* [Qemu-devel] [PATCH for-2.9 0/2] tcg/sparc: zero extend ld/st helper args
@ 2017-03-27 16:04 Peter Maydell
2017-03-27 16:04 ` [Qemu-devel] [PATCH for-2.9 1/2] tcg/sparc: Zero extend data argument to store helpers Peter Maydell
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: Peter Maydell @ 2017-03-27 16:04 UTC (permalink / raw)
To: qemu-devel; +Cc: patches, Richard Henderson
These patches fix problems with the SPARC TCG backend code
which calls the load and store helpers. Where the argument
being passed to the helper is narrower than the size of the
native register, the SPARC calling convention requires that
we extend it to the register size, but we weren't doing that.
This meant we passed the host code registers which might have
garbage in the high parts, and if the host code was built
with optimization this resulted in wrong behaviour.
I still see problems trying to run the bits of 'make check'
that run guest code, but at least with these patches we can
run the i386 bios code enough to try to do PXE boot and not
find a server.
Peter Maydell (2):
tcg/sparc: Zero extend data argument to store helpers
tcg/sparc: Zero extend address argument to ld/st helpers
tcg/sparc/tcg-target.inc.c | 31 +++++++++++++++++++++++++++++--
1 file changed, 29 insertions(+), 2 deletions(-)
--
2.7.4
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Qemu-devel] [PATCH for-2.9 1/2] tcg/sparc: Zero extend data argument to store helpers
2017-03-27 16:04 [Qemu-devel] [PATCH for-2.9 0/2] tcg/sparc: zero extend ld/st helper args Peter Maydell
@ 2017-03-27 16:04 ` Peter Maydell
2017-03-28 15:52 ` Philippe Mathieu-Daudé
2017-03-27 16:04 ` [Qemu-devel] [PATCH for-2.9 2/2] tcg/sparc: Zero extend address argument to ld/st helpers Peter Maydell
2017-03-27 23:35 ` [Qemu-devel] [PATCH for-2.9 0/2] tcg/sparc: zero extend ld/st helper args Richard Henderson
2 siblings, 1 reply; 7+ messages in thread
From: Peter Maydell @ 2017-03-27 16:04 UTC (permalink / raw)
To: qemu-devel; +Cc: patches, Richard Henderson
The C store helper functions take the data argument as a uint8_t,
uint16_t, etc depending on the store size. The SPARC calling
convention requires that data types smaller than the register
size must be extended by the caller. We weren't doing this,
which meant that if QEMU was compiled with optimizations enabled
we could end up storing incorrect values to guest memory.
(In particular the i386 guest BIOS would crash on startup.)
Add code to the trampolines that call the store helpers to
do the zero extension as required.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
tcg/sparc/tcg-target.inc.c | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)
diff --git a/tcg/sparc/tcg-target.inc.c b/tcg/sparc/tcg-target.inc.c
index d1f4c0d..548bea2 100644
--- a/tcg/sparc/tcg-target.inc.c
+++ b/tcg/sparc/tcg-target.inc.c
@@ -843,6 +843,31 @@ static void tcg_out_mb(TCGContext *s, TCGArg a0)
static tcg_insn_unit *qemu_ld_trampoline[16];
static tcg_insn_unit *qemu_st_trampoline[16];
+static void emit_extend(TCGContext *s, TCGReg r, int op)
+{
+ /* Emit zero extend of 8, 16 or 32 bit data as
+ * required by the MO_* value op; do nothing for 64 bit.
