| Message ID | E1VOwIk-0006Fg-4Z@eggs.gnu.org |
|---|---|
| State | New |
| Headers | show |
On 09/25/2013 01:20 PM, Nathan Froyd wrote: > While the generic SSE translation codepath contains special logic to use > 32-bit or 64-bit memory operands for some instructions, this logic doesn't > catch the SSE {,u}comis{s,d} instructions. This oversight leads to too > many bytes being read when those instructions use memory operands, which > can in turn lead to page faults. > > The fix is simple: add a special case for these instructions. It did not > fit cleanly into the existing case, so some cut-and-paste was necesary. > > Signed-off-by: Nathan Froyd <froydnj@mozilla.com> > --- > target-i386/translate.c | 10 ++++++++++ > 1 file changed, 10 insertions(+) Reviewed-by: Richard Henderson <rth@twiddle.net> r~
diff --git a/target-i386/translate.c b/target-i386/translate.c index be74ebc..687859a 100644 --- a/target-i386/translate.c +++ b/target-i386/translate.c @@ -4576,6 +4576,16 @@ static void gen_sse(CPUX86State *env, DisasContext *s, int b, /* 64 bit access */ gen_ldq_env_A0(s->mem_index, offsetof(CPUX86State,xmm_t0.XMM_D(0))); } + } else if (b1 <= 1 && (b == 0x2e || b == 0x2f)) { + /* specific case for SSE *comis{s,d} instructions */ + if (b1 == 0) { + /* 32 bit access */ + gen_op_ld_T0_A0(OT_LONG + s->mem_index); + tcg_gen_st32_tl(cpu_T[0], cpu_env, offsetof(CPUX86State,xmm_t0.XMM_L(0))); + } else { + /* 64 bit access */ + gen_ldq_env_A0(s->mem_index, offsetof(CPUX86State,xmm_t0.XMM_D(0))); + } } else { gen_ldo_env_A0(s->mem_index, op2_offset); }
While the generic SSE translation codepath contains special logic to use 32-bit or 64-bit memory operands for some instructions, this logic doesn't catch the SSE {,u}comis{s,d} instructions. This oversight leads to too many bytes being read when those instructions use memory operands, which can in turn lead to page faults. The fix is simple: add a special case for these instructions. It did not fit cleanly into the existing case, so some cut-and-paste was necesary. Signed-off-by: Nathan Froyd <froydnj@mozilla.com> --- target-i386/translate.c | 10 ++++++++++ 1 file changed, 10 insertions(+)