[Qemu-devel] [PATCH 2/2] target/i386/monitor.c: check return value of mon_get_cpu before using it
From: Ziyue Yang
This patch eliminates the segfault caused by accessing CPU that doesn't
exist in hmp command "info lapic", which can be reproduced by
$ qemu-system-x86_64 -nographic -M none -serial none -monitor stdio
and then type "info lapic" into qemu monitor.
Signed-off-by: Ziyue Yang
---
target/i386/monitor.c | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/target/i386/monitor.c b/target/i386/monitor.c
index 468aa073bc..7b96c74a24 100644
--- a/target/i386/monitor.c
+++ b/target/i386/monitor.c
@@ -624,8 +624,11 @@ const MonitorDef *target_monitor_defs(void)
void hmp_info_local_apic(Monitor *mon, const QDict *qdict)
{
-x86_cpu_dump_local_apic_state(mon_get_cpu(), (FILE *)mon, monitor_fprintf,
- CPU_DUMP_FPU);
+CPUState *cs = mon_get_cpu();
+if (cs) {
+x86_cpu_dump_local_apic_state(cs, (FILE *)mon, monitor_fprintf,
+ CPU_DUMP_FPU);
+}
}
void hmp_info_io_apic(Monitor *mon, const QDict *qdict)
--
2.11.0
[Qemu-devel] [PATCH 1/2] monitor.c: make mon_get_cpu return NULL when there is no CPU
From: Ziyue Yang
Currently mon_get_cpu always dereferences first_cpu without checking
whether it's a valid pointer. This commit adds check before dereferencing,
and reports "No CPU" info if there isn't any CPU then returns NULL.
Signed-off-by: Ziyue Yang
---
monitor.c | 10 +++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/monitor.c b/monitor.c
index 3cd72a9bab..6b25cf7a2b 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1026,6 +1026,10 @@ int monitor_set_cpu(int cpu_index)
CPUState *mon_get_cpu(void)
{
if (!cur_mon->mon_cpu) {
+if (!first_cpu) {
+monitor_printf(cur_mon, "No CPU available on this machine\n");
+return NULL;
+}
monitor_set_cpu(first_cpu->cpu_index);
}
cpu_synchronize_state(cur_mon->mon_cpu);
@@ -2495,11 +2499,11 @@ static int default_fmt_size = 4;
static int is_valid_option(const char *c, const char *typestr)
{
char option[3];
-
+
option[0] = '-';
option[1] = *c;
option[2] = '\0';
-
+
typestr = strstr(typestr, option);
return (typestr != NULL);
}
@@ -2864,7 +2868,7 @@ static QDict *monitor_parse_arguments(Monitor *mon,
p++;
if(c != *p) {
if(!is_valid_option(p, typestr)) {
-
+
monitor_printf(mon, "%s: unsupported option -%c\n",
cmd->name, *p);
goto fail;
--
2.11.0
[Qemu-devel] [PATCH 0/2] fix segfaults caused by accessing CPU in empty machine
From: Ziyue Yang Many QEMU monitor commands, like "info lapic", "info tlb" and so on use mon_get_cpu or related wrappers to access CPU info without checking whether the CPU exists. This patch series fix the "info lapic" case, and is the base of the incoming patch series aiming to eliminate segfaults caused by other QEMU commands trying to access CPU that doesn't exist. Ziyue Yang (2): monitor.c: make mon_get_cpu return NULL when there is no CPU target/i386/monitor.c: check return value of mon_get_cpu before using it monitor.c | 10 +++--- target/i386/monitor.c | 7 +-- 2 files changed, 12 insertions(+), 5 deletions(-) -- 2.11.0
[Qemu-devel] [Bug 1656710] Re: Please support Ctrl-Alt-= to zoom in
** Changed in: qemu Status: New => In Progress -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1656710 Title: Please support Ctrl-Alt-= to zoom in Status in QEMU: In Progress Bug description: With the GTK3 interface, qemu-system supports pressing Ctrl-Alt-plus to zoom in and Ctrl-Alt-minus to zoom out. However, unlike many programs that support similar zoom hotkeys, qemu-system actually requires using '+', making the hotkey Ctrl-Alt-Shift-= . Most programs with similar zoom hotkeys allow Ctrl-Alt-= as a synonym. Please consider accepting Ctrl-Alt-= as an additional zoom-in hotkey. (Observed in QEMU 2.8) To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1656710/+subscriptions
[Qemu-devel] [PATCH] ui/gtk.c: add ctrl-alt-= support for zoom in acceleration
From: Ziyue Yang
Solving wishlist item at
https://bugs.launchpad.net/qemu/+bug/1656710
by accepting Ctrl-Alt-= as an additional zoom-in acceleration.
