* [Bug 1877794] [NEW] Constant Folding on 64-bit Subtraction causes SIGILL on linux-user glxgears ppc64le to x86_64 by way of generating bad shift instruction with c=-1
@ 2020-05-09 21:55 Catherine A. Frederick
2020-05-10 8:33 ` [Bug 1877794] " Laurent Vivier
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: Catherine A. Frederick @ 2020-05-09 21:55 UTC (permalink / raw)
To: qemu-devel
Public bug reported:
Hello, I've been recently working on my own little branch of QEMU
implementing the drm IOCTLs, when I discovered that glxgears seems to
crash in GLXSwapBuffers(); with a SIGILL. I investigated this for about
2 weeks, manually trying to trace the call stack, only to find that we
seemingly crash in a bad shift instruction. Originally intended to be an
shr_i64 generated to an RLDICL, we end up with an all ones(-1) c value,
which gets thrown to the macro for generating the MB, and replaces the
instruction with mostly ones. This new instruction, FFFFFFE0 is invalid
on ppc64le, and crashes in a host SIGILL in codegen_buffer. I tried to
see if the output of translate.c had this bad instruction, but all I got
were two (shr eax, cl) instructions, and upon creating a test program
with shr (eax, cl) in it, nothing happened. Then figuring that there was
nothing actually wrong with the instruction in the first place, I turned
my eye to the optimizer, and completely disabled constant folding for
arithmetic instructions. This seemed to actually resolve the issue, and
then I slowly enabled constant folding again on various instructions
only to find that enabling not on the shifts, but on subtraction seemed
to cause the bug to reappear. I am bewildered and frankly at this point
I'm not sure I have a chance in hell of figuring out what causes it, so
I'm throwing it here.
** Affects: qemu
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1877794
Title:
Constant Folding on 64-bit Subtraction causes SIGILL on linux-user
glxgears ppc64le to x86_64 by way of generating bad shift instruction
with c=-1
Status in QEMU:
New
Bug description:
Hello, I've been recently working on my own little branch of QEMU
implementing the drm IOCTLs, when I discovered that glxgears seems to
crash in GLXSwapBuffers(); with a SIGILL. I investigated this for
about 2 weeks, manually trying to trace the call stack, only to find
that we seemingly crash in a bad shift instruction. Originally
intended to be an shr_i64 generated to an RLDICL, we end up with an
all ones(-1) c value, which gets thrown to the macro for generating
the MB, and replaces the instruction with mostly ones. This new
instruction, FFFFFFE0 is invalid on ppc64le, and crashes in a host
SIGILL in codegen_buffer. I tried to see if the output of translate.c
had this bad instruction, but all I got were two (shr eax, cl)
instructions, and upon creating a test program with shr (eax, cl) in
it, nothing happened. Then figuring that there was nothing actually
wrong with the instruction in the first place, I turned my eye to the
optimizer, and completely disabled constant folding for arithmetic
instructions. This seemed to actually resolve the issue, and then I
slowly enabled constant folding again on various instructions only to
find that enabling not on the shifts, but on subtraction seemed to
cause the bug to reappear. I am bewildered and frankly at this point
I'm not sure I have a chance in hell of figuring out what causes it,
so I'm throwing it here.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1877794/+subscriptions
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug 1877794] Re: Constant Folding on 64-bit Subtraction causes SIGILL on linux-user glxgears ppc64le to x86_64 by way of generating bad shift instruction with c=-1
2020-05-09 21:55 [Bug 1877794] [NEW] Constant Folding on 64-bit Subtraction causes SIGILL on linux-user glxgears ppc64le to x86_64 by way of generating bad shift instruction with c=-1 Catherine A. Frederick
@ 2020-05-10 8:33 ` Laurent Vivier
2020-05-10 9:06 ` Laurent Vivier
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Laurent Vivier @ 2020-05-10 8:33 UTC (permalink / raw)
To: qemu-devel
** Tags added: linux-user ppc64le
** Tags added: tcg
** Tags removed: ppc64le
** Tags added: ppc64
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1877794
Title:
Constant Folding on 64-bit Subtraction causes SIGILL on linux-user
glxgears ppc64le to x86_64 by way of generating bad shift instruction
with c=-1
Status in QEMU:
New
Bug description:
Hello, I've been recently working on my own little branch of QEMU
implementing the drm IOCTLs, when I discovered that glxgears seems to
crash in GLXSwapBuffers(); with a SIGILL. I investigated this for
about 2 weeks, manually trying to trace the call stack, only to find
