* [PATCH] target/m68k: implement fmove.l #<data>,FPCR
@ 2020-05-31 11:02 Laurent Vivier
2020-05-31 11:23 ` John Paul Adrian Glaubitz
2020-06-01 22:15 ` Richard Henderson
0 siblings, 2 replies; 5+ messages in thread
From: Laurent Vivier @ 2020-05-31 11:02 UTC (permalink / raw)
To: qemu-devel; +Cc: Laurent Vivier, John Paul Adrian Glaubitz
The immediate value mode was ignored and instruction execution
ends to an invalid access mode.
This was found running 'R' that set FPSR to 0 at startup with
a 'fmove.l #0,FPSR' in qemu-system-m68k emulation and triggers a
kernel crash:
[ 56.640000] *** ADDRESS ERROR *** FORMAT=2
[ 56.640000] Current process id is 728
[ 56.640000] BAD KERNEL TRAP: 00000000
[ 56.640000] Modules linked in: sg evdev mac_hid ip_tables x_tables sha1_generic hmac ipv6 nf_defrag_ipv6 autofs4 ext4 crc16 mbcache jbd2 crc32c_generic sd_mod t10_pi crc_t10dif crct10dif_generic crct10dif_common sr_mod cdrom mac_esp macsonic esp_scsi
[ 56.640000] PC: [<00016a2c>] X_UNSUPP+0x2c/0x3c
[ 56.640000] SR: 2004 SP: 3eb5e68c a2: c02e239a
[ 56.640000] d0: 00000040 d1: 00000002 d2: 8002adec d3: 8002ad50
[ 56.640000] d4: 8002c768 d5: 0000000d a0: ffffffc2 a1: ffffffc1
[ 56.640000] Process R (pid: 728, task=a3dfda5d)
[ 56.640000] Frame format=2 instr addr=00000000
[ 56.650000] Stack from 3a4d9f30:
[ 56.650000] 41000000 00000002 00000002 ffffffc2 ffffffc1 1fff0000 80000000 00000000
[ 56.650000] 3fbf0000 80000000 00000000 00000000 20000000 00000000 7fff0000 ffffffff
[ 56.650000] ffffffff 00000000 00050008 00000000 8000067c c02c2000 efffee20 000002d8
[ 56.650000] 00002a28 3a4d9f98 00000002 00000014 fffffffe 8002c768 00000002 00000041
[ 56.650000] 00000002 c041fc58 c0743758 ffffffff 00000000 0008c075 00002b24 00000012
[ 56.650000] 000007d0 00000024 00000002 c05bef04 c05bef04 0000005e 00000077 c28aca70
[ 56.650000] Call Trace: [<00050008>] copy_overflow+0x10/0x28
[ 56.650000] [<00002a28>] buserr+0x20/0x28
[ 56.650000] [<0008c075>] bpf_check+0x57f/0x1cfa
[ 56.650000] [<00002b24>] syscall+0x8/0xc
[ 56.650000] [<0000c019>] dn_sched_init+0x75/0x88
[ 56.650000] Code: 1017 0200 00f0 0c00 0040 66ff 0000 05ac <f23c> 8800 0000 0000 f23c 9000 0000 0000 222e ff84 082e 0005 ff1c 6600 000a 0281
[ 56.650000] Disabling lock debugging due to kernel taint
...
Reported-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
---
target/m68k/translate.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index 0f80888203d3..c093f6c683e8 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -4936,6 +4936,20 @@ static void gen_op_fmove_fcr(CPUM68KState *env, DisasContext *s,
gen_store_fcr(s, AREG(insn, 0), mask);
}
return;
+ case 7: /* Immediate */
+ if (REG(insn, 0) == 4) {
+ if (is_write ||
+ (mask != M68K_FPIAR && mask != M68K_FPSR &&
+ mask != M68K_FPCR)) {
+ gen_exception(s, s->base.pc_next, EXCP_ILLEGAL);
+ return;
+ }
+ tmp = tcg_const_i32(read_im32(env, s));
+ gen_store_fcr(s, tmp, mask);
+ tcg_temp_free(tmp);
+ return;
+ }
+ break;
default:
break;
}
--
2.26.2
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] target/m68k: implement fmove.l #<data>,FPCR
2020-05-31 11:02 [PATCH] target/m68k: implement fmove.l #<data>,FPCR Laurent Vivier
@ 2020-05-31 11:23 ` John Paul Adrian Glaubitz
2020-05-31 12:09 ` Laurent Vivier
2020-06-01 22:15 ` Richard Henderson
1 sibling, 1 reply; 5+ messages in thread
From: John Paul Adrian Glaubitz @ 2020-05-31 11:23 UTC (permalink / raw)
To: Laurent Vivier; +Cc: qemu-devel
Hi Laurent!
