xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
From: wogiz@openmailbox.org
To: xen-devel@lists.xen.org
Subject: Bug in x86 instruction emulator?
Date: Wed, 06 Apr 2016 01:38:32 +0200	[thread overview]
Message-ID: <20e259d208b95167bb495a6ed0bf684d@openmailbox.org> (raw)

[-- Attachment #1: Type: text/plain, Size: 412 bytes --]

I'm running Xen 4.6.1 with Alpine Linux 3.3.3 in dom0. In a HVM domU 
with vga="qxl", Xorg will segfault instantly if tried started. Multiple 
Linux distros have been tested and Xorg segfaults in all.

Attached are a full backtrace from domU generated by Xorg, and a 
assembler dump of function 'sse2_blt'.

According to Xen IRC channel, the cause could be a bug in the x86 
instruction emulator related to SSE.

[-- Attachment #2: xorg-full-backtrace.txt --]
[-- Type: text/plain, Size: 10816 bytes --]

Core was generated by `/usr/bin/X -nolisten tcp :0 -auth /tmp/serverauth.J8ecNHkUxO'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007fc65c3d5626 in _mm_store_si128 (__B=..., __P=0xf1fe000001e000) at /usr/lib/gcc/x86_64-alpine-linux-musl/5.3.0/include/emmintrin.h:710
710	  *__P = __B;
[Current thread is 1 (LWP 2296)]
(gdb) bt full
#0  0x00007fc65c3d5626 in _mm_store_si128 (__B=..., __P=0xf1fe000001e000) at /usr/lib/gcc/x86_64-alpine-linux-musl/5.3.0/include/emmintrin.h:710
No locals.
#1  save_128_aligned (data=..., dst=0xf1fe000001e000) at pixman-sse2.c:391
No locals.
#2  sse2_blt (imp=0x7fc65b3ee420, src_bits=0x7fc650541000, dst_bits=0x7fc64ff41020, src_stride=-4096, dst_stride=4096, src_bpp=32, dst_bpp=32, src_x=22, src_y=4, dest_x=22, dest_y=4, 
    width=9, height=8) at pixman-sse2.c:4782
        w = 28
        s = 0x7fc65053d060 <error: Cannot access memory at address 0x7fc65053d060>
        d = 0x7fc64ff45080 ""
        src_bytes = 0x7fc65053c058 <error: Cannot access memory at address 0x7fc65053c058>
        dst_bytes = 0x7fc64ff46078 ""
        byte_width = 36
#3  0x00007fc65c3d57d2 in sse2_composite_copy_area (imp=0x7fc65b3ee420, info=0x7ffcad040e00) at pixman-sse2.c:4815
        op = PIXMAN_OP_SRC
        src_image = 0x55dff8418e00
        mask_image = 0x0
        dest_image = 0x55dff8418f20
        src_x = 22
        src_y = 4
        mask_x = 0
        mask_y = 0
        dest_x = 22
        dest_y = 4
        width = 9
        height = 9
#4  0x00007fc65c102b62 in pixman_image_composite32 (op=PIXMAN_OP_SRC, src=0x55dff8418e00, mask=0x0, dest=0x55dff8418f20, src_x=22, src_y=4, mask_x=0, mask_y=0, dest_x=22, dest_y=4, 
    width=9, height=9) at pixman.c:700
        src_format = PIXMAN_a8r8g8b8
        mask_format = 0
        dest_format = PIXMAN_a8r8g8b8
        region = {extents = {x1 = 22, y1 = 4, x2 = 31, y2 = 13}, data = 0x0}
        extents = {x1 = 0, y1 = 0, x2 = 9, y2 = 9}
        imp = 0x7fc65b3ee420
        func = 0x7fc65c3d56b7 <sse2_composite_copy_area>
        info = {op = PIXMAN_OP_SRC, src_image = 0x55dff8418e00, mask_image = 0x0, dest_image = 0x55dff8418f20, src_x = 22, src_y = 4, mask_x = 0, mask_y = 0, dest_x = 22, dest_y = 4, 
          width = 9, height = 9, src_flags = 42420863, mask_flags = 8194, dest_flags = 34032255}
        pbox = 0x7ffcad040de0
        n = 0
#5  0x00007fc65c102c71 in pixman_image_composite (op=PIXMAN_OP_SRC, src=0x55dff8418e00, mask=0x0, dest=0x55dff8418f20, src_x=22, src_y=4, mask_x=0, mask_y=0, dest_x=22, dest_y=4, width=9, 
    height=9) at pixman.c:723
No locals.
#6  0x00007fc655c6f25b in download_box_no_update (surface=0x55dff8418d20, x1=22, y1=4, x2=31, y2=13) at qxl_surface.c:133
No locals.
#7  0x00007fc655c6f315 in qxl_download_box (surface=0x55dff8418d20, x1=22, y1=4, x2=31, y2=13) at qxl_surface.c:150
        __func__ = "qxl_download_box"
#8  0x00007fc655c6f43b in qxl_surface_prepare_access (surface=0x55dff8418d20, pixmap=0x55dff8419040, region=0x7ffcad040fd0, access=UXA_ACCESS_RW) at qxl_surface.c:183
        n_boxes = 0
        boxes = 0x7ffcad040fd0
        pScreen = 0x55dff82d6b20
        pScrn = 0x55dff82ccfa0
        new = {extents = {x1 = 22, y1 = 4, x2 = 31, y2 = 13}, data = 0x0}
#9  0x00007fc655c7aa1a in qxl_prepare_access (pixmap=0x55dff8419040, region=0x7ffcad041100, access=UXA_ACCESS_RW) at qxl_uxa.c:49
No locals.
