All of lore.kernel.org
 help / color / mirror / Atom feed
From: Paolo Bonzini <pbonzini@redhat.com>
To: Stefan Weil <sw@weilnetz.de>
Cc: "Michael W. Bombardieri" <mb@ii.net>,
	qemu-devel@nongnu.org, Stefan Hajnoczi <stefanha@redhat.com>
Subject: Re: [Qemu-devel] qemu 1.6.1
Date: Sun, 27 Oct 2013 07:54:05 +0100	[thread overview]
Message-ID: <526CB88D.6030209@redhat.com> (raw)
In-Reply-To: <526B908B.20104@weilnetz.de>

Il 26/10/2013 11:51, Stefan Weil ha scritto:
> Am 24.10.2013 23:47, schrieb Paolo Bonzini:
>> Il 24/10/2013 17:37, Stefan Weil ha scritto:
>>> Yes, that works, too. It also fixes the problem with the assertion
>>> (tested with Wine).
>>>
>>> No, we cannot remove from_, because the same interface is also used
>>> for Linux and other hosts which don't have a 'current' variable.
>>> Or we would have to call qemu_coroutine_self() to get the current
>>> coroutine.
>> Yes, I was thinking of using qemu_coroutine_self().
>>
>> By the way, can you post the two assembly language outputs for just
>>
>> -     CoroutineWin32 *from = DO_UPCAST(CoroutineWin32, base, from_);
>> +     CoroutineWin32 *from = DO_UPCAST(CoroutineWin32, base, current);
>>
>> which AIUI works and is enough to fix the bug?
>>
>> Paolo
> 
> See disassembled code below. I removed compiler option -fstack-protector-all
> to simplify the assembler code and tested that the result was not affected
> by this removal.
> 
> The C and assembler code from the test is also available at
> http://qemu.weilnetz.de/test/coroutine-win32/.

Here is the code with annotations

     broken                                   works
  -------------------------------------------------------------------------
     push   %ebx
     sub    $0x18,%esp                        sub    $0x1c,%esp               
                                              mov    %ebx,0x14(%esp)          
                                              mov    %esi,0x18(%esp)          
                            
     movl   $0x6d62a8,(%esp)                  movl   $0x6d62a8,(%esp)         
     mov    0x24(%esp),%ebx                   mov    0x24(%esp),%ebx              ebx = to;
     call   ___emutls_get_address             call   ___emutls_get_address        eax = &current;
                            
                                              mov    (%eax),%esi                  esi = current;
                            
     mov    %ebx,(%eax)                       mov    %ebx,(%eax)                  current = to;

     mov    0x28(%esp),%eax                   mov    0x28(%esp),%eax              eax = action
     mov    %eax,0x24(%ebx)                   mov    %eax,0x24(%ebx)              to->action = action
     mov    0x20(%ebx),%eax                   mov    0x20(%ebx),%eax              eax = to->fiber
     mov    %eax,(%esp)                       mov    %eax,(%esp)                  "push" to->fiber
     call   *0x835fc0                         call   *0x835fc0                    SwitchToFiber(to->fiber)
     sub    $0x4,%esp                         sub    $0x4,%esp                    undo PASCAL calling convention
                            
**   mov    0x20(%esp),%eax                                                       eax = from
     mov    0x24(%eax),%eax                   mov    0x24(%esi),%eax              eax = from->action
                            
                                              mov    0x14(%esp),%ebx          
                                              mov    0x18(%esp),%esi          
     add    $0x18,%esp                        add    $0x1c,%esp               
     pop    %ebx                                                              
     ret                                      ret                             


I think the problem is that 0x20(%esp) gets somehow corrupted at the
instruction I highlighted with **.

The simplest fix then would be to add a barrier() before and after
SwitchToFiber.

Paolo

  reply	other threads:[~2013-10-27  6:54 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-10-23  7:39 [Qemu-devel] qemu 1.6.1 Michael W. Bombardieri
2013-10-23  9:00 ` Paolo Bonzini
2013-10-23 20:26   ` Stefan Weil
2013-10-24 10:38     ` Paolo Bonzini
2013-10-24 16:37       ` Stefan Weil
2013-10-24 21:47         ` Paolo Bonzini
2013-10-26  9:51           ` Stefan Weil
2013-10-27  6:54             ` Paolo Bonzini [this message]
2013-10-27 10:44               ` Stefan Weil
2013-10-27 15:38               ` Stefan Weil
2014-06-23 14:39             ` [Qemu-devel] broken win32 coroutines (was Re: qemu 1.6.1) Paolo Bonzini
2014-06-24  1:41               ` Michael W. Bombardieri
2014-06-24  5:22                 ` Paolo Bonzini
2014-06-25  6:48                   ` Michael W. Bombardieri

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=526CB88D.6030209@redhat.com \
    --to=pbonzini@redhat.com \
    --cc=mb@ii.net \
    --cc=qemu-devel@nongnu.org \
    --cc=stefanha@redhat.com \
    --cc=sw@weilnetz.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.