that we seemingly crash in a bad shift instruction. Originally
intended to be an shr_i64 generated to an RLDICL, we end up with an
all ones(-1) c value, which gets thrown to the macro for generating
the MB, and replaces the instruction with mostly ones. This new
instruction, FFFFFFE0 is invalid on ppc64le, and crashes in a host
SIGILL in codegen_buffer. I tried to see if the output of translate.c
had this bad instruction, but all I got were two (shr eax, cl)
instructions, and upon creating a test program with shr (eax, cl) in
it, nothing happened. Then figuring that there was nothing actually
wrong with the instruction in the first place, I turned my eye to the
optimizer, and completely disabled constant folding for arithmetic
instructions. This seemed to actually resolve the issue, and then I
slowly enabled constant folding again on various instructions only to
find that enabling not on the shifts, but on subtraction seemed to
cause the bug to reappear. I am bewildered and frankly at this point
I'm not sure I have a chance in hell of figuring out what causes it,
so I'm throwing it here.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1877794/+subscriptions
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug 1877794] Re: Constant Folding on 64-bit Subtraction causes SIGILL on linux-user glxgears ppc64le to x86_64 by way of generating bad shift instruction with c=-1
2020-05-09 21:55 [Bug 1877794] [NEW] Constant Folding on 64-bit Subtraction causes SIGILL on linux-user glxgears ppc64le to x86_64 by way of generating bad shift instruction with c=-1 Catherine A. Frederick
2020-05-10 8:33 ` [Bug 1877794] " Laurent Vivier
@ 2020-05-10 9:06 ` Laurent Vivier
2020-05-10 18:38 ` Catherine A. Frederick
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Laurent Vivier @ 2020-05-10 9:06 UTC (permalink / raw)
To: qemu-devel
Which version of qemu and glxgears do you use?
Tested with qemu-4.2 and qemu-5.0 and debian/sid mesa-utils-8.4.0-1+b1
and it works fine.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1877794
Title:
Constant Folding on 64-bit Subtraction causes SIGILL on linux-user
glxgears ppc64le to x86_64 by way of generating bad shift instruction
with c=-1
Status in QEMU:
New
Bug description:
Hello, I've been recently working on my own little branch of QEMU
implementing the drm IOCTLs, when I discovered that glxgears seems to
crash in GLXSwapBuffers(); with a SIGILL. I investigated this for
about 2 weeks, manually trying to trace the call stack, only to find
that we seemingly crash in a bad shift instruction. Originally
intended to be an shr_i64 generated to an RLDICL, we end up with an
all ones(-1) c value, which gets thrown to the macro for generating
the MB, and replaces the instruction with mostly ones. This new
instruction, FFFFFFE0 is invalid on ppc64le, and crashes in a host
SIGILL in codegen_buffer. I tried to see if the output of translate.c
had this bad instruction, but all I got were two (shr eax, cl)
instructions, and upon creating a test program with shr (eax, cl) in
it, nothing happened. Then figuring that there was nothing actually
wrong with the instruction in the first place, I turned my eye to the
optimizer, and completely disabled constant folding for arithmetic
instructions. This seemed to actually resolve the issue, and then I
slowly enabled constant folding again on various instructions only to
find that enabling not on the shifts, but on subtraction seemed to
cause the bug to reappear. I am bewildered and frankly at this point
I'm not sure I have a chance in hell of figuring out what causes it,
so I'm throwing it here.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1877794/+subscriptions
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug 1877794] Re: Constant Folding on 64-bit Subtraction causes SIGILL on linux-user glxgears ppc64le to x86_64 by way of generating bad shift instruction with c=-1
2020-05-09 21:55 [Bug 1877794] [NEW] Constant Folding on 64-bit Subtraction causes SIGILL on linux-user glxgears ppc64le to x86_64 by way of generating bad shift instruction with c=-1 Catherine A. Frederick
2020-05-10 8:33 ` [Bug 1877794] " Laurent Vivier
2020-05-10 9:06 ` Laurent Vivier
@ 2020-05-10 18:38 ` Catherine A. Frederick
2020-05-12 8:52 ` Laurent Vivier
2020-05-12 22:57 ` Catherine A. Frederick
4 siblings, 0 replies; 6+ messages in thread
From: Catherine A. Frederick @ 2020-05-10 18:38 UTC (permalink / raw)
To: qemu-devel
I'm on 5.0-rc4 add a few patches implementing a subset of drm/amdgpu
support, with mesa-utils 8.4.0-1. Important note I guess: I can't get
the crash to trigger under llvmpipe/softrast, I can only get it on
RadeonSI. I valgrind'd qemu only to not find anything on the host-side.