On 5/31/20 1:02 PM, Laurent Vivier wrote:
> The immediate value mode was ignored and instruction execution
> ends to an invalid access mode.
>
> This was found running 'R' that set FPSR to 0 at startup with
> a 'fmove.l #0,FPSR' in qemu-system-m68k emulation and triggers a
> kernel crash:
> (...)
> Reported-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
> ---
> target/m68k/translate.c | 14 ++++++++++++++
> 1 file changed, 14 insertions(+)
Thanks for the fix.
I applied the patch, but I'm getting a lock-up now as you previously reported
in the other discussion on the Linux/m68k mailing list:
root@pacman:~# R
[ 68.420000] watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [R:650]
[ 68.420000] Modules linked in: sg evdev mac_hid ip_tables x_tables sha1_generic hmac ipv6 nf_defrag_ipv6 autofs4 ext4 crc16 mbcache jbd2 crc32c_generic sd_mod t10_pi crc_t10dif sr_mod cdrom crct10dif_generic crct10dif_common mac_esp macsonic esp_scsi
[ 68.420000] Format 00 Vector: 0064 PC: 0002df9c Status: 2008 Not tainted
[ 68.420000] ORIG_D0: ffffffff D0: 00000000 A2: c02e239a A1: ffa10000
[ 68.420000] A0: 3c9adf29 D5: 0000000d D4: 8002ce30
[ 68.420000] D3: 8002b418 D2: 8002b4b4 D1: 00000000
Is this related or a different bug?
I have not seen these lockups on real hardware.
Adrian
--
.''`. John Paul Adrian Glaubitz
: :' : Debian Developer - glaubitz@debian.org
`. `' Freie Universitaet Berlin - glaubitz@physik.fu-berlin.de
`- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] target/m68k: implement fmove.l #<data>,FPCR
2020-05-31 11:23 ` John Paul Adrian Glaubitz
@ 2020-05-31 12:09 ` Laurent Vivier
2020-05-31 13:15 ` John Paul Adrian Glaubitz
0 siblings, 1 reply; 5+ messages in thread
From: Laurent Vivier @ 2020-05-31 12:09 UTC (permalink / raw)
To: John Paul Adrian Glaubitz; +Cc: qemu-devel
Le 31/05/2020 à 13:23, John Paul Adrian Glaubitz a écrit :
> Hi Laurent!
>
> On 5/31/20 1:02 PM, Laurent Vivier wrote:
>> The immediate value mode was ignored and instruction execution
>> ends to an invalid access mode.
>>
>> This was found running 'R' that set FPSR to 0 at startup with
>> a 'fmove.l #0,FPSR' in qemu-system-m68k emulation and triggers a
>> kernel crash:
>> (...)
>> Reported-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
>> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
>> ---
>> target/m68k/translate.c | 14 ++++++++++++++
>> 1 file changed, 14 insertions(+)
> Thanks for the fix.
>
> I applied the patch, but I'm getting a lock-up now as you previously reported
> in the other discussion on the Linux/m68k mailing list:
>
> root@pacman:~# R
> [ 68.420000] watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [R:650]
> [ 68.420000] Modules linked in: sg evdev mac_hid ip_tables x_tables sha1_generic hmac ipv6 nf_defrag_ipv6 autofs4 ext4 crc16 mbcache jbd2 crc32c_generic sd_mod t10_pi crc_t10dif sr_mod cdrom crct10dif_generic crct10dif_common mac_esp macsonic esp_scsi
> [ 68.420000] Format 00 Vector: 0064 PC: 0002df9c Status: 2008 Not tainted
> [ 68.420000] ORIG_D0: ffffffff D0: 00000000 A2: c02e239a A1: ffa10000
> [ 68.420000] A0: 3c9adf29 D5: 0000000d D4: 8002ce30
> [ 68.420000] D3: 8002b418 D2: 8002b4b4 D1: 00000000
>
> Is this related or a different bug?
>
> I have not seen these lockups on real hardware.
I guess you are using my q800-dev branch?
In this branch, there is an attempt to manage unnormalized numbers that
seems to trigger this lock up.
You can either use master + this patch or update your q800-dev branch
from my repo.
Thanks,
Laurent
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] target/m68k: implement fmove.l #<data>,FPCR
2020-05-31 12:09 ` Laurent Vivier
@ 2020-05-31 13:15 ` John Paul Adrian Glaubitz
0 siblings, 0 replies; 5+ messages in thread
From: John Paul Adrian Glaubitz @ 2020-05-31 13:15 UTC (permalink / raw)
To: Laurent Vivier; +Cc: qemu-devel
Hi Laurent!
On 5/31/20 2:09 PM, Laurent Vivier wrote:
> I guess you are using my q800-dev branch?
