mirror of https://github.com/xemu-project/xemu.git
e7bbb7cb71
ALU instructions can write to both memory and flags. If the CC_SRC* and CC_DST locations have been written already when a memory access causes a fault, the value in CC_SRC* and CC_DST might be interpreted with the wrong CC_OP (the one that is in effect before the instruction. Besides just using the wrong result for the flags, something like subtracting -1 can have disastrous effects if the current CC_OP is CC_OP_EFLAGS: this is because QEMU does not expect bits outside the ALU flags to be set in CC_SRC, and env->eflags can end up set to all-ones. In the case of the attached testcase, this sets IOPL to 3 and would cause an assertion failure if SUB is moved to the new decoder. This mechanism is not really needed for BMI instructions, which can only write to a register, but put it to use anyway for cleanliness. In the case of BZHI, the code has to be modified slightly to ensure that decode->cc_src is written, otherwise the new assertions trigger. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> |
||
|---|---|---|
| .. | ||
| sysemu | ||
| user | ||
| bpt_helper.c | ||
| cc_helper.c | ||
| cc_helper_template.h.inc | ||
| decode-new.c.inc | ||
| decode-new.h | ||
| emit.c.inc | ||
| excp_helper.c | ||
| fpu_helper.c | ||
| helper-tcg.h | ||
| int_helper.c | ||
| mem_helper.c | ||
| meson.build | ||
| misc_helper.c | ||
| mpx_helper.c | ||
| ops_sse_header.h.inc | ||
| seg_helper.c | ||
| seg_helper.h | ||
| shift_helper_template.h.inc | ||
| tcg-cpu.c | ||
| tcg-cpu.h | ||
| tcg-stub.c | ||
| translate.c | ||