+ */
+ switch (op) {
+ case MO_UB:
+ tcg_out_arithi(s, r, r, 0xff, ARITH_AND);
+ break;
+ case MO_LEUW:
+ case MO_BEUW:
+ tcg_out_arithi(s, r, r, 16, SHIFT_SLL);
+ tcg_out_arithi(s, r, r, 16, SHIFT_SRL);
+ break;
+ case MO_LEUL:
+ case MO_BEUL:
+ if (SPARC64) {
+ tcg_out_arith(s, r, r, 0, SHIFT_SRL);
+ }
+ break;
+ default:
+ break;
+ }
+}
+
static void build_trampolines(TCGContext *s)
{
static void * const qemu_ld_helpers[16] = {
@@ -910,6 +935,7 @@ static void build_trampolines(TCGContext *s)
qemu_st_trampoline[i] = s->code_ptr;
if (SPARC64) {
+ emit_extend(s, TCG_REG_O2, i);
ra = TCG_REG_O4;
} else {
ra = TCG_REG_O1;
@@ -925,6 +951,7 @@ static void build_trampolines(TCGContext *s)
tcg_out_arithi(s, ra, ra + 1, 32, SHIFT_SRLX);
ra += 2;
} else {
+ emit_extend(s, i, ra);
ra += 1;
}
/* Skip the oi argument. */
--
2.7.4
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Qemu-devel] [PATCH for-2.9 2/2] tcg/sparc: Zero extend address argument to ld/st helpers
2017-03-27 16:04 [Qemu-devel] [PATCH for-2.9 0/2] tcg/sparc: zero extend ld/st helper args Peter Maydell
2017-03-27 16:04 ` [Qemu-devel] [PATCH for-2.9 1/2] tcg/sparc: Zero extend data argument to store helpers Peter Maydell
@ 2017-03-27 16:04 ` Peter Maydell
2017-03-27 23:35 ` [Qemu-devel] [PATCH for-2.9 0/2] tcg/sparc: zero extend ld/st helper args Richard Henderson
2 siblings, 0 replies; 7+ messages in thread
From: Peter Maydell @ 2017-03-27 16:04 UTC (permalink / raw)
To: qemu-devel; +Cc: patches, Richard Henderson
The C store helper functions take the address argument as a
target_ulong type; if this is 32 bit but the host is 64 bit
then the SPARC calling convention requires that the caller
must zero extend the value. We weren't doing this, which
meant we could pass values to the caller with high bits set
and QEMU would crash if it was compiled with optimizations.
In particular, the i386 BIOS would not start.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
tcg/sparc/tcg-target.inc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tcg/sparc/tcg-target.inc.c b/tcg/sparc/tcg-target.inc.c
index 548bea2..a7c4d9b 100644
--- a/tcg/sparc/tcg-target.inc.c
+++ b/tcg/sparc/tcg-target.inc.c
@@ -1146,7 +1146,7 @@ static void tcg_out_qemu_ld(TCGContext *s, TCGReg data, TCGReg addr,
/* Skip the high-part; we'll perform the extract in the trampoline. */
param++;
}
- tcg_out_mov(s, TCG_TYPE_REG, param++, addr);
+ tcg_out_mov(s, TCG_TYPE_REG, param++, addrz);
/* We use the helpers to extend SB and SW data, leaving the case
of SL needing explicit extending below. */
@@ -1226,7 +1226,7 @@ static void tcg_out_qemu_st(TCGContext *s, TCGReg data, TCGReg addr,
/* Skip the high-part; we'll perform the extract in the trampoline. */
param++;
}
- tcg_out_mov(s, TCG_TYPE_REG, param++, addr);
+ tcg_out_mov(s, TCG_TYPE_REG, param++, addrz);
if (!SPARC64 && (memop & MO_SIZE) == MO_64) {
/* Skip the high-part; we'll perform the extract in the trampoline. */
param++;
--
2.7.4
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [Qemu-devel] [PATCH for-2.9 0/2] tcg/sparc: zero extend ld/st helper args
2017-03-27 16:04 [Qemu-devel] [PATCH for-2.9 0/2] tcg/sparc: zero extend ld/st helper args Peter Maydell
2017-03-27 16:04 ` [Qemu-devel] [PATCH for-2.9 1/2] tcg/sparc: Zero extend data argument to store helpers Peter Maydell
2017-03-27 16:04 ` [Qemu-devel] [PATCH for-2.9 2/2] tcg/sparc: Zero extend address argument to ld/st helpers Peter Maydell
@ 2017-03-27 23:35 ` Richard Henderson
2017-04-03 12:34 ` Peter Maydell
2 siblings, 1 reply; 7+ messages in thread
From: Richard Henderson @ 2017-03-27 23:35 UTC (permalink / raw)
To: Peter Maydell, qemu-devel; +Cc: patches
On 03/28/2017 02:04 AM, Peter Maydell wrote:
> These patches fix problems with the SPARC TCG backend code
> which calls the load and store helpers. Where the argument
> being passed to the helper is narrower than the size of the
> native register, the SPARC calling convention requires that
> we extend it to the register size, but we weren't doing that.
> This meant we passed the host code registers which might have
> garbage in the high parts, and if the host code was built
> with optimization this resulted in wrong behaviour.
>
> I still see problems trying to run the bits of 'make check'
> that run guest code, but at least with these patches we can
> run the i386 bios code enough to try to do PXE boot and not
> find a server.
