Re: [PATCH] x86: x86-opcode-map.txt: explain CALLW discrepancy between Intel and AMD

Fri, 13 Feb 2015 16:29:31 -0800 

On Fri, Feb 13, 2015 at 02:25:20PM +0100, Denys Vlasenko wrote:
> > Well, according to the SDM, Intel truncates too, see the LOOP/LOOPcc
> > Operation section:
> >
> >         ...
> >         IF BranchCond = 1
> >         THEN
> >         IF OperandSize = 32
> >         THEN EIP ← EIP + SignExtend(DEST);
> >         ELSE IF OperandSize = 64
> >         THEN RIP ← RIP + SignExtend(DEST);
> >         FI;
> >         ELSE IF OperandSize = 16
> >         THEN EIP ← EIP AND 0000FFFFH;           <---
> >
> > and text talks about 0x67 but that's address size and it is used to size
> > the rCX register.
> >
> > So something must be setting the OperandSize and text doesn't mention
> > anywhere about 0x66 being ignored.
> >
> > Or have you been doing some empirical experiments? :-)
> 
> Yes, I did.
> 
> 32-bit case: Intel CPU truncates EIP to 16 bits:
> 
> $ cat t.S
> _start:         .globl  _start
> 1:  .byte 0x66
>     loop 1b
> 
> $ gcc -nostartfiles -nostdlib -m32 t.S
> 
> $ objdump -dr a.out
> a.out:     file format elf32-i386
> Disassembly of section .text:
> 08048098 <_start>:
>  8048098:    66                       data16
>  8048099:    e2 fd                    loop   8048098 <_start>
> 
> $ gdb ./a.out
> (gdb) run
> Program received signal SIGSEGV, Segmentation fault.
> 0x00008098 in ?? ()
> 
> 
> Now let's try 64-bit version - compiling without -m32:
> 
> $ gcc -nostartfiles -nostdlib t.S
> $ ./a.out
> (runs without SEGV)
> 

AMD CPU always truncates:

32-bit:  a.out[13626]: segfault at 8098 ip 0000000000008098 sp 00000000ffa0ea20 
error 14 in a.out[8048000+1000]

64-bit:  a.out[13706]: segfault at d6 ip 00000000000000d6 sp 00007fffec14e870 
error 14 in a.out[400000+1000]


Intel CPU:

32-bit:  a.out[3478]: segfault at 8098 ip 0000000000008098 sp 00000000ff959da0 
error 14 in a.out[8048000+1000]

64-bit:

Make the loop terminate:

_start:         .globl  _start
    mov $1, %rcx
1:  .byte 0x66
    loop 1b


        a.out[3523]: segfault at 0 ip 00000000004000de sp 00007ffff31674e0 
error 6 in a.out[400000+1000]

segfaults because we don't have the libc glue around it, rIP is intact.

So it looks like the SDM is wrong.

-- 
Regards/Gruss,
    Boris.

ECO tip #101: Trim your mails when you reply.
--
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Reply via email to