aboutsummaryrefslogtreecommitdiff
path: root/disas
AgeCommit message (Collapse)Author
2019-06-27disas/riscv: Fix `rdinstreth` constraintWladimir J. van der Laan
The constraint for `rdinstreth` was comparing the csr number to 0xc80, which is `cycleh` instead. Fix this. Signed-off-by: Wladimir J. van der Laan <laanwj@gmail.com> Signed-off-by: Michael Clark <mjc@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Palmer Dabbelt <palmer@sifive.com> Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2019-06-27disas/riscv: Disassemble reserved compressed encodings as illegalMichael Clark
Due to the design of the disassembler, the immediate is not known during decoding of the opcode; so to handle compressed encodings with reserved immediate values (non-zero), we need to add an additional check during decompression to match reserved encodings with zero immediates and translate them into the illegal instruction. The following compressed opcodes have reserved encodings with zero immediates: c.addi4spn, c.addi, c.lui, c.addi16sp, c.srli, c.srai, c.andi and c.slli Signed-off-by: Michael Clark <mjc@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com> [Palmer: Broke long lines] Reviewed-by: Palmer Dabbelt <palmer@sifive.com> Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2019-06-12Include qemu-common.h exactly where neededMarkus Armbruster
No header includes qemu-common.h after this commit, as prescribed by qemu-common.h's file comment. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20190523143508.25387-5-armbru@redhat.com> [Rebased with conflicts resolved automatically, except for include/hw/arm/xlnx-zynqmp.h hw/arm/nrf51_soc.c hw/arm/msf2-soc.c block/qcow2-refcount.c block/qcow2-cluster.c block/qcow2-cache.c target/arm/cpu.h target/lm32/cpu.h target/m68k/cpu.h target/mips/cpu.h target/moxie/cpu.h target/nios2/cpu.h target/openrisc/cpu.h target/riscv/cpu.h target/tilegx/cpu.h target/tricore/cpu.h target/unicore32/cpu.h target/xtensa/cpu.h; bsd-user/main.c and net/tap-bsd.c fixed up]
2019-05-13Clean up header guards that don't match their file nameMarkus Armbruster
Header guard symbols should match their file name to make guard collisions less likely. Cleaned up with scripts/clean-header-guards.pl, followed by some renaming of new guard symbols picked by the script to better ones. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20190315145123.28030-6-armbru@redhat.com> [Rebase to master: update include/hw/net/ne2000-isa.h]
2019-04-18disas: Rename include/disas/bfd.h back to include/disas/dis-asm.hMarkus Armbruster
Commit dc99065b5f9 (v0.1.0) added dis-asm.h from binutils. Commit 43d4145a986 (v0.1.5) inlined bfd.h into dis-asm.h to remove the dependency on binutils. Commit 76cad71136b (v1.4.0) moved dis-asm.h to include/disas/bfd.h. The new name is confusing when you try to match against (pre GPLv3+) binutils. Rename it back. Keep it in the same directory, of course. Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20190417191805.28198-17-armbru@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2019-03-19RISC-V: Remove unnecessary disassembler constraintsMichael Clark
Remove machine generated constraints that are not referenced by the pseudo-instruction constraints. Cc: Palmer Dabbelt <palmer@sifive.com> Cc: Sagar Karandikar <sagark@eecs.berkeley.edu> Cc: Bastian Koppelmann <kbastian@mail.uni-paderborn.de> Cc: Alistair Francis <Alistair.Francis@wdc.com> Signed-off-by: Michael Clark <mjc@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2019-03-05disas: nanoMIPS: Add graphical description of pool organizationAleksandar Markovic
Add graphical description of nanoMIPS instruction pool organization. Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com> Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com> Message-Id: <1551800076-8104-3-git-send-email-aleksandar.markovic@rt-rk.com>
2019-03-05disas: nanoMIPS: Correct comments to handlers of some DSP instructionsAleksandar Markovic
Correct comments to handlers of some DSP instructions. Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com> Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com> Message-Id: <1551800076-8104-2-git-send-email-aleksandar.markovic@rt-rk.com>
2019-02-27disas: nanoMIPS: Fix a function misnomerAleksandar Markovic
Rename function extract_ac_13_12() to extract_ac_15_14(). Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com> Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com> Message-Id: <1551185735-17154-3-git-send-email-aleksandar.markovic@rt-rk.com>
