[Qemu-devel] [PATCH 0/3] target-i386 updates

[Qemu-devel] [PATCH 0/3] target-i386 updates

[Richard Henderson]

The first patch has been seen before.  The others are tweeks of a couple
of patches I found hanging around my inbox from way back.

Another pair of eyes would be helpful.


r~


Richard Henderson (3):
  target-i386: Fix CC_OP_CLR vs PF
  target-i386: Fix SSE status flag corruption
  target-i386: Fix ucomis and comis memory access

 target-i386/cc_helper.c  |  2 +-
 target-i386/cpu.h        |  3 +++
 target-i386/fpu_helper.c | 15 ++++++++-------
 target-i386/gdbstub.c    |  2 +-
 target-i386/translate.c  | 48 +++++++++++++++++++++++++++++++++++++-----------
 5 files changed, 50 insertions(+), 20 deletions(-)

-- 
1.8.5.3

[Qemu-devel] [PATCH 1/3] target-i386: Fix CC_OP_CLR vs PF

[Richard Henderson]

Parity should be set for a zero result.

Cc: qemu-stable@nongnu.org
Signed-off-by: Richard Henderson <rth@twiddle.net>
---
 target-i386/cc_helper.c | 2 +-
 target-i386/translate.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/target-i386/cc_helper.c b/target-i386/cc_helper.c
index ee04092..05dd12b 100644
--- a/target-i386/cc_helper.c
+++ b/target-i386/cc_helper.c
@@ -103,7 +103,7 @@ target_ulong helper_cc_compute_all(target_ulong dst, target_ulong src1,
     case CC_OP_EFLAGS:
         return src1;
     case CC_OP_CLR:
-        return CC_Z;
+        return CC_Z | CC_P;
 
     case CC_OP_MULB:
         return compute_all_mulb(dst, src1);
diff --git a/target-i386/translate.c b/target-i386/translate.c
index 5dd2450..aa985fa 100644
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -748,7 +748,7 @@ static void gen_compute_eflags(DisasContext *s)
         return;
     }
     if (s->cc_op == CC_OP_CLR) {
-        tcg_gen_movi_tl(cpu_cc_src, CC_Z);
+        tcg_gen_movi_tl(cpu_cc_src, CC_Z | CC_P);
         set_cc_op(s, CC_OP_EFLAGS);
         return;
     }
-- 
1.8.5.3

[Qemu-devel] [PATCH 2/3] target-i386: Fix SSE status flag corruption

[Richard Henderson]

When we restore the mxcsr register with FXRSTOR, or set it with gdb,
we need to update the various SSE status flags in CPUX86State

Reported-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
---
Differs from Purdie's patch primarily in fixing gdb too.  And that
required exporting update_sse_status.  Which suggested that the name
and interface be changed to match the norm.


r~
---
 target-i386/cpu.h        |  3 +++
 target-i386/fpu_helper.c | 15 ++++++++-------
 target-i386/gdbstub.c    |  2 +-
 3 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/target-i386/cpu.h b/target-i386/cpu.h
index 1b94f0f..5d3f143 100644
--- a/target-i386/cpu.h
+++ b/target-i386/cpu.h
@@ -1259,6 +1259,9 @@ static inline void cpu_load_efer(CPUX86State *env, uint64_t val)
     }
 }
 
+/* fpu_helper.c */
+void cpu_set_mxcsr(CPUX86State *env, uint32_t val);
+
 /* svm_helper.c */
 void cpu_svm_check_intercept_param(CPUX86State *env1, uint32_t type,
                                    uint64_t param);
diff --git a/target-i386/fpu_helper.c b/target-i386/fpu_helper.c
index c0427fe..de7ba76 100644
--- a/target-i386/fpu_helper.c
+++ b/target-i386/fpu_helper.c
@@ -1179,7 +1179,7 @@ void helper_fxrstor(CPUX86State *env, target_ulong ptr, int data64)
 
     if (env->cr[4] & CR4_OSFXSR_MASK) {
         /* XXX: finish it */
-        env->mxcsr = cpu_ldl_data(env, ptr + 0x18);
+        cpu_set_mxcsr(env, cpu_ldl_data(env, ptr + 0x18));
         /* cpu_ldl_data(env, ptr + 0x1c); */
         if (env->hflags & HF_CS64_MASK) {
             nb_xmm_regs = 16;
@@ -1229,12 +1229,14 @@ floatx80 cpu_set_fp80(uint64_t mant, uint16_t upper)
 #define SSE_RC_CHOP         0x6000
 #define SSE_FZ              0x8000
 
