Re: [Qemu-devel] i386 emulation bug: mov reg, [addr]

[Avi Kivity]

On 12/16/2009 10:56 AM, Clemens Kolbitsch wrote:
> On Tuesday 15 December 2009 08:54:04 pm Avi Kivity wrote:
>    
> > On 12/15/2009 08:48 PM, Clemens Kolbitsch wrote:
> >      
> > > Hi list,
> > >
> > > I'm experiencing a strange emulation bug with the op-code below. The
> > > instruction raises a segfault in the application (running on the guest),
> > > however, if I enable KVM to run the exact same application, no segfault
> > > is raised.
> > >
> > > 0x0080023b:       8b 04 65 11 22 33 44    mov regEAX, [0x44332211]
> > >
> > > where "11 22 33 44" is just some address. According to gdb (on a 32bit
> > > little- endian machine), this instruction can be disassembled as a "mov
> > > address to reg-eax".
> > >        
> > This is an odd encoding for this instruction, since there is a shorter
> > one possible (8b 05 11 22 33 44).  So it is possible there is a bug in
> > qemu that has never been triggered because compilers/assemblers don't
> > generate this encoding.
> >
> > btw, binutils disassembles this as
> >
> >     8b 04 65 11 22 33 44     mov    0x44332211(,%eiz,2),%eax
> >
> > I guess %eiz is some mnemonic for a "zero register" so the assembly can
> > be reassembled into a 7-byte instruction later.
> >      
> Hi all,
> thanks for the quick replies. I also saw that the instruction is disassembled
> to the above instruction, but did not want to complicate my problem
> description :)
> Is there anything I can provide to help testing possible patches?
>    

A good first step is to write those possible patches.  It shouldn't be 
difficult, start in target-i386/translate.c:disas_insn().

--
error compiling committee.c: too many arguments to function