[PULL 0/2] M68k for 5.1 patches

[PULL 0/2] M68k for 5.1 patches

[Laurent Vivier]

The following changes since commit 853a60b87024b2f5d7c0c54a432d7798cb679900:

  Merge remote-tracking branch 'remotes/dgilbert/tags/pull-migration-20200601a' into staging (2020-06-01 21:34:47 +0100)

are available in the Git repository at:

  git://github.com/vivier/qemu-m68k.git tags/m68k-for-5.1-pull-request

for you to fetch changes up to 250b1da35d579f42319af234f36207902ca4baa4:

  target/m68k: implement opcode fetoxm1 (2020-06-02 13:59:02 +0200)

----------------------------------------------------------------
Two fixes for the 68040 FPU

----------------------------------------------------------------

Laurent Vivier (2):
  target/m68k: implement fmove.l #<data>,FPCR
  target/m68k: implement opcode fetoxm1

 target/m68k/helper.h     |  1 +
 target/m68k/fpu_helper.c |  5 +++++
 target/m68k/translate.c  | 17 +++++++++++++++++
 3 files changed, 23 insertions(+)

-- 
2.26.2

[PULL 1/2] target/m68k: implement fmove.l #<data>,FPCR

[Laurent Vivier]

The immediate value mode was ignored and instruction execution
ends to an invalid access mode.

This was found running 'R' that set FPSR to 0 at startup with
a 'fmove.l #0,FPSR' in qemu-system-m68k emulation and triggers a
kernel crash:

[   56.640000] *** ADDRESS ERROR ***   FORMAT=2
[   56.640000] Current process id is 728
[   56.640000] BAD KERNEL TRAP: 00000000
[   56.640000] Modules linked in: sg evdev mac_hid ip_tables x_tables sha1_generic hmac ipv6 nf_defrag_ipv6 autofs4 ext4 crc16 mbcache jbd2 crc32c_generic sd_mod t10_pi crc_t10dif crct10dif_generic crct10dif_common sr_mod cdrom mac_esp macsonic esp_scsi
[   56.640000] PC: [<00016a2c>] X_UNSUPP+0x2c/0x3c
[   56.640000] SR: 2004  SP: 3eb5e68c  a2: c02e239a
[   56.640000] d0: 00000040    d1: 00000002    d2: 8002adec    d3: 8002ad50
[   56.640000] d4: 8002c768    d5: 0000000d    a0: ffffffc2    a1: ffffffc1
[   56.640000] Process R (pid: 728, task=a3dfda5d)
[   56.640000] Frame format=2 instr addr=00000000
[   56.650000] Stack from 3a4d9f30:
[   56.650000]         41000000 00000002 00000002 ffffffc2 ffffffc1 1fff0000 80000000 00000000
[   56.650000]         3fbf0000 80000000 00000000 00000000 20000000 00000000 7fff0000 ffffffff
[   56.650000]         ffffffff 00000000 00050008 00000000 8000067c c02c2000 efffee20 000002d8
[   56.650000]         00002a28 3a4d9f98 00000002 00000014 fffffffe 8002c768 00000002 00000041
[   56.650000]         00000002 c041fc58 c0743758 ffffffff 00000000 0008c075 00002b24 00000012
[   56.650000]         000007d0 00000024 00000002 c05bef04 c05bef04 0000005e 00000077 c28aca70
[   56.650000] Call Trace: [<00050008>] copy_overflow+0x10/0x28
[   56.650000]  [<00002a28>] buserr+0x20/0x28
[   56.650000]  [<0008c075>] bpf_check+0x57f/0x1cfa
[   56.650000]  [<00002b24>] syscall+0x8/0xc
[   56.650000]  [<0000c019>] dn_sched_init+0x75/0x88
[   56.650000] Code: 1017 0200 00f0 0c00 0040 66ff 0000 05ac <f23c> 8800 0000 0000 f23c 9000 0000 0000 222e ff84 082e 0005 ff1c 6600 000a 0281
[   56.650000] Disabling lock debugging due to kernel taint
...

