WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] Is there a bug in the emulation of fucomip instruction?

from [Keir Fraser] [Permanent Link][Original]
To: Wangzhenguo <wangzhenguo@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Xen-devel] Is there a bug in the emulation of fucomip instruction?
From: Keir Fraser <keir@xxxxxxx>
Date: Wed, 15 Jun 2011 20:36:43 +0100
Cc: Xiaowei Yang <xiaowei.yang@xxxxxxxxxx>
Delivery-date: Wed, 15 Jun 2011 12:37:53 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:sender:user-agent:date:subject:from:to:cc :message-id:thread-topic:thread-index:in-reply-to:mime-version :content-type:content-transfer-encoding; bh=TxKqYhG6BV6zoY49qCCdS/7OMJpwhVFzbmoVLI5SKkY=; b=emQ/VRalmhgmS5df8oZapM2/k023QHZT9qK11me7DlI7zcm7wGZ+pUn10iwEKAHhBw 9yGfBzuLuVVwh59/BBVVNIey4v59JKWk8pQ0M8ZVOHBWNGhEML7/nmT6CTtWQuejTRa9 Nm2/XNtJeEwhC1sv1wwZi7G/etSsHl6r1Dpio=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:user-agent:date:subject:from:to:cc:message-id:thread-topic :thread-index:in-reply-to:mime-version:content-type :content-transfer-encoding; b=OTDeGP1Gi5tJUK2Lp0GtR8FY+bLPUlyvVoA3d/moPCnH4OhPVfF3eML83Vss5iZgiR HymiKPMcv8Sxt+ZtY8SUEzDP7iPPl7dw7akjKTS/YoHMIXDRt+l9vIhGZOI4XH1leBuA 8zNOytJHDz5ImBUzfKdKPNQkqk1auBmtTEp6Y=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <B44CA5218606DC4FA941D19CCEB27B53AA94F1@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcwrUo3Re1fucIOUQ62a0WTsINv68QAQQA22
Thread-topic: [Xen-devel] Is there a bug in the emulation of fucomip instruction?
User-agent: Microsoft-Entourage/12.29.0.110113 
On 15/06/2011 12:51, "Wangzhenguo" <wangzhenguo@xxxxxxxxxx> wrote:

> It's different between the implementation of the fucomip instruction in the
> function of x86_emulate and the spec of the fucomip in Intel 64 and IA-32
> architectures Software Developer's Manual Volume 2A. The opcode of the fucomip
> is described "DF E8+i", but in the implementation in the function of
> 86_emulate it's "df f8+i":

Good catch. Fixed as of xen-unstable:23546. I'll backport it to our
maintained stable branches too.

