[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [Bug 1785734] [NEW] movdqu partial write at page boundary
From: |
Fabian Hemmer |
Subject: |
[Qemu-devel] [Bug 1785734] [NEW] movdqu partial write at page boundary |
Date: |
Tue, 07 Aug 2018 01:44:01 -0000 |
Public bug reported:
In TCG mode, when a 16-byte write instruction (such as movdqu) is
executed at a page boundary and causes a page fault, a partial write is
executed in the first page. See the attached code for an example.
Tested on the qemu-3.0.0-rc1 release.
% gcc -m32 qemu-bug2.c && ./a.out && echo && qemu-i386 ./a.out
[snip]
page fault: addr=0x70001000 err=0x7
*(0x70000ff8+ 0) = aa
*(0x70000ff8+ 1) = aa
*(0x70000ff8+ 2) = aa
*(0x70000ff8+ 3) = aa
*(0x70000ff8+ 4) = aa
*(0x70000ff8+ 5) = aa
*(0x70000ff8+ 6) = aa
*(0x70000ff8+ 7) = aa
*(0x70000ff8+ 8) = 55
*(0x70000ff8+ 9) = 55
*(0x70000ff8+10) = 55
*(0x70000ff8+11) = 55
*(0x70000ff8+12) = 55
*(0x70000ff8+13) = 55
*(0x70000ff8+14) = 55
*(0x70000ff8+15) = 55
[snip]
page fault: addr=0x70001000 err=0x6
*(0x70000ff8+ 0) = 77
*(0x70000ff8+ 1) = 66
*(0x70000ff8+ 2) = 55
*(0x70000ff8+ 3) = 44
*(0x70000ff8+ 4) = 33
*(0x70000ff8+ 5) = 22
*(0x70000ff8+ 6) = 11
*(0x70000ff8+ 7) = 0
*(0x70000ff8+ 8) = 55
*(0x70000ff8+ 9) = 55
*(0x70000ff8+10) = 55
*(0x70000ff8+11) = 55
*(0x70000ff8+12) = 55
*(0x70000ff8+13) = 55
*(0x70000ff8+14) = 55
*(0x70000ff8+15) = 55
** Affects: qemu
Importance: Undecided
Status: New
** Attachment added: "qemu-bug2.c"
https://bugs.launchpad.net/bugs/1785734/+attachment/5172358/+files/qemu-bug2.c
** Description changed:
In TCG mode, when a 16-byte write instruction (such as movdqu) is
executed at a page boundary and causes a page fault, a partial write is
executed in the first page. See the attached code for an example.
Tested on the qemu-3.0.0-rc1 release.
-
% gcc -m32 qemu-bug2.c && ./a.out && echo && qemu-i386 ./a.out
- *(0x70000ff8+ 0) = aa
- *(0x70000ff8+ 1) = aa
- *(0x70000ff8+ 2) = aa
- *(0x70000ff8+ 3) = aa
- *(0x70000ff8+ 4) = aa
- *(0x70000ff8+ 5) = aa
- *(0x70000ff8+ 6) = aa
- *(0x70000ff8+ 7) = aa
- *(0x70000ff8+ 8) = 55
- *(0x70000ff8+ 9) = 55
- *(0x70000ff8+10) = 55
- *(0x70000ff8+11) = 55
- *(0x70000ff8+12) = 55
- *(0x70000ff8+13) = 55
- *(0x70000ff8+14) = 55
- *(0x70000ff8+15) = 55
+ [snip]
page fault: addr=0x70001000 err=0x7
*(0x70000ff8+ 0) = aa
*(0x70000ff8+ 1) = aa
*(0x70000ff8+ 2) = aa
*(0x70000ff8+ 3) = aa
*(0x70000ff8+ 4) = aa