#10 0x00007fc655c828f7 in uxa_prepare_access (pDrawable=0x55dff8419040, region=0x7ffcad041100, access=UXA_ACCESS_RW) at uxa.c:172
        pScreen = 0x55dff82d6b20
        uxa_screen = 0x55dff82d8600
        xoff = 0
        yoff = 0
        pPixmap = 0x55dff8419040
        box = {x1 = 2912, y1 = 21994, x2 = 32710, y2 = 0}
        region_rec = {extents = {x1 = 0, y1 = 0, x2 = 0, y2 = 0}, data = 0x16}
        result = 1
#11 0x00007fc655c92b51 in uxa_check_composite (op=3 '\003', pSrc=0x55dff85a53c0, pMask=0x55dff85a5640, pDst=0x55dff85a4d20, xSrc=-1, ySrc=-9, xMask=0, yMask=0, xDst=22, yDst=4, width=9, 
    height=9) at uxa-unaccel.c:439
        screen = 0x55dff82d6b20
        region = {extents = {x1 = 22, y1 = 4, x2 = 31, y2 = 13}, data = 0x0}
        __FUNCTION__ = "uxa_check_composite"
#12 0x00007fc655c90725 in uxa_composite (op=3 '\003', pSrc=0x55dff85a53c0, pMask=0x55dff85a5640, pDst=0x55dff85a4d20, xSrc=-1, ySrc=-9, xMask=0, yMask=0, xDst=22, yDst=4, width=9, height=9)
    at uxa-render.c:1694
        uxa_screen = 0x55dff82d8600
        ret = -1
        saveSrcRepeat = 1
        saveMaskRepeat = 0
        region = {extents = {x1 = 19744, y1 = -1958, x2 = 21983, y2 = 0}, data = 0xfffffffffffffff0}
        tx = 0
        ty = 0
#13 0x000055dff7098e30 in damageComposite (op=<optimized out>, pSrc=0x55dff85a53c0, pMask=0x55dff85a5640, pDst=0x55dff85a4d20, xSrc=<optimized out>, ySrc=<optimized out>, xMask=0, yMask=0, 
    xDst=22, yDst=4, width=9, height=9) at damage.c:503
        pScreen = <optimized out>
        ps = 0x55dff82d80c0
        pScrPriv = 0x55dff82d8820
#14 0x00007fc655c89675 in uxa_check_glyphs (op=3 '\003', src=0x55dff85a53c0, dst=0x55dff85a4d20, maskFormat=0x55dff82d74c8, xSrc=0, ySrc=0, nlist=-1, list=0x7ffcad041650, 
    glyphs=0x7ffcad041a50) at uxa-glyphs.c:528
        pScreen = 0x55dff82d6b20
        image = 0x55dff85a54a0
        scratch = 0x55dff85a4a60
        mask = 0x55dff85a5640
        width = 9
        height = 9
        x = 22
        y = 4
        n = -1
        xDst = 23
        yDst = 13
        extents = {x1 = 22, y1 = 4, x2 = 31, y2 = 13}
#15 0x00007fc655c8b1bb in uxa_glyphs (op=3 '\003', pSrc=0x55dff85a53c0, pDst=0x55dff85a4d20, maskFormat=0x55dff82d74c8, xSrc=0, ySrc=0, nlist=1, list=0x7ffcad041640, glyphs=0x7ffcad041a48)
    at uxa-glyphs.c:1054
        screen = 0x55dff82d6b20
        uxa_screen = 0x55dff82d8600
        xDst = 23
        yDst = 13
        extents = {x1 = 0, y1 = 0, x2 = 0, y2 = 0}
        have_extents = 0
        width = 1564158436
        height = 32710
        ret = 32
        localDst = 0x55dff85a4d20
#16 0x000055dff709918f in damageGlyphs (op=<optimized out>, pSrc=0x55dff85a53c0, pDst=0x55dff85a4d20, maskFormat=0x55dff82d74c8, xSrc=<optimized out>, ySrc=<optimized out>, nlist=1, 
    list=0x7ffcad041640, glyphs=0x7ffcad041a48) at damage.c:569
        pScreen = <optimized out>
        ps = 0x55dff82d80c0
        pScrPriv = 0x55dff82d8820
#17 0x000055dff7091143 in ProcRenderCompositeGlyphs (client=0x55dff85e6de0) at render.c:1390
        glyphSet = 0x55dff85a46c0
        ps = 0x55dff82d80c0
        pScrPriv = 0x55dff82d8820
#17 0x000055dff7091143 in ProcRenderCompositeGlyphs (client=0x55dff85e6de0) at render.c:1390
        glyphSet = 0x55dff85a46c0
        gs = 0
        pSrc = 0x55dff85a53c0
        pDst = 0x55dff85a4d20
        pFormat = 0x55dff82d74c8
        listsLocal = {{xOff = 23, yOff = 13, len = 1 '\001', format = 0x55dff82d74c8}, {xOff = 0, yOff = 0, len = 0 '\000', format = 0x0} <repeats 63 times>}
        lists = <optimized out>
        listsBase = 0x7ffcad041640
        glyphsLocal = {0x55dff85a4ae0, 0x0 <repeats 118 times>, 0x4412c00000000000, 0x7fc65d14d744 <alloc_fwd+167>, 0x0, 0x0, 0x0, 0x55dff85a4d70, 0x55dff8419040, 0x60, 0x55dff85a2dfc, 
          0x0, 0x55dff85a4d10, 0x7fc65d14d83c <free+143>, 0x60, 0x4, 0x7fc65d3b2a2c <mal+108>, 0x7fc65d15e580 <ioctl+58>, 0x7fc65d3b2a28 <mal+104>, 0x55dff85c9420, 0x55dff8419040, 
          0x55dff85c94a0, 0x55dff85a2dfc, 0x55dff85d1440, 0x55dff737ee48 <dispatchException>, 0x7fc655c7ef8f <qxl_bo_decref+254>, 0x55dff85d1f60, 0x55dff82cdea0, 0x0, 0x100000001, 0x0, 
          0x7ffcad042220, 0x55dff85d1f60, 0x7fc65c327dcd <pixman_region_init_rects+119>, 0x55dff85a2dfc, 0x155c7f276, 0x7ffcad041f80, 0x7ffcad042220, 0x44090000f82cdea0, 
          0x7fc65d14d744 <alloc_fwd+167>, 0x1, 0x55dff85a4d20, 0x100000000, 0x55dff85a54f0, 0x55dff85e6de0, 0x60, 0x55dff85e6de0, 0x0, 0x4409c000f85a5490, 0x7fc65d14d83c <free+143>, 0x60, 
          0x30, 0x7fc65d3b2e4c <mal+1164>, 0x7fc65d15e580 <ioctl+58>, 0x55dff85a4d20, 0x55dff85a2e48, 0x55dff85e6de0, 0x0, 0x55dff85e6de0, 0x55dff85d1440, 
          0x55dff737ee48 <dispatchException>, 0x7fc655c7ef8f <qxl_bo_decref+254>, 0x55dff85a4f80, 0x55dff82cdea0, 0x7fc655ea0b40 <uxa_pixmap_index>, 0x7fc65c6d9113 <drmIoctl+30>, 
          0x55dff82cdea0, 0x55dff85a2e48, 0x55dff85a4f80, 0x9958196311bf3cc9, 0x55dff85e6de0, 0x7fc655c7f276 <qxl_bo_write_command+389>, 0x55dff85a4fe0, 0x55dff85a54a0, 0x1f82cdea0, 
          0x55dff82cdea0, 0x1, 0x55dff85a54a0, 0x100000000, 0x7ffcad042070, 0x55dff85a5508, 0x55dff82ce838, 0xb700000001, 0x55df00000001, 0x55dff82cdea0, 0x9958196311bf3cc9, 0x400000020, 
          0x7fc655c6f0d1 <push_drawable+48>, 0x55dff85a54a0, 0x55dff82cdea0, 0x55dff85a54a0, 0x7fc655c6f1c0 <submit_fill+233>, 0xffbbbbbbffffffff, 0x7ffcad042140, 0x55dff85a4fe0, 
          0x55dff82cdea0, 0x55dff85a54a0, 0x55dff85a5500, 0x7fc655ea0b40 <uxa_pixmap_index>, 0x7fc655c6fe03 <qxl_surface_solid+127>, 0x7fc655ea0b40 <uxa_pixmap_index>, 0x100000001, 0x0, 
          0x55dff85a4fe0, 0xffbbbbbb55ea0b40, 0x55dff82cdea0, 0x0, 0x100000001, 0x0, 0x9958196311bf3cc9, 0xbb0055eaffff, 0x7fc655c7abcd <qxl_solid+68>, 0x3ffffffff, 0x100000001, 0x0, 
          0x7ffcad042220, 0x55dff85a5300, 0x7fc655c8e88b <uxa_solid_rects+1482>, 0x55dff85a2e5c, 0x55dff85a2e54, 0x55dff85a53c0, 0x9958190100000001, 0x55dff85a53c0, 0x0, 0x55dfffffffff, 
          0xf85e6de0, 0x7ffcad042248, 0x0, 0x55dff85e6de0, 0x55dff85d1440, 0x1, 0x7fc65d17e3d5 <__clock_gettime+22>, 0xffffffff, 0x55dff7388cf0 <checkForInput>, 0x55dff85e6f40, 
          0x55dff70f89d3 <ReadRequestFromClient+46>, 0x55dff85a2e48, 0x55dff707359e <XaceHookDispatch+152>, 0x55dff85e6de0}
        glyph = <optimized out>
        glyphs = 0x7ffcad041a50
        glyphsBase = 0x7ffcad041a48
        elt = <optimized out>
        buffer = 0x55dff85a2e8c "\212\a\002"
        end = 0x55dff85a2e8c "\212\a\002"
        nglyph = <optimized out>
        nlist = 1
        space = <optimized out>
        size = 1
        rc = <optimized out>
        n = <optimized out>
        stuff = <optimized out>
#18 0x000055dff6fe816b in Dispatch () at dispatch.c:430
        clientReady = <optimized out>
        result = <optimized out>
        client = 0x55dff85e6de0
        nready = 0
        icheck = 0x55dff7388cf0 <checkForInput>
        start_tick = 5
#19 0x000055dff6feb4f6 in dix_main (argc=6, argv=0x7ffcad0423a8, envp=<optimized out>) at main.c:300
        i = <optimized out>
        alwaysCheckForInput = {0, 1}
#20 0x00007fc65d14772f in __libc_start_main (main=0x55dff6fd941c <main>, argc=6, argv=0x7ffcad0423a8) at src/env/__libc_start_main.c:74
        envp = 0x7ffcad0423e0
#21 0x000055dff6fd945c in _start_c (p=<optimized out>) at crt/crt1.c:17
        argc = <optimized out>
        argv = <optimized out>
#22 0x000055dff6fd9437 in _start ()
No symbol table info available.


[-- Attachment #3: sse2_blt-assembler-dump.txt --]
[-- Type: text/plain, Size: 14470 bytes --]

(gdb) disass
Dump of assembler code for function sse2_blt:
   0x00007fc65c3d519f <+0>:	sub    $0x170,%rsp
   0x00007fc65c3d51a6 <+7>:	mov    %rdi,-0x50(%rsp)
   0x00007fc65c3d51ab <+12>:	mov    %rsi,-0x58(%rsp)
   0x00007fc65c3d51b0 <+17>:	mov    %rdx,-0x60(%rsp)
   0x00007fc65c3d51b5 <+22>:	mov    %ecx,-0x64(%rsp)
   0x00007fc65c3d51b9 <+26>:	mov    %r8d,-0x68(%rsp)
   0x00007fc65c3d51be <+31>:	mov    %r9d,-0x6c(%rsp)
   0x00007fc65c3d51c3 <+36>:	mov    -0x6c(%rsp),%eax
   0x00007fc65c3d51c7 <+40>:	cmp    0x178(%rsp),%eax
   0x00007fc65c3d51ce <+47>:	je     0x7fc65c3d51da <sse2_blt+59>
   0x00007fc65c3d51d0 <+49>:	mov    $0x0,%eax
   0x00007fc65c3d51d5 <+54>:	jmpq   0x7fc65c3d56af <sse2_blt+1296>
   0x00007fc65c3d51da <+59>:	cmpl   $0x10,-0x6c(%rsp)
   0x00007fc65c3d51df <+64>:	jne    0x7fc65c3d527f <sse2_blt+224>
   0x00007fc65c3d51e5 <+70>:	mov    -0x64(%rsp),%eax
   0x00007fc65c3d51e9 <+74>:	shl    $0x2,%eax
   0x00007fc65c3d51ec <+77>:	mov    %eax,%edx
   0x00007fc65c3d51ee <+79>:	shr    $0x1f,%edx
   0x00007fc65c3d51f1 <+82>:	add    %edx,%eax
   0x00007fc65c3d51f3 <+84>:	sar    %eax
   0x00007fc65c3d51f5 <+86>:	mov    %eax,-0x64(%rsp)
   0x00007fc65c3d51f9 <+90>:	mov    -0x68(%rsp),%eax
   0x00007fc65c3d51fd <+94>:	shl    $0x2,%eax
   0x00007fc65c3d5200 <+97>:	mov    %eax,%edx
   0x00007fc65c3d5202 <+99>:	shr    $0x1f,%edx
   0x00007fc65c3d5205 <+102>:	add    %edx,%eax
   0x00007fc65c3d5207 <+104>:	sar    %eax
   0x00007fc65c3d5209 <+106>:	mov    %eax,-0x68(%rsp)
   0x00007fc65c3d520d <+110>:	mov    -0x64(%rsp),%eax
   0x00007fc65c3d5211 <+114>:	imul   0x188(%rsp),%eax
   0x00007fc65c3d5219 <+122>:	movslq %eax,%rdx
   0x00007fc65c3d521c <+125>:	mov    0x180(%rsp),%eax
   0x00007fc65c3d5223 <+132>:	cltq   
   0x00007fc65c3d5225 <+134>:	add    %rdx,%rax
   0x00007fc65c3d5228 <+137>:	lea    (%rax,%rax,1),%rdx
   0x00007fc65c3d522c <+141>:	mov    -0x58(%rsp),%rax
   0x00007fc65c3d5231 <+146>:	add    %rdx,%rax
   0x00007fc65c3d5234 <+149>:	mov    %rax,-0x38(%rsp)
   0x00007fc65c3d5239 <+154>:	mov    -0x68(%rsp),%eax
   0x00007fc65c3d523d <+158>:	imul   0x198(%rsp),%eax
   0x00007fc65c3d5245 <+166>:	movslq %eax,%rdx
   0x00007fc65c3d5248 <+169>:	mov    0x190(%rsp),%eax
   0x00007fc65c3d524f <+176>:	cltq   
   0x00007fc65c3d5251 <+178>:	add    %rdx,%rax
   0x00007fc65c3d5254 <+181>:	lea    (%rax,%rax,1),%rdx
   0x00007fc65c3d5258 <+185>:	mov    -0x60(%rsp),%rax
   0x00007fc65c3d525d <+190>:	add    %rdx,%rax
   0x00007fc65c3d5260 <+193>:	mov    %rax,-0x30(%rsp)
   0x00007fc65c3d5265 <+198>:	mov    0x1a0(%rsp),%eax
   0x00007fc65c3d526c <+205>:	add    %eax,%eax
   0x00007fc65c3d526e <+207>:	mov    %eax,-0x40(%rsp)
   0x00007fc65c3d5272 <+211>:	shll   -0x64(%rsp)
   0x00007fc65c3d5276 <+215>:	shll   -0x68(%rsp)
   0x00007fc65c3d527a <+219>:	jmpq   0x7fc65c3d5691 <sse2_blt+1266>
   0x00007fc65c3d527f <+224>:	cmpl   $0x20,-0x6c(%rsp)
   0x00007fc65c3d5284 <+229>:	jne    0x7fc65c3d5333 <sse2_blt+404>
   0x00007fc65c3d528a <+235>:	mov    -0x64(%rsp),%eax
   0x00007fc65c3d528e <+239>:	shl    $0x2,%eax
