[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 0/3] X86: Invalid lock prefix (F0), invalid mov inst
From: |
Xabier Ugarte-Pedrero |
Subject: |
[Qemu-devel] [PATCH 0/3] X86: Invalid lock prefix (F0), invalid mov instruction, the xor_zero case should also update the parity. |
Date: |
Tue, 11 Feb 2014 22:02:57 +0100 |
The following patch corrects two invalid instructions on the X86 subsystem that
are incorrectly translated. These
byte sequences should generate exceptions.
First, the lock prefix (F0) should only be prepended once before each
instruction. Otherwise, (if two F0 bytes are
present), the cpu raises an "Invalid Lock Sequence" exception. This behaviour
was reproduced on a 32 bit Windows XP SP-3
installation and a i386-softmmu qemu machine. While the real machine generates
the exception, the emulated one accepts it as a valid sequence. This problem is
corrected by this patch.
Nevertheless, the lock prefix should be restricted to a fixed set of
instructions according to the
the Intel Manual. This aspect appears to be only partially implemented for the
nop instruction (0x90).The following
comment in target-i386/translate.c: "/* XXX: correct lock test for all insn
*/", invites to correct it for the rest of
instructions. Unfortunately, this correction requires to significantly modify
the translation loop.
Second, the C7 mov instruction requires the Reg/Opcode field of the Mod/RM byte
to be 0. Otherwise, it should generate
and invalid instruction exception. This problem is corrected with this patch,
and was tested on a 32 bit Windows XP SP-3
installation and a i386-softmmu qemu machine.
Third, the xor of a register with itself should update (and set) both the Z and
the P flags.
For further details, please refer to the Intel 64 and IA-32 Architectures
Software Developer's Manual Volume 2A:
Instruction Set Reference, A-M. Order Number: 253666-049US February 2014. See
“LOCK—Assert LOCK# Signal Prefix” in
Chapter 3, and "MOV—Move" in Chapter 3.
Signed-off-by: Xabier Ugarte-Pedrero <address@hidden>
Xabier Ugarte-Pedrero (3):
X86: Invalid lock prefix (F0)
X86: Invalid mov instruction (C7)
X86: The xor_zero case should also update the parity flag
target-i386/cc_helper.c | 2 +-
target-i386/translate.c | 11 ++++++++++-
2 files changed, 11 insertions(+), 2 deletions(-)
--
1.7.9.5
- [Qemu-devel] [PATCH 0/3] X86: Invalid lock prefix (F0), invalid mov instruction, the xor_zero case should also update the parity., Xabier Ugarte-Pedrero, 2014/02/11
- [Qemu-devel] [PATCH 0/3] X86: Invalid lock prefix (F0), invalid mov instruction, Xabier Ugarte-Pedrero, 2014/02/11
- [Qemu-devel] [PATCH 1/3] X86: Invalid lock prefix (F0), Xabier Ugarte-Pedrero, 2014/02/11
- [Qemu-devel] [PATCH 2/3] X86: Invalid mov instruction (C7), Xabier Ugarte-Pedrero, 2014/02/11
- [Qemu-devel] [PATCH 3/3] X86: The xor_zero case should also update the parity flag, Xabier Ugarte-Pedrero, 2014/02/11
- [Qemu-devel] [PATCH 3/3] X86: The xor_zero case should also update the parity flag, Xabier Ugarte-Pedrero, 2014/02/11
- [Qemu-devel] [PATCH 0/3] X86: Invalid lock prefix (F0), invalid mov instruction, the xor_zero case should also update the parity., Xabier Ugarte-Pedrero, 2014/02/11
- [Qemu-devel] [PATCH 0/3] X86: Invalid lock prefix (F0), invalid mov instruction, the xor_zero case should also update the parity.,
Xabier Ugarte-Pedrero <=
- [Qemu-devel] [PATCH 2/3] X86: Invalid mov instruction (C7), Xabier Ugarte-Pedrero, 2014/02/11
- [Qemu-devel] [PATCH 3/3] X86: The xor_zero case should also update the parity flag, Xabier Ugarte-Pedrero, 2014/02/11
- [Qemu-devel] [PATCH 3/3] X86: The xor_zero case should also update the parity flag, Xabier Ugarte-Pedrero, 2014/02/11
- [Qemu-devel] [PATCH 1/3] X86: Invalid lock prefix (F0), Xabier Ugarte-Pedrero, 2014/02/11
- [Qemu-devel] [PATCH 0/3] X86: Invalid lock prefix (F0), invalid mov instruction, Xabier Ugarte-Pedrero, 2014/02/11