target/i386: Do not re-compute new pc with CF_PCREL #50

Merged

dfaggioli merged 2 commits from v8.2.0-factory-fix into factory 2024-02-06 01:38:57 +01:00

Conversation 0 Commits 2 Files Changed 1 +4 -6

dfaggioli commented 2024-02-05 23:06:01 +01:00 (Migrated from github.com)

Copy Link

With PCREL, we have a page-relative view of EIP, and an approximation of PC = EIP+CSBASE that is good enough to detect page crossings. If we try to recompute PC after masking EIP, we will mess up that approximation and write a corrupt value to EIP.

We already handled masking properly for PCREL, so the fix in b5e0d5d2 was only needed for the !PCREL path.

Cc: qemu-stable@nongnu.org
Fixes: b5e0d5d22f ("target/i386: Fix 32-bit wrapping of pc/eip computation")
Reported-by: Michael Tokarev mjt@tls.msk.ru

Message-ID: 20240101230617.129349-1-richard.henderson@linaro.org

(cherry picked from commit a58506b748)

With PCREL, we have a page-relative view of EIP, and an approximation of PC = EIP+CSBASE that is good enough to detect page crossings. If we try to recompute PC after masking EIP, we will mess up that approximation and write a corrupt value to EIP. We already handled masking properly for PCREL, so the fix in b5e0d5d2 was only needed for the !PCREL path. Cc: qemu-stable@nongnu.org Fixes: b5e0d5d22fbf ("target/i386: Fix 32-bit wrapping of pc/eip computation") Reported-by: Michael Tokarev <mjt@tls.msk.ru> Message-ID: <20240101230617.129349-1-richard.henderson@linaro.org> (cherry picked from commit a58506b748b8988a95f4fa1a2420ac5c17038b30)

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

bug

duplicate

enhancement

invalid

question

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

dfaggioli

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: dfaggioli/qemu#50