Using gtk_accel_group_connect to support multiple accelerations
triggering a single menu item since that gtk_accel_map_add_entry
seems to support only one acceleration. A wrapper function
gd_accel_zoom_in is added to support gtk_accel_group_connect's
callback activities.
Signed-off-by: Ziyue Yang
---
ui/gtk.c | 9 +
1 file changed, 9 insertions(+)
diff --git a/ui/gtk.c b/ui/gtk.c
index bdd831c..3be9f33 100644
--- a/ui/gtk.c
+++ b/ui/gtk.c
@@ -105,6 +105,7 @@
#define GDK_KEY_g GDK_g
#define GDK_KEY_q GDK_q
#define GDK_KEY_plus GDK_plus
+#define GDK_KEY_equal GDK_equal
#define GDK_KEY_minus GDK_minus
#define GDK_KEY_Pause GDK_Pause
#define GDK_KEY_Delete GDK_Delete
@@ -1325,6 +1326,12 @@ static void gd_menu_zoom_in(GtkMenuItem *item, void
*opaque)
gd_update_windowsize(vc);
}
+static void gd_accel_zoom_in(void *opaque)
+{
+GtkDisplayState *s = opaque;
+gtk_menu_item_activate(GTK_MENU_ITEM(s->zoom_in_item));
+}
+
static void gd_menu_zoom_out(GtkMenuItem *item, void *opaque)
{
GtkDisplayState *s = opaque;
@@ -2092,6 +2099,8 @@ static GtkWidget *gd_create_menu_view(GtkDisplayState *s)
"/View/Zoom In");
gtk_accel_map_add_entry("/View/Zoom In", GDK_KEY_plus,
HOTKEY_MODIFIERS);
+gtk_accel_group_connect(s->accel_group, GDK_KEY_equal, HOTKEY_MODIFIERS, 0,
+g_cclosure_new_swap(G_CALLBACK(gd_accel_zoom_in), s, NULL));
gtk_menu_shell_append(GTK_MENU_SHELL(view_menu), s->zoom_in_item);
s->zoom_out_item = gtk_menu_item_new_with_mnemonic(_("Zoom _Out"));
--
2.7.4
[Qemu-devel] [Bug 1656710] Re: Please support Ctrl-Alt-= to zoom in
** Changed in: qemu Assignee: (unassigned) => Ziyue Yang (yzyubuntuzh) -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1656710 Title: Please support Ctrl-Alt-= to zoom in Status in QEMU: New Bug description: With the GTK3 interface, qemu-system supports pressing Ctrl-Alt-plus to zoom in and Ctrl-Alt-minus to zoom out. However, unlike many programs that support similar zoom hotkeys, qemu-system actually requires using '+', making the hotkey Ctrl-Alt-Shift-= . Most programs with similar zoom hotkeys allow Ctrl-Alt-= as a synonym. Please consider accepting Ctrl-Alt-= as an additional zoom-in hotkey. (Observed in QEMU 2.8) To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1656710/+subscriptions
[Qemu-devel] [PATCH v5 2/2] gdbstub.c: update old error report statements
From: Ziyue Yang
Some updates from fprintf(stderr, ...) to error_report.
