ShuriZma
/
xemu
mirror of https://github.com/xemu-project/xemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix Mac Hypervisor Framework Crash Issue. The crash is caused by incorrect instruction emulation by QEMU hvf, which resulted in a ruined register that was not supposed to touch. 

+ copy it over to target/i386 as well (for latest QEMU version)

Change-Id: Ibdada114db8736560d41402d6af4042fc6e6c25b
This commit is contained in:
Haitao Shan 2017-11-08 12:01:47 -08:00 committed by espes
parent 022d50f600
commit 09d1d09697
2 changed files with 24 additions and 23 deletions

43
target/i386/hvf/x86_decode.c
View File

@ -113,7 +113,8 @@ static void decode_modrm_reg(CPUX86State *env, struct x86_decode *decode,
{
op->type = X86_VAR_REG;
op->reg = decode->modrm.reg;
op->ptr = get_reg_ref(env, op->reg, decode->rex.r, decode->operand_size);
op->ptr = get_reg_ref(env, op->reg, decode->rex.r,
decode->rex.unused == 4, decode->operand_size);
}
static void decode_rax(CPUX86State *env, struct x86_decode *decode,
@ -121,7 +122,7 @@ static void decode_rax(CPUX86State *env, struct x86_decode *decode,
{
op->type = X86_VAR_REG;
op->reg = R_EAX;
op->ptr = get_reg_ref(env, op->reg, 0, decode->operand_size);
op->ptr = get_reg_ref(env, op->reg, 0, 0, decode->operand_size);
}
static inline void decode_immediate(CPUX86State *env, struct x86_decode *decode,
@ -264,7 +265,7 @@ static void decode_incgroup(CPUX86State *env, struct x86_decode *decode)
decode->op[0].type = X86_VAR_REG;
decode->op[0].reg = decode->opcode[0] - 0x40;
decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.b,
decode->operand_size);
decode->rex.unused == 4, decode->operand_size);
}
static void decode_decgroup(CPUX86State *env, struct x86_decode *decode)
@ -272,7 +273,7 @@ static void decode_decgroup(CPUX86State *env, struct x86_decode *decode)
decode->op[0].type = X86_VAR_REG;
decode->op[0].reg = decode->opcode[0] - 0x48;
decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.b,
decode->operand_size);
decode->rex.unused == 4, decode->operand_size);
}
static void decode_incgroup2(CPUX86State *env, struct x86_decode *decode)
@ -289,7 +290,7 @@ static void decode_pushgroup(CPUX86State *env, struct x86_decode *decode)
decode->op[0].type = X86_VAR_REG;
decode->op[0].reg = decode->opcode[0] - 0x50;
decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.b,
decode->operand_size);
decode->rex.unused == 4, decode->operand_size);
}
static void decode_popgroup(CPUX86State *env, struct x86_decode *decode)
@ -297,7 +298,7 @@ static void decode_popgroup(CPUX86State *env, struct x86_decode *decode)
decode->op[0].type = X86_VAR_REG;
decode->op[0].reg = decode->opcode[0] - 0x58;
decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.b,
decode->operand_size);
decode->rex.unused == 4, decode->operand_size);
}
static void decode_jxx(CPUX86State *env, struct x86_decode *decode)
@ -379,7 +380,7 @@ static void decode_xchgroup(CPUX86State *env, struct x86_decode *decode)
decode->op[0].type = X86_VAR_REG;
decode->op[0].reg = decode->opcode[0] - 0x90;
decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.b,
decode->operand_size);
decode->rex.unused == 4, decode->operand_size);
}
static void decode_movgroup(CPUX86State *env, struct x86_decode *decode)
@ -387,7 +388,7 @@ static void decode_movgroup(CPUX86State *env, struct x86_decode *decode)
decode->op[0].type = X86_VAR_REG;
decode->op[0].reg = decode->opcode[0] - 0xb8;
decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.b,
decode->operand_size);
decode->rex.unused == 4, decode->operand_size);
decode_immediate(env, decode, &decode->op[1], decode->operand_size);
}
@ -403,7 +404,7 @@ static void decode_movgroup8(CPUX86State *env, struct x86_decode *decode)
decode->op[0].type = X86_VAR_REG;
decode->op[0].reg = decode->opcode[0] - 0xb0;
decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.b,
decode->operand_size);
decode->rex.unused == 4, decode->operand_size);
decode_immediate(env, decode, &decode->op[1], decode->operand_size);
}
@ -412,7 +413,7 @@ static void decode_rcx(CPUX86State *env, struct x86_decode *decode,
