Description of problem: The KVM x86 emulator does calculates rip-relative addresses incorrectly: if they contain an immediate operand, then the memory operand's address will be off by the size of the immediate operand. Example: movl $0, somewhere(%rip) Version-Release number of selected component (if applicable): kvm-83-259.el5 How reproducible: Never Steps to Reproduce: 1. Find a guest which accesses mmio using an rip-relative instruction with an immediate 2. Run guest 3. Watch guest malfunction Actual results: Guest malfunctions Expected results: Guest works correctly Additional info:
Upstream fix: commit cb16c348760ad2bc79b67b20aefac05529569ed7 Author: Avi Kivity <avi> Date: Sun Jun 19 19:21:11 2011 +0300 KVM: x86 emulator: fix %rip-relative addressing with immediate source operand %rip-relative addressing is relative to the first byte of the next instruction, so we need to add %rip only after we've fetched any immediate bytes. Based on original patch by Li Xin <xin.li>. Signed-off-by: Avi Kivity <avi> Acked-by: Li Xin <xin.li> Signed-off-by: Marcelo Tosatti <mtosatti>
Postponed to RHEL5.10, and then maybe to 5.11. This bug fix is not trivial, and since we never encountered it in the field let's keep it in the pipeline.
Same analysis as bug 848328. afaict, we don't need this. Gleb, please confirm.