Signed-off-by: Ziyue Yang
---
gdbstub.c | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/gdbstub.c b/gdbstub.c
index 426d55e..959f6dc 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -637,8 +637,8 @@ void gdb_register_coprocessor(CPUState *cpu,
*p = s;
if (g_pos) {
if (g_pos != s->base_reg) {
-fprintf(stderr, "Error: Bad gdb register numbering for '%s'\n"
-"Expected %d got %d\n", xml, g_pos, s->base_reg);
+error_report("Error: Bad gdb register numbering for '%s', "
+ "expected %d got %d", xml, g_pos, s->base_reg);
} else {
cpu->gdb_num_g_regs = cpu->gdb_num_regs;
}
@@ -890,7 +890,7 @@ static int gdb_handle_packet(GDBState *s, const char
*line_buf)
}
case 'k':
/* Kill the target */
-fprintf(stderr, "\nQEMU: Terminated via GDBstub\n");
+error_report("QEMU: Terminated via GDBstub");
exit(0);
case 'D':
/* Detach packet */
@@ -1358,8 +1358,8 @@ void gdb_do_syscallv(gdb_syscall_complete_cb cb, const
char *fmt, va_list va)
break;
default:
bad_format:
-fprintf(stderr, "gdbstub: Bad syscall format string '%s'\n",
-fmt - 1);
+error_report("gdbstub: Bad syscall format string '%s'",
+ fmt - 1);
break;
}
} else {
--
2.7.4
[Qemu-devel] [PATCH v5 1/2] gdbstub.c: fix GDB connection segfault caused by empty machines
From: Ziyue Yang
This patch is to fix the segmentation fault caused by attaching
GDB to a QEMU instance initialized with "-M none" option.
The bug can be reproduced by
> ./qemu-system-x86_64 -M none -nographic -S -s
and attach a GDB to it by
> gdb -ex 'target remote :1234
The segmentation fault was originally caused by trying to read
the information about CPU when communicating with GDB. However,
it's impossible for any control flow to exist on an empty machine,
nor can CPU's be hot plugged to an empty machine later by QOM
commands. So I think simply disabling GDB connections on empty
machines makes sense.
Signed-off-by: Ziyue Yang
---
gdbstub.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/gdbstub.c b/gdbstub.c
index de62d26..426d55e 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -18,6 +18,7 @@
*/
#include "qemu/osdep.h"
#include "qapi/error.h"
+#include "qemu/error-report.h"
#include "qemu/cutils.h"
#include "cpu.h"
#ifdef CONFIG_USER_ONLY
@@ -1731,6 +1732,12 @@ int gdbserver_start(const char *device)
CharDriverState *mon_chr;
ChardevCommon common = { 0 };
+if (!first_cpu) {
+error_report("gdbstub: meaningless to attach gdb to a "
+ "machine without any CPU.");
+return -1;
+}
+
if (!device)
return -1;
if (strcmp(device, "none") != 0) {
--
2.7.4
[Qemu-devel] [PATCH v4 2/2] gdbstub.c: update old error report statements
From: Ziyue Yang
Some updates from fprintf(stderr, ...) to error_report.
