From nobody Mon Feb  9 17:37:25 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as
 permitted sender) client-ip=208.118.235.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted
 sender)  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=fail(p=none dis=none)  header.from=redhat.com
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by
 mx.zohomail.com
	with SMTPS id 154333028731347.836132898915025;
 Tue, 27 Nov 2018 06:51:27 -0800 (PST)
Received: from localhost ([::1]:42845 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1gRehy-0000ZE-57
	for importer@patchew.org; Tue, 27 Nov 2018 09:51:26 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:35291)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1gReU1-0003s9-NZ
	for qemu-devel@nongnu.org; Tue, 27 Nov 2018 09:37:02 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1gReU0-0001ku-In
	for qemu-devel@nongnu.org; Tue, 27 Nov 2018 09:37:01 -0500
Received: from mail-wr1-x443.google.com ([2a00:1450:4864:20::443]:44191)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <paolo.bonzini@gmail.com>)
	id 1gReU0-0001iI-BL
	for qemu-devel@nongnu.org; Tue, 27 Nov 2018 09:37:00 -0500
Received: by mail-wr1-x443.google.com with SMTP id z5so18625415wrt.11
	for <qemu-devel@nongnu.org>; Tue, 27 Nov 2018 06:37:00 -0800 (PST)
Received: from 640k.localdomain ([93.56.166.5])
	by smtp.gmail.com with ESMTPSA id
	n62sm2821869wmd.25.2018.11.27.06.36.56
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 27 Nov 2018 06:36:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
	:mime-version:content-transfer-encoding;
	bh=Mzn9bY26ZXE0C1YVCtJvz1TKI7UF/fDUFMH1qGsgdc0=;
	b=ppLMKFRseqncX+OnBovyz+5tiM2GNcKlHLoN+rrovMZowivN/ceuhE3EQdyn47OoL2
	vys6rW7Vl+4zbpbrH8g7+fDVX8FoiawTWQnQ+22EqmcolxRqs8X/afEqd1MqLhMnJ2oc
	iY++Ltj4bX7iuxVdaO6Ui5TjJEhOb/mLIiyLbEvP8yVDVywQATeRAzQs1djts6s/QvYV
	4bbWcsbIVOgUOBm3nfD+0YlsKkeSoHOfEAQMyp4Mnw3K7pVMuSwi5nGxljQpcbnOLSQ1
	Mo1EJFrlOCBn3Cvs/h2nS706KdShJhTx9sf9QQN6KYz9QyPu/CUC7w/Eds/GuGCFAUd9
	5i1Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
	:in-reply-to:references:mime-version:content-transfer-encoding;
	bh=Mzn9bY26ZXE0C1YVCtJvz1TKI7UF/fDUFMH1qGsgdc0=;
	b=jgL0vTliwDUNh0HvHcutAppIKq8WUXtK1w7ACek7qQSmix2+AfY0xobgXlOWbUky5b
	cn6vFIJi73WkDS9MGylTJx09d8coMxhI1/o1da0DcZEPbn32Z167tdrO9AZSqxTg3Gfw
	yk/qJhjZu3xRqg4cBmZv4D6JN7HG65qJrxdcilifiOz9dHqClVxCFa7pEs//C6oDWubj
	wGR7wfd4A4re+gSjuDj0OIy5bzrT+MM2K7ZGAe4R36cu7lzgQyAHL1JIDH1iwVs+IO49
	r/loTDTsJ6f75pY6tIQz0UmHWrYuK9s3hNXGHMXtR8oJNrxuVAa7W8ieggZBdK7PD7m/
	ICIA==
X-Gm-Message-State: AA+aEWaFatHUKPhOUPPemrqFZ6br4NG7C3qOGrXH6N/hYtrt3QaTK3cL
	6jyhNPSLnO7nCywOTcUmJIE29A01
X-Google-Smtp-Source: 
 AFSGD/X8CDrUwNoWbS7TSwKot2n8717wFghbHDbDSAxBxNQXaM0zQDwG6AyL88PJWkIfSthk3GaLdg==
X-Received: by 2002:adf:8b83:: with SMTP id o3mr15700002wra.81.1543329418680;
	Tue, 27 Nov 2018 06:36:58 -0800 (PST)
From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Date: Tue, 27 Nov 2018 15:36:32 +0100
Message-Id: <1543329397-48407-11-git-send-email-pbonzini@redhat.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1543329397-48407-1-git-send-email-pbonzini@redhat.com>
References: <1543329397-48407-1-git-send-email-pbonzini@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 2a00:1450:4864:20::443
Subject: [Qemu-devel] [PULL 10/15] target/i386: Generate #UD when applying
 LOCK to a register destination
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: Richard Henderson <richard.henderson@linaro.org>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)