2019-01-24disas: nanoMIPS: Amend DSP instructions related commentsAleksandar Markovic
Amend some DSP instructions related comments. Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-11remove space-tab sequencesPaolo Bonzini
There are not many, and they are all simple mistakes that ended up being committed. Remove them. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20181213223737.11793-2-pbonzini@redhat.com> Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com> Acked-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-01-03disas: nanoMIPS: Add a note on documentationAleksandar Markovic
Add "nanoMIPS32 Instruction Set Technical Reference Manual" as a reference. Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-03disas: nanoMIPS: Reorder declarations and definitions of gpr decodersAleksandar Markovic
Reorder declarations and definitions of gpr decoders by number of input bits of corresponding encoding type. Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-03disas: nanoMIPS: Comment the decoder of 'gpr1' gpr encoding typeAleksandar Markovic
Comment the decoder of 'gpr1' gpr encoding type in nanoMIPS disassembler. Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-03disas: nanoMIPS: Rename the decoder of 'gpr1' gpr encoding typeAleksandar Markovic
Rename the decoder of 'gpr1' gpr encoding type in nanoMIPS disassembler. Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-03disas: nanoMIPS: Comment the decoder of 'gpr2.reg2' gpr encoding typeAleksandar Markovic
Comment the decoder of 'gpr2.reg2' gpr encoding type in nanoMIPS disassembler. Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-03disas: nanoMIPS: Rename the decoder of 'gpr2.reg2' gpr encoding typeAleksandar Markovic
Rename the decoder of 'gpr2.reg2' gpr encoding type in nanoMIPS disassembler. Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-03disas: nanoMIPS: Comment the decoder of 'gpr2.reg1' gpr encoding typeAleksandar Markovic
Comment the decoder of 'gpr2.reg1' gpr encoding type in nanoMIPS disassembler. Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-03disas: nanoMIPS: Rename the decoder of 'gpr2.reg1' gpr encoding typeAleksandar Markovic
Rename the decoder of 'gpr2.reg1' gpr encoding type in nanoMIPS disassembler. Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-03disas: nanoMIPS: Comment the decoder of 'gpr4.zero' gpr encoding typeAleksandar Markovic
Comment the decoder of 'gpr4.zero' gpr encoding type in nanoMIPS disassembler. Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-03disas: nanoMIPS: Rename the decoder of 'gpr4.zero' gpr encoding typeAleksandar Markovic
Rename the decoder of 'gpr4.zero' gpr encoding type in nanoMIPS disassembler. Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-03disas: nanoMIPS: Comment the decoder of 'gpr4' gpr encoding typeAleksandar Markovic
Comment the decoder of 'gpr4' gpr encoding type in nanoMIPS disassembler. Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-03disas: nanoMIPS: Rename the decoder of 'gpr4' gpr encoding typeAleksandar Markovic
Rename the decoder of 'gpr4' gpr encoding type in nanoMIPS disassembler. Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-03disas: nanoMIPS: Comment the decoder of 'gpr3.src.store' gpr encoding typeAleksandar Markovic
Comment the decoder of 'gpr3.src.store' gpr encoding type in nanoMIPS disassembler. Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-03disas: nanoMIPS: Rename the decoder of 'gpr3.src.store' gpr encoding typeAleksandar Markovic
Rename the decoder of 'gpr3.src.store' gpr encoding type in nanoMIPS disassembler. Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-03disas: nanoMIPS: Comment the decoder of 'gpr3' gpr encoding typeAleksandar Markovic
Comment the decoder of 'gpr3' gpr encoding type in nanoMIPS disassembler. Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-03disas: nanoMIPS: Rename the decoder of 'gpr3' gpr encoding typeAleksandar Markovic
Rename the decoder of 'gpr3' gpr encoding type in nanoMIPS disassembler. Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-03disas: nanoMIPS: Fix order of more invocationsAleksandar Markovic
Fix order of extraction function invocations so that extraction goes from MSB side to LSB side of the given instruction coding content. This is desireable because of consistency and easier visual spotting of errors. After this patch, all such invocations should be in the desired order. Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-03disas: nanoMIPS: Name more functions in a more descriptive wayAleksandar Markovic