Signed-off-by: Ziyue Yang
---
gdbstub.c | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/gdbstub.c b/gdbstub.c
index 426d55e..fe1d0f8 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -637,8 +637,8 @@ void gdb_register_coprocessor(CPUState *cpu,
*p = s;
if (g_pos) {
if (g_pos != s->base_reg) {
-fprintf(stderr, "Error: Bad gdb register numbering for '%s'\n"
-"Expected %d got %d\n", xml, g_pos, s->base_reg);
+error_report("Error: Bad gdb register numbering for '%s', "
+ "Expected %d got %d", xml, g_pos, s->base_reg);
} else {
cpu->gdb_num_g_regs = cpu->gdb_num_regs;
}
@@ -890,7 +890,7 @@ static int gdb_handle_packet(GDBState *s, const char
*line_buf)
}
case 'k':
/* Kill the target */
-fprintf(stderr, "\nQEMU: Terminated via GDBstub\n");
+error_report("QEMU: Terminated via GDBstub");
exit(0);
case 'D':
/* Detach packet */
@@ -1358,8 +1358,8 @@ void gdb_do_syscallv(gdb_syscall_complete_cb cb, const
char *fmt, va_list va)
break;
default:
bad_format:
-fprintf(stderr, "gdbstub: Bad syscall format string '%s'\n",
-fmt - 1);
+error_report("gdbstub: Bad syscall format string '%s'",
+ fmt - 1);
break;
}
} else {
--
2.7.4
[Qemu-devel] [PATCH v4 1/2] gdbstub.c: fix GDB connection segfault caused by empty machines
From: Ziyue Yang
This patch is to fix the segmentation fault caused by attaching
GDB to a QEMU instance initialized with "-M none" option.
The bug can be reproduced by
> ./qemu-system-x86_64 -M none -nographic -S -s
and attach a GDB to it by
> gdb -ex 'target remote :1234
The segmentation fault was originally caused by trying to read
the information about CPU when communicating with GDB. However,
it's impossible for any control flow to exist on an empty machine,
nor can CPU's be hot plugged to an empty machine later by QOM
commands. So I think simply disabling GDB connections on empty
machines makes sense.
Also some updates from fprintf(stderr, ...) to error_report.
Signed-off-by: Ziyue Yang
---
gdbstub.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/gdbstub.c b/gdbstub.c
index de62d26..426d55e 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -18,6 +18,7 @@
*/
#include "qemu/osdep.h"
#include "qapi/error.h"
+#include "qemu/error-report.h"
#include "qemu/cutils.h"
#include "cpu.h"
#ifdef CONFIG_USER_ONLY
@@ -1731,6 +1732,12 @@ int gdbserver_start(const char *device)
CharDriverState *mon_chr;
ChardevCommon common = { 0 };
+if (!first_cpu) {
+error_report("gdbstub: meaningless to attach gdb to a "
+ "machine without any CPU.");
+return -1;
+}
+
if (!device)
return -1;
if (strcmp(device, "none") != 0) {
--
2.7.4
[Qemu-devel] [PATCH v3] gdbstub.c: fix GDB connection segfault caused by empty machines
From: Ziyue Yang
This patch is to fix the segmentation fault caused by attaching
GDB to a QEMU instance initialized with "-M none" option.
The bug can be reproduced by
> ./qemu-system-x86_64 -M none -nographic -S -s
and attach a GDB to it by
> gdb -ex 'target remote :1234
The segmentation fault was originally caused by trying to read
the information about CPU when communicating with GDB. However,
it's impossible for any control flow to exist on an empty machine,
nor can CPU's be hot plugged to an empty machine later by QOM
commands. So I think simply disabling GDB connections on empty
machines makes sense.
Also some updates from fprintf(stderr, ...) to error_report.
