Re: [Qemu-devel] [Bug 1156313] [NEW] X86-64 flags handling broken

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [Bug 1156313] [NEW] X86-64 flags handling broken

From:	Richard Henderson
Subject:	Re: [Qemu-devel] [Bug 1156313] [NEW] X86-64 flags handling broken
Date:	Tue, 19 Mar 2013 11:17:32 -0700
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130219 Thunderbird/17.0.3

On 03/17/2013 12:34 PM, Torbjorn Granlund wrote:
> Public bug reported:
> 
> The current qemu sources cause improper handling of flags on x86-64.
> This bug seems to have shown up a few weeks ago.
> 
> A plain install of Debian GNU/Linux makes user processes catch
> spurious signals.  The kernel seems to run stably, though.
> 
> The ADX feature works very poorly.  It might be related; at least it
> allows for reproducibly provoking invalid behaviour.

Patch at http://patchwork.ozlabs.org/patch/229139/

Knowing what the problem is, I'm able to reliably trigger the problem
with the userland emulator.  It's simply a matter of understanding
how to force the right garbage values into the qemu state.  E.g.

        .globl  adx, main
        .type   adx, @function
        .type   main, @function

adx:    mov     $0xdeadbeef, %eax
        add     $0, %eax
        mov     $0, %eax
        jmp     1f
1:      adox    %rax, %rax
        adcx    %rax, %rax
        ret

main:   call    adx
        lea     string(%rip), %rdi
        mov     %rax, %rsi
        call    printf
        xor     %eax, %eax
        ret

.rodata:
string: .asciz  "result %lx\n"

will always print deadbeef before the fix.  Thus while having a context
switch inside the loop tended to cause unpredictable behaviour, I believe
it to be a red herring.


r~

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [RFC 00/12] target-i386: CPU hot-add with cpu_set QMP command, Igor Mammedov, 2013/03/21
- [Qemu-devel] [PATCH 01/12] target-i386: consolidate error propagation in x86_cpu_realizefn(), Igor Mammedov, 2013/03/21
- [Qemu-devel] [PATCH 03/12] target-i386: split out CPU creation and features parsing into cpu_x86_create(), Igor Mammedov, 2013/03/21
- [Qemu-devel] [PATCH 02/12] target-i386: split APIC creation from initialization in x86_cpu_realizefn(), Igor Mammedov, 2013/03/21
- [Qemu-devel] [PATCH 04/12] target-i386: introduce apic-id property, Igor Mammedov, 2013/03/21
- [Qemu-devel] [PATCH 05/12] target-i386: push hot-plugged VCPU state to KVM and unstop it, Igor Mammedov, 2013/03/21
- [Qemu-devel] [PATCH 07/12] target-i386: Add ICC_BUS and attach apic, kvmvapic and cpu to it, Igor Mammedov, 2013/03/21
- [Qemu-devel] [PATCH 09/12] rtc: update rtc_cmos on CPU hot-plug, Igor Mammedov, 2013/03/21
- [Qemu-devel] [PATCH 06/12] target-i386: replace FROM_SYSBUS() with QOM type cast, Igor Mammedov, 2013/03/21
- [Qemu-devel] [PATCH 08/12] introduce CPU hot-plug notifier, Igor Mammedov, 2013/03/21
- [Qemu-devel] [PATCH 10/12] acpi_piix4: add infrastructure to send CPU hot-plug GPE to guest, Igor Mammedov, 2013/03/21

Prev by Date: Re: [Qemu-devel] [PATCH 02/11] block: Pass bdrv_file_open() options to block drivers
Next by Date: [Qemu-devel] [PATCH 2/2] pflash_cfi01: Implement migration support
Previous by thread: [Qemu-devel] [PATCH v5 00/10] virtio-scsi refactoring.
Next by thread: [Qemu-devel] [PATCH 01/12] target-i386: consolidate error propagation in x86_cpu_realizefn()
Index(es):
- Date
- Thread