From: Richard Henderson <richard.henderson@linaro.org>

Fixes a TCG crash due to attempting the atomic operation without
having set up the address first.  This does not attempt to fix
all of the other missing checks for LOCK.

Fixes: a7cee522f35
Fixes: https://bugs.launchpad.net/qemu/+bug/1803160
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20181113193510.24862-1-richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daud=C3=A9 <f4bug@amsat.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 target/i386/translate.c | 35 ++++++++++++++++++++---------------
 1 file changed, 20 insertions(+), 15 deletions(-)

diff --git a/target/i386/translate.c b/target/i386/translate.c
index f8bc768..0dd5fbe 100644
--- a/target/i386/translate.c
+++ b/target/i386/translate.c
@@ -1268,10 +1268,30 @@ static void gen_helper_fp_arith_STN_ST0(int op, int=
 opreg)
     }
 }
=20
+static void gen_exception(DisasContext *s, int trapno, target_ulong cur_ei=
p)
+{
+    gen_update_cc_op(s);
+    gen_jmp_im(s, cur_eip);
+    gen_helper_raise_exception(cpu_env, tcg_const_i32(trapno));
+    s->base.is_jmp =3D DISAS_NORETURN;
+}
+
+/* Generate #UD for the current instruction.  The assumption here is that
+   the instruction is known, but it isn't allowed in the current cpu mode.=
  */
+static void gen_illegal_opcode(DisasContext *s)
+{
+    gen_exception(s, EXCP06_ILLOP, s->pc_start - s->cs_base);
+}
+
 /* if d =3D=3D OR_TMP0, it means memory operand (address in A0) */
 static void gen_op(DisasContext *s1, int op, TCGMemOp ot, int d)
 {
     if (d !=3D OR_TMP0) {
+        if (s1->prefix & PREFIX_LOCK) {
+            /* Lock prefix when destination is not memory.  */
+            gen_illegal_opcode(s1);
+            return;
+        }
         gen_op_mov_v_reg(s1, ot, s1->T0, d);
     } else if (!(s1->prefix & PREFIX_LOCK)) {
         gen_op_ld_v(s1, ot, s1->T0, s1->A0);
@@ -2469,21 +2489,6 @@ static void gen_leave(DisasContext *s)
     gen_op_mov_reg_v(s, a_ot, R_ESP, s->T1);
 }
=20
-static void gen_exception(DisasContext *s, int trapno, target_ulong cur_ei=
p)
-{
-    gen_update_cc_op(s);
-    gen_jmp_im(s, cur_eip);
-    gen_helper_raise_exception(cpu_env, tcg_const_i32(trapno));
-    s->base.is_jmp =3D DISAS_NORETURN;
-}
-
-/* Generate #UD for the current instruction.  The assumption here is that
-   the instruction is known, but it isn't allowed in the current cpu mode.=
  */
-static void gen_illegal_opcode(DisasContext *s)
-{
-    gen_exception(s, EXCP06_ILLOP, s->pc_start - s->cs_base);
-}
-
 /* Similarly, except that the assumption here is that we don't decode
    the instruction at all -- either a missing opcode, an unimplemented
    feature, or just a bogus instruction stream.  */
--=20
1.8.3.1