This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


RE: [Xen-devel] VT/ioemu: vga memory access?

To: "Keir Fraser" <Keir.Fraser@xxxxxxxxxxxx>
Subject: RE: [Xen-devel] VT/ioemu: vga memory access?
From: "Petersson, Mats" <Mats.Petersson@xxxxxxx>
Date: Tue, 16 May 2006 19:24:14 +0200
Cc: Gerd Hoffmann <kraxel@xxxxxxx>, Xen devel list <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Tue, 16 May 2006 10:23:54 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcZ5DEyGYa8c7xQMQRGkH3LcZ8McLwAAQ9Kg
Thread-topic: [Xen-devel] VT/ioemu: vga memory access?

> -----Original Message-----
> From: Keir Fraser [mailto:Keir.Fraser@xxxxxxxxxxxx] 
> Sent: 16 May 2006 17:58
> To: Petersson, Mats
> Cc: Xen devel list; Gerd Hoffmann
> Subject: Re: [Xen-devel] VT/ioemu: vga memory access?
> On 16 May 2006, at 17:20, Petersson, Mats wrote:
> >> I think I found the bug.  It's actually in handle_mmio() 
> ;) The "case 
> >> INSTR_MOVS" has code which deals with page boundaries.  The code 
> >> allways _adds_ the count (ecx) to figure whenever the "repz movsb" 
> >> crosses a page boundary or not.  In case the direction flag is set 
> >> this isn't correct, it should subtract instead.  Subsequently it 
> >> mis-calculates count, making it _larger_ than it was 
> because the copy 
> >> wouldn't have crossed a page boundary, leading to the negative ecx 
> >> value in the register dump ...
> >
> > I think you're right...
> >
> > I'll write some simple test code to check it out, and let 
> you know...
> Hmmm... wouldn't it be nice if we didn't have a bespoke, 
> buggy & incomplete emulator for hvm mmio. ;-)

Yup, that would be rather nice if we didn't have bugs like this... 

And by the way, I think IOIO is buggy in exactly the same way... 

I'm still working on a test-case that can be used - it'll come in handy
for testing later on when I have FIXED the code by reusing the
x86_emulate.c in QEMU too... 

>   -- Keir

Xen-devel mailing list

<Prev in Thread] Current Thread [Next in Thread>