   0x00007fc65c3d5291 <+242>:	lea    0x3(%rax),%edx
   0x00007fc65c3d5294 <+245>:	test   %eax,%eax
   0x00007fc65c3d5296 <+247>:	cmovs  %edx,%eax
   0x00007fc65c3d5299 <+250>:	sar    $0x2,%eax
   0x00007fc65c3d529c <+253>:	mov    %eax,-0x64(%rsp)
   0x00007fc65c3d52a0 <+257>:	mov    -0x68(%rsp),%eax
   0x00007fc65c3d52a4 <+261>:	shl    $0x2,%eax
   0x00007fc65c3d52a7 <+264>:	lea    0x3(%rax),%edx
   0x00007fc65c3d52aa <+267>:	test   %eax,%eax
   0x00007fc65c3d52ac <+269>:	cmovs  %edx,%eax
   0x00007fc65c3d52af <+272>:	sar    $0x2,%eax
   0x00007fc65c3d52b2 <+275>:	mov    %eax,-0x68(%rsp)
   0x00007fc65c3d52b6 <+279>:	mov    -0x64(%rsp),%eax
   0x00007fc65c3d52ba <+283>:	imul   0x188(%rsp),%eax
   0x00007fc65c3d52c2 <+291>:	movslq %eax,%rdx
   0x00007fc65c3d52c5 <+294>:	mov    0x180(%rsp),%eax
   0x00007fc65c3d52cc <+301>:	cltq   
   0x00007fc65c3d52ce <+303>:	add    %rdx,%rax
   0x00007fc65c3d52d1 <+306>:	lea    0x0(,%rax,4),%rdx
   0x00007fc65c3d52d9 <+314>:	mov    -0x58(%rsp),%rax
   0x00007fc65c3d52de <+319>:	add    %rdx,%rax
   0x00007fc65c3d52e1 <+322>:	mov    %rax,-0x38(%rsp)
   0x00007fc65c3d52e6 <+327>:	mov    -0x68(%rsp),%eax
   0x00007fc65c3d52ea <+331>:	imul   0x198(%rsp),%eax
   0x00007fc65c3d52f2 <+339>:	movslq %eax,%rdx
   0x00007fc65c3d52f5 <+342>:	mov    0x190(%rsp),%eax
   0x00007fc65c3d52fc <+349>:	cltq   
   0x00007fc65c3d52fe <+351>:	add    %rdx,%rax
   0x00007fc65c3d5301 <+354>:	lea    0x0(,%rax,4),%rdx
   0x00007fc65c3d5309 <+362>:	mov    -0x60(%rsp),%rax
   0x00007fc65c3d530e <+367>:	add    %rdx,%rax
   0x00007fc65c3d5311 <+370>:	mov    %rax,-0x30(%rsp)
   0x00007fc65c3d5316 <+375>:	mov    0x1a0(%rsp),%eax
   0x00007fc65c3d531d <+382>:	shl    $0x2,%eax
   0x00007fc65c3d5320 <+385>:	mov    %eax,-0x40(%rsp)
   0x00007fc65c3d5324 <+389>:	shll   $0x2,-0x64(%rsp)
   0x00007fc65c3d5329 <+394>:	shll   $0x2,-0x68(%rsp)
   0x00007fc65c3d532e <+399>:	jmpq   0x7fc65c3d5691 <sse2_blt+1266>
   0x00007fc65c3d5333 <+404>:	mov    $0x0,%eax
   0x00007fc65c3d5338 <+409>:	jmpq   0x7fc65c3d56af <sse2_blt+1296>
   0x00007fc65c3d533d <+414>:	mov    -0x38(%rsp),%rax
   0x00007fc65c3d5342 <+419>:	mov    %rax,-0x28(%rsp)
   0x00007fc65c3d5347 <+424>:	mov    -0x30(%rsp),%rax
   0x00007fc65c3d534c <+429>:	mov    %rax,-0x20(%rsp)
   0x00007fc65c3d5351 <+434>:	mov    -0x64(%rsp),%eax
   0x00007fc65c3d5355 <+438>:	cltq   
   0x00007fc65c3d5357 <+440>:	add    %rax,-0x38(%rsp)
   0x00007fc65c3d535c <+445>:	mov    -0x68(%rsp),%eax
   0x00007fc65c3d5360 <+449>:	cltq   
   0x00007fc65c3d5362 <+451>:	add    %rax,-0x30(%rsp)
   0x00007fc65c3d5367 <+456>:	mov    -0x40(%rsp),%eax
   0x00007fc65c3d536b <+460>:	mov    %eax,-0x3c(%rsp)
   0x00007fc65c3d536f <+464>:	jmp    0x7fc65c3d5392 <sse2_blt+499>
   0x00007fc65c3d5371 <+466>:	mov    -0x28(%rsp),%rax
   0x00007fc65c3d5376 <+471>:	movzwl (%rax),%edx
   0x00007fc65c3d5379 <+474>:	mov    -0x20(%rsp),%rax
   0x00007fc65c3d537e <+479>:	mov    %dx,(%rax)
   0x00007fc65c3d5381 <+482>:	subl   $0x2,-0x3c(%rsp)
   0x00007fc65c3d5386 <+487>:	addq   $0x2,-0x28(%rsp)
   0x00007fc65c3d538c <+493>:	addq   $0x2,-0x20(%rsp)