I'm 99% sure this isn't a memory corruption bug from my patches, anyway,
and it's not replicable on upstream qemu because DRM simply isn't
functional. (Oh dear, I think I might be on my own until I can get this
stuff upstreamed.)
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1877794
Title:
Constant Folding on 64-bit Subtraction causes SIGILL on linux-user
glxgears ppc64le to x86_64 by way of generating bad shift instruction
with c=-1
Status in QEMU:
New
Bug description:
Hello, I've been recently working on my own little branch of QEMU
implementing the drm IOCTLs, when I discovered that glxgears seems to
crash in GLXSwapBuffers(); with a SIGILL. I investigated this for
about 2 weeks, manually trying to trace the call stack, only to find
that we seemingly crash in a bad shift instruction. Originally
intended to be an shr_i64 generated to an RLDICL, we end up with an
all ones(-1) c value, which gets thrown to the macro for generating
the MB, and replaces the instruction with mostly ones. This new
instruction, FFFFFFE0 is invalid on ppc64le, and crashes in a host
SIGILL in codegen_buffer. I tried to see if the output of translate.c
had this bad instruction, but all I got were two (shr eax, cl)
instructions, and upon creating a test program with shr (eax, cl) in
it, nothing happened. Then figuring that there was nothing actually
wrong with the instruction in the first place, I turned my eye to the
optimizer, and completely disabled constant folding for arithmetic
instructions. This seemed to actually resolve the issue, and then I
slowly enabled constant folding again on various instructions only to
find that enabling not on the shifts, but on subtraction seemed to
cause the bug to reappear. I am bewildered and frankly at this point
I'm not sure I have a chance in hell of figuring out what causes it,
so I'm throwing it here.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1877794/+subscriptions
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug 1877794] Re: Constant Folding on 64-bit Subtraction causes SIGILL on linux-user glxgears ppc64le to x86_64 by way of generating bad shift instruction with c=-1
2020-05-09 21:55 [Bug 1877794] [NEW] Constant Folding on 64-bit Subtraction causes SIGILL on linux-user glxgears ppc64le to x86_64 by way of generating bad shift instruction with c=-1 Catherine A. Frederick
` (2 preceding siblings ...)
2020-05-10 18:38 ` Catherine A. Frederick
@ 2020-05-12 8:52 ` Laurent Vivier
2020-05-12 22:57 ` Catherine A. Frederick
4 siblings, 0 replies; 6+ messages in thread
From: Laurent Vivier @ 2020-05-12 8:52 UTC (permalink / raw)
To: qemu-devel
QEMU has been selected to have a GSoC intern to work on new ioctl():
https://wiki.qemu.org/Google_Summer_of_Code_2020#Extend_linux-user_syscalls_and_ioctls
Perhaps he can help you by working on DRM ioctl()?
Perhaps you can send an RFC series to the QEMU mailing list?