Signed-off-by: Ziyue Yang
---
gdbstub.c | 17 -
1 file changed, 12 insertions(+), 5 deletions(-)
diff --git a/gdbstub.c b/gdbstub.c
index de62d26..fe1d0f8 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -18,6 +18,7 @@
*/
#include "qemu/osdep.h"
#include "qapi/error.h"
+#include "qemu/error-report.h"
#include "qemu/cutils.h"
#include "cpu.h"
#ifdef CONFIG_USER_ONLY
@@ -636,8 +637,8 @@ void gdb_register_coprocessor(CPUState *cpu,
*p = s;
if (g_pos) {
if (g_pos != s->base_reg) {
-fprintf(stderr, "Error: Bad gdb register numbering for '%s'\n"
-"Expected %d got %d\n", xml, g_pos, s->base_reg);
+error_report("Error: Bad gdb register numbering for '%s', "
+ "Expected %d got %d", xml, g_pos, s->base_reg);
} else {
cpu->gdb_num_g_regs = cpu->gdb_num_regs;
}
@@ -889,7 +890,7 @@ static int gdb_handle_packet(GDBState *s, const char
*line_buf)
}
case 'k':
/* Kill the target */
-fprintf(stderr, "\nQEMU: Terminated via GDBstub\n");
+error_report("QEMU: Terminated via GDBstub");
exit(0);
case 'D':
/* Detach packet */
@@ -1357,8 +1358,8 @@ void gdb_do_syscallv(gdb_syscall_complete_cb cb, const
char *fmt, va_list va)
break;
default:
bad_format:
-fprintf(stderr, "gdbstub: Bad syscall format string '%s'\n",
-fmt - 1);
+error_report("gdbstub: Bad syscall format string '%s'",
+ fmt - 1);
break;
}
} else {
@@ -1731,6 +1732,12 @@ int gdbserver_start(const char *device)
CharDriverState *mon_chr;
ChardevCommon common = { 0 };
+if (!first_cpu) {
+error_report("gdbstub: meaningless to attach gdb to a "
+ "machine without any CPU.");
+return -1;
+}
+
if (!device)
return -1;
if (strcmp(device, "none") != 0) {
--
2.7.4
[Qemu-devel] [PATCH v2] gdbstub.c: fix GDB connection segfault caused by empty machines
From: Ziyue Yang
This patch is to fix the segmentation fault caused by attaching
GDB to a QEMU instance initialized with "-M none" option.
The bug can be reproduced by
> ./qemu-system-x86_64 -M none -nographic -S -s
and attach a GDB to it by
> gdb -ex 'target remote :1234
The segmentation fault was originally caused by trying to read
the information about CPU when communicating with GDB. However,
it's impossible for any control flow to exist on an empty machine,
nor can CPU's be hot plugged to an empty machine later by QOM
commands. So I think simply disabling GDB connections on empty
machines makes sense.
Also some updates from fprintf(stderr, ...) to error_report.
Signed-off-by: Ziyue Yang
---
gdbstub.c | 17 -
1 file changed, 12 insertions(+), 5 deletions(-)
diff --git a/gdbstub.c b/gdbstub.c
index de62d26..3a22ce3 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -18,6 +18,7 @@
*/
#include "qemu/osdep.h"
#include "qapi/error.h"
+#include "qemu/error-report.h"
#include "qemu/cutils.h"
#include "cpu.h"
#ifdef CONFIG_USER_ONLY
@@ -636,8 +637,8 @@ void gdb_register_coprocessor(CPUState *cpu,
*p = s;
if (g_pos) {
if (g_pos != s->base_reg) {
-fprintf(stderr, "Error: Bad gdb register numbering for '%s'\n"
-"Expected %d got %d\n", xml, g_pos, s->base_reg);
+error_report("Error: Bad gdb register numbering for '%s'\n"
+ "Expected %d got %d\n", xml, g_pos, s->base_reg);
} else {
cpu->gdb_num_g_regs = cpu->gdb_num_regs;
}
@@ -889,7 +890,7 @@ static int gdb_handle_packet(GDBState *s, const char
*line_buf)
}
case 'k':
/* Kill the target */
-fprintf(stderr, "\nQEMU: Terminated via GDBstub\n");
+error_report("\nQEMU: Terminated via GDBstub\n");
exit(0);
case 'D':
/* Detach packet */
@@ -1357,8 +1358,8 @@ void gdb_do_syscallv(gdb_syscall_complete_cb cb, const
char *fmt, va_list va)
break;
default:
bad_format:
-fprintf(stderr, "gdbstub: Bad syscall format string '%s'\n",
-fmt - 1);
+error_report("gdbstub: Bad syscall format string '%s'\n",
+ fmt - 1);
break;
}
} else {
@@ -1731,6 +1732,12 @@ int gdbserver_start(const char *device)
CharDriverState *mon_chr;
ChardevCommon common = { 0 };
+if (!first_cpu) {
+error_report("gdbstub: meaningless to attach gdb to a "
+ "machine without any CPU.\n");
+return -1;
+}
+
if (!device)
return -1;
if (strcmp(device, "none") != 0) {
--
2.7.4
[Qemu-devel] [PATCH] gdbstub.c: fix GDB connection segfault caused by empty machines
From: Ziyue Yang
This patch is to fix the segmentation fault caused by attaching
GDB to a QEMU instance initialized with "-M none" option.
