[Qemu-devel] [Bug 600589] [NEW] xchg r8,rax treated as nop

[Qemu-devel] [Bug 600589] [NEW] xchg r8,rax treated as nop

[Vic3Dexe]

Public bug reported:

xchg r8,rax (49h 90h) executed as nop (90h) in long mode, in other words
REX not used.

qemu 0.12.4, host Win 7 x64,  running qemu-system-x86_64.exe.

** Affects: qemu
     Importance: Undecided
         Status: New

-- 
xchg r8,rax treated as nop
https://bugs.launchpad.net/bugs/600589
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.

Status in QEMU: New

Bug description:
xchg r8,rax (49h 90h) executed as nop (90h) in long mode, in other words REX not used.

qemu 0.12.4, host Win 7 x64,  running qemu-system-x86_64.exe.

Re: [Qemu-devel] [Bug 600589] [NEW] xchg r8,rax treated as nop

[Richard Henderson]

On 07/01/2010 05:04 AM, Vic3Dexe wrote:
> Public bug reported:
> 
> xchg r8,rax (49h 90h) executed as nop (90h) in long mode, in other words
> REX not used.
> 
> qemu 0.12.4, host Win 7 x64,  running qemu-system-x86_64.exe.
> 
> ** Affects: qemu
>      Importance: Undecided
>          Status: New
> 

Verified.  Test case for x86_64-linux-user:

	.globl	main
	.type	main, @function
main:
	movl	$0, %r8d
	movl	$1, %eax
	xchgq	%r8, %rax
	ret

Expected result is exit status 0.


r~

[Qemu-devel] [PATCH] target-i386: Fix xchg rax,r8

[Richard Henderson]

We were ignoring REX_B while special-casing NOP, i.e. xchg eax,eax.

Signed-off-by: Richard Henderson <rth@twiddle.net>
---
 target-i386/translate.c |    9 +++++++--
 1 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/target-i386/translate.c b/target-i386/translate.c
index 708b0a1..8cb5cf0 100644
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -5293,6 +5293,7 @@ static target_ulong disas_insn(DisasContext *s, target_ulong pc_start)
         break;
 
     case 0x91 ... 0x97: /* xchg R, EAX */
+    do_xchg_reg_eax:
         ot = dflag + OT_WORD;
         reg = (b & 7) | REX_B(s);
         rm = R_EAX;
@@ -6663,10 +6664,14 @@ static target_ulong disas_insn(DisasContext *s, target_ulong pc_start)
         /************************/
         /* misc */
     case 0x90: /* nop */
-        /* XXX: xchg + rex handling */
         /* XXX: correct lock test for all insn */
-        if (prefixes & PREFIX_LOCK)
+        if (prefixes & PREFIX_LOCK) {
             goto illegal_op;
+        }
+        /* If REX_B is set, then this is xchg eax, r8d, not a nop.  */
+        if (REX_B(s)) {
+            goto do_xchg_reg_eax;
+        }
         if (prefixes & PREFIX_REPZ) {
             gen_svm_check_intercept(s, pc_start, SVM_EXIT_PAUSE);
         }
-- 
1.7.0.1

Re: [Qemu-devel] [Bug 600589] [NEW] xchg r8,rax treated as nop

[malc]

On Thu, 1 Jul 2010, Richard Henderson wrote:

> On 07/01/2010 05:04 AM, Vic3Dexe wrote:
> > Public bug reported:
> > 
> > xchg r8,rax (49h 90h) executed as nop (90h) in long mode, in other words
> > REX not used.
> > 
> > qemu 0.12.4, host Win 7 x64,  running qemu-system-x86_64.exe.
> > 
> > ** Affects: qemu
> >      Importance: Undecided
> >          Status: New
> > 
> 
> Verified.  Test case for x86_64-linux-user:
> 
> 	.globl	main
> 	.type	main, @function
> main:
> 	movl	$0, %r8d
> 	movl	$1, %eax
> 	xchgq	%r8, %rax
> 	ret
> 
> Expected result is exit status 0.
> 

No surprise really:

target-i386/translate.c lines 6665-...

    case 0x90: /* nop */
        /* XXX: xchg + rex handling */
        /* XXX: correct lock test for all insn */

The code to handle that just isn't there.

-- 
mailto:av1474@comtv.ru

Re: [Qemu-devel] [PATCH] target-i386: Fix xchg rax,r8

[Aurelien Jarno]

On Thu, Jul 01, 2010 at 09:42:21AM -0700, Richard Henderson wrote:
> We were ignoring REX_B while special-casing NOP, i.e. xchg eax,eax.
> 
> Signed-off-by: Richard Henderson <rth@twiddle.net>
> ---
>  target-i386/translate.c |    9 +++++++--
>  1 files changed, 7 insertions(+), 2 deletions(-)

Applied, thanks.

> diff --git a/target-i386/translate.c b/target-i386/translate.c
> index 708b0a1..8cb5cf0 100644
> --- a/target-i386/translate.c
> +++ b/target-i386/translate.c
> @@ -5293,6 +5293,7 @@ static target_ulong disas_insn(DisasContext *s, target_ulong pc_start)
>          break;
>  
>      case 0x91 ... 0x97: /* xchg R, EAX */
> +    do_xchg_reg_eax:
>          ot = dflag + OT_WORD;
>          reg = (b & 7) | REX_B(s);
>          rm = R_EAX;
> @@ -6663,10 +6664,14 @@ static target_ulong disas_insn(DisasContext *s, target_ulong pc_start)
>          /************************/
>          /* misc */
>      case 0x90: /* nop */
> -        /* XXX: xchg + rex handling */
>          /* XXX: correct lock test for all insn */
> -        if (prefixes & PREFIX_LOCK)
> +        if (prefixes & PREFIX_LOCK) {
>              goto illegal_op;
> +        }
> +        /* If REX_B is set, then this is xchg eax, r8d, not a nop.  */
> +        if (REX_B(s)) {
> +            goto do_xchg_reg_eax;
> +        }
>          if (prefixes & PREFIX_REPZ) {
>              gen_svm_check_intercept(s, pc_start, SVM_EXIT_PAUSE);
>          }
> -- 
> 1.7.0.1
> 
> 
> 

-- 
Aurelien Jarno                          GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net

Re: [Qemu-devel] [Bug 600589] [NEW] xchg r8,rax treated as nop

[vic3dexe]

You wrote 1 июля 2010 г., 19:43:06:

> On Thu, 1 Jul 2010, Richard Henderson wrote:

>> On 07/01/2010 05:04 AM, Vic3Dexe wrote:
>> > Public bug reported:
>> > 
>> > xchg r8,rax (49h 90h) executed as nop (90h) in long mode, in other words
>> > REX not used.
>> > 
>> > qemu 0.12.4, host Win 7 x64,  running qemu-system-x86_64.exe.
>> > 
>> > ** Affects: qemu
>> >      Importance: Undecided
>> >          Status: New
>> > 
>> 
>> Verified.  Test case for x86_64-linux-user:
>> 
>>       .globl  main
>>       .type   main, @function
>> main:
>>       movl    $0, %r8d
>>       movl    $1, %eax
>>       xchgq   %r8, %rax
>>       ret
>> 
>> Expected result is exit status 0.
>> 

> No surprise really:

> target-i386/translate.c lines 6665-...

>     case 0x90: /* nop */
>         /* XXX: xchg + rex handling */
>         /* XXX: correct lock test for all insn */

> The code to handle that just isn't there.

Sorry for inconvenience, I just forgot to look in source. :)
Do you plan to fix it in the near future?

-- 
Best regards,
 Vic3dexe                          mailto:vic3dexe@gmail.com

Re: [Qemu-devel] [Bug 600589] [NEW] xchg r8,rax treated as nop

[Richard Henderson]

On 07/02/2010 12:13 PM, vic3dexe@gmail.com wrote:
> Sorry for inconvenience, I just forgot to look in source. :)
> Do you plan to fix it in the near future?

No, in the near past.  ;-)
The fix was committed to qemu.git head yesterday.


r~

[Qemu-devel] [Bug 600589] Re: xchg r8,rax treated as nop

[Jes Sorensen]

Per rth's reply to qemu-devel, fix has been pushed into upstream as of
July 1st, commit 7418027ea4fec276455abd4291558bc58a0a7ba7

If problem reappears, please reopen or open a new bug.

Closing


** Changed in: qemu
       Status: New => Fix Committed

-- 
xchg r8,rax treated as nop
https://bugs.launchpad.net/bugs/600589
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.

Status in QEMU: Fix Committed

Bug description:
xchg r8,rax (49h 90h) executed as nop (90h) in long mode, in other words REX not used.

qemu 0.12.4, host Win 7 x64,  running qemu-system-x86_64.exe.

[Qemu-devel] [Bug 600589] Re: xchg r8,rax treated as nop

[Aurelien Jarno]

** Changed in: qemu
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/600589

Title:
  xchg r8,rax treated as nop

Status in QEMU:
  Fix Released

Bug description:
  xchg r8,rax (49h 90h) executed as nop (90h) in long mode, in other
  words REX not used.

  qemu 0.12.4, host Win 7 x64,  running qemu-system-x86_64.exe.