qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH 0/3] X86: Invalid lock prefix (F0), invalid mov inst


From: Xabier Ugarte-Pedrero
Subject: [Qemu-devel] [PATCH 0/3] X86: Invalid lock prefix (F0), invalid mov instruction, the xor_zero case should also update the parity.
Date: Tue, 11 Feb 2014 22:21:53 +0100

The following patch corrects two invalid instructions on the X86 subsystem that 
are incorrectly translated. These
byte sequences should generate exceptions.

First, the lock prefix (F0) should only be prepended once before each 
instruction. Otherwise, (if two F0 bytes are
present), the cpu raises an "Invalid Lock Sequence" exception. This behaviour 
was reproduced on a 32 bit Windows XP SP-3 
installation and a i386-softmmu qemu machine. While the real machine generates 
the exception, the emulated one accepts it as a valid sequence. This problem is 
corrected by this patch. 

Nevertheless, the lock prefix should be restricted to a fixed set of 
instructions according to the
the Intel Manual. This aspect appears to be only partially implemented for the 
nop instruction (0x90).The following
comment in target-i386/translate.c: "/* XXX: correct lock test for all insn 
*/", invites to correct it for the rest of
instructions. Unfortunately, this correction requires to significantly modify 
the translation loop.

Second, the C7 mov instruction requires the Reg/Opcode field of the Mod/RM byte 
to be 0. Otherwise, it should generate
and invalid instruction exception. This problem is corrected with this patch, 
and was tested on a 32 bit Windows XP SP-3
installation and a i386-softmmu qemu machine.

Third, the xor of a register with itself should update (and set) both the Z and 
the P flags.

For further details, please refer to the Intel 64 and IA-32 Architectures 
Software Developer's Manual Volume 2A:
Instruction Set Reference, A-M. Order Number: 253666-049US February 2014. See 
“LOCK—Assert LOCK# Signal Prefix” in
Chapter 3, and "MOV—Move" in Chapter 3.

Signed-off-by: Xabier Ugarte-Pedrero <address@hidden>

Xabier Ugarte-Pedrero (3):
  X86: Invalid lock prefix (F0)
  X86: Invalid mov instruction (C7)
  X86: The xor_zero case should also update the parity flag

 target-i386/cc_helper.c |    2 +-
 target-i386/translate.c |   11 ++++++++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

-- 
1.7.9.5




reply via email to

[Prev in Thread] Current Thread [Next in Thread]