SYS-OSS/FRET-qemu
4
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

i386: hvf: Fix register refs if REX is present

Browse Source 
According to Intel(R)64 and IA-32 Architectures Software Developer's
Manual, the following one-byte registers should be fetched when REX
prefix is present (sorted by reg encoding index):
AL, CL, DL, BL, SPL, BPL, SIL, DIL, R8L - R15L

The first 8 are fetched if REX.R is zero, the last 8 if non-zero.

The following registers should be fetched for instructions without REX
prefix (also sorted by reg encoding index):
AL, CL, DL, BL, AH, CH, DH, BH

Current emulation code doesn't handle accesses to SPL, BPL, SIL, DIL
when REX is present, thefore an instruction 40883e "mov %dil,(%rsi)" is
decoded as "mov %bh,(%rsi)".

That caused an infinite loop in vp_reset:
https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg03293.html

Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com>
Message-Id: <20181018134401.44471-1-r.bolshakov@yadro.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This commit is contained in:
Roman Bolshakov 2018-10-18 16:44:01 +03:00 committed by Paolo Bonzini
parent 6b7a98303b
commit b4e1af8961
2 changed files with 42 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
target/i386/hvf/x86_decode.c
View File

@ -113,7 +113,8 @@ static void decode_modrm_reg(CPUX86State *env, struct x86_decode *decode,
{ {
op->type = X86_VAR_REG; op->type = X86_VAR_REG;
op->reg = decode->modrm.reg; op->reg = decode->modrm.reg;
op->ptr = get_reg_ref(env, op->reg, decode->rex.r, decode->operand_size); op->ptr = get_reg_ref(env, op->reg, decode->rex.rex, decode->rex.r,
decode->operand_size);
} }
static void decode_rax(CPUX86State *env, struct x86_decode *decode, static void decode_rax(CPUX86State *env, struct x86_decode *decode,
@ -121,7 +122,8 @@ static void decode_rax(CPUX86State *env, struct x86_decode *decode,
{ {
op->type = X86_VAR_REG; op->type = X86_VAR_REG;
op->reg = R_EAX; op->reg = R_EAX;
op->ptr = get_reg_ref(env, op->reg, 0, decode->operand_size); op->ptr = get_reg_ref(env, op->reg, decode->rex.rex, 0,
decode->operand_size);
} }
static inline void decode_immediate(CPUX86State *env, struct x86_decode *decode, static inline void decode_immediate(CPUX86State *env, struct x86_decode *decode,
@ -263,16 +265,16 @@ static void decode_incgroup(CPUX86State *env, struct x86_decode *decode)
{ {
decode->op[0].type = X86_VAR_REG; decode->op[0].type = X86_VAR_REG;
decode->op[0].reg = decode->opcode[0] - 0x40; decode->op[0].reg = decode->opcode[0] - 0x40;
decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.b, decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.rex,
decode->operand_size); decode->rex.b, decode->operand_size);
} }
static void decode_decgroup(CPUX86State *env, struct x86_decode *decode) static void decode_decgroup(CPUX86State *env, struct x86_decode *decode)
{ {
decode->op[0].type = X86_VAR_REG; decode->op[0].type = X86_VAR_REG;
decode->op[0].reg = decode->opcode[0] - 0x48; decode->op[0].reg = decode->opcode[0] - 0x48;
decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.b, decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.rex,
decode->operand_size); decode->rex.b, decode->operand_size);
} }
static void decode_incgroup2(CPUX86State *env, struct x86_decode *decode) static void decode_incgroup2(CPUX86State *env, struct x86_decode *decode)
@ -288,16 +290,16 @@ static void decode_pushgroup(CPUX86State *env, struct x86_decode *decode)
{ {
decode->op[0].type = X86_VAR_REG; decode->op[0].type = X86_VAR_REG;
decode->op[0].reg = decode->opcode[0] - 0x50; decode->op[0].reg = decode->opcode[0] - 0x50;
decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.b, decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.rex,
decode->operand_size); decode->rex.b, decode->operand_size);
} }
static void decode_popgroup(CPUX86State *env, struct x86_decode *decode) static void decode_popgroup(CPUX86State *env, struct x86_decode *decode)
{ {
decode->op[0].type = X86_VAR_REG; decode->op[0].type = X86_VAR_REG;
decode->op[0].reg = decode->opcode[0] - 0x58; decode->op[0].reg = decode->opcode[0] - 0x58;
decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.b, decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.rex,
decode->operand_size); decode->rex.b, decode->operand_size);
} }
static void decode_jxx(CPUX86State *env, struct x86_decode *decode) static void decode_jxx(CPUX86State *env, struct x86_decode *decode)
@ -378,16 +380,16 @@ static void decode_xchgroup(CPUX86State *env, struct x86_decode *decode)
{ {
decode->op[0].type = X86_VAR_REG; decode->op[0].type = X86_VAR_REG;
decode->op[0].reg = decode->opcode[0] - 0x90; decode->op[0].reg = decode->opcode[0] - 0x90;
decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.b, decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.rex,
decode->operand_size); decode->rex.b, decode->operand_size);
} }
static void decode_movgroup(CPUX86State *env, struct x86_decode *decode) static void decode_movgroup(CPUX86State *env, struct x86_decode *decode)
{ {
decode->op[0].type = X86_VAR_REG; decode->op[0].type = X86_VAR_REG;
decode->op[0].reg = decode->opcode[0] - 0xb8; decode->op[0].reg = decode->opcode[0] - 0xb8;
decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.b, decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.rex,
decode->operand_size); decode->rex.b, decode->operand_size);
decode_immediate(env, decode, &decode->op[1], decode->operand_size); decode_immediate(env, decode, &decode->op[1], decode->operand_size);
} }
@ -402,8 +404,8 @@ static void decode_movgroup8(CPUX86State *env, struct x86_decode *decode)
{ {
decode->op[0].type = X86_VAR_REG; decode->op[0].type = X86_VAR_REG;
decode->op[0].reg = decode->opcode[0] - 0xb0; decode->op[0].reg = decode->opcode[0] - 0xb0;
decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.b, decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.rex,
decode->operand_size); decode->rex.b, decode->operand_size);
decode_immediate(env, decode, &decode->op[1], decode->operand_size); decode_immediate(env, decode, &decode->op[1], decode->operand_size);
} }
@ -412,7 +414,8 @@ static void decode_rcx(CPUX86State *env, struct x86_decode *decode,
{ {
op->type = X86_VAR_REG; op->type = X86_VAR_REG;
op->reg = R_ECX; op->reg = R_ECX;
op->ptr = get_reg_ref(env, op->reg, decode->rex.b, decode->operand_size); op->ptr = get_reg_ref(env, op->reg, decode->rex.rex, decode->rex.b,
decode->operand_size);
} }
struct decode_tbl { struct decode_tbl {
@ -639,8 +642,8 @@ static void decode_bswap(CPUX86State *env, struct x86_decode *decode)
{ {
decode->op[0].type = X86_VAR_REG; decode->op[0].type = X86_VAR_REG;
decode->op[0].reg = decode->opcode[1] - 0xc8; decode->op[0].reg = decode->opcode[1] - 0xc8;
decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.b, decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.rex,
decode->operand_size); decode->rex.b, decode->operand_size);
} }
static void decode_d9_4(CPUX86State *env, struct x86_decode *decode) static void decode_d9_4(CPUX86State *env, struct x86_decode *decode)
@ -1686,7 +1689,8 @@ calc_addr:
} }
} }
target_ulong get_reg_ref(CPUX86State *env, int reg, int is_extended, int size) target_ulong get_reg_ref(CPUX86State *env, int reg, int rex, int is_extended,
int size)
{ {
target_ulong ptr = 0; target_ulong ptr = 0;
int which = 0; int which = 0;
@ -1698,7 +1702,7 @@ target_ulong get_reg_ref(CPUX86State *env, int reg, int is_extended, int size)
switch (size) { switch (size) {
case 1: case 1:
if (is_extended || reg < 4) { if (is_extended || reg < 4 || rex) {
which = 1; which = 1;