>
>
> Peter Maydell (2):
> tcg/sparc: Zero extend data argument to store helpers
> tcg/sparc: Zero extend address argument to ld/st helpers
>
> tcg/sparc/tcg-target.inc.c | 31 +++++++++++++++++++++++++++++--
> 1 file changed, 29 insertions(+), 2 deletions(-)
>
Reviewed-by: Richard Henderson <rth@twiddle.net>
r~
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Qemu-devel] [PATCH for-2.9 1/2] tcg/sparc: Zero extend data argument to store helpers
2017-03-27 16:04 ` [Qemu-devel] [PATCH for-2.9 1/2] tcg/sparc: Zero extend data argument to store helpers Peter Maydell
@ 2017-03-28 15:52 ` Philippe Mathieu-Daudé
2017-03-28 15:55 ` Peter Maydell
0 siblings, 1 reply; 7+ messages in thread
From: Philippe Mathieu-Daudé @ 2017-03-28 15:52 UTC (permalink / raw)
To: Peter Maydell; +Cc: qemu-devel, Richard Henderson, patches
Hi Peter,
On 03/27/2017 01:04 PM, Peter Maydell wrote:
> The C store helper functions take the data argument as a uint8_t,
> uint16_t, etc depending on the store size. The SPARC calling
> convention requires that data types smaller than the register
> size must be extended by the caller. We weren't doing this,
> which meant that if QEMU was compiled with optimizations enabled
> we could end up storing incorrect values to guest memory.
> (In particular the i386 guest BIOS would crash on startup.)
>
> Add code to the trampolines that call the store helpers to
> do the zero extension as required.
>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
> tcg/sparc/tcg-target.inc.c | 27 +++++++++++++++++++++++++++
> 1 file changed, 27 insertions(+)
>
> diff --git a/tcg/sparc/tcg-target.inc.c b/tcg/sparc/tcg-target.inc.c
> index d1f4c0d..548bea2 100644
> --- a/tcg/sparc/tcg-target.inc.c
> +++ b/tcg/sparc/tcg-target.inc.c
> @@ -843,6 +843,31 @@ static void tcg_out_mb(TCGContext *s, TCGArg a0)
> static tcg_insn_unit *qemu_ld_trampoline[16];
> static tcg_insn_unit *qemu_st_trampoline[16];
>
> +static void emit_extend(TCGContext *s, TCGReg r, int op)
> +{
> + /* Emit zero extend of 8, 16 or 32 bit data as
> + * required by the MO_* value op; do nothing for 64 bit.
> + */
> + switch (op) {
> + case MO_UB:
> + tcg_out_arithi(s, r, r, 0xff, ARITH_AND);
> + break;
> + case MO_LEUW:
> + case MO_BEUW:
> + tcg_out_arithi(s, r, r, 16, SHIFT_SLL);
> + tcg_out_arithi(s, r, r, 16, SHIFT_SRL);
> + break;
> + case MO_LEUL:
> + case MO_BEUL:
> + if (SPARC64) {
> + tcg_out_arith(s, r, r, 0, SHIFT_SRL);
> + }
> + break;
> + default:
> + break;
> + }
it seems to me easier to read masking op:
switch (op & MO_SIZE) {
case MO_8:
tcg_out_arithi(s, r, r, 0xff, ARITH_AND);
break;
case MO_16:
tcg_out_arithi(s, r, r, 16, SHIFT_SLL);
tcg_out_arithi(s, r, r, 16, SHIFT_SRL);
break;
case MO_32:
if (SPARC64) {
tcg_out_arith(s, r, r, 0, SHIFT_SRL);
}
break;
case MO_64:
break;
}
> +}
> +
> static void build_trampolines(TCGContext *s)
> {
> static void * const qemu_ld_helpers[16] = {
> @@ -910,6 +935,7 @@ static void build_trampolines(TCGContext *s)
> qemu_st_trampoline[i] = s->code_ptr;
>
> if (SPARC64) {
> + emit_extend(s, TCG_REG_O2, i);
shouldn't be inverting args?
emit_extend(s, i, TCG_REG_O2);
> ra = TCG_REG_O4;
> } else {
> ra = TCG_REG_O1;
> @@ -925,6 +951,7 @@ static void build_trampolines(TCGContext *s)
> tcg_out_arithi(s, ra, ra + 1, 32, SHIFT_SRLX);
> ra += 2;
> } else {
> + emit_extend(s, i, ra);
> ra += 1;
> }
> /* Skip the oi argument. */
>
regards,
Phil.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Qemu-devel] [PATCH for-2.9 1/2] tcg/sparc: Zero extend data argument to store helpers
2017-03-28 15:52 ` Philippe Mathieu-Daudé
@ 2017-03-28 15:55 ` Peter Maydell
0 siblings, 0 replies; 7+ messages in thread
From: Peter Maydell @ 2017-03-28 15:55 UTC (permalink / raw)
To: Philippe Mathieu-Daudé; +Cc: QEMU Developers, Richard Henderson, patches
On 28 March 2017 at 16:52, Philippe Mathieu-Daudé <f4bug@amsat.org> wrote:
> On 03/27/2017 01:04 PM, Peter Maydell wrote:
> it seems to me easier to read masking op:
>
> switch (op & MO_SIZE) {
> case MO_8:
> tcg_out_arithi(s, r, r, 0xff, ARITH_AND);
> break;
> case MO_16:
> tcg_out_arithi(s, r, r, 16, SHIFT_SLL);
> tcg_out_arithi(s, r, r, 16, SHIFT_SRL);
> break;
> case MO_32:
> if (SPARC64) {
> tcg_out_arith(s, r, r, 0, SHIFT_SRL);
> }
> break;
> case MO_64:
> break;
> }
Yes, agreed.
