git.ipfire.org Git - thirdparty/qemu.git/commit

author	Richard Henderson <richard.henderson@linaro.org>
	Tue, 12 Dec 2023 17:01:38 +0000 (09:01 -0800)
committer	Michael Tokarev <mjt@tls.msk.ru>
	Sat, 20 Jan 2024 14:41:47 +0000 (17:41 +0300)
commit	15e207b9ed89c843639f8674f318b50569869de7
tree	b886a52807cd6ac34c37f9a98fc2e629ef481aa8	tree
parent	2ad4ebb350fa3340488f2bb9c751726e449597e1	commit \| diff

target/i386: Fix 32-bit wrapping of pc/eip computation

In 32-bit mode, pc = eip + cs_base is also 32-bit, and must wrap.
Failure to do so results in incorrect memory exceptions to the guest.
Before 732d548732ed, this was implicitly done via truncation to
target_ulong but only in qemu-system-i386, not qemu-system-x86_64.

To fix this, we must add conditional zero-extensions.
Since we have to test for 32 vs 64-bit anyway, note that cs_base
is always zero in 64-bit mode.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2022
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20231212172510.103305-1-richard.henderson@linaro.org>
(cherry picked from commit b5e0d5d22fbffc3d8f7d3e86d7a2d05a1a974e27)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: context fix in target/i386/tcg/tcg-cpu.c for v8.1.0-1190-gb77af26e97
"accel/tcg: Replace CPUState.env_ptr with cpu_env()")
(Mjt: fixup in target/i386/tcg/tcg-cpu.c for v7.2.0-1854-g34a39c2443
"target/i386: Replace `tb_pc()` with `tb->pc`")

target/i386/cpu.h		diff \| blob \| blame \| history
target/i386/tcg/tcg-cpu.c		diff \| blob \| blame \| history
target/i386/tcg/translate.c		diff \| blob \| blame \| history