*(0x70000ff8+ 5) = aa
*(0x70000ff8+ 6) = aa
*(0x70000ff8+ 7) = aa
*(0x70000ff8+ 8) = 55
*(0x70000ff8+ 9) = 55
*(0x70000ff8+10) = 55
*(0x70000ff8+11) = 55
*(0x70000ff8+12) = 55
*(0x70000ff8+13) = 55
*(0x70000ff8+14) = 55
*(0x70000ff8+15) = 55
- *(0x70000ff8+ 0) = aa
- *(0x70000ff8+ 1) = aa
- *(0x70000ff8+ 2) = aa
- *(0x70000ff8+ 3) = aa
- *(0x70000ff8+ 4) = aa
- *(0x70000ff8+ 5) = aa
- *(0x70000ff8+ 6) = aa
- *(0x70000ff8+ 7) = aa
- *(0x70000ff8+ 8) = 55
- *(0x70000ff8+ 9) = 55
- *(0x70000ff8+10) = 55
- *(0x70000ff8+11) = 55
- *(0x70000ff8+12) = 55
- *(0x70000ff8+13) = 55
- *(0x70000ff8+14) = 55
- *(0x70000ff8+15) = 55
+ [snip]
page fault: addr=0x70001000 err=0x6
*(0x70000ff8+ 0) = 77
*(0x70000ff8+ 1) = 66
*(0x70000ff8+ 2) = 55
*(0x70000ff8+ 3) = 44
*(0x70000ff8+ 4) = 33
*(0x70000ff8+ 5) = 22
*(0x70000ff8+ 6) = 11
*(0x70000ff8+ 7) = 0
*(0x70000ff8+ 8) = 55
*(0x70000ff8+ 9) = 55
*(0x70000ff8+10) = 55
*(0x70000ff8+11) = 55
*(0x70000ff8+12) = 55
*(0x70000ff8+13) = 55
*(0x70000ff8+14) = 55
*(0x70000ff8+15) = 55
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1785734
Title:
movdqu partial write at page boundary
Status in QEMU:
New
Bug description:
In TCG mode, when a 16-byte write instruction (such as movdqu) is
executed at a page boundary and causes a page fault, a partial write
is executed in the first page. See the attached code for an example.
Tested on the qemu-3.0.0-rc1 release.
% gcc -m32 qemu-bug2.c && ./a.out && echo && qemu-i386 ./a.out
[snip]
page fault: addr=0x70001000 err=0x7
*(0x70000ff8+ 0) = aa
*(0x70000ff8+ 1) = aa
*(0x70000ff8+ 2) = aa
*(0x70000ff8+ 3) = aa
*(0x70000ff8+ 4) = aa
*(0x70000ff8+ 5) = aa
*(0x70000ff8+ 6) = aa
*(0x70000ff8+ 7) = aa
*(0x70000ff8+ 8) = 55
*(0x70000ff8+ 9) = 55
*(0x70000ff8+10) = 55
*(0x70000ff8+11) = 55
*(0x70000ff8+12) = 55
*(0x70000ff8+13) = 55
*(0x70000ff8+14) = 55
*(0x70000ff8+15) = 55
[snip]
page fault: addr=0x70001000 err=0x6
*(0x70000ff8+ 0) = 77
*(0x70000ff8+ 1) = 66
*(0x70000ff8+ 2) = 55
*(0x70000ff8+ 3) = 44
*(0x70000ff8+ 4) = 33
*(0x70000ff8+ 5) = 22
*(0x70000ff8+ 6) = 11
*(0x70000ff8+ 7) = 0
*(0x70000ff8+ 8) = 55
*(0x70000ff8+ 9) = 55
*(0x70000ff8+10) = 55
*(0x70000ff8+11) = 55
*(0x70000ff8+12) = 55
*(0x70000ff8+13) = 55
*(0x70000ff8+14) = 55
*(0x70000ff8+15) = 55
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1785734/+subscriptions
- [Qemu-devel] [Bug 1785734] [NEW] movdqu partial write at page boundary,
Fabian Hemmer <=