From patchwork Mon Nov 26 19:40:30 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 152064 Delivered-To: patch@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp291705ljp; Mon, 26 Nov 2018 11:53:25 -0800 (PST) X-Google-Smtp-Source: AJdET5dwnW85oq9RlHB617v3sjbrulWWWFtS/hUj99qsfr3fJhvi08s/0xcCw6bJcPdikkFKplgo X-Received: by 2002:a25:d1c9:: with SMTP id i192-v6mr30265754ybg.49.1543262005360; Mon, 26 Nov 2018 11:53:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543262005; cv=none; d=google.com; s=arc-20160816; b=R3Q87jxTJ2VjTk2+HMYjpUxIHZr/oxdMhynilQprXlNq/PTof+WOAX0TL0Nb3tvqy0 6EPuc3StDf7/z2LszH90ACUwKyNgtiqpZNw7BXsAKL73e7QB8XvR1gsp6T6C13rnuW3T sxPiHi6qBk0xyoqUTx+h4oM3v2mTfBEap2QLbGCOT7rqNayI1ImH93it/J7rGPlsYVax CgqjdKEkKDS9AO5NYxFIIMGUiwGBCpsNMpa/vVs5uD5P02+6BE+houW19QlVP5nFulG6 puckQwolPn1Jn/vIrpjHGykzDzXIg4ChUdi/w3ILI9ibX1PYQtAiTy97cE4HfT7+BWnX 9imw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject :content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:to:from:dkim-signature; bh=Mzn9bY26ZXE0C1YVCtJvz1TKI7UF/fDUFMH1qGsgdc0=; b=xBCGPq90Y2eAt2bgsuH+czu594X2J6ngFXZrIvNxDHFkJbDLjAtFyB+yYJsKkfmzGg xA4DOCKnVoZ9yhpZ1lWQ1IHQfVURp3a4jCl8JbeDEJbrVUy9fvgcQ6Un5PeXypWL8vKy 33g8glN3VsBzL0rZ6dqsD+O8MeOFX/39FtI8APs4SsugOi9voqxiMCAQW5DGKreChzzo YsXakPVJZwMvgBMvVn4IivNXiWgIat/Tj2cx1970y6nS0u+R0iTh22ruMn2SgUQxLIK/ MYt6J1edIxZ+OMfr5prqd8vQEy0tZbsJpjPN9vwIZQLGaF/96RgQtRU2+KGEfRCBfG3R iYGg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=tLbcFJtn; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id q184-v6si1015233ybc.19.2018.11.26.11.53.25 for (version=TLS1 cipher=AES128-SHA bits=128/128); Mon, 26 Nov 2018 11:53:25 -0800 (PST) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=tLbcFJtn; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from localhost ([::1]:38495 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gRMwe-0003QV-NL for patch@linaro.org; Mon, 26 Nov 2018 14:53:24 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:45457) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gRMkX-00088N-Mb for qemu-devel@nongnu.org; Mon, 26 Nov 2018 14:40:54 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gRMkW-0004nH-KM for qemu-devel@nongnu.org; Mon, 26 Nov 2018 14:40:53 -0500 Received: from mail-wr1-x442.google.com ([2a00:1450:4864:20::442]:42859) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1gRMkW-0004mK-Cg for qemu-devel@nongnu.org; Mon, 26 Nov 2018 14:40:52 -0500 Received: by mail-wr1-x442.google.com with SMTP id q18so20216916wrx.9 for ; Mon, 26 Nov 2018 11:40:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Mzn9bY26ZXE0C1YVCtJvz1TKI7UF/fDUFMH1qGsgdc0=; b=tLbcFJtne86PxU4DmiEj8qqj9TUShyznHOeOrRSWsviUehPUtISCcLBwrnd9n0Ltb7 nVXcUWJAOxdkpCftBFgzH7R9F1V/wjcJw0wdempHvRE6bqHpPmwPIKY3LxPIO/Gnl9nA V+/d6KTt7d1yHIKlwLSMRcv+CmoFMjhqVyVSBFwDTPgcZvxIoz4QLSqkc1jmxf9TdVuF BP/rFQogYN0mOYow4v+ZGO3Y+uTOYCeHhI7TYWFMzt2rWLebdQnR+ISKdCeZG+orQbjv JucBlL8C7kEsYwZRslLVi87Sc+9AMQnbetujRhUaveCDwUhfildihEsMT90+EqsQTTfK xBWg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=Mzn9bY26ZXE0C1YVCtJvz1TKI7UF/fDUFMH1qGsgdc0=; b=UmDlwPTPUPRx1pwDNSSF3pxW3Piwxl/YAkv2cyC2jPQIJp4WqK0MtHOk6d07nGKrsY 9ANXiZ4VpTNbtfxAWk9xnFHkHZkpThcGFd+lutmQb6qkgAcry023Wj6Mjd5mOql+1Qob Ik3PYp7WfYN/hV1r7wh05jwKDG5dGvNxj5BXwTFImgFhjO/nX2CQpdrlmkp1QNfxQIOF yP0NbmUALpjj9ldmwvYDxhLmcDqWtk1Y23Zou3uiF7V3880oSLxqVv/pQGz5K+tAt3NU aRXKMjb3KumOIGIGbJtZa6FTPhX7oTdhUPz/F8ObfpJbJi9AuWitzI9cecvDrN7Y6CkR 8KMQ== X-Gm-Message-State: AA+aEWZCQH1zd0eAfsZrS2PCQaJvNZFkFGRXJ9I2UjPhhFQI2Zxi7vl6 7oGb2Defo0Lycm/A3CmPnFLDPwkK X-Received: by 2002:adf:9591:: with SMTP id p17mr4320909wrp.224.1543261250511; Mon, 26 Nov 2018 11:40:50 -0800 (PST) Received: from 640k.lan ([93.56.166.5]) by smtp.gmail.com with ESMTPSA id s139sm2412468wmd.3.2018.11.26.11.40.