   0x00007fc65c3d5392 <+499>:	cmpl   $0x1,-0x3c(%rsp)
   0x00007fc65c3d5397 <+504>:	jle    0x7fc65c3d53c7 <sse2_blt+552>
   0x00007fc65c3d5399 <+506>:	mov    -0x20(%rsp),%rax
   0x00007fc65c3d539e <+511>:	and    $0x3,%eax
   0x00007fc65c3d53a1 <+514>:	test   %rax,%rax
   0x00007fc65c3d53a4 <+517>:	jne    0x7fc65c3d5371 <sse2_blt+466>
   0x00007fc65c3d53a6 <+519>:	jmp    0x7fc65c3d53c7 <sse2_blt+552>
   0x00007fc65c3d53a8 <+521>:	mov    -0x28(%rsp),%rax
   0x00007fc65c3d53ad <+526>:	mov    (%rax),%edx
   0x00007fc65c3d53af <+528>:	mov    -0x20(%rsp),%rax
   0x00007fc65c3d53b4 <+533>:	mov    %edx,(%rax)
   0x00007fc65c3d53b6 <+535>:	subl   $0x4,-0x3c(%rsp)
   0x00007fc65c3d53bb <+540>:	addq   $0x4,-0x28(%rsp)
   0x00007fc65c3d53c1 <+546>:	addq   $0x4,-0x20(%rsp)
   0x00007fc65c3d53c7 <+552>:	cmpl   $0x3,-0x3c(%rsp)
   0x00007fc65c3d53cc <+557>:	jle    0x7fc65c3d55bb <sse2_blt+1052>
   0x00007fc65c3d53d2 <+563>:	mov    -0x20(%rsp),%rax
   0x00007fc65c3d53d7 <+568>:	and    $0xf,%eax
   0x00007fc65c3d53da <+571>:	test   %rax,%rax
   0x00007fc65c3d53dd <+574>:	jne    0x7fc65c3d53a8 <sse2_blt+521>
   0x00007fc65c3d53df <+576>:	jmpq   0x7fc65c3d55bb <sse2_blt+1052>
   0x00007fc65c3d53e4 <+581>:	mov    -0x28(%rsp),%rax
   0x00007fc65c3d53e9 <+586>:	mov    %rax,-0x10(%rsp)
   0x00007fc65c3d53ee <+591>:	mov    -0x10(%rsp),%rax
   0x00007fc65c3d53f3 <+596>:	mov    %rax,0x70(%rsp)
   0x00007fc65c3d53f8 <+601>:	mov    0x70(%rsp),%rax
   0x00007fc65c3d53fd <+606>:	movdqu (%rax),%xmm0
   0x00007fc65c3d5401 <+610>:	movaps %xmm0,0x88(%rsp)
   0x00007fc65c3d5409 <+618>:	mov    -0x28(%rsp),%rax
   0x00007fc65c3d540e <+623>:	add    $0x10,%rax
   0x00007fc65c3d5412 <+627>:	mov    %rax,-0x8(%rsp)
   0x00007fc65c3d5417 <+632>:	mov    -0x8(%rsp),%rax
   0x00007fc65c3d541c <+637>:	mov    %rax,0x68(%rsp)
   0x00007fc65c3d5421 <+642>:	mov    0x68(%rsp),%rax
   0x00007fc65c3d5426 <+647>:	movdqu (%rax),%xmm0
   0x00007fc65c3d542a <+651>:	movaps %xmm0,0x98(%rsp)
   0x00007fc65c3d5432 <+659>:	mov    -0x28(%rsp),%rax
   0x00007fc65c3d5437 <+664>:	add    $0x20,%rax
   0x00007fc65c3d543b <+668>:	mov    %rax,(%rsp)
   0x00007fc65c3d543f <+672>:	mov    (%rsp),%rax
   0x00007fc65c3d5443 <+676>:	mov    %rax,0x60(%rsp)
   0x00007fc65c3d5448 <+681>:	mov    0x60(%rsp),%rax
   0x00007fc65c3d544d <+686>:	movdqu (%rax),%xmm0
   0x00007fc65c3d5451 <+690>:	movaps %xmm0,0xa8(%rsp)
   0x00007fc65c3d5459 <+698>:	mov    -0x28(%rsp),%rax
   0x00007fc65c3d545e <+703>:	add    $0x30,%rax
   0x00007fc65c3d5462 <+707>:	mov    %rax,0x8(%rsp)
   0x00007fc65c3d5467 <+712>:	mov    0x8(%rsp),%rax
   0x00007fc65c3d546c <+717>:	mov    %rax,0x58(%rsp)
   0x00007fc65c3d5471 <+722>:	mov    0x58(%rsp),%rax
   0x00007fc65c3d5476 <+727>:	movdqu (%rax),%xmm0
   0x00007fc65c3d547a <+731>:	movaps %xmm0,0xb8(%rsp)
   0x00007fc65c3d5482 <+739>:	mov    -0x20(%rsp),%rax
   0x00007fc65c3d5487 <+744>:	mov    %rax,0x10(%rsp)
   0x00007fc65c3d548c <+749>:	movdqa 0x88(%rsp),%xmm0
   0x00007fc65c3d5495 <+758>:	movaps %xmm0,0x128(%rsp)
   0x00007fc65c3d549d <+766>:	mov    0x10(%rsp),%rax
   0x00007fc65c3d54a2 <+771>:	mov    %rax,0x50(%rsp)
   0x00007fc65c3d54a7 <+776>:	movdqa 0x128(%rsp),%xmm0