-static void update_sse_status(CPUX86State *env)
+void cpu_set_mxcsr(CPUX86State *env, uint32_t mxcsr)
 {
     int rnd_type;
 
+    env->mxcsr = mxcsr;
+
     /* set rounding mode */
-    switch (env->mxcsr & SSE_RC_MASK) {
+    switch (mxcsr & SSE_RC_MASK) {
     default:
     case SSE_RC_NEAR:
         rnd_type = float_round_nearest_even;
@@ -1252,16 +1254,15 @@ static void update_sse_status(CPUX86State *env)
     set_float_rounding_mode(rnd_type, &env->sse_status);
 
     /* set denormals are zero */
-    set_flush_inputs_to_zero((env->mxcsr & SSE_DAZ) ? 1 : 0, &env->sse_status);
+    set_flush_inputs_to_zero((mxcsr & SSE_DAZ) ? 1 : 0, &env->sse_status);
 
     /* set flush to zero */
-    set_flush_to_zero((env->mxcsr & SSE_FZ) ? 1 : 0, &env->fp_status);
+    set_flush_to_zero((mxcsr & SSE_FZ) ? 1 : 0, &env->fp_status);
 }
 
 void helper_ldmxcsr(CPUX86State *env, uint32_t val)
 {
-    env->mxcsr = val;
-    update_sse_status(env);
+    cpu_set_mxcsr(env, val);
 }
 
 void helper_enter_mmx(CPUX86State *env)
diff --git a/target-i386/gdbstub.c b/target-i386/gdbstub.c
index 15bebef..d34e535 100644
--- a/target-i386/gdbstub.c
+++ b/target-i386/gdbstub.c
@@ -222,7 +222,7 @@ int x86_cpu_gdb_write_register(CPUState *cs, uint8_t *mem_buf, int n)
             return 4;
 
         case IDX_MXCSR_REG:
-            env->mxcsr = ldl_p(mem_buf);
+            cpu_set_mxcsr(env, ldl_p(mem_buf));
             return 4;
         }
     }
-- 
1.8.5.3

[Qemu-devel] [PATCH 3/3] target-i386: Fix ucomis and comis memory access

[Richard Henderson]

We were loading 16 bytes for both single and double-precision
scalar comparisons.

Reported-by: Alexander Bluhm <bluhm@openbsd.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
---
The original Bluhm patch didn't fix [u]comiss, but was focused on [u]comisd.


r~
---
 target-i386/translate.c | 46 ++++++++++++++++++++++++++++++++++++----------
 1 file changed, 36 insertions(+), 10 deletions(-)