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 26 Nov 2018 11:40:49 -0800 (PST) From: Paolo Bonzini To: qemu-devel@nongnu.org Date: Mon, 26 Nov 2018 20:40:30 +0100 Message-Id: <1543261235-2834-11-git-send-email-pbonzini@redhat.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1543261235-2834-1-git-send-email-pbonzini@redhat.com> References: <1543261235-2834-1-git-send-email-pbonzini@redhat.com> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::442 Subject: [Qemu-devel] [PULL 10/15] target/i386: Generate #UD when applying LOCK to a register destination X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Henderson Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: Richard Henderson Fixes a TCG crash due to attempting the atomic operation without having set up the address first. This does not attempt to fix all of the other missing checks for LOCK. Fixes: a7cee522f35 Fixes: https://bugs.launchpad.net/qemu/+bug/1803160 Signed-off-by: Richard Henderson Message-Id: <20181113193510.24862-1-richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Paolo Bonzini --- target/i386/translate.c | 35 ++++++++++++++++++++--------------- 1 file changed, 20 insertions(+), 15 deletions(-) -- 1.8.3.1 diff --git a/target/i386/translate.c b/target/i386/translate.c index f8bc768..0dd5fbe 100644 --- a/target/i386/translate.c +++ b/target/i386/translate.c @@ -1268,10 +1268,30 @@ static void gen_helper_fp_arith_STN_ST0(int op, int opreg) } } +static void gen_exception(DisasContext *s, int trapno, target_ulong cur_eip) +{ + gen_update_cc_op(s); + gen_jmp_im(s, cur_eip); + gen_helper_raise_exception(cpu_env, tcg_const_i32(trapno)); + s->base.is_jmp = DISAS_NORETURN; +} + +/* Generate #UD for the current instruction. The assumption here is that + the instruction is known, but it isn't allowed in the current cpu mode. */ +static void gen_illegal_opcode(DisasContext *s) +{ + gen_exception(s, EXCP06_ILLOP, s->pc_start - s->cs_base); +} + /* if d == OR_TMP0, it means memory operand (address in A0) */ static void gen_op(DisasContext *s1, int op, TCGMemOp ot, int d) { if (d != OR_TMP0) { + if (s1->prefix & PREFIX_LOCK) { + /* Lock prefix when destination is not memory. */ + gen_illegal_opcode(s1); + return; + } gen_op_mov_v_reg(s1, ot, s1->T0, d); } else if (!(s1->prefix & PREFIX_LOCK)) { gen_op_ld_v(s1, ot, s1->T0, s1->A0); @@ -2469,21 +2489,6 @@ static void gen_leave(DisasContext *s) gen_op_mov_reg_v(s, a_ot, R_ESP, s->T1); } -static void gen_exception(DisasContext *s, int trapno, target_ulong cur_eip) -{ - gen_update_cc_op(s); - gen_jmp_im(s, cur_eip); - gen_helper_raise_exception(cpu_env, tcg_const_i32(trapno)); - s->base.is_jmp = DISAS_NORETURN; -} - -/* Generate #UD for the current instruction. The assumption here is that - the instruction is known, but it isn't allowed in the current cpu mode. */ -static void gen_illegal_opcode(DisasContext *s) -{ - gen_exception(s, EXCP06_ILLOP, s->pc_start - s->cs_base); -} - /* Similarly, except that the assumption here is that we don't decode the instruction at all -- either a missing opcode, an unimplemented feature, or just a bogus instruction stream. */