Red Hat Bugzilla – Bug 89487
ljmp *%eax can't be created
Last modified: 2005-10-31 17:00:50 EST
Description of problem:
A far jump to an indirect address can not be created using __asm __volatile
According to Intel docs, this should produce the instruction sequence FF /5, but
instead I get the error "suffix or operands invalid for `ljmp'"
Version-Release number of selected component (if applicable):
gcc version 2.96 20000731 (Red Hat Linux 7.1 2.96-81)
Create a .c file, and in main() place:
__asm __volatile("ljmp *%eax");
A compiler error will result. However, the following works:
__asm __volatile("jmp *%eax");
But, as expected, this produces a near jump.
If I hack the correct machine code into my binary, then objdump -d disassembles
it correctly. The only change needed is to support ljmp with an indirect
address. Here is the correct machine code which should result:
ljmp *%eax -> 0xFF 0xE8
jmp *%eax -> 0xFF 0xE0
So, the only difference is setting the 3rd bit of the second opcode.
As a work around, I have placed the following in my code:
__asm __volatile(".byte 0xFF");
__asm __volatile(".byte 0xE8");
Because of this work around, I have placed the bug at low priority.
This has nothing to do with gcc.
It is gas which refuses to assemble it.
Now, although it is possible to create .byte 0xff, 0xe8 instruction by hand,
I'd like to know what do you expect the instruction to do and whether any CPU
actually implements it (and how).
You certainly cannot fit a 48 bit destination address into 32 bit register,
if you want to jump to the 48 bit address pointed by %eax register, the insn
is ljmp *(%eax) (which is 0xff 0x28).
Looking e.g. at the bochs IA-32 emulator, 0xff 0xe8 insn generates an invalid
Thanks for pointing out the correct instruction I wanted. I did not notice the
small difference between the two.
I have changed my code to use ljmp *(%eax) and that appears to work the same as
my old 0xFF 0xE8 hack.
I am running my code in VMware Workstation 3.2.0, so I guess the bug is really
in their code, because they implemented the 0xFF 0xE8 instruction by mistake.