diff --git a/target-i386/translate.c b/target-i386/translate.c
index aa985fa..707ebd5 100644
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -4284,22 +4284,48 @@ static void gen_sse(CPUX86State *env, DisasContext *s, int b,
         if (is_xmm) {
             op1_offset = offsetof(CPUX86State,xmm_regs[reg]);
             if (mod != 3) {
+                int sz = 4;
+
                 gen_lea_modrm(env, s, modrm);
                 op2_offset = offsetof(CPUX86State,xmm_t0);
-                if (b1 >= 2 && ((b >= 0x50 && b <= 0x5f && b != 0x5b) ||
-                                b == 0xc2)) {
-                    /* specific case for SSE single instructions */
+
+                switch (b) {
+                case 0x50 ... 0x5a:
+                case 0x5c ... 0x5f:
+                case 0xc2:
+                    /* Most sse scalar operations.  */
                     if (b1 == 2) {
-                        /* 32 bit access */
-                        gen_op_ld_v(s, MO_32, cpu_T[0], cpu_A0);
-                        tcg_gen_st32_tl(cpu_T[0], cpu_env, offsetof(CPUX86State,xmm_t0.XMM_L(0)));
+                        sz = 2;
+                    } else if (b1 == 3) {
+                        sz = 3;
+                    }
+                    break;
+
+                case 0x2e:  /* ucomis[sd] */
+                case 0x2f:  /* comis[sd] */
+                    if (b1 == 0) {
+                        sz = 2;
                     } else {
-                        /* 64 bit access */
-                        gen_ldq_env_A0(s, offsetof(CPUX86State,
-                                                   xmm_t0.XMM_D(0)));
+                        sz = 3;
                     }
-                } else {
+                    break;
+                }
+
+                switch (sz) {
+                case 2:
+                    /* 32 bit access */
+                    gen_op_ld_v(s, MO_32, cpu_T[0], cpu_A0);
+                    tcg_gen_st32_tl(cpu_T[0], cpu_env,
+                                    offsetof(CPUX86State,xmm_t0.XMM_L(0)));
+                    break;
+                case 3:
+                    /* 64 bit access */
+                    gen_ldq_env_A0(s, offsetof(CPUX86State, xmm_t0.XMM_D(0)));
+                    break;
+                default:
+                    /* 128 bit access */
                     gen_ldo_env_A0(s, op2_offset);
+                    break;
                 }
             } else {
                 rm = (modrm & 7) | REX_B(s);
-- 
1.8.5.3

Re: [Qemu-devel] [PATCH 2/3] target-i386: Fix SSE status flag corruption

[Paolo Bonzini]

Il 25/02/2014 08:30, Richard Henderson ha scritto:
> When we restore the mxcsr register with FXRSTOR, or set it with gdb,
> we need to update the various SSE status flags in CPUX86State
>
> Reported-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> Signed-off-by: Richard Henderson <rth@twiddle.net>
> ---
> Differs from Purdie's patch primarily in fixing gdb too.  And that
> required exporting update_sse_status.  Which suggested that the name
> and interface be changed to match the norm.
>
>
> r~
> ---
>  target-i386/cpu.h        |  3 +++
>  target-i386/fpu_helper.c | 15 ++++++++-------
>  target-i386/gdbstub.c    |  2 +-
>  3 files changed, 12 insertions(+), 8 deletions(-)
>
> diff --git a/target-i386/cpu.h b/target-i386/cpu.h
> index 1b94f0f..5d3f143 100644
> --- a/target-i386/cpu.h
> +++ b/target-i386/cpu.h
> @@ -1259,6 +1259,9 @@ static inline void cpu_load_efer(CPUX86State *env, uint64_t val)
>      }
>  }
>
> +/* fpu_helper.c */
> +void cpu_set_mxcsr(CPUX86State *env, uint32_t val);
> +
>  /* svm_helper.c */
>  void cpu_svm_check_intercept_param(CPUX86State *env1, uint32_t type,
>                                     uint64_t param);
> diff --git a/target-i386/fpu_helper.c b/target-i386/fpu_helper.c
> index c0427fe..de7ba76 100644
> --- a/target-i386/fpu_helper.c
> +++ b/target-i386/fpu_helper.c
> @@ -1179,7 +1179,7 @@ void helper_fxrstor(CPUX86State *env, target_ulong ptr, int data64)
>
>      if (env->cr[4] & CR4_OSFXSR_MASK) {
>          /* XXX: finish it */
> -        env->mxcsr = cpu_ldl_data(env, ptr + 0x18);
> +        cpu_set_mxcsr(env, cpu_ldl_data(env, ptr + 0x18));
>          /* cpu_ldl_data(env, ptr + 0x1c); */
>          if (env->hflags & HF_CS64_MASK) {
>              nb_xmm_regs = 16;
> @@ -1229,12 +1229,14 @@ floatx80 cpu_set_fp80(uint64_t mant, uint16_t upper)
>  #define SSE_RC_CHOP         0x6000
>  #define SSE_FZ              0x8000
>
> -static void update_sse_status(CPUX86State *env)
> +void cpu_set_mxcsr(CPUX86State *env, uint32_t mxcsr)
>  {
>      int rnd_type;
>
> +    env->mxcsr = mxcsr;
> +
>      /* set rounding mode */
> -    switch (env->mxcsr & SSE_RC_MASK) {
> +    switch (mxcsr & SSE_RC_MASK) {
>      default:
>      case SSE_RC_NEAR:
>          rnd_type = float_round_nearest_even;
> @@ -1252,16 +1254,15 @@ static void update_sse_status(CPUX86State *env)
>      set_float_rounding_mode(rnd_type, &env->sse_status);
>
>      /* set denormals are zero */
> -    set_flush_inputs_to_zero((env->mxcsr & SSE_DAZ) ? 1 : 0, &env->sse_status);
> +    set_flush_inputs_to_zero((mxcsr & SSE_DAZ) ? 1 : 0, &env->sse_status);
>
>      /* set flush to zero */
> -    set_flush_to_zero((env->mxcsr & SSE_FZ) ? 1 : 0, &env->fp_status);
> +    set_flush_to_zero((mxcsr & SSE_FZ) ? 1 : 0, &env->fp_status);
>  }
>
>  void helper_ldmxcsr(CPUX86State *env, uint32_t val)
>  {
> -    env->mxcsr = val;
> -    update_sse_status(env);
> +    cpu_set_mxcsr(env, val);
>  }
>
>  void helper_enter_mmx(CPUX86State *env)
> diff --git a/target-i386/gdbstub.c b/target-i386/gdbstub.c
> index 15bebef..d34e535 100644
> --- a/target-i386/gdbstub.c
> +++ b/target-i386/gdbstub.c
> @@ -222,7 +222,7 @@ int x86_cpu_gdb_write_register(CPUState *cs, uint8_t *mem_buf, int n)
>              return 4;
>
>          case IDX_MXCSR_REG:
> -            env->mxcsr = ldl_p(mem_buf);
> +            cpu_set_mxcsr(env, ldl_p(mem_buf));
>              return 4;
>          }
>      }
>