The bug can be reproduced by
> ./qemu-system-x86_64 -M none -nographic -S -s
and attach a GDB to it by
> gdb -ex 'target remote :1234
The segmentation fault was originally caused by trying to read
the information about CPU when communicating with GDB. However,
it's impossible for any control flow to exist on an empty machine,
nor can CPU's be hot plugged to an empty machine later by QOM
commands. So I think simply disabling GDB connections on empty
machines makes sense.
Signed-off-by: Ziyue Yang
---
gdbstub.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/gdbstub.c b/gdbstub.c
index de62d26..413e817 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -1731,6 +1731,12 @@ int gdbserver_start(const char *device)
CharDriverState *mon_chr;
ChardevCommon common = { 0 };
+if (!first_cpu) {
+fprintf(stderr, "gdbstub: meaningless to attach gdb to a "
+"machine without any CPU.\n");
+return -1;
+}
+
if (!device)
return -1;
if (strcmp(device, "none") != 0) {
--
2.7.4
[Qemu-devel] [Bug 1603734] Re: Hang in fsqrt
Bug fixed showed by https://github.com/unicorn-engine/unicorn/pull/609 and the test case shows no problem on the most recent release. ** Changed in: qemu Status: New => Fix Released -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1603734 Title: Hang in fsqrt Status in QEMU: Fix Released Bug description: At least qemu-i368 and qemu-x86_64 hang in floatx80_sqrt in versions 2.6.0 and git (2.6.50) for some input values, likely due to an infinite loop at fpu/softfloat.c:6569. Steps to reproduce: 1) Compile attached code: gcc -o test test.c -lm 2) `qemu-i368 test` and `qemu-x86_64 test` will hang at 100% cpu To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1603734/+subscriptions
[Qemu-devel] [Bug 1641637] Re: incorrect illegal SSE3 instructions reporting on x86_64
Hi Jie,
Seems that the problem was caused by not specifying the cpu model when running
QEMU.
when running
qemu-x86_64 ./28
QEMU would recognize the cpu model as "qemu64", which act like a cpu doesn't
support advanced instruction sets like SSSE3. To workaround, you can run
qemu-x86_86 -cpu core2duo ./28
The cpu specifications could be found at target-i386/cpu.c.
I haven't tested through all the cases yet, but I'm almost sure that was the
problem, for all your test cases used SSSE3 instructions or something alike.
Please let me know if there are some more exceptions, thanks!
