From: Laurent Desnogues <laurent.desnogues@gmail.com>
To: Aurelien Jarno <aurelien@aurel32.net>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] sha1sum segfaults on x86_64 target / i386 host
Date: Tue, 22 Sep 2009 19:48:52 +0200 [thread overview]
Message-ID: <761ea48b0909221048h1d1edd9bx4478ae850a0e447b@mail.gmail.com> (raw)
In-Reply-To: <20090922154949.GA25438@volta.aurel32.net>
On Tue, Sep 22, 2009 at 5:49 PM, Aurelien Jarno <aurelien@aurel32.net> wrote:
[...]
>
> Actually I am not really convinced it has been fixed, I really think the
> bug is still present, but not triggerable anymore this way.
>
> It looks like very long translation are not stopped correctly. This part
> of code looks suspicious:
>
> /* if too long translation, stop generation too */
> if (gen_opc_ptr >= gen_opc_end ||
> (pc_ptr - pc_start) >= (TARGET_PAGE_SIZE - 32) ||
> num_insns >= max_insns) {
> gen_jmp_im(pc_ptr - dc->cs_base);
> gen_eob(dc);
> break;
> }
>
> If I understand correctly, when the end of the buffer is reached, the
> translation is stopped, but some more opc are added by gen_jmp_im()
> and gen_eob().
>
> OTOH, on MIPS the following code leaves some space at the end of the
> buffer for a few more opc:
>
> /* Leave some spare opc slots for branch handling. */
> gen_opc_end = gen_opc_buf + OPC_MAX_SIZE - 16;
>
> Applying the same changes to the x86_64 target fixes the bug. However, I
> am not sure it is fully correct. Any comment?
You mean that if you sub 16 and go back just previous malc's commit
you don't experience the crash anymore?
To me it looks like using gen_opc_buf + OPC_MAX_SIZE is rather
safe given that it gives room for 64 extra ops (cf exec-all.h).
Laurent
next prev parent reply other threads:[~2009-09-22 17:49 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-22 15:49 [Qemu-devel] sha1sum segfaults on x86_64 target / i386 host Aurelien Jarno
2009-09-22 17:48 ` Laurent Desnogues [this message]
2009-09-22 19:06 ` Aurelien Jarno
2009-09-22 21:16 ` Aurelien Jarno
2009-09-22 21:19 ` Aurelien Jarno
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=761ea48b0909221048h1d1edd9bx4478ae850a0e447b@mail.gmail.com \
--to=laurent.desnogues@gmail.com \
--cc=aurelien@aurel32.net \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).