| Message ID | 1469030260-28448-1-git-send-email-dave.hansen@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 07/20/2016 09:27 PM, Dave Hansen wrote: > QEMU 2.6 added support for the XSAVE family of instructions, which > includes the XSETBV instruction which allows setting the 'XCR0' > register. > > But, when booting Linux kernels with XSAVE support enabled, I was > getting very early crashes where the instruction pointer was set > to 0x3. I tracked it down to a jump instruction generated by this: > > gen_jmp_im(s->pc - pc_start); > > where s->pc is pointing to the instruction after XSETBV and pc_start > is pointing _at_ XSETBV. Subtract the two and you get 0x3. Whoops. > > The fix is to replace this typo with the pattern found everywhere > else in the file when folks want to end the translation buffer. > > Richard Henderson confirmed that this is a bug and that this is the > correct fix. > > Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> > Cc: Paolo Bonzini <pbonzini@redhat.com> > Cc: Eduardo Habkost <ehabkost@redhat.com> > Cc: Richard Henderson <rth@twiddle.net> > --- > target-i386/translate.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Reviewed-by: Richard Henderson <rth@twiddle.net> r~
> On 07/20/2016 09:27 PM, Dave Hansen wrote: > > QEMU 2.6 added support for the XSAVE family of instructions, which > > includes the XSETBV instruction which allows setting the 'XCR0' > > register. > > > > But, when booting Linux kernels with XSAVE support enabled, I was > > getting very early crashes where the instruction pointer was set > > to 0x3. I tracked it down to a jump instruction generated by this: > > > > gen_jmp_im(s->pc - pc_start); > > > > where s->pc is pointing to the instruction after XSETBV and pc_start > > is pointing _at_ XSETBV. Subtract the two and you get 0x3. Whoops. > > > > The fix is to replace this typo with the pattern found everywhere > > else in the file when folks want to end the translation buffer. > > > > Richard Henderson confirmed that this is a bug and that this is the > > correct fix. > > > > Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> > > Cc: Paolo Bonzini <pbonzini@redhat.com> > > Cc: Eduardo Habkost <ehabkost@redhat.com> > > Cc: Richard Henderson <rth@twiddle.net> > > --- > > target-i386/translate.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > Reviewed-by: Richard Henderson <rth@twiddle.net> Thanks, queued and CCed qemu-stable. Paolo
diff --git a/target-i386/translate.c b/target-i386/translate.c index 1a1214d..53a065c 100644 --- a/target-i386/translate.c +++ b/target-i386/translate.c @@ -7170,7 +7170,7 @@ static target_ulong disas_insn(CPUX86State *env, DisasContext *s, tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_regs[R_ECX]); gen_helper_xsetbv(cpu_env, cpu_tmp2_i32, cpu_tmp1_i64); /* End TB because translation flags may change. */ - gen_jmp_im(s->pc - pc_start); + gen_jmp_im(s->pc - s->cs_base); gen_eob(s); break;
QEMU 2.6 added support for the XSAVE family of instructions, which includes the XSETBV instruction which allows setting the 'XCR0' register. But, when booting Linux kernels with XSAVE support enabled, I was getting very early crashes where the instruction pointer was set to 0x3. I tracked it down to a jump instruction generated by this: gen_jmp_im(s->pc - pc_start); where s->pc is pointing to the instruction after XSETBV and pc_start is pointing _at_ XSETBV. Subtract the two and you get 0x3. Whoops. The fix is to replace this typo with the pattern found everywhere else in the file when folks want to end the translation buffer. Richard Henderson confirmed that this is a bug and that this is the correct fix. Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Eduardo Habkost <ehabkost@redhat.com> Cc: Richard Henderson <rth@twiddle.net> --- target-i386/translate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)