** Changed in: qemu
Status: Confirmed => Invalid
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1641637
Title:
incorrect illegal SSE3 instructions reporting on x86_64
Status in QEMU:
Invalid
Bug description:
Hi all, we found 28 differently encoded illegal SSE3 instructions
reporting on the most recent x86_64 user mode linux qemu (version
2.7.0). We believe these reporting should be incorrect because the
same code can be executed on a real machine. The instructions are the
following:
pabsb %mm0, %mm1
pabsb %xmm0, %xmm1
pabsd %mm0, %mm1
pabsd %xmm0, %xmm1
pabsw %mm0, %mm1
pabsw %xmm0, %xmm1
phaddd %mm0, %mm1
phaddd %xmm0, %xmm1
phaddsw %mm0, %mm1
phaddsw %xmm0, %xmm1
phaddw %mm0, %mm1
phaddw %xmm0, %xmm1
phsubd %mm0, %mm1
phsubd %xmm0, %xmm1
phsubsw %mm0, %mm1
phsubsw %xmm0, %xmm1
phsubw %mm0, %mm1
phsubw %xmm0, %xmm1
pmaddubsw %mm0, %mm1
pmaddubsw %xmm0, %xmm1
pmulhrsw %mm0, %mm1
pmulhrsw %xmm0, %xmm1
psignb %mm0, %mm1
psignb %xmm0, %xmm1
psignd %mm0, %mm1
psignd %xmm0, %xmm1
psignw %mm0, %mm1
psignw %xmm0, %xmm1
The following is the proof of code
/** Beginning of bug 1.c: pabsb %mm0, %mm1 **/
int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char o[0x10];
int main() {
int k = 0;
asm("mov %0, %%rdx\n"
"movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));;
asm("mov %0, %%rdx\n"
"movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));;
asm("pabsb %mm0, %mm1");
asm("mov %0, %%rdx\n"
"movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));;
for (k = 0; k < 0x10; k++)
printf("%02x", o[0x10 - 1 - k]);
printf("\n");
}
/** End of bug 1.c **/
/** Beginning of bug 2.c: pabsb %xmm0, %xmm1 **/
int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char o[0x10];
int main() {
int k = 0;
asm("mov %0, %%rdx\n"
"movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));;
asm("mov %0, %%rdx\n"
"movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));;
asm("pabsb %xmm0, %xmm1");
asm("mov %0, %%rdx\n"
"movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));;
for (k = 0; k < 0x10; k++)
printf("%02x", o[0x10 - 1 - k]);
printf("\n");
}
/** End of bug 2.c **/
/** Beginning of bug 3.c: pabsd %mm0, %mm1 **/
int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char o[0x10];
int main() {
int k = 0;
asm("mov %0, %%rdx\n"
"movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));;
asm("mov %0, %%rdx\n"
"movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));;
asm("pabsd %mm0, %mm1");
asm("mov %0, %%rdx\n"
"movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));;
for (k = 0; k < 0x10; k++)
printf("%02x", o[0x10 - 1 - k]);
printf("\n");
}
/** End of bug 3.c **/
/** Beginning of bug 4.c: pabsd %xmm0, %xmm1 **/
int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char o[0x10];
int main() {
int k = 0;
asm("mov %0, %%rdx\n"
"movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));;
asm("mov %0, %%rdx\n"
"movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));;
asm("pabsd %xmm0, %xmm1");
asm("mov %0, %%rdx\n"
"movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));;
for (k = 0; k < 0x10; k++)
printf("%02x", o[0x10 - 1 - k]);
printf("\n");
}
/** End of bug 4.c **/
/** Beginning of bug 5.c: pabsw %mm0, %mm1 **/
int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char o[0x10];
int main() {
int k = 0;
asm("mov %0, %%rdx\n"
"movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));;
asm("mov %0, %%rdx\n"
"movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));;
asm("pabsw %mm0, %mm1");
asm("mov %0, %%rdx\n"
"movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));;
for (k = 0; k < 0x10; k++)
printf("%02x", o[0x10 - 1 - k])
[Qemu-devel] [Bug 1641637] Re: incorrect illegal SSE3 instructions reporting on x86_64
Hi Jie,
I can reproduce this by single-stepping through the bug1 testing code
using gdb, and SIGILL was encountered when executing the pabsb SSE3
instruction. Maybe it was due to QEMU's translator, I'll look further
into it.