ptr = (target_ulong)&RL(env, reg); ptr = (target_ulong)&RL(env, reg);
} else { } else {
@ -1714,10 +1718,11 @@ target_ulong get_reg_ref(CPUX86State *env, int reg, int is_extended, int size)
return ptr; return ptr;
} }
target_ulong get_reg_val(CPUX86State *env, int reg, int is_extended, int size) target_ulong get_reg_val(CPUX86State *env, int reg, int rex, int is_extended,
int size)
{ {
target_ulong val = 0; target_ulong val = 0;
memcpy(&val, (void *)get_reg_ref(env, reg, is_extended, size), size); memcpy(&val, (void *)get_reg_ref(env, reg, rex, is_extended, size), size);
return val; return val;
} }
@ -1739,7 +1744,8 @@ static target_ulong get_sib_val(CPUX86State *env, struct x86_decode *decode,
if (base_reg == R_ESP || base_reg == R_EBP) { if (base_reg == R_ESP || base_reg == R_EBP) {
*sel = R_SS; *sel = R_SS;
} }
base = get_reg_val(env, decode->sib.base, decode->rex.b, addr_size); base = get_reg_val(env, decode->sib.base, decode->rex.rex,
decode->rex.b, addr_size);
} }
if (decode->rex.x) { if (decode->rex.x) {
@ -1747,7 +1753,8 @@ static target_ulong get_sib_val(CPUX86State *env, struct x86_decode *decode,
} }
if (index_reg != R_ESP) { if (index_reg != R_ESP) {
scaled_index = get_reg_val(env, index_reg, decode->rex.x, addr_size) << scaled_index = get_reg_val(env, index_reg, decode->rex.rex,
decode->rex.x, addr_size) <<
decode->sib.scale; decode->sib.scale;
} }
return base + scaled_index; return base + scaled_index;
@ -1776,7 +1783,8 @@ void calc_modrm_operand32(CPUX86State *env, struct x86_decode *decode,
if (decode->modrm.rm == R_EBP || decode->modrm.rm == R_ESP) { if (decode->modrm.rm == R_EBP || decode->modrm.rm == R_ESP) {
seg = R_SS; seg = R_SS;
} }
ptr += get_reg_val(env, decode->modrm.rm, decode->rex.b, addr_size); ptr += get_reg_val(env, decode->modrm.rm, decode->rex.rex,
decode->rex.b, addr_size);
} }
if (X86_DECODE_CMD_LEA == decode->cmd) { if (X86_DECODE_CMD_LEA == decode->cmd) {
@ -1805,7 +1813,8 @@ void calc_modrm_operand64(CPUX86State *env, struct x86_decode *decode,
} else if (0 == mod && 5 == rm) { } else if (0 == mod && 5 == rm) {
ptr = RIP(env) + decode->len + (int32_t) offset; ptr = RIP(env) + decode->len + (int32_t) offset;
} else { } else {
ptr = get_reg_val(env, src, decode->rex.b, 8) + (int64_t) offset; ptr = get_reg_val(env, src, decode->rex.rex, decode->rex.b, 8) +
(int64_t) offset;
} }
if (X86_DECODE_CMD_LEA == decode->cmd) { if (X86_DECODE_CMD_LEA == decode->cmd) {
@ -1822,8 +1831,8 @@ void calc_modrm_operand(CPUX86State *env, struct x86_decode *decode,
if (3 == decode->modrm.mod) { if (3 == decode->modrm.mod) {
op->reg = decode->modrm.reg; op->reg = decode->modrm.reg;
op->type = X86_VAR_REG; op->type = X86_VAR_REG;
op->ptr = get_reg_ref(env, decode->modrm.rm, decode->rex.b, op->ptr = get_reg_ref(env, decode->modrm.rm, decode->rex.rex,
decode->operand_size); decode->rex.b, decode->operand_size);
return; return;
} }

6
target/i386/hvf/x86_decode.h
View File

@ -303,8 +303,10 @@ uint64_t sign(uint64_t val, int size);
uint32_t decode_instruction(CPUX86State *env, struct x86_decode *decode); uint32_t decode_instruction(CPUX86State *env, struct x86_decode *decode);
target_ulong get_reg_ref(CPUX86State *env, int reg, int is_extended, int size); target_ulong get_reg_ref(CPUX86State *env, int reg, int rex, int is_extended,
target_ulong get_reg_val(CPUX86State *env, int reg, int is_extended, int size); int size);
target_ulong get_reg_val(CPUX86State *env, int reg, int rex, int is_extended,
int size);
void calc_modrm_operand(CPUX86State *env, struct x86_decode *decode, void calc_modrm_operand(CPUX86State *env, struct x86_decode *decode,
struct x86_decode_op *op); struct x86_decode_op *op);
target_ulong decode_linear_addr(CPUX86State *env, struct x86_decode *decode, target_ulong decode_linear_addr(CPUX86State *env, struct x86_decode *decode,