|
From: | Avi Kivity |
Subject: | Re: [Qemu-devel] i386 emulation bug: mov reg, [addr] |
Date: | Tue, 15 Dec 2009 21:54:04 +0200 |
User-agent: | Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.5) Gecko/20091203 Fedora/3.0-3.13.rc2.fc12 Thunderbird/3.0 |
On 12/15/2009 08:48 PM, Clemens Kolbitsch wrote:
Hi list, I'm experiencing a strange emulation bug with the op-code below. The instruction raises a segfault in the application (running on the guest), however, if I enable KVM to run the exact same application, no segfault is raised. 0x0080023b: 8b 04 65 11 22 33 44 mov regEAX, [0x44332211] where "11 22 33 44" is just some address. According to gdb (on a 32bit little- endian machine), this instruction can be disassembled as a "mov address to reg-eax".
This is an odd encoding for this instruction, since there is a shorter one possible (8b 05 11 22 33 44). So it is possible there is a bug in qemu that has never been triggered because compilers/assemblers don't generate this encoding.
btw, binutils disassembles this as 8b 04 65 11 22 33 44 mov 0x44332211(,%eiz,2),%eaxI guess %eiz is some mnemonic for a "zero register" so the assembly can be reassembled into a 7-byte instruction later.
-- Do not meddle in the internals of kernels, for they are subtle and quick to panic.
[Prev in Thread] | Current Thread | [Next in Thread] |