens, generally we can't just take another person's patch and apply
it - that's what we need the Signed-off-by for. Your post is the only
Google hit for that link and no hits for fpip in my archive - you'll
need to contact the author to obtain her Sob and properly submit it to
qemu-devel - or post a patch yourself that is not based on that one.

http://wiki.qemu.org/Contribute/SubmitAPatch

> For the KVM patch, it simply fell through the cracks, I believe.

It didn't:
http://git.qemu.org/?p=qemu.git;a=commit;h=42cc8fa620cbc73e349e96d84cf46469e828ec34

(I was about to suggest placing the non-TCG fields into X86CPU. :))

Regards,
Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] FPU x86 instructions error

[Clemens Kolbitsch]

On Sun, May 26, 2013 at 7:54 AM, Andreas Färber <afaerber@suse.de> wrote:
> Hi,
>
> Am 24.05.2013 23:44, schrieb Paolo Bonzini:
>> Il 24/05/2013 23:39, Clemens Kolbitsch ha scritto:
>>> we recently had an issue with running a program using FPU instructions
>>> to obtain the current EIP (basically a weird way of "call 0; pop eax")
>>> that was not working on QEMU (with TCG).
>>>
>>> Looking at the problem, we found this patch to be useful/fixing the issue:
>>>
>>> https://launchpadlibrarian.net/140457932/patch-qemu-1.5.0-fpip.diff
>>>
>>> Looking through the DEVEL archives, I found this patch
>>>
>>> http://lists.nongnu.org/archive/html/qemu-devel/2011-06/msg01206.html
>>>
>>> that adds the FPU flags to the environment, but is only using them for KVM.
>>>
>>> I was wondering - since the above patch is rather old, you have
>>> probably come across it before - if there was a reason for not
>>> including it in QEMU (I checked in git:master and it's not applied).
>>> If there isn't, maybe it'd be worth re-considering :)
>>
>> For the TCG patch, there is no Signed-off-by and using a helper is not
>> necessary.
>
> Clemens, generally we can't just take another person's patch and apply
> it - that's what we need the Signed-off-by for. Your post is the only
> Google hit for that link and no hits for fpip in my archive - you'll
> need to contact the author to obtain her Sob and properly submit it to
> qemu-devel - or post a patch yourself that is not based on that one.

Andreas, thanks for that info - that makes it much clearer. Since the
patch is rather short, it will be difficult, but we can give it a shot
:)

>
> http://wiki.qemu.org/Contribute/SubmitAPatch
>
>> For the KVM patch, it simply fell through the cracks, I believe.
>
> It didn't:
> http://git.qemu.org/?p=qemu.git;a=commit;h=42cc8fa620cbc73e349e96d84cf46469e828ec34
>
> (I was about to suggest placing the non-TCG fields into X86CPU. :))

Yes, I think that was a misunderstanding. I was trying to say that for
first one didn't get picked up and the second one is just a
prerequisite -- not that it was missing as well :)

thanks!
-Clemens

Re: [Qemu-devel] FPU x86 instructions error

[TeLeMan]

On Sat, May 25, 2013 at 5:39 AM, Clemens Kolbitsch
<kolbitsch@lastline.com> wrote:
> Hi guys,
>
> we recently had an issue with running a program using FPU instructions
> to obtain the current EIP (basically a weird way of "call 0; pop eax")
> that was not working on QEMU (with TCG).
>
> Looking at the problem, we found this patch to be useful/fixing the issue:
>
> https://launchpadlibrarian.net/140457932/patch-qemu-1.5.0-fpip.diff
This patch is not working fully because the floating-point control
instructions do not change fpip.

>
> Looking through the DEVEL archives, I found this patch
>
> http://lists.nongnu.org/archive/html/qemu-devel/2011-06/msg01206.html
>
> that adds the FPU flags to the environment, but is only using them for KVM.
>
> I was wondering - since the above patch is rather old, you have
> probably come across it before - if there was a reason for not
> including it in QEMU (I checked in git:master and it's not applied).
> If there isn't, maybe it'd be worth re-considering :)
>
> thanks!
> -Clemens
>
>
> --
> Clemens Kolbitsch
> Security Researcher
> kolbitsch@lastline.com
>
> Lastline, Inc.
> 6950 Hollister Avenue, Suite 101
> Goleta, CA 93117
>
> www.lastline.com
>