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>

Re: [Qemu-devel] [Qemu-stable] [PATCH 1/3] target-i386: Fix CC_OP_CLR vs PF

[Michael Roth]

Quoting Richard Henderson (2014-02-25 01:30:30)
> Parity should be set for a zero result.
> 
> Cc: qemu-stable@nongnu.org
> Signed-off-by: Richard Henderson <rth@twiddle.net>

Ping: last call for 1.7.1 (freeze today)

> ---
>  target-i386/cc_helper.c | 2 +-
>  target-i386/translate.c | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/target-i386/cc_helper.c b/target-i386/cc_helper.c
> index ee04092..05dd12b 100644
> --- a/target-i386/cc_helper.c
> +++ b/target-i386/cc_helper.c
> @@ -103,7 +103,7 @@ target_ulong helper_cc_compute_all(target_ulong dst, target_ulong src1,
>      case CC_OP_EFLAGS:
>          return src1;
>      case CC_OP_CLR:
> -        return CC_Z;
> +        return CC_Z | CC_P;
> 
>      case CC_OP_MULB:
>          return compute_all_mulb(dst, src1);
> diff --git a/target-i386/translate.c b/target-i386/translate.c
> index 5dd2450..aa985fa 100644
> --- a/target-i386/translate.c
> +++ b/target-i386/translate.c
> @@ -748,7 +748,7 @@ static void gen_compute_eflags(DisasContext *s)
>          return;
>      }
>      if (s->cc_op == CC_OP_CLR) {
> -        tcg_gen_movi_tl(cpu_cc_src, CC_Z);
> +        tcg_gen_movi_tl(cpu_cc_src, CC_Z | CC_P);
>          set_cc_op(s, CC_OP_EFLAGS);
>          return;
>      }
> -- 
> 1.8.5.3