pve-qemu-qoup/debian/patches/extra/0008-target-i386-fix-operand-size-for-DATA16-REX.W-POPCNT.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Thu, 9 May 2024 12:38:10 +0200
Subject: [PATCH] target/i386: fix operand size for DATA16 REX.W POPCNT

According to the manual, 32-bit vs 64-bit is governed by REX.W
and REX ignores the 0x66 prefix.  This can be confirmed with this
program:

    #include <stdio.h>
    int main()
    {
       int x = 0x12340000;
       int y;
       asm("popcntl %1, %0" : "=r" (y) : "r" (x)); printf("%x\n", y);
       asm("mov $-1, %0; .byte 0x66; popcntl %1, %0" : "+r" (y) : "r" (x)); printf("%x\n", y);
       asm("mov $-1, %0; .byte 0x66; popcntq %q1, %q0" : "+r" (y) : "r" (x)); printf("%x\n", y);
    }

which prints 5/ffff0000/5 on real hardware and 5/ffff0000/ffff0000
on QEMU.

Cc: qemu-stable@nongnu.org
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 41c685dc59bb611096f3bb6a663cfa82e4cba97b)
[FE: keep mo_64_32 helper which still has other users in 9.0.0]
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
 target/i386/tcg/translate.c | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
index 76a42c679c..b60f3bd642 100644
--- a/target/i386/tcg/translate.c
+++ b/target/i386/tcg/translate.c
@@ -6799,12 +6799,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
         modrm = x86_ldub_code(env, s);
         reg = ((modrm >> 3) & 7) | REX_R(s);
 
-        if (s->prefix & PREFIX_DATA) {
-            ot = MO_16;
-        } else {
-            ot = mo_64_32(dflag);
-        }
-
+        ot = dflag;
         gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
         gen_extu(ot, s->T0);
         tcg_gen_mov_tl(cpu_cc_src, s->T0);
fixes for QEMU 9.0 Most importantly, fix forwards and backwards migration with VirtIO-GPU display. Other fixes are for a regression in pflash device (introduced in 8.2) and some fixes for x86(_64) TCG emulation. One of the patches needed to be adapted, because it removed a helper that is still in use in 9.0.0. There also is a revert for a fix in VirtIO PCI devices that turned out to cause some issues, see the revert itself for more details. Lastly, there is a change to move compatibility flags for a new VirtIO-net feature to the correct machine type. The feature was introduced in QEMU 8.2, but the compatibility flags got added to machine version 8.0 instead of 8.1. This breaks backwards migration with machine version 8.1 from a 8.2/9.0 binary to an 8.1 binary, in cases where the guest kernel enables the feature (e.g. Ubuntu 23.10). While that breaks migration with machine version 8.1 from an unpatched to a patched binary, Proxmox VE only ever had 8.2 on the test repository and 9.0 not yet in any public repository. An upstream developer suggested it is the proper fix [0]. Upstream submission [1]. [0]: https://lore.kernel.org/qemu-devel/CACGkMEtZrJuhof+hUGVRvLLQE+8nQE5XmSHpT0NAQ1EpnqfmsA@mail.gmail.com/T/#u [1]: https://lore.kernel.org/qemu-devel/20240517075336.104091-1-f.ebner@proxmox.com/T/#u Signed-off-by: Fiona Ebner <f.ebner@proxmox.com> 2024-05-17 11:44:57 +03:00			`From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001`
			`From: Paolo Bonzini <pbonzini@redhat.com>`
			`Date: Thu, 9 May 2024 12:38:10 +0200`
			`Subject: [PATCH] target/i386: fix operand size for DATA16 REX.W POPCNT`

			`According to the manual, 32-bit vs 64-bit is governed by REX.W`
			`and REX ignores the 0x66 prefix. This can be confirmed with this`
			`program:`

			`#include <stdio.h>`
			`int main()`
			`{`
			`int x = 0x12340000;`
			`int y;`
			`asm("popcntl %1, %0" : "=r" (y) : "r" (x)); printf("%x\n", y);`
			`asm("mov $-1, %0; .byte 0x66; popcntl %1, %0" : "+r" (y) : "r" (x)); printf("%x\n", y);`
			`asm("mov $-1, %0; .byte 0x66; popcntq %q1, %q0" : "+r" (y) : "r" (x)); printf("%x\n", y);`
			`}`

			`which prints 5/ffff0000/5 on real hardware and 5/ffff0000/ffff0000`
			`on QEMU.`

			`Cc: qemu-stable@nongnu.org`
			`Reviewed-by: Zhao Liu <zhao1.liu@intel.com>`
			`Reviewed-by: Richard Henderson <richard.henderson@linaro.org>`
			`Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>`
			`(cherry picked from commit 41c685dc59bb611096f3bb6a663cfa82e4cba97b)`
			`[FE: keep mo_64_32 helper which still has other users in 9.0.0]`
			`Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>`
			`---`
			`target/i386/tcg/translate.c \| 7 +------`
			`1 file changed, 1 insertion(+), 6 deletions(-)`

			`diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c`
			`index 76a42c679c..b60f3bd642 100644`
			`--- a/target/i386/tcg/translate.c`
			`+++ b/target/i386/tcg/translate.c`
			`@@ -6799,12 +6799,7 @@ static bool disas_insn(DisasContext s, CPUState cpu)`
			`modrm = x86_ldub_code(env, s);`
			`reg = ((modrm >> 3) & 7) \| REX_R(s);`

			`- if (s->prefix & PREFIX_DATA) {`
			`- ot = MO_16;`
			`- } else {`
			`- ot = mo_64_32(dflag);`
			`- }`
			`-`
			`+ ot = dflag;`
			`gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);`
			`gen_extu(ot, s->T0);`
			`tcg_gen_mov_tl(cpu_cc_src, s->T0);`