WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] Is there a bug in the emulation of fucomip instruction?

from [Wangzhenguo] [Permanent Link][Original]
To: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] Is there a bug in the emulation of fucomip instruction?
From: Wangzhenguo <wangzhenguo@xxxxxxxxxx>
Date: Wed, 15 Jun 2011 11:51:30 +0000
Accept-language: zh-CN, en-US
Cc: Xiaowei Yang <xiaowei.yang@xxxxxxxxxx>
Delivery-date: Wed, 15 Jun 2011 09:13:37 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcwrUo3Re1fucIOUQ62a0WTsINv68Q==
Thread-topic: Is there a bug in the emulation of fucomip instruction? 
It's different between the implementation of the fucomip instruction in the 
function of x86_emulate and the spec of the fucomip in Intel 64 and IA-32 
architectures Software Developer's Manual Volume 2A. The opcode of the fucomip 
is described "DF E8+i", but in the implementation in the function of 86_emulate 
it's "df f8+i":
---------------------------------------------------------
    case 0xdf: /* FPU 0xdf */
        switch ( modrm )
        {
        case 0xe0:
            /* fnstsw %ax */
            dst.bytes = 2;
            dst.type = OP_REG;
            dst.reg = (unsigned long *)&_regs.eax;
            emulate_fpu_insn_memdst("fnstsw", dst.val);
            break;
        case 0xf0 ... 0xf7: /* fcomip %stN */
        case 0xf8 ... 0xff: /* fucomip %stN */            <--here-->
            emulate_fpu_insn_stub(0xdf, modrm);
            break;
        default:
            fail_if(modrm >= 0xc0);
---------------------------------------------------------
So, xen will panic and say it's an invalid opcode if the guest executes the 
invalid instruction, "fd ff", for example.
Is it right?

There is the panic message as follow:
(XEN) RIP:    e008:[<ffff83203fd1fae8>] ???
(XEN) RFLAGS: 0000000000010246   CONTEXT: hypervisor
(XEN) rax: ffff83203fd1fae8   rbx: 00000000000000df   rcx: ffff83203fd1fda8
(XEN) rdx: 0000000000000000   rsi: ffff83203fd1fc78   rdi: ffff82c480179bf0
(XEN) rbp: 0000000000000000   rsp: ffff83203fd1f910   r8:  ffff82c48019c9f0
(XEN) r9:  0000000000000000   r10: 00000000000000c8   r11: 0000000000000000
(XEN) r12: 0000000000000004   r13: 00000000000000df   r14: ffff83203fd1fda8
(XEN) r15: 0000000000000004   cr0: 0000000080050033   cr4: 00000000000026b0
(XEN) cr3: 0000001f10da5000   cr2: 00000000fffe0080
(XEN) ds: 0000   es: 0000   fs: 0000   gs: 0000   ss: 0000   cs: e008
(XEN) Xen stack trace from rsp=ffff83203fd1f910:
(XEN)    ffff82c48018248e 0000000000000022 ffff82c480179daf 0000ffff009322f4
(XEN)    00000000000000c8 0000000000000000 ffff82c480180234 000000023fd1fde8
(XEN)    ffff83203fd1fca0 0000000000000001 00000000000000df 0000000000000000
(XEN)    ffff83203fd1fa18 0000000400000000 ffff82c48022e800 000000003fd1fa1c
(XEN)    0000000000000022 ffff83203fd1fc78 00c883203fd1fa48 00000004000000ff
(XEN)    ffff8200000000004
(XEN)    0000000000000000 0000000800000000 0000000000040041 0000000000000000
(XEN)    0000000000000002 0000000000000000 0000000000000000 0000000000000000
(XEN)    0000000000000000 000000000004006c 0000000000040148 0000000000000000
(XEN)    0000000000000000 0000000000000000 0000000000000000 000000008055d0c0
(XEN)    0000000000000000 000000000000001f 0000000000000000 00000000fffe0080
(XEN)    0000000000000000 000000008055d5a4 0000000000000000 0000000000010246
(XEN)    000000000004001c 0000000000000000 0000000000000000 0000000000000000
(XEN)    0000000000000000 0000000000000000 0000000000000001 0000000000c3ffdf
(XEN)    ffff82c4801ea708 0000000300000000 ffff83203fd1fb20 ffff83203fd1fb9c
(XEN)    000000093fd1fb2c 0000000000000002 0000000000000bc5 0000000000000000
(XEN)    0000000000000000 0000000000000000 0000000000000000 0000000000000000
(XEN)    ffff83203fd1fa8808 0000000300000003
(XEN)    ffff83203fd1fb90 ffff83203fd1fc24 0000000910dca000 0000000000000002
(XEN) Xen call trace:
(XEN)    [<ffff83203fd1fae8>] ???
(XEN)    [<ffff82c48018248e>] x86_emulate+0x7e9e/0x11b10
(XEN)    [<ffff82c480179daf>] get_cpl+0x3f/0x60
(XEN)    [<ffff82c480180234>] x86_emulate+0x5c44/0x11b10
(XEN)    [<ffff82c4801ea708>] ept_get_entry+0xd8/0x230
(XEN)    [<ffff82c4801ea708>] ept_get_entry+0xd8/0x230
(XEN)    [<ffff82c4801ea708>] ept_get_entry+0xd8/0x230
(XEN)    [<ffff82c4801ea708>] ept_get_entry+0xd8/0x230
(XEN)    [<ffff82c4801a352e>] __hvm_copy+0x30e/0x3e0
(XEN)    [<ffff82c48019cec9>] hvm_emulate_one+0xc9/0x1b0
(XEN)    [<ffff82c4801bd895>] vmx_vmexit_handler+0x10b5/0x1d70
(XEN)    [<ffff82c480118a0d>] _csched_cpu_pick+0xfd/0x360
(XEN)    [<ffff82c480118c80>] csched_tick+0x0/0x250pt_update_irq+0x33/0x230
(XEN)    [<ffff82c48011f6b4>] execute_timer+0x34/0x50
(XEN)    [<ffff82c4801a87eb>] hvm_vcpu_has_pending_irq+0x6b/0xb0
(XEN)    [<ffff82c4801b67bc>] vmx_intr_assist+0x5c/0x240
(XEN)    [<ffff82c4801b9bfb>] vmx_vmenter_helper+0x5b/0x140
(XEN)    [<ffff82c4801b6573>] vmx_asm_do_vmentry+0x0/0xdd
(XEN)    
(XEN) 
(XEN) ****************************************
(XEN) Panic on CPU 8:
(XEN) FATAL TRAP: vector = 6 (invalid opcode)
(XEN) ****************************************


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] Need help with xen-detect patch, Benjamin Schweikert
Next by Date:  Re: RE: RE: RE: RE: RE: [Xen-devel] No C-States any longer..., Konrad Rzeszutek Wilk
Previous by Thread:  [Xen-devel] Need help with xen-detect patch, Benjamin Schweikert
Next by Thread:  Re: [Xen-devel] Is there a bug in the emulation of fucomip instruction?, Keir Fraser
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy