From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:34773) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Va0Wl-0001pf-Sk for qemu-devel@nongnu.org; Sat, 26 Oct 2013 05:51:33 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Va0Wg-0004dG-8h for qemu-devel@nongnu.org; Sat, 26 Oct 2013 05:51:27 -0400 Received: from [2a03:4000:1::4e2f:c7ac:d] (port=35442 helo=v220110690675601.yourvserver.net) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Va0Wf-0004dA-V6 for qemu-devel@nongnu.org; Sat, 26 Oct 2013 05:51:22 -0400 Message-ID: <526B908B.20104@weilnetz.de> Date: Sat, 26 Oct 2013 11:51:07 +0200 From: Stefan Weil MIME-Version: 1.0 References: <20131023073949.GA4527@bom.nom.co> <52679025.3000106@redhat.com> <526830E6.6070904@weilnetz.de> <5268F8B4.7030105@redhat.com> <52694CC1.6040301@weilnetz.de> <5269958A.50400@redhat.com> In-Reply-To: <5269958A.50400@redhat.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] qemu 1.6.1 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Paolo Bonzini Cc: "Michael W. Bombardieri" , qemu-devel@nongnu.org, Stefan Hajnoczi Am 24.10.2013 23:47, schrieb Paolo Bonzini: > Il 24/10/2013 17:37, Stefan Weil ha scritto: >> Yes, that works, too. It also fixes the problem with the assertion >> (tested with Wine). >> >> No, we cannot remove from_, because the same interface is also used >> for Linux and other hosts which don't have a 'current' variable. >> Or we would have to call qemu_coroutine_self() to get the current >> coroutine. > Yes, I was thinking of using qemu_coroutine_self(). > > By the way, can you post the two assembly language outputs for just > > - CoroutineWin32 *from = DO_UPCAST(CoroutineWin32, base, from_); > + CoroutineWin32 *from = DO_UPCAST(CoroutineWin32, base, current); > > which AIUI works and is enough to fix the bug? > > Paolo See disassembled code below. I removed compiler option -fstack-protector-all to simplify the assembler code and tested that the result was not affected by this removal. The C and assembler code from the test is also available at http://qemu.weilnetz.de/test/coroutine-win32/. Stefan unpatched QEMU, crash with assertion 00448670 <_qemu_coroutine_switch>: 448670: 53 push %ebx 448671: 83 ec 18 sub $0x18,%esp 448674: c7 04 24 a8 62 6d 00 movl $0x6d62a8,(%esp) 44867b: 8b 5c 24 24 mov 0x24(%esp),%ebx 44867f: e8 ec 9e 27 00 call 6c2570 <___emutls_get_address> 448684: 89 18 mov %ebx,(%eax) 448686: 8b 44 24 28 mov 0x28(%esp),%eax 44868a: 89 43 24 mov %eax,0x24(%ebx) 44868d: 8b 43 20 mov 0x20(%ebx),%eax 448690: 89 04 24 mov %eax,(%esp) 448693: ff 15 c0 5f 83 00 call *0x835fc0 448699: 83 ec 04 sub $0x4,%esp 44869c: 8b 44 24 20 mov 0x20(%esp),%eax 4486a0: 8b 40 24 mov 0x24(%eax),%eax 4486a3: 83 c4 18 add $0x18,%esp 4486a6: 5b pop %ebx 4486a7: c3 ret patched, works 00448620 <_qemu_coroutine_switch>: 448620: 83 ec 1c sub $0x1c,%esp 448623: c7 04 24 a8 62 6d 00 movl $0x6d62a8,(%esp) 44862a: 89 5c 24 14 mov %ebx,0x14(%esp) 44862e: 8b 5c 24 24 mov 0x24(%esp),%ebx 448632: 89 74 24 18 mov %esi,0x18(%esp) 448636: e8 25 9f 27 00 call 6c2560 <___emutls_get_address> 44863b: 8b 30 mov (%eax),%esi 44863d: 89 18 mov %ebx,(%eax) 44863f: 8b 44 24 28 mov 0x28(%esp),%eax 448643: 89 43 24 mov %eax,0x24(%ebx) 448646: 8b 43 20 mov 0x20(%ebx),%eax 448649: 89 04 24 mov %eax,(%esp) 44864c: ff 15 c0 5f 83 00 call *0x835fc0 448652: 8b 46 24 mov 0x24(%esi),%eax 448655: 83 ec 04 sub $0x4,%esp 448658: 8b 5c 24 14 mov 0x14(%esp),%ebx 44865c: 8b 74 24 18 mov 0x18(%esp),%esi 448660: 83 c4 1c add $0x1c,%esp 448663: c3 ret