diff options
| author | Roman Kapl <rka@sysgo.com> | 2018-08-24 15:17:34 +0200 |
|---|---|---|
| committer | Richard Henderson <richard.henderson@linaro.org> | 2018-09-26 09:02:51 -0700 |
| commit | 93bf9a42733321fb632bcb9eafd049ef0e3d9417 (patch) | |
| tree | 95fccf44cfe5788ef49f69a346b16ef0102669dc /tcg/i386 | |
| parent | bd224fce6017133733fee560ad8e5f737ad8b062 (diff) | |
| download | qemu-93bf9a42733321fb632bcb9eafd049ef0e3d9417.zip qemu-93bf9a42733321fb632bcb9eafd049ef0e3d9417.tar.gz qemu-93bf9a42733321fb632bcb9eafd049ef0e3d9417.tar.bz2 | |
tcg/i386: fix vector operations on 32-bit hosts
The TCG backend uses LOWREGMASK to get the low 3 bits of register numbers.
This was defined as no-op for 32-bit x86, with the assumption that we have
eight registers anyway. This assumption is not true once we have xmm regs.
Since LOWREGMASK was a no-op, xmm register indidices were wrong in opcodes
and have overflown into other opcode fields, wreaking havoc.
To trigger these problems, you can try running the "movi d8, #0x0" AArch64
instruction on 32-bit x86. "vpxor %xmm0, %xmm0, %xmm0" should be generated,
but instead TCG generated "vpxor %xmm0, %xmm0, %xmm2".
Fixes: 770c2fc7bb ("Add vector operations")
Signed-off-by: Roman Kapl <rka@sysgo.com>
Message-Id: <20180824131734.18557-1-rka@sysgo.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Diffstat (limited to 'tcg/i386')
| -rw-r--r-- | tcg/i386/tcg-target.inc.c | 4 |
1 files changed, 0 insertions, 4 deletions
diff --git a/tcg/i386/tcg-target.inc.c b/tcg/i386/tcg-target.inc.c index a91e4f1..4361958 100644 --- a/tcg/i386/tcg-target.inc.c +++ b/tcg/i386/tcg-target.inc.c @@ -302,11 +302,7 @@ static inline int tcg_target_const_match(tcg_target_long val, TCGType type, return 0; } -#if TCG_TARGET_REG_BITS == 64 # define LOWREGMASK(x) ((x) & 7) -#else -# define LOWREGMASK(x) (x) -#endif #define P_EXT 0x100 /* 0x0f opcode prefix */ #define P_EXT38 0x200 /* 0x0f 0x38 opcode prefix */ |