From patchwork Tue Nov 27 14:36:32 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 152131 Delivered-To: patch@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp1365146ljp; Tue, 27 Nov 2018 06:50:23 -0800 (PST) X-Google-Smtp-Source: AFSGD/XVvno+i4D2ddB4nhKizJGTId8RcQWjgpliqTLMomhelrohHPDIAtNNs69C6WV9CRKhMMFa X-Received: by 2002:a81:e408:: with SMTP id r8mr33051202ywl.367.1543330223562; Tue, 27 Nov 2018 06:50:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543330223; cv=none; d=google.com; s=arc-20160816; b=T4yv2yAP8L7I4vVuhIIWeSjF5aF836aKkIV7hi5uAjW61375JqlqBRYK511ZUOueTK vB5KBXkJ3zbW2Bo7LvZunNEmtdoBCUPPBR0mn8JuOv+avQnsFuNfQZ4NB3do9cwJ35np M5kzA/ipBUUP140Hf5AshmUx/yjBlVS+xJ5cV/dgZSmgP0FsuJ0M23Y1Eb4dXo/blLSu 4ivUscNkdfD7VMhBTdMSCBQ4IEfwRvsAqE4/eaxiTAFJX+V6fGqJctAJuAqqj2veQej1 HoVUpa5uaRFoJ1zVlr5m8sEQxCX9jIP2xZJNqRJAVx7GzU3Pdq+SPLCVqrIJd41obUt8 cr2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject :content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:to:from:dkim-signature; bh=Mzn9bY26ZXE0C1YVCtJvz1TKI7UF/fDUFMH1qGsgdc0=; b=UV5DkBGiwuITnBvG3zzdRirR7OrHZH1O2ezNQPdg+JhRyvnL2Xjoq0giLHli7Mr0m2 FhDToCQGziIkgM93EC0DKW+Qqe/oKeihFCJzVv7Izodll1WEZLN+7UjssmCjJwQDGFxH CSsKJ3el84TITMbZsmdht6U0QGoF0eUTzyQMqyt80ZUfS6zQ67kRD7fBv48KtE2Nzo1p 117/hH247NCzhkFJDHouDuZ5WnOdRSvzxvNyvhrTZT9aW4dc4eM49phPNrkQlG2tL999 voV0E3IuvP1r3T/3ZTkmL5nvQPFnhCf6V6CrSpsQtS0tHfXGqQq1SBbpwZeqUMw3BoYq Ruyg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=ppLMKFRs; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id w2si2847439ywc.52.2018.11.27.06.50.23 for (version=TLS1 cipher=AES128-SHA bits=128/128); Tue, 27 Nov 2018 06:50:23 -0800 (PST) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=ppLMKFRs; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from localhost ([::1]:42837 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gRegw-0008P9-Mv for patch@linaro.org; Tue, 27 Nov 2018 09:50:22 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:35291) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gReU1-0003s9-NZ for qemu-devel@nongnu.org; Tue, 27 Nov 2018 09:37:02 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gReU0-0001ku-In for qemu-devel@nongnu.org; Tue, 27 Nov 2018 09:37:01 -0500 Received: from mail-wr1-x443.google.com ([2a00:1450:4864:20::443]:44191) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1gReU0-0001iI-BL for qemu-devel@nongnu.org; Tue, 27 Nov 2018 09:37:00 -0500 Received: by mail-wr1-x443.google.com with SMTP id z5so18625415wrt.11 for ; Tue, 27 Nov 2018 06:37:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Mzn9bY26ZXE0C1YVCtJvz1TKI7UF/fDUFMH1qGsgdc0=; b=ppLMKFRseqncX+OnBovyz+5tiM2GNcKlHLoN+rrovMZowivN/ceuhE3EQdyn47OoL2 vys6rW7Vl+4zbpbrH8g7+fDVX8FoiawTWQnQ+22EqmcolxRqs8X/afEqd1MqLhMnJ2oc iY++Ltj4bX7iuxVdaO6Ui5TjJEhOb/mLIiyLbEvP8yVDVywQATeRAzQs1djts6s/QvYV 4bbWcsbIVOgUOBm3nfD+0YlsKkeSoHOfEAQMyp4Mnw3K7pVMuSwi5nGxljQpcbnOLSQ1 Mo1EJFrlOCBn3Cvs/h2nS706KdShJhTx9sf9QQN6KYz9QyPu/CUC7w/Eds/GuGCFAUd9 5i1Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=Mzn9bY26ZXE0C1YVCtJvz1TKI7UF/fDUFMH1qGsgdc0=; b=jgL0vTliwDUNh0HvHcutAppIKq8WUXtK1w7ACek7qQSmix2+AfY0xobgXlOWbUky5b cn6vFIJi73WkDS9MGylTJx09d8coMxhI1/o1da0DcZEPbn32Z167tdrO9AZSqxTg3Gfw yk/qJhjZu3xRqg4cBmZv4D6JN7HG65qJrxdcilifiOz9dHqClVxCFa7pEs//C6oDWubj wGR7wfd4A4re+gSjuDj0OIy5bzrT+MM2K7ZGAe4R36cu7lzgQyAHL1JIDH1iwVs+IO49 r/loTDTsJ6f75pY6tIQz0UmHWrYuK9s3hNXGHMXtR8oJNrxuVAa7W8ieggZBdK7PD7m/ ICIA== X-Gm-Message-State: AA+aEWaFatHUKPhOUPPemrqFZ6br4NG7C3qOGrXH6N/hYtrt3QaTK3cL 6jyhNPSLnO7nCywOTcUmJIE29A01 X-Received: by 2002:adf:8b83:: with SMTP id o3mr15700002wra.81.1543329418680; Tue, 27 Nov 2018 06:36:58 -0800 (PST) Received: from 640k.localdomain ([93.56.166.5]) by smtp.gmail.com with ESMTPSA id n62sm2821869wmd.25.2018.11.27.06.36.56 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 27 Nov 2018 06:36:57 -0800 (PST) From: Paolo Bonzini To: qemu-devel@nongnu.org Date: Tue, 27 Nov 2018 15:36:32 +0100 Message-Id: <1543329397-48407-11-git-send-email-pbonzini@redhat.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1543329397-48407-1-git-send-email-pbonzini@redhat.com> References: <1543329397-48407-1-git-send-email-pbonzini@redhat.com> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::443 Subject: [Qemu-devel] [PULL 10/15] target/i386: Generate #UD when applying LOCK to a register destination X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Henderson Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: Richard Henderson Fixes a TCG crash due to attempting the atomic operation without having set up the address first. This does not attempt to fix all of the other missing checks for LOCK. Fixes: a7cee522f35 Fixes: https://bugs.launchpad.net/qemu/+bug/1803160 Signed-off-by: Richard Henderson Message-Id: <20181113193510.24862-1-richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Paolo Bonzini --- target/i386/translate.c | 35 ++++++++++++++++++++--------------- 1 file changed, 20 insertions(+), 15 deletions(-) -- 1.8.3.1 diff --git a/target/i386/translate.c b/target/i386/translate.c index f8bc768..0dd5fbe 100644 --- a/target/i386/translate.c +++ b/target/i386/translate.c @@ -1268,10 +1268,30 @@ static void gen_helper_fp_arith_STN_ST0(int op, int opreg) } } +static void gen_exception(DisasContext *s, int trapno, target_ulong cur_eip) +{ + gen_update_cc_op(s); + gen_jmp_im(s, cur_eip); + gen_helper_raise_exception(cpu_env, tcg_const_i32(trapno)); + s->base.is_jmp = DISAS_NORETURN; +} + +/* Generate #UD for the current instruction. The assumption here is that + the instruction is known, but it isn't allowed in the current cpu mode. */ +static void gen_illegal_opcode(DisasContext *s) +{ + gen_exception(s, EXCP06_ILLOP, s->pc_start - s->cs_base); +} + /* if d == OR_TMP0, it means memory operand (address in A0) */ static void gen_op(DisasContext *s1, int op, TCGMemOp ot, int d) { if (d != OR_TMP0) { + if (s1->prefix & PREFIX_LOCK) { + /* Lock prefix when destination is not memory. */ + gen_illegal_opcode(s1); + return; + } gen_op_mov_v_reg(s1, ot, s1->T0, d); } else if (!(s1->prefix & PREFIX_LOCK)) { gen_op_ld_v(s1, ot, s1->T0, s1->A0); @@ -2469,21 +2489,6 @@ static void gen_leave(DisasContext *s) gen_op_mov_reg_v(s, a_ot, R_ESP, s->T1); } -static void gen_exception(DisasContext *s, int trapno, target_ulong cur_eip) -{ - gen_update_cc_op(s); - gen_jmp_im(s, cur_eip); - gen_helper_raise_exception(cpu_env, tcg_const_i32(trapno)); - s->base.is_jmp = DISAS_NORETURN; -} - -/* Generate #UD for the current instruction. The assumption here is that - the instruction is known, but it isn't allowed in the current cpu mode. */ -static void gen_illegal_opcode(DisasContext *s) -{ - gen_exception(s, EXCP06_ILLOP, s->pc_start - s->cs_base); -} - /* Similarly, except that the assumption here is that we don't decode the instruction at all -- either a missing opcode, an unimplemented feature, or just a bogus instruction stream. */