 Thanks,
 Keir

> ---------------------------------------------------------
>     case 0xdf: /* FPU 0xdf */
>         switch ( modrm )
>         {
>         case 0xe0:
>             /* fnstsw %ax */
>             dst.bytes = 2;
>             dst.type = OP_REG;
>             dst.reg = (unsigned long *)&_regs.eax;
>             emulate_fpu_insn_memdst("fnstsw", dst.val);
>             break;
>         case 0xf0 ... 0xf7: /* fcomip %stN */
>         case 0xf8 ... 0xff: /* fucomip %stN */            <--here-->
>             emulate_fpu_insn_stub(0xdf, modrm);
>             break;
>         default:
>             fail_if(modrm >= 0xc0);
> ---------------------------------------------------------
> So, xen will panic and say it's an invalid opcode if the guest executes the
> invalid instruction, "fd ff", for example.
> Is it right?
> 
> There is the panic message as follow:
> (XEN) RIP:    e008:[<ffff83203fd1fae8>] ???
> (XEN) RFLAGS: 0000000000010246   CONTEXT: hypervisor
> (XEN) rax: ffff83203fd1fae8   rbx: 00000000000000df   rcx: ffff83203fd1fda8
> (XEN) rdx: 0000000000000000   rsi: ffff83203fd1fc78   rdi: ffff82c480179bf0
> (XEN) rbp: 0000000000000000   rsp: ffff83203fd1f910   r8:  ffff82c48019c9f0
> (XEN) r9:  0000000000000000   r10: 00000000000000c8   r11: 0000000000000000
> (XEN) r12: 0000000000000004   r13: 00000000000000df   r14: ffff83203fd1fda8
> (XEN) r15: 0000000000000004   cr0: 0000000080050033   cr4: 00000000000026b0
> (XEN) cr3: 0000001f10da5000   cr2: 00000000fffe0080
> (XEN) ds: 0000   es: 0000   fs: 0000   gs: 0000   ss: 0000   cs: e008
> (XEN) Xen stack trace from rsp=ffff83203fd1f910:
> (XEN)    ffff82c48018248e 0000000000000022 ffff82c480179daf 0000ffff009322f4
> (XEN)    00000000000000c8 0000000000000000 ffff82c480180234 000000023fd1fde8
> (XEN)    ffff83203fd1fca0 0000000000000001 00000000000000df 0000000000000000
> (XEN)    ffff83203fd1fa18 0000000400000000 ffff82c48022e800 000000003fd1fa1c
> (XEN)    0000000000000022 ffff83203fd1fc78 00c883203fd1fa48 00000004000000ff
> (XEN)    ffff8200000000004
> (XEN)    0000000000000000 0000000800000000 0000000000040041 0000000000000000
> (XEN)    0000000000000002 0000000000000000 0000000000000000 0000000000000000
> (XEN)    0000000000000000 000000000004006c 0000000000040148 0000000000000000
> (XEN)    0000000000000000 0000000000000000 0000000000000000 000000008055d0c0
> (XEN)    0000000000000000 000000000000001f 0000000000000000 00000000fffe0080
> (XEN)    0000000000000000 000000008055d5a4 0000000000000000 0000000000010246
> (XEN)    000000000004001c 0000000000000000 0000000000000000 0000000000000000
> (XEN)    0000000000000000 0000000000000000 0000000000000001 0000000000c3ffdf
> (XEN)    ffff82c4801ea708 0000000300000000 ffff83203fd1fb20 ffff83203fd1fb9c
> (XEN)    000000093fd1fb2c 0000000000000002 0000000000000bc5 0000000000000000
> (XEN)    0000000000000000 0000000000000000 0000000000000000 0000000000000000
> (XEN)    ffff83203fd1fa8808 0000000300000003
> (XEN)    ffff83203fd1fb90 ffff83203fd1fc24 0000000910dca000 0000000000000002
> (XEN) Xen call trace:
> (XEN)    [<ffff83203fd1fae8>] ???
> (XEN)    [<ffff82c48018248e>] x86_emulate+0x7e9e/0x11b10
> (XEN)    [<ffff82c480179daf>] get_cpl+0x3f/0x60
> (XEN)    [<ffff82c480180234>] x86_emulate+0x5c44/0x11b10
> (XEN)    [<ffff82c4801ea708>] ept_get_entry+0xd8/0x230
> (XEN)    [<ffff82c4801ea708>] ept_get_entry+0xd8/0x230
> (XEN)    [<ffff82c4801ea708>] ept_get_entry+0xd8/0x230
> (XEN)    [<ffff82c4801ea708>] ept_get_entry+0xd8/0x230
> (XEN)    [<ffff82c4801a352e>] __hvm_copy+0x30e/0x3e0
> (XEN)    [<ffff82c48019cec9>] hvm_emulate_one+0xc9/0x1b0
> (XEN)    [<ffff82c4801bd895>] vmx_vmexit_handler+0x10b5/0x1d70
> (XEN)    [<ffff82c480118a0d>] _csched_cpu_pick+0xfd/0x360
> (XEN)    [<ffff82c480118c80>] csched_tick+0x0/0x250pt_update_irq+0x33/0x230
> (XEN)    [<ffff82c48011f6b4>] execute_timer+0x34/0x50
> (XEN)    [<ffff82c4801a87eb>] hvm_vcpu_has_pending_irq+0x6b/0xb0
> (XEN)    [<ffff82c4801b67bc>] vmx_intr_assist+0x5c/0x240
> (XEN)    [<ffff82c4801b9bfb>] vmx_vmenter_helper+0x5b/0x140
> (XEN)    [<ffff82c4801b6573>] vmx_asm_do_vmentry+0x0/0xdd
> (XEN)    
> (XEN) 
> (XEN) ****************************************
> (XEN) Panic on CPU 8:
> (XEN) FATAL TRAP: vector = 6 (invalid opcode)
> (XEN) ****************************************
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] xen 4.1.0 + 3.0-rc3 pvops: virtualbox doesn't power off, Konrad Rzeszutek Wilk
Next by Date:  Re: [Xen-devel] xen 4.1.0 + 3.0-rc3 pvops: virtualbox doesn't power off, Sven Köhler
Previous by Thread:  [Xen-devel] Is there a bug in the emulation of fucomip instruction?, Wangzhenguo
Next by Thread:  [Xen-devel] [PATCH] xen: only track the linear framebuffer, Stefano Stabellini
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy