This is an automated cleanup. This bug report has been moved
to QEMU's new bug tracker on gitlab.com and thus gets marked
as 'expired' now. Please continue with the discussion here:
https://gitlab.com/qemu-project/qemu/-/issues/63
** Changed in: qemu
Status: Confirmed => Expired
** Chan
** Changed in: qemu
Status: New => Confirmed
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1663287
Title:
Illegal delay slot code causes abort on mips64
Status in QEMU:
Confirmed
Bug des
** Changed in: qemu
Assignee: (unassigned) => Philippe Mathieu-Daudé (philmd)
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1663287
Title:
Illegal delay slot code causes abort on mips64
Statu
If my memory is correct, this problem doesn't need qemu to execute the
code, it only needs it to translate the code. In the original test case
the invalid instructions were actually dead code but still managed to
crash qemu.
I suggest following Yongbok Kim's approach and signalling Reserved
Instr
When I reread the thread I see Brian was doing some testing/fuzzing,
that's why he found that out.
I managed to get my old router running. It's BCM5354 (BCM3302 v2.9) running on
Linux 2.4.35.
I used the following code (gnu as compiled but replaced the nop after branch
with the branch instruction
Yeah, QEMU crashing is definitely a bug that we should fix. (NB that
it's not a 'security' bug, though -- we make no guarantee that malicious
code run under QEMU with TCG emulation is unable to escape from it:
there's too much unaudited and old code for us to be able to safely make
that guarantee.)
I don't know how Brian go to his state.
I should've mentioned though I was using custom binary (shellcode) that
triggered this behavior. This code was not generated by compiler.
However, I wanted to point out that user can crash the qemu host by
running custom code from userspace.
Unfortunately
Hi Brian,
You try to execute a CP1 instruction in a delay slot,
which triggers a Reserved Instruction exception.
Per the ISA the processor operation is UNPREDICTABLE in such case.
What is the behavior on real hardware?
An assertion() seems appropriate.
Your compiler might be buggy, or you are no
I found the exact same bug. Tested on several hosts and qemu releases.
The newest one I tested was on FreeBSD 12.1 host and qemu-4.1.1_1 built
from ports.
Instructions:
4000d0: 0320f809jalrt9
4000d4: 454545450x45454545 # bc1any4t $fcc1,0x800101f8
I was
** Tags added: mips
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1663287
Title:
Illegal delay slot code causes abort on mips64
Status in QEMU:
New
Bug description:
During some randomised tes
** Changed in: qemu
Status: Fix Released => New
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1663287
Title:
Illegal delay slot code causes abort on mips64
Status in QEMU:
New
Bug descri
Thanks for that fix. I've just noticed that the second part, in
gen_compute_branch1, wasn't included, though. Could you take a look at
it?
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1663287
Titl
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=075a1fe788d36b271ec2
** Changed in: qemu
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1663287
Title:
Il
Thanks for reporting this issue.
In fact, branches in a delay slot is "undefined" in the pre-Release 6
architecture.
MIPS architectre release 6 defines to signal Reserved Instruction exceptions
for such cases.
However as it was undefined, it is better to signal RI and carry on rather than
stopp
** Changed in: qemu
Status: New => Fix Committed
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1663287
Title:
Illegal delay slot code causes abort on mips64
Status in QEMU:
Fix Committed
I've just found the same problem with gen_compute_branch1,
0028 jr at
4540563a bc1any4f $fcc0,0xbfc158ec
The cause is the same - if the instruction set is wrong then the delay
slot check is skipped.
--
You received this bug notification because you are a member of qemu-
devel-ml,
16 matches
Mail list logo