Rename more functions that have names that are hard to understand. Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-03disas: nanoMIPS: Fix an FP-related misnomer 3Aleksandar Markovic
Rename NMD::extract_ft_20_19_18_17_16(uint64 instruction) to NMD::extract_ft_25_24_23_22_21(uint64 instruction). Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-03disas: nanoMIPS: Fix an FP-related misnomer 2Aleksandar Markovic
Rename NMD::extract_fs_15_14_13_12_11(uint64 instruction) to NMD::extract_fs_20_19_18_17_16(uint64 instruction). Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-03disas: nanoMIPS: Fix an FP-related misnomer 1Aleksandar Markovic
Rename NMD::extract_fd_10_9_8_7_6(uint64 instruction) to NMD::extract_fd_15_14_13_12_11(uint64 instruction). Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-03disas: nanoMIPS: Name some functions in a more descriptive wayAleksandar Markovic
Rename some functions that have names that are hard to understand. Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com> Reviewed-by: Stefan Markovic <smarkovic@wavecomp.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-03disas: nanoMIPS: Fix order of some invocationsAleksandar Markovic
Fix order of extraction function invocations so that extraction goes from MSB side to LSB side of the given instruction coding content. This is desireable because of consistency and easier visual spotting of errors. Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com> Reviewed-by: Stefan Markovic <smarkovic@wavecomp.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-03disas: nanoMIPS: Fix a function misnomerAleksandar Markovic
Fix wrong function name. The convention in these files is that names of extraction functions should reflect bit patterns they are extracting. Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com> Reviewed-by: Stefan Markovic <smarkovic@wavecomp.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-03disas: nanoMIPS: Remove functions that are not usedAleksandar Markovic
Some functions were not used at all. Compiler doesn't complain since they are class memebers. Remove them - no future usage is planned. Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com> Reviewed-by: Stefan Markovic <smarkovic@wavecomp.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-03disas: nanoMIPS: Fix preamble text in nanomips.* filesAleksandar Markovic
Fix several mistakes in preambles of nanomips disassembler source files. Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com> Reviewed-by: Stefan Markovic <smarkovic@wavecomp.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-03disas: nanoMIPS: Fix types and format stringsStefan Weil
Use POSIX types and format strings. Reviewed-by: Aleksandar Markovic <amarkovic@wavecomp.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com> Signed-off-by: Stefan Weil <sw@weilnetz.de>
2018-12-26disas/microblaze: Remove unused REG_SP macroRichard Henderson
This causes a build error with debian sid, riscv64 host: disas/microblaze.c:179: error: "REG_SP" redefined [-Werror] #define REG_SP 1 /* stack pointer */ In file included from /usr/include/signal.h:306, from include/qemu/osdep.h:101, from disas/microblaze.c:36: /usr/include/riscv64-linux-gnu/sys/ucontext.h:36: note: this is the location of the previous definition # define REG_SP 2 Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-12-21target/ppc: tcg: Implement addex instructionSuraj Jitindar Singh
Implement the addex instruction introduced in ISA V3.00 in qemu tcg. The add extended using alternate carry bit (addex) instruction performs the same operation as the add extended (adde) instruction, but using the overflow (ov) field in the fixed point exception register (xer) as the carry in and out instead of the carry (ca) field. The instruction has a Z23-form, not an XO form, as follows: ------------------------------------------------------------------ | 31 | RT | RA | RB | CY | 170 | 0 | ------------------------------------------------------------------ 0 6 11 16 21 23 31 32 However since the only valid form of the instruction defined so far is CY = 0, we can treat this like an XO form instruction. There is no dot form (addex.) of the instruction and the summary overflow (so) bit in the xer is not modified by this instruction. For simplicity we reuse the gen_op_arith_add function and add a function argument to specify where the carry in input should come from and the carry out output be stored (note must be the same location). Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-10-25target/mips: Add disassembler support for nanoMIPSAleksandar Markovic