   0x00007fc65c3d54b0 <+785>:	movaps %xmm0,0x138(%rsp)
   0x00007fc65c3d54b8 <+793>:	mov    0x50(%rsp),%rax
   0x00007fc65c3d54bd <+798>:	movdqa 0x138(%rsp),%xmm0
   0x00007fc65c3d54c6 <+807>:	movaps %xmm0,(%rax)
   0x00007fc65c3d54c9 <+810>:	mov    -0x20(%rsp),%rax
   0x00007fc65c3d54ce <+815>:	add    $0x10,%rax
   0x00007fc65c3d54d2 <+819>:	mov    %rax,0x18(%rsp)
   0x00007fc65c3d54d7 <+824>:	movdqa 0x98(%rsp),%xmm0
   0x00007fc65c3d54e0 <+833>:	movaps %xmm0,0x108(%rsp)
   0x00007fc65c3d54e8 <+841>:	mov    0x18(%rsp),%rax
   0x00007fc65c3d54ed <+846>:	mov    %rax,0x48(%rsp)
   0x00007fc65c3d54f2 <+851>:	movdqa 0x108(%rsp),%xmm0
   0x00007fc65c3d54fb <+860>:	movaps %xmm0,0x118(%rsp)
   0x00007fc65c3d5503 <+868>:	mov    0x48(%rsp),%rax
   0x00007fc65c3d5508 <+873>:	movdqa 0x118(%rsp),%xmm0
   0x00007fc65c3d5511 <+882>:	movaps %xmm0,(%rax)
   0x00007fc65c3d5514 <+885>:	mov    -0x20(%rsp),%rax
   0x00007fc65c3d5519 <+890>:	add    $0x20,%rax
   0x00007fc65c3d551d <+894>:	mov    %rax,0x20(%rsp)
   0x00007fc65c3d5522 <+899>:	movdqa 0xa8(%rsp),%xmm0
   0x00007fc65c3d552b <+908>:	movaps %xmm0,0xe8(%rsp)
   0x00007fc65c3d5533 <+916>:	mov    0x20(%rsp),%rax
   0x00007fc65c3d5538 <+921>:	mov    %rax,0x40(%rsp)
   0x00007fc65c3d553d <+926>:	movdqa 0xe8(%rsp),%xmm0
   0x00007fc65c3d5546 <+935>:	movaps %xmm0,0xf8(%rsp)
   0x00007fc65c3d554e <+943>:	mov    0x40(%rsp),%rax
   0x00007fc65c3d5553 <+948>:	movdqa 0xf8(%rsp),%xmm0
   0x00007fc65c3d555c <+957>:	movaps %xmm0,(%rax)
   0x00007fc65c3d555f <+960>:	mov    -0x20(%rsp),%rax
   0x00007fc65c3d5564 <+965>:	add    $0x30,%rax
   0x00007fc65c3d5568 <+969>:	mov    %rax,0x30(%rsp)
   0x00007fc65c3d556d <+974>:	movdqa 0xb8(%rsp),%xmm0
   0x00007fc65c3d5576 <+983>:	movaps %xmm0,0xc8(%rsp)
   0x00007fc65c3d557e <+991>:	mov    0x30(%rsp),%rax
   0x00007fc65c3d5583 <+996>:	mov    %rax,0x38(%rsp)
   0x00007fc65c3d5588 <+1001>:	movdqa 0xc8(%rsp),%xmm0
   0x00007fc65c3d5591 <+1010>:	movaps %xmm0,0xd8(%rsp)
   0x00007fc65c3d5599 <+1018>:	mov    0x38(%rsp),%rax
   0x00007fc65c3d559e <+1023>:	movdqa 0xd8(%rsp),%xmm0
   0x00007fc65c3d55a7 <+1032>:	movaps %xmm0,(%rax)
   0x00007fc65c3d55aa <+1035>:	addq   $0x40,-0x28(%rsp)
   0x00007fc65c3d55b0 <+1041>:	addq   $0x40,-0x20(%rsp)
   0x00007fc65c3d55b6 <+1047>:	subl   $0x40,-0x3c(%rsp)
   0x00007fc65c3d55bb <+1052>:	cmpl   $0x3f,-0x3c(%rsp)
   0x00007fc65c3d55c0 <+1057>:	jg     0x7fc65c3d53e4 <sse2_blt+581>
   0x00007fc65c3d55c6 <+1063>:	jmp    0x7fc65c3d563a <sse2_blt+1179>
   0x00007fc65c3d55c8 <+1065>:	mov    -0x28(%rsp),%rax
   0x00007fc65c3d55cd <+1070>:	mov    %rax,0x28(%rsp)
   0x00007fc65c3d55d2 <+1075>:	mov    0x28(%rsp),%rax
   0x00007fc65c3d55d7 <+1080>:	mov    %rax,0x80(%rsp)
   0x00007fc65c3d55df <+1088>:	mov    0x80(%rsp),%rax
   0x00007fc65c3d55e7 <+1096>:	movdqu (%rax),%xmm0
   0x00007fc65c3d55eb <+1100>:	mov    -0x20(%rsp),%rax
   0x00007fc65c3d55f0 <+1105>:	mov    %rax,-0x18(%rsp)
   0x00007fc65c3d55f5 <+1110>:	movaps %xmm0,0x148(%rsp)
   0x00007fc65c3d55fd <+1118>:	mov    -0x18(%rsp),%rax
   0x00007fc65c3d5602 <+1123>:	mov    %rax,0x78(%rsp)
   0x00007fc65c3d5607 <+1128>:	movdqa 0x148(%rsp),%xmm0