** Changed in: qemu
Status: New => Confirmed
** Changed in: qemu
Assignee: (unassigned) => Ziyue Yang (yzyubuntuzh)
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1641637
Title:
incorrect illegal SSE3 instructions reporting on x86_64
Status in QEMU:
Confirmed
Bug description:
Hi all, we found 28 differently encoded illegal SSE3 instructions
reporting on the most recent x86_64 user mode linux qemu (version
2.7.0). We believe these reporting should be incorrect because the
same code can be executed on a real machine. The instructions are the
following:
pabsb %mm0, %mm1
pabsb %xmm0, %xmm1
pabsd %mm0, %mm1
pabsd %xmm0, %xmm1
pabsw %mm0, %mm1
pabsw %xmm0, %xmm1
phaddd %mm0, %mm1
phaddd %xmm0, %xmm1
phaddsw %mm0, %mm1
phaddsw %xmm0, %xmm1
phaddw %mm0, %mm1
phaddw %xmm0, %xmm1
phsubd %mm0, %mm1
phsubd %xmm0, %xmm1
phsubsw %mm0, %mm1
phsubsw %xmm0, %xmm1
phsubw %mm0, %mm1
phsubw %xmm0, %xmm1
pmaddubsw %mm0, %mm1
pmaddubsw %xmm0, %xmm1
pmulhrsw %mm0, %mm1
pmulhrsw %xmm0, %xmm1
psignb %mm0, %mm1
psignb %xmm0, %xmm1
psignd %mm0, %mm1
psignd %xmm0, %xmm1
psignw %mm0, %mm1
psignw %xmm0, %xmm1
The following is the proof of code
/** Beginning of bug 1.c: pabsb %mm0, %mm1 **/
int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char o[0x10];
int main() {
int k = 0;
asm("mov %0, %%rdx\n"
"movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));;
asm("mov %0, %%rdx\n"
"movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));;
asm("pabsb %mm0, %mm1");
asm("mov %0, %%rdx\n"
"movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));;
for (k = 0; k < 0x10; k++)
printf("%02x", o[0x10 - 1 - k]);
printf("\n");
}
/** End of bug 1.c **/
/** Beginning of bug 2.c: pabsb %xmm0, %xmm1 **/
int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char o[0x10];
int main() {
int k = 0;
asm("mov %0, %%rdx\n"
"movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));;
asm("mov %0, %%rdx\n"
"movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));;
asm("pabsb %xmm0, %xmm1");
asm("mov %0, %%rdx\n"
"movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));;
for (k = 0; k < 0x10; k++)
printf("%02x", o[0x10 - 1 - k]);
printf("\n");
}
/** End of bug 2.c **/
/** Beginning of bug 3.c: pabsd %mm0, %mm1 **/
int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char o[0x10];
int main() {
int k = 0;
asm("mov %0, %%rdx\n"
"movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));;
asm("mov %0, %%rdx\n"
"movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));;
asm("pabsd %mm0, %mm1");
asm("mov %0, %%rdx\n"
"movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));;
for (k = 0; k < 0x10; k++)
printf("%02x", o[0x10 - 1 - k]);
printf("\n");
}
/** End of bug 3.c **/
/** Beginning of bug 4.c: pabsd %xmm0, %xmm1 **/
int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char o[0x10];
int main() {
int k = 0;
asm("mov %0, %%rdx\n"
"movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));;
asm("mov %0, %%rdx\n"
"movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));;
asm("pabsd %xmm0, %xmm1");
asm("mov %0, %%rdx\n"
"movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));;
for (k = 0; k < 0x10; k++)
printf("%02x", o[0x10 - 1 - k]);
printf("\n");
}
/** End of bug 4.c **/
/** Beginning of bug 5.c: pabsw %mm0, %mm1 **/
int printf(const char *format, ...);
unsigned char i0[0x10];
unsigned char i1[0x10];
unsigned char o[0x10];
int main() {
int k = 0;
asm("mov %0, %%rdx\n"
"movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));;
asm("mov