That's what I initially did, then I pulled from upstream.
> In this branch, there is an attempt to manage unnormalized numbers that
> seems to trigger this lock up.
>
> You can either use master + this patch or update your q800-dev branch
> from my repo.
However, I then still copied the compiled binary from the qemu-m68k where
I first tested the patch. Guess I should be more careful when using the
bash history with absolute paths ;).
So, I can confirm it works for me.
Tested-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Adrian
--
.''`. John Paul Adrian Glaubitz
: :' : Debian Developer - glaubitz@debian.org
`. `' Freie Universitaet Berlin - glaubitz@physik.fu-berlin.de
`- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] target/m68k: implement fmove.l #<data>,FPCR
2020-05-31 11:02 [PATCH] target/m68k: implement fmove.l #<data>,FPCR Laurent Vivier
2020-05-31 11:23 ` John Paul Adrian Glaubitz
@ 2020-06-01 22:15 ` Richard Henderson
1 sibling, 0 replies; 5+ messages in thread
From: Richard Henderson @ 2020-06-01 22:15 UTC (permalink / raw)
To: Laurent Vivier, qemu-devel; +Cc: John Paul Adrian Glaubitz
On 5/31/20 4:02 AM, Laurent Vivier wrote:
> The immediate value mode was ignored and instruction execution
> ends to an invalid access mode.
>
> This was found running 'R' that set FPSR to 0 at startup with
> a 'fmove.l #0,FPSR' in qemu-system-m68k emulation and triggers a
> kernel crash:
>
> [ 56.640000] *** ADDRESS ERROR *** FORMAT=2
> [ 56.640000] Current process id is 728
> [ 56.640000] BAD KERNEL TRAP: 00000000
> [ 56.640000] Modules linked in: sg evdev mac_hid ip_tables x_tables sha1_generic hmac ipv6 nf_defrag_ipv6 autofs4 ext4 crc16 mbcache jbd2 crc32c_generic sd_mod t10_pi crc_t10dif crct10dif_generic crct10dif_common sr_mod cdrom mac_esp macsonic esp_scsi
> [ 56.640000] PC: [<00016a2c>] X_UNSUPP+0x2c/0x3c
> [ 56.640000] SR: 2004 SP: 3eb5e68c a2: c02e239a
> [ 56.640000] d0: 00000040 d1: 00000002 d2: 8002adec d3: 8002ad50
> [ 56.640000] d4: 8002c768 d5: 0000000d a0: ffffffc2 a1: ffffffc1
> [ 56.640000] Process R (pid: 728, task=a3dfda5d)
> [ 56.640000] Frame format=2 instr addr=00000000
> [ 56.650000] Stack from 3a4d9f30:
> [ 56.650000] 41000000 00000002 00000002 ffffffc2 ffffffc1 1fff0000 80000000 00000000
> [ 56.650000] 3fbf0000 80000000 00000000 00000000 20000000 00000000 7fff0000 ffffffff
> [ 56.650000] ffffffff 00000000 00050008 00000000 8000067c c02c2000 efffee20 000002d8
> [ 56.650000] 00002a28 3a4d9f98 00000002 00000014 fffffffe 8002c768 00000002 00000041
> [ 56.650000] 00000002 c041fc58 c0743758 ffffffff 00000000 0008c075 00002b24 00000012
> [ 56.650000] 000007d0 00000024 00000002 c05bef04 c05bef04 0000005e 00000077 c28aca70
> [ 56.650000] Call Trace: [<00050008>] copy_overflow+0x10/0x28
> [ 56.650000] [<00002a28>] buserr+0x20/0x28
> [ 56.650000] [<0008c075>] bpf_check+0x57f/0x1cfa
> [ 56.650000] [<00002b24>] syscall+0x8/0xc
> [ 56.650000] [<0000c019>] dn_sched_init+0x75/0x88
> [ 56.650000] Code: 1017 0200 00f0 0c00 0040 66ff 0000 05ac <f23c> 8800 0000 0000 f23c 9000 0000 0000 222e ff84 082e 0005 ff1c 6600 000a 0281
> [ 56.650000] Disabling lock debugging due to kernel taint
> ...
>
> Reported-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
> ---
> target/m68k/translate.c | 14 ++++++++++++++
> 1 file changed, 14 insertions(+)
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
r~
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-06-01 22:15 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-31 11:02 [PATCH] target/m68k: implement fmove.l #<data>,FPCR Laurent Vivier
2020-05-31 11:23 ` John Paul Adrian Glaubitz
2020-05-31 12:09 ` Laurent Vivier
2020-05-31 13:15 ` John Paul Adrian Glaubitz
2020-06-01 22:15 ` Richard Henderson
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.