Public bug reported: In TCG mode, when a 16-byte write instruction (such as movdqu) is executed at a page boundary and causes a page fault, a partial write is executed in the first page. See the attached code for an example.
Tested on the qemu-3.0.0-rc1 release. % gcc -m32 qemu-bug2.c && ./a.out && echo && qemu-i386 ./a.out [snip] page fault: addr=0x70001000 err=0x7 *(0x70000ff8+ 0) = aa *(0x70000ff8+ 1) = aa *(0x70000ff8+ 2) = aa *(0x70000ff8+ 3) = aa *(0x70000ff8+ 4) = aa *(0x70000ff8+ 5) = aa *(0x70000ff8+ 6) = aa *(0x70000ff8+ 7) = aa *(0x70000ff8+ 8) = 55 *(0x70000ff8+ 9) = 55 *(0x70000ff8+10) = 55 *(0x70000ff8+11) = 55 *(0x70000ff8+12) = 55 *(0x70000ff8+13) = 55 *(0x70000ff8+14) = 55 *(0x70000ff8+15) = 55 [snip] page fault: addr=0x70001000 err=0x6 *(0x70000ff8+ 0) = 77 *(0x70000ff8+ 1) = 66 *(0x70000ff8+ 2) = 55 *(0x70000ff8+ 3) = 44 *(0x70000ff8+ 4) = 33 *(0x70000ff8+ 5) = 22 *(0x70000ff8+ 6) = 11 *(0x70000ff8+ 7) = 0 *(0x70000ff8+ 8) = 55 *(0x70000ff8+ 9) = 55 *(0x70000ff8+10) = 55 *(0x70000ff8+11) = 55 *(0x70000ff8+12) = 55 *(0x70000ff8+13) = 55 *(0x70000ff8+14) = 55 *(0x70000ff8+15) = 55 ** Affects: qemu Importance: Undecided Status: New ** Attachment added: "qemu-bug2.c" https://bugs.launchpad.net/bugs/1785734/+attachment/5172358/+files/qemu-bug2.c ** Description changed: In TCG mode, when a 16-byte write instruction (such as movdqu) is executed at a page boundary and causes a page fault, a partial write is executed in the first page. See the attached code for an example. Tested on the qemu-3.0.0-rc1 release. - % gcc -m32 qemu-bug2.c && ./a.out && echo && qemu-i386 ./a.out - *(0x70000ff8+ 0) = aa - *(0x70000ff8+ 1) = aa - *(0x70000ff8+ 2) = aa - *(0x70000ff8+ 3) = aa - *(0x70000ff8+ 4) = aa - *(0x70000ff8+ 5) = aa - *(0x70000ff8+ 6) = aa - *(0x70000ff8+ 7) = aa - *(0x70000ff8+ 8) = 55 - *(0x70000ff8+ 9) = 55 - *(0x70000ff8+10) = 55 - *(0x70000ff8+11) = 55 - *(0x70000ff8+12) = 55 - *(0x70000ff8+13) = 55 - *(0x70000ff8+14) = 55 - *(0x70000ff8+15) = 55 + [snip] page fault: addr=0x70001000 err=0x7 *(0x70000ff8+ 0) = aa *(0x70000ff8+ 1) = aa *(0x70000ff8+ 2) = aa *(0x70000ff8+ 3) = aa *(0x70000ff8+ 4) = aa *(0x70000ff8+ 5) = aa *(0x70000ff8+ 6) = aa *(0x70000ff8+ 7) = aa *(0x70000ff8+ 8) = 55 *(0x70000ff8+ 9) = 55 *(0x70000ff8+10) = 55 *(0x70000ff8+11) = 55 *(0x70000ff8+12) = 55 *(0x70000ff8+13) = 55 *(0x70000ff8+14) = 55 *(0x70000ff8+15) = 55 - *(0x70000ff8+ 0) = aa - *(0x70000ff8+ 1) = aa - *(0x70000ff8+ 2) = aa - *(0x70000ff8+ 3) = aa - *(0x70000ff8+ 4) = aa - *(0x70000ff8+ 5) = aa - *(0x70000ff8+ 6) = aa - *(0x70000ff8+ 7) = aa - *(0x70000ff8+ 8) = 55 - *(0x70000ff8+ 9) = 55 - *(0x70000ff8+10) = 55 - *(0x70000ff8+11) = 55 - *(0x70000ff8+12) = 55 - *(0x70000ff8+13) = 55 - *(0x70000ff8+14) = 55 - *(0x70000ff8+15) = 55 + [snip] page fault: addr=0x70001000 err=0x6 *(0x70000ff8+ 0) = 77 *(0x70000ff8+ 1) = 66 *(0x70000ff8+ 2) = 55 *(0x70000ff8+ 3) = 44 *(0x70000ff8+ 4) = 33 *(0x70000ff8+ 5) = 22 *(0x70000ff8+ 6) = 11 *(0x70000ff8+ 7) = 0 *(0x70000ff8+ 8) = 55 *(0x70000ff8+ 9) = 55 *(0x70000ff8+10) = 55 *(0x70000ff8+11) = 55 *(0x70000ff8+12) = 55 *(0x70000ff8+13) = 55 *(0x70000ff8+14) = 55 *(0x70000ff8+15) = 55 -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1785734 Title: movdqu partial write at page boundary Status in QEMU: New Bug description: In TCG mode, when a 16-byte write instruction (such as movdqu) is executed at a page boundary and causes a page fault, a partial write is executed in the first page. See the attached code for an example. Tested on the qemu-3.0.0-rc1 release. % gcc -m32 qemu-bug2.c && ./a.out && echo && qemu-i386 ./a.out [snip] page fault: addr=0x70001000 err=0x7 *(0x70000ff8+ 0) = aa *(0x70000ff8+ 1) = aa *(0x70000ff8+ 2) = aa *(0x70000ff8+ 3) = aa *(0x70000ff8+ 4) = aa *(0x70000ff8+ 5) = aa *(0x70000ff8+ 6) = aa *(0x70000ff8+ 7) = aa *(0x70000ff8+ 8) = 55 *(0x70000ff8+ 9) = 55 *(0x70000ff8+10) = 55 *(0x70000ff8+11) = 55 *(0x70000ff8+12) = 55 *(0x70000ff8+13) = 55 *(0x70000ff8+14) = 55 *(0x70000ff8+15) = 55 [snip] page fault: addr=0x70001000 err=0x6 *(0x70000ff8+ 0) = 77 *(0x70000ff8+ 1) = 66 *(0x70000ff8+ 2) = 55 *(0x70000ff8+ 3) = 44 *(0x70000ff8+ 4) = 33 *(0x70000ff8+ 5) = 22 *(0x70000ff8+ 6) = 11 *(0x70000ff8+ 7) = 0 *(0x70000ff8+ 8) = 55 *(0x70000ff8+ 9) = 55 *(0x70000ff8+10) = 55 *(0x70000ff8+11) = 55 *(0x70000ff8+12) = 55 *(0x70000ff8+13) = 55 *(0x70000ff8+14) = 55 *(0x70000ff8+15) = 55 To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1785734/+subscriptions