Reported-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Tested-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200531110231.620711-1-laurent@vivier.eu>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
---
 target/m68k/translate.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index 0f80888203d3..c093f6c683e8 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -4936,6 +4936,20 @@ static void gen_op_fmove_fcr(CPUM68KState *env, DisasContext *s,
             gen_store_fcr(s, AREG(insn, 0), mask);
         }
         return;
+    case 7: /* Immediate */
+        if (REG(insn, 0) == 4) {
+            if (is_write ||
+                (mask != M68K_FPIAR && mask != M68K_FPSR &&
+                 mask != M68K_FPCR)) {
+                gen_exception(s, s->base.pc_next, EXCP_ILLEGAL);
+                return;
+            }
+            tmp = tcg_const_i32(read_im32(env, s));
+            gen_store_fcr(s, tmp, mask);
+            tcg_temp_free(tmp);
+            return;
+        }
+        break;
     default:
         break;
     }
-- 
2.26.2

[PULL 2/2] target/m68k: implement opcode fetoxm1

[Laurent Vivier]

Example provided in the launchpad bug fails with:

   qemu: uncaught target signal 4 (Illegal instruction) - core dumped
   Illegal instruction (core dumped)

It appears fetoxm1 is not implemented:

   IN: expm1f
   0x800005cc: fetoxm1x %fp2,%fp0
   Disassembler disagrees with translator over instruction decoding
   Please report this to qemu-devel@nongnu.org

   (gdb) x/2hx 0x800005cc
   0x800005cc: 0xf200 0x0808

This patch adds the instruction.

Bug: https://bugs.launchpad.net/qemu/+bug/1881450
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200531131951.631902-1-laurent@vivier.eu>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
---
 target/m68k/helper.h     | 1 +
 target/m68k/fpu_helper.c | 5 +++++
 target/m68k/translate.c  | 3 +++
 3 files changed, 9 insertions(+)

diff --git a/target/m68k/helper.h b/target/m68k/helper.h
index feee7be62655..77808497a95c 100644
--- a/target/m68k/helper.h
+++ b/target/m68k/helper.h
@@ -83,6 +83,7 @@ DEF_HELPER_3(fatan, void, env, fp, fp)
 DEF_HELPER_3(fasin, void, env, fp, fp)
 DEF_HELPER_3(facos, void, env, fp, fp)
 DEF_HELPER_3(fatanh, void, env, fp, fp)
+DEF_HELPER_3(fetoxm1, void, env, fp, fp)
 DEF_HELPER_3(ftanh, void, env, fp, fp)
 DEF_HELPER_3(fsinh, void, env, fp, fp)
 DEF_HELPER_3(fcosh, void, env, fp, fp)
diff --git a/target/m68k/fpu_helper.c b/target/m68k/fpu_helper.c
index 36e6c704d1d0..9acf60dfd443 100644
--- a/target/m68k/fpu_helper.c
+++ b/target/m68k/fpu_helper.c
@@ -641,6 +641,11 @@ void HELPER(fatanh)(CPUM68KState *env, FPReg *res, FPReg *val)
     res->d = floatx80_atanh(val->d, &env->fp_status);
 }
 
+void HELPER(fetoxm1)(CPUM68KState *env, FPReg *res, FPReg *val)
+{
+    res->d = floatx80_etoxm1(val->d, &env->fp_status);
+}
+
 void HELPER(ftanh)(CPUM68KState *env, FPReg *res, FPReg *val)
 {
     res->d = floatx80_tanh(val->d, &env->fp_status);
diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index c093f6c683e8..3fc67aa45261 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -5160,6 +5160,9 @@ DISAS_INSN(fpu)
     case 0x06: /* flognp1 */
         gen_helper_flognp1(cpu_env, cpu_dest, cpu_src);
         break;
+    case 0x08: /* fetoxm1 */
+        gen_helper_fetoxm1(cpu_env, cpu_dest, cpu_src);
+        break;
     case 0x09: /* ftanh */
         gen_helper_ftanh(cpu_env, cpu_dest, cpu_src);
         break;
-- 
2.26.2

Re: [PULL 0/2] M68k for 5.1 patches

[Peter Maydell]

On Tue, 2 Jun 2020 at 16:22, Laurent Vivier <laurent@vivier.eu> wrote:
>
> The following changes since commit 853a60b87024b2f5d7c0c54a432d7798cb679900:
>
>   Merge remote-tracking branch 'remotes/dgilbert/tags/pull-migration-20200601a' into staging (2020-06-01 21:34:47 +0100)
>
> are available in the Git repository at:
>
>   git://github.com/vivier/qemu-m68k.git tags/m68k-for-5.1-pull-request
>
> for you to fetch changes up to 250b1da35d579f42319af234f36207902ca4baa4:
>
>   target/m68k: implement opcode fetoxm1 (2020-06-02 13:59:02 +0200)
>
> ----------------------------------------------------------------
> Two fixes for the 68040 FPU


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/5.1
for any user-visible changes.

-- PMM