   0x00007fc65c3d5610 <+1137>:	movaps %xmm0,0x158(%rsp)
   0x00007fc65c3d5618 <+1145>:	mov    0x78(%rsp),%rax
   0x00007fc65c3d561d <+1150>:	movdqa 0x158(%rsp),%xmm0
=> 0x00007fc65c3d5626 <+1159>:	movaps %xmm0,(%rax)
   0x00007fc65c3d5629 <+1162>:	subl   $0x10,-0x3c(%rsp)
   0x00007fc65c3d562e <+1167>:	addq   $0x10,-0x20(%rsp)
   0x00007fc65c3d5634 <+1173>:	addq   $0x10,-0x28(%rsp)
   0x00007fc65c3d563a <+1179>:	cmpl   $0xf,-0x3c(%rsp)
   0x00007fc65c3d563f <+1184>:	jg     0x7fc65c3d55c8 <sse2_blt+1065>
   0x00007fc65c3d5641 <+1186>:	jmp    0x7fc65c3d5662 <sse2_blt+1219>
   0x00007fc65c3d5643 <+1188>:	mov    -0x28(%rsp),%rax
   0x00007fc65c3d5648 <+1193>:	mov    (%rax),%edx
   0x00007fc65c3d564a <+1195>:	mov    -0x20(%rsp),%rax
   0x00007fc65c3d564f <+1200>:	mov    %edx,(%rax)
   0x00007fc65c3d5651 <+1202>:	subl   $0x4,-0x3c(%rsp)
   0x00007fc65c3d5656 <+1207>:	addq   $0x4,-0x28(%rsp)
   0x00007fc65c3d565c <+1213>:	addq   $0x4,-0x20(%rsp)
   0x00007fc65c3d5662 <+1219>:	cmpl   $0x3,-0x3c(%rsp)
   0x00007fc65c3d5667 <+1224>:	jg     0x7fc65c3d5643 <sse2_blt+1188>
   0x00007fc65c3d5669 <+1226>:	cmpl   $0x1,-0x3c(%rsp)
   0x00007fc65c3d566e <+1231>:	jle    0x7fc65c3d5691 <sse2_blt+1266>
   0x00007fc65c3d5670 <+1233>:	mov    -0x28(%rsp),%rax
   0x00007fc65c3d5675 <+1238>:	movzwl (%rax),%edx
   0x00007fc65c3d5678 <+1241>:	mov    -0x20(%rsp),%rax
   0x00007fc65c3d567d <+1246>:	mov    %dx,(%rax)
   0x00007fc65c3d5680 <+1249>:	subl   $0x2,-0x3c(%rsp)
   0x00007fc65c3d5685 <+1254>:	addq   $0x2,-0x28(%rsp)
   0x00007fc65c3d568b <+1260>:	addq   $0x2,-0x20(%rsp)
   0x00007fc65c3d5691 <+1266>:	mov    0x1a8(%rsp),%eax
   0x00007fc65c3d5698 <+1273>:	lea    -0x1(%rax),%edx
   0x00007fc65c3d569b <+1276>:	mov    %edx,0x1a8(%rsp)
   0x00007fc65c3d56a2 <+1283>:	test   %eax,%eax
   0x00007fc65c3d56a4 <+1285>:	jne    0x7fc65c3d533d <sse2_blt+414>
   0x00007fc65c3d56aa <+1291>:	mov    $0x1,%eax
   0x00007fc65c3d56af <+1296>:	add    $0x170,%rsp
   0x00007fc65c3d56b6 <+1303>:	retq   
End of assembler dump.


[-- Attachment #4: Type: text/plain, Size: 126 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

             reply	other threads:[~2016-04-05 23:38 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-04-05 23:38 wogiz [this message]
2016-04-05 23:57 ` Bug in x86 instruction emulator? Mihai Donțu
2016-04-06  0:02   ` Mihai Donțu
2016-04-06  1:48     ` wogiz
2016-04-06  1:26   ` wogiz
2016-04-06  8:55   ` Andrew Cooper
2016-04-07  1:26     ` wogiz
2016-04-07  2:04       ` Jan Beulich
2016-04-08  1:43         ` wogiz
2016-04-15 17:33         ` wogiz
2016-04-15 17:44           ` Andrew Cooper
2016-04-16  4:06             ` wogiz
2016-05-04 16:02 ` Jan Beulich
2016-05-04 16:04   ` Wei Liu
2016-05-04 16:06   ` Andrew Cooper
2016-05-17 16:53   ` William Z.
2016-05-17 17:03     ` Andrew Cooper
2016-05-18  9:12 ` Jan Beulich
2016-05-20 16:44   ` William Z.

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20e259d208b95167bb495a6ed0bf684d@openmailbox.org \
    --to=wogiz@openmailbox.org \
    --cc=xen-devel@lists.xen.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).