Add disassembler support for nanoMIPS. Reviewed-by: Stefan Markovic <smarkovic@wavecomp.com> Signed-off-by: Matthew Fortune <matthew.fortune@mips.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2018-08-23fix "Missing break in switch" coverity reportsPaolo Bonzini
Many of these are marked as "intentional/fix required" because they just need adding a fall through comment. This is exactly what this patch does, except for target/mips/translate.c where it is easier to duplicate the code, and hw/audio/sb16.c where I consulted the DOSBox sources and decide to just remove the LOG_UNIMP before the fallthrough. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-07-02target/m68k: correctly disassemble move16Laurent Vivier
"move16 %a0@+,%a1@" and "fmovel (cpid=3) %a0@-,%fpcr" share the same opcode. To fix that, backport the fix from binutils: 2005-11-10 Andreas Schwab <schwab@suse.de> * m68k-dis.c (print_insn_m68k): Only match FPU insns with coprocessor ID 1. Reported-by: Thomas Huth <huth@tuxfamily.org> Signed-off-by: Laurent Vivier <laurent@vivier.eu> Tested-by: Thomas Huth <huth@tuxfamily.org> Message-Id: <20180625203559.21370-2-laurent@vivier.eu>
2018-05-06RISC-V: Fix missing break statement in disassemblerMichael Clark
This fixes an issue when disassembling rv128 c.sqsp, where the code erroneously fell through to c.swsp. Cc: Palmer Dabbelt <palmer@sifive.com> Cc: Sagar Karandikar <sagark@eecs.berkeley.edu> Cc: Bastian Koppelmann <kbastian@mail.uni-paderborn.de> Cc: Alistair Francis <Alistair.Francis@wdc.com> Cc: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Michael Clark <mjc@sifive.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2018-05-06RISC-V: Include instruction hex in disassemblyMichael Clark
This was added to help debug issues using -d in_asm. It is useful to see the instruction bytes, as one can detect if one is trying to execute ASCII or device-tree magic. Cc: Sagar Karandikar <sagark@eecs.berkeley.edu> Cc: Bastian Koppelmann <kbastian@mail.uni-paderborn.de> Signed-off-by: Michael Clark <mjc@sifive.com> Signed-off-by: Palmer Dabbelt <palmer@sifive.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
2018-03-28RISC-V: Fix incorrect disassembly for addiwMichael Clark
This fixes a bug in the disassembler constraints used to lift instructions into pseudo-instructions, whereby addiw instructions are always lifted to sext.w instead of just lifting addiw with a zero immediate. An associated fix has been made to the metadata used to machine generate the disseasembler: https://github.com/michaeljclark/riscv-meta/ commit/4a6b2f3898430768acfe201405224d2ea31e1477 Cc: Sagar Karandikar <sagark@eecs.berkeley.edu> Cc: Bastian Koppelmann <kbastian@mail.uni-paderborn.de> Cc: Palmer Dabbelt <palmer@sifive.com> Cc: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Michael Clark <mjc@sifive.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2018-03-07RISC-V DisassemblerMichael Clark
The RISC-V disassembler has no dependencies outside of the 'disas' directory so it can be applied independently. The majority of the disassembler is machine-generated from instruction set metadata: - https://github.com/michaeljclark/riscv-meta Expected checkpatch errors for consistency and brevity reasons: ERROR: line over 90 characters ERROR: trailing statements should be on next line ERROR: space prohibited between function name and open parenthesis '(' Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Michael Clark <mjc@sifive.com>
2018-01-24Merge remote-tracking branch 'remotes/xtensa/tags/20180122-xtensa' into stagingPeter Maydell