>> +}
>> +
>> static void build_trampolines(TCGContext *s)
>> {
>> static void * const qemu_ld_helpers[16] = {
>> @@ -910,6 +935,7 @@ static void build_trampolines(TCGContext *s)
>> qemu_st_trampoline[i] = s->code_ptr;
>>
>> if (SPARC64) {
>> + emit_extend(s, TCG_REG_O2, i);
>
>
> shouldn't be inverting args?
> emit_extend(s, i, TCG_REG_O2);
emit_extend() takes the TCG reg first and the 'op' second,
so this call is correct...
>> ra = TCG_REG_O4;
>> } else {
>> ra = TCG_REG_O1;
>> @@ -925,6 +951,7 @@ static void build_trampolines(TCGContext *s)
>> tcg_out_arithi(s, ra, ra + 1, 32, SHIFT_SRLX);
>> ra += 2;
>> } else {
>> + emit_extend(s, i, ra);
...but this one isn't; I don't have 32-bit sparc host to test
with so I missed the error.
>> ra += 1;
>> }
>> /* Skip the oi argument. */
thanks
-- PMM
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Qemu-devel] [PATCH for-2.9 0/2] tcg/sparc: zero extend ld/st helper args
2017-03-27 23:35 ` [Qemu-devel] [PATCH for-2.9 0/2] tcg/sparc: zero extend ld/st helper args Richard Henderson
@ 2017-04-03 12:34 ` Peter Maydell
0 siblings, 0 replies; 7+ messages in thread
From: Peter Maydell @ 2017-04-03 12:34 UTC (permalink / raw)
To: Richard Henderson; +Cc: QEMU Developers, patches
On 28 March 2017 at 00:35, Richard Henderson <rth@twiddle.net> wrote:
> On 03/28/2017 02:04 AM, Peter Maydell wrote:
>>
>> These patches fix problems with the SPARC TCG backend code
>> which calls the load and store helpers. Where the argument
>> being passed to the helper is narrower than the size of the
>> native register, the SPARC calling convention requires that
>> we extend it to the register size, but we weren't doing that.
>> This meant we passed the host code registers which might have
>> garbage in the high parts, and if the host code was built
>> with optimization this resulted in wrong behaviour.
>>
>> I still see problems trying to run the bits of 'make check'
>> that run guest code, but at least with these patches we can
>> run the i386 bios code enough to try to do PXE boot and not
>> find a server.
>>
>>
>> Peter Maydell (2):
>> tcg/sparc: Zero extend data argument to store helpers
>> tcg/sparc: Zero extend address argument to ld/st helpers
>>
>> tcg/sparc/tcg-target.inc.c | 31 +++++++++++++++++++++++++++++--
>> 1 file changed, 29 insertions(+), 2 deletions(-)
>>
>
> Reviewed-by: Richard Henderson <rth@twiddle.net>
Applied to master, thanks.
(PS: your mail system seems to have sat on your reviewed-by
email for the best part of a week.)
thanks
-- PMM
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2017-04-03 12:34 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-03-27 16:04 [Qemu-devel] [PATCH for-2.9 0/2] tcg/sparc: zero extend ld/st helper args Peter Maydell
2017-03-27 16:04 ` [Qemu-devel] [PATCH for-2.9 1/2] tcg/sparc: Zero extend data argument to store helpers Peter Maydell
2017-03-28 15:52 ` Philippe Mathieu-Daudé
2017-03-28 15:55 ` Peter Maydell
2017-03-27 16:04 ` [Qemu-devel] [PATCH for-2.9 2/2] tcg/sparc: Zero extend address argument to ld/st helpers Peter Maydell
2017-03-27 23:35 ` [Qemu-devel] [PATCH for-2.9 0/2] tcg/sparc: zero extend ld/st helper args Richard Henderson
2017-04-03 12:34 ` Peter Maydell
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.