{
op->type = X86_VAR_REG;
op->reg = R_ECX;
op->ptr = get_reg_ref(env, op->reg, decode->rex.b, decode->operand_size);
op->ptr = get_reg_ref(env, op->reg, decode->rex.b, decode->rex.unused == 4, decode->operand_size);
}
struct decode_tbl {
@ -640,7 +641,7 @@ static void decode_bswap(CPUX86State *env, struct x86_decode *decode)
decode->op[0].type = X86_VAR_REG;
decode->op[0].reg = decode->opcode[1] - 0xc8;
decode->op[0].ptr = get_reg_ref(env, decode->op[0].reg, decode->rex.b,
decode->operand_size);
decode->rex.unused == 4, decode->operand_size);
}
static void decode_d9_4(CPUX86State *env, struct x86_decode *decode)
@ -1686,7 +1687,7 @@ calc_addr:
}
}
target_ulong get_reg_ref(CPUX86State *env, int reg, int is_extended, int size)
target_ulong get_reg_ref(CPUX86State *env, int reg, int is_extended, int rex, int size)
{
target_ulong ptr = 0;
int which = 0;
@ -1698,7 +1699,7 @@ target_ulong get_reg_ref(CPUX86State *env, int reg, int is_extended, int size)
switch (size) {
case 1:
if (is_extended || reg < 4) {
if (rex || is_extended || reg < 4) {
which = 1;
ptr = (target_ulong)&RL(env, reg);
} else {
@ -1714,10 +1715,10 @@ target_ulong get_reg_ref(CPUX86State *env, int reg, int is_extended, int size)
return ptr;
}
target_ulong get_reg_val(CPUX86State *env, int reg, int is_extended, int size)
target_ulong get_reg_val(CPUX86State *env, int reg, int is_extended, int rex, int size)
{
target_ulong val = 0;
memcpy(&val, (void *)get_reg_ref(env, reg, is_extended, size), size);
memcpy(&val, (void *)get_reg_ref(env, reg, is_extended, rex, size), size);
return val;
}
@ -1739,7 +1740,7 @@ static target_ulong get_sib_val(CPUX86State *env, struct x86_decode *decode,
if (base_reg == R_ESP || base_reg == R_EBP) {
*sel = R_SS;
}
base = get_reg_val(env, decode->sib.base, decode->rex.b, addr_size);
base = get_reg_val(env, decode->sib.base, decode->rex.b, decode->rex.unused == 4, addr_size);
}
if (decode->rex.x) {
@ -1747,8 +1748,8 @@ static target_ulong get_sib_val(CPUX86State *env, struct x86_decode *decode,
}
if (index_reg != R_ESP) {
scaled_index = get_reg_val(env, index_reg, decode->rex.x, addr_size) <<
decode->sib.scale;
scaled_index = get_reg_val(env, index_reg, decode->rex.x,
decode->rex.unused == 4, addr_size) << decode->sib.scale;
}
return base + scaled_index;
}
@ -1776,7 +1777,7 @@ void calc_modrm_operand32(CPUX86State *env, struct x86_decode *decode,
if (decode->modrm.rm == R_EBP || decode->modrm.rm == R_ESP) {
seg = R_SS;
}
ptr += get_reg_val(env, decode->modrm.rm, decode->rex.b, addr_size);
ptr += get_reg_val(env, decode->modrm.rm, decode->rex.b, decode->rex.unused == 4, addr_size);
}
if (X86_DECODE_CMD_LEA == decode->cmd) {
@ -1805,7 +1806,7 @@ void calc_modrm_operand64(CPUX86State *env, struct x86_decode *decode,
} else if (0 == mod && 5 == rm) {
ptr = RIP(env) + decode->len + (int32_t) offset;
} else {
ptr = get_reg_val(env, src, decode->rex.b, 8) + (int64_t) offset;
ptr = get_reg_val(env, src, decode->rex.b, decode->rex.unused == 4, 8) + (int64_t) offset;
}
if (X86_DECODE_CMD_LEA == decode->cmd) {
@ -1823,7 +1824,7 @@ void calc_modrm_operand(CPUX86State *env, struct x86_decode *decode,
op->reg = decode->modrm.reg;
op->type = X86_VAR_REG;
op->ptr = get_reg_ref(env, decode->modrm.rm, decode->rex.b,
decode->operand_size);
decode->rex.unused == 4, decode->operand_size);
return;
}

4
target/i386/hvf/x86_decode.h
View File

@ -303,8 +303,8 @@ uint64_t sign(uint64_t val, int size);
uint32_t decode_instruction(CPUX86State *env, struct x86_decode *decode);
target_ulong get_reg_ref(CPUX86State *env, int reg, int is_extended, int size);
target_ulong get_reg_val(CPUX86State *env, int reg, int is_extended, int size);
target_ulong get_reg_ref(CPUX86State *env, int reg, int is_extended, int rex, int size);
target_ulong get_reg_val(CPUX86State *env, int reg, int is_extended, int rex, int size);
void calc_modrm_operand(CPUX86State *env, struct x86_decode *decode,
struct x86_decode_op *op);
target_ulong decode_linear_addr(CPUX86State *env, struct x86_decode *decode,