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1877794
Title:
Constant Folding on 64-bit Subtraction causes SIGILL on linux-user
glxgears ppc64le to x86_64 by way of generating bad shift instruction
with c=-1
Status in QEMU:
New
Bug description:
Hello, I've been recently working on my own little branch of QEMU
implementing the drm IOCTLs, when I discovered that glxgears seems to
crash in GLXSwapBuffers(); with a SIGILL. I investigated this for
about 2 weeks, manually trying to trace the call stack, only to find
that we seemingly crash in a bad shift instruction. Originally
intended to be an shr_i64 generated to an RLDICL, we end up with an
all ones(-1) c value, which gets thrown to the macro for generating
the MB, and replaces the instruction with mostly ones. This new
instruction, FFFFFFE0 is invalid on ppc64le, and crashes in a host
SIGILL in codegen_buffer. I tried to see if the output of translate.c
had this bad instruction, but all I got were two (shr eax, cl)
instructions, and upon creating a test program with shr (eax, cl) in
it, nothing happened. Then figuring that there was nothing actually
wrong with the instruction in the first place, I turned my eye to the
optimizer, and completely disabled constant folding for arithmetic
instructions. This seemed to actually resolve the issue, and then I
slowly enabled constant folding again on various instructions only to
find that enabling not on the shifts, but on subtraction seemed to
cause the bug to reappear. I am bewildered and frankly at this point
I'm not sure I have a chance in hell of figuring out what causes it,
so I'm throwing it here.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1877794/+subscriptions
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug 1877794] Re: Constant Folding on 64-bit Subtraction causes SIGILL on linux-user glxgears ppc64le to x86_64 by way of generating bad shift instruction with c=-1
2020-05-09 21:55 [Bug 1877794] [NEW] Constant Folding on 64-bit Subtraction causes SIGILL on linux-user glxgears ppc64le to x86_64 by way of generating bad shift instruction with c=-1 Catherine A. Frederick
` (3 preceding siblings ...)
2020-05-12 8:52 ` Laurent Vivier
@ 2020-05-12 22:57 ` Catherine A. Frederick
4 siblings, 0 replies; 6+ messages in thread
From: Catherine A. Frederick @ 2020-05-12 22:57 UTC (permalink / raw)
To: qemu-devel
I'm marking this invalid and moving on because it isn't replicable on
upstream due to the lack of DRM support and because I'll probably just
figure it out myself. (if anyone has somewhere better than tcg/README.md
to learn TCG implementation details, I would appreciate it.
** Changed in: qemu
Status: New => Invalid
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1877794
Title:
Constant Folding on 64-bit Subtraction causes SIGILL on linux-user
glxgears ppc64le to x86_64 by way of generating bad shift instruction
with c=-1
Status in QEMU:
Invalid
Bug description:
Hello, I've been recently working on my own little branch of QEMU
implementing the drm IOCTLs, when I discovered that glxgears seems to
crash in GLXSwapBuffers(); with a SIGILL. I investigated this for
about 2 weeks, manually trying to trace the call stack, only to find
that we seemingly crash in a bad shift instruction. Originally
intended to be an shr_i64 generated to an RLDICL, we end up with an
all ones(-1) c value, which gets thrown to the macro for generating
the MB, and replaces the instruction with mostly ones. This new
instruction, FFFFFFE0 is invalid on ppc64le, and crashes in a host
SIGILL in codegen_buffer. I tried to see if the output of translate.c
had this bad instruction, but all I got were two (shr eax, cl)
instructions, and upon creating a test program with shr (eax, cl) in
it, nothing happened. Then figuring that there was nothing actually
wrong with the instruction in the first place, I turned my eye to the
optimizer, and completely disabled constant folding for arithmetic
instructions. This seemed to actually resolve the issue, and then I
slowly enabled constant folding again on various instructions only to
find that enabling not on the shifts, but on subtraction seemed to
cause the bug to reappear. I am bewildered and frankly at this point
I'm not sure I have a chance in hell of figuring out what causes it,
so I'm throwing it here.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1877794/+subscriptions
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-05-12 23:06 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-09 21:55 [Bug 1877794] [NEW] Constant Folding on 64-bit Subtraction causes SIGILL on linux-user glxgears ppc64le to x86_64 by way of generating bad shift instruction with c=-1 Catherine A. Frederick
2020-05-10 8:33 ` [Bug 1877794] " Laurent Vivier
2020-05-10 9:06 ` Laurent Vivier
2020-05-10 18:38 ` Catherine A. Frederick
2020-05-12 8:52 ` Laurent Vivier
2020-05-12 22:57 ` Catherine A. Frederick
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.