Am 24.10.2013 23:47, schrieb Paolo Bonzini:
> Il 24/10/2013 17:37, Stefan Weil ha scritto:
>> Yes, that works, too. It also fixes the problem with the assertion
>> (tested with Wine).
>> No, we cannot remove from_, because the same interface is also used
>> for Linux and other hosts which don't have a 'current' variable.
>> Or we would have to call qemu_coroutine_self() to get the current
>> coroutine.
> Yes, I was thinking of using qemu_coroutine_self().
> By the way, can you post the two assembly language outputs for just
> -     CoroutineWin32 *from = DO_UPCAST(CoroutineWin32, base, from_);
> +     CoroutineWin32 *from = DO_UPCAST(CoroutineWin32, base, current);
> which AIUI works and is enough to fix the bug?
> Paolo

See disassembled code below. I removed compiler option -fstack-protector-all
to simplify the assembler code and tested that the result was not affected
by this removal.

The C and assembler code from the test is also available at


unpatched QEMU, crash with assertion

00448670 <_qemu_coroutine_switch>:
  448670:       53                      push   %ebx
  448671:       83 ec 18                sub    $0x18,%esp
  448674:       c7 04 24 a8 62 6d 00    movl   $0x6d62a8,(%esp)
  44867b:       8b 5c 24 24             mov    0x24(%esp),%ebx
  44867f:       e8 ec 9e 27 00          call   6c2570
  448684:       89 18                   mov    %ebx,(%eax)
  448686:       8b 44 24 28             mov    0x28(%esp),%eax
  44868a:       89 43 24                mov    %eax,0x24(%ebx)
  44868d:       8b 43 20                mov    0x20(%ebx),%eax
  448690:       89 04 24                mov    %eax,(%esp)
  448693:       ff 15 c0 5f 83 00       call   *0x835fc0
  448699:       83 ec 04                sub    $0x4,%esp
  44869c:       8b 44 24 20             mov    0x20(%esp),%eax
  4486a0:       8b 40 24                mov    0x24(%eax),%eax
  4486a3:       83 c4 18                add    $0x18,%esp
  4486a6:       5b                      pop    %ebx
  4486a7:       c3                      ret   

patched, works

00448620 <_qemu_coroutine_switch>:
  448620:       83 ec 1c                sub    $0x1c,%esp
  448623:       c7 04 24 a8 62 6d 00    movl   $0x6d62a8,(%esp)
  44862a:       89 5c 24 14             mov    %ebx,0x14(%esp)
  44862e:       8b 5c 24 24             mov    0x24(%esp),%ebx
  448632:       89 74 24 18             mov    %esi,0x18(%esp)
  448636:       e8 25 9f 27 00          call   6c2560
  44863b:       8b 30                   mov    (%eax),%esi
  44863d:       89 18                   mov    %ebx,(%eax)
  44863f:       8b 44 24 28             mov    0x28(%esp),%eax
  448643:       89 43 24                mov    %eax,0x24(%ebx)
  448646:       8b 43 20                mov    0x20(%ebx),%eax
  448649:       89 04 24                mov    %eax,(%esp)
  44864c:       ff 15 c0 5f 83 00       call   *0x835fc0
  448652:       8b 46 24                mov    0x24(%esi),%eax
  448655:       83 ec 04                sub    $0x4,%esp
  448658:       8b 5c 24 14             mov    0x14(%esp),%ebx
  44865c:       8b 74 24 18             mov    0x18(%esp),%esi
  448660:       83 c4 1c                add    $0x1c,%esp
  448663:       c3                      ret   

Reply via email to