mirror of
https://github.com/qemu/qemu.git
synced 2024-12-14 06:53:43 +08:00
93bf9a4273
The TCG backend uses LOWREGMASK to get the low 3 bits of register numbers.
This was defined as no-op for 32-bit x86, with the assumption that we have
eight registers anyway. This assumption is not true once we have xmm regs.
Since LOWREGMASK was a no-op, xmm register indidices were wrong in opcodes
and have overflown into other opcode fields, wreaking havoc.
To trigger these problems, you can try running the "movi d8, #0x0" AArch64
instruction on 32-bit x86. "vpxor %xmm0, %xmm0, %xmm0" should be generated,
but instead TCG generated "vpxor %xmm0, %xmm0, %xmm2".
Fixes:
|
||
---|---|---|
.. | ||
tcg-target.h | ||
tcg-target.inc.c | ||
tcg-target.opc.h |