target/xtensa updates: - make mini-bootloader independent of the initial CPU state; - add noMMU XTFPGA variants; - add two noMMU cores: de212 and sample_controller; - fix issues reported by coverity against xtensa translator and disassembler. # gpg: Signature made Mon 22 Jan 2018 20:00:01 GMT # gpg: using RSA key 0x51F9CC91F83FA044 # gpg: Good signature from "Max Filippov <filippov@cadence.com>" # gpg: aka "Max Filippov <max.filippov@cogentembedded.com>" # gpg: aka "Max Filippov <jcmvbkbc@gmail.com>" # Primary key fingerprint: 2B67 854B 98E5 327D CDEB 17D8 51F9 CC91 F83F A044 * remotes/xtensa/tags/20180122-xtensa: target/xtensa: disas/xtensa: fix coverity warnings target/xtensa: add sample_controller core target/xtensa: allow different default CPU for MMU/noMMU target/xtensa: add de212 core hw/xtensa/xtfpga: support noMMU cores hw/xtensa/xtfpga: extract flash configuration hw/xtensa: extract xtensa_create_memory_regions target/xtensa: fix default sysrom/sysram addresses hw/xtensa/xtfpga: clean up function/structure names hw/xtensa/xtfpga: rewrite mini bootloader Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-01-22target/xtensa: disas/xtensa: fix coverity warningsMax Filippov
Coverity warnings CID 1385146, 1385148 1385149 and 1385150 point that xtensa_opcode_num_operands and xtensa_format_num_slots may return -1 even when xtensa_opcode_decode and xtensa_format_decode succeed. In that case unsigned counters used to iterate through operands/slots will not do the right thing. Make counters and loop bounds signed to fix the warnings. Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2018-01-16disas/s390: fix global-buffer-overflowMarc-André Lureau
Spotted thanks to ASAN: ==25226==ERROR: AddressSanitizer: global-buffer-overflow on address 0x556715a1f120 at pc 0x556714b6f6b1 bp 0x7ffcdfac1360 sp 0x7ffcdfac1350 READ of size 1 at 0x556715a1f120 thread T0 #0 0x556714b6f6b0 in init_disasm /home/elmarco/src/qemu/disas/s390.c:219 #1 0x556714b6fa6a in print_insn_s390 /home/elmarco/src/qemu/disas/s390.c:294 #2 0x55671484d031 in monitor_disas /home/elmarco/src/qemu/disas.c:635 #3 0x556714862ec0 in memory_dump /home/elmarco/src/qemu/monitor.c:1324 #4 0x55671486342a in hmp_memory_dump /home/elmarco/src/qemu/monitor.c:1418 #5 0x5567148670be in handle_hmp_command /home/elmarco/src/qemu/monitor.c:3109 #6 0x5567148674ed in qmp_human_monitor_command /home/elmarco/src/qemu/monitor.c:613 #7 0x556714b00918 in qmp_marshal_human_monitor_command /home/elmarco/src/qemu/build/qmp-marshal.c:1704 #8 0x556715138a3e in do_qmp_dispatch /home/elmarco/src/qemu/qapi/qmp-dispatch.c:104 #9 0x556715138f83 in qmp_dispatch /home/elmarco/src/qemu/qapi/qmp-dispatch.c:131 #10 0x55671485cf88 in handle_qmp_command /home/elmarco/src/qemu/monitor.c:3839 #11 0x55671514e80b in json_message_process_token /home/elmarco/src/qemu/qobject/json-streamer.c:105 #12 0x5567151bf2dc in json_lexer_feed_char /home/elmarco/src/qemu/qobject/json-lexer.c:323 #13 0x5567151bf827 in json_lexer_feed /home/elmarco/src/qemu/qobject/json-lexer.c:373 #14 0x55671514ee62 in json_message_parser_feed /home/elmarco/src/qemu/qobject/json-streamer.c:124 #15 0x556714854b1f in monitor_qmp_read /home/elmarco/src/qemu/monitor.c:3881 #16 0x556715045440 in qemu_chr_be_write_impl /home/elmarco/src/qemu/chardev/char.c:172 #17 0x556715047184 in qemu_chr_be_write /home/elmarco/src/qemu/chardev/char.c:184 #18 0x55671505a8e6 in tcp_chr_read /home/elmarco/src/qemu/chardev/char-socket.c:440 #19 0x5567150943c3 in qio_channel_fd_source_dispatch /home/elmarco/src/qemu/io/channel-watch.c:84 #20 0x7fb90292b90b in g_main_dispatch ../glib/gmain.c:3182 #21 0x7fb90292c7ac in g_main_context_dispatch ../glib/gmain.c:3847 #22 0x556715162eca in glib_pollfds_poll /home/elmarco/src/qemu/util/main-loop.c:214 #23 0x556715163001 in os_host_main_loop_wait /home/elmarco/src/qemu/util/main-loop.c:261 #24 0x5567151631fa in main_loop_wait /home/elmarco/src/qemu/util/main-loop.c:515 #25 0x556714ad6d3b in main_loop /home/elmarco/src/qemu/vl.c:1950 #26 0x556714ade329 in main /home/elmarco/src/qemu/vl.c:4865 #27 0x7fb8fe5c9009 in __libc_start_main (/lib64/libc.so.6+0x21009) #28 0x5567147af4d9 in _start (/home/elmarco/src/qemu/build/s390x-softmmu/qemu-system-s390x+0xf674d9) 0x556715a1f120 is located 32 bytes to the left of global variable 'char_hci_type_info' defined in '/home/elmarco/src/qemu/hw/bt/hci-csr.c:493:23' (0x556715a1f140) of size 104 0x556715a1f120 is located 8 bytes to the right of global variable 's390_opcodes' defined in '/home/elmarco/src/qemu/disas/s390.c:860:33' (0x556715a15280) of size 40600 This fix is based on Andreas Arnez <arnez@linux.vnet.ibm.com> upstream commit: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=9ace48f3d7d80ce09c5df60cccb433470410b11b 2014-08-19 Andreas Arnez <arnez@linux.vnet.ibm.com> * s390-dis.c (init_disasm): Simplify initialization of opc_index[]. This also fixes an access after the last element of s390_opcodes[]. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20180104160523.22995-19-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>