[Qemu-devel] [PULL 0/3] target-i386 updates

[Qemu-devel] [PULL 0/3] target-i386 updates

[Richard Henderson]

I wasn't able to solicit additional review on patch 3, but
at least the first two managed a R-B.


r~


The following changes since commit d844a7b6569fb2b5252773444b18841426e5b906:

  modules: Fix building with --enable-modules (2014-02-28 12:30:13 +0000)

are available in the git repository at:

  git://github.com/rth7680/qemu.git i386-fix

for you to fetch changes up to cb48da7f8140b5cbb648d990876720da9cd04d8f:

  target-i386: Fix ucomis and comis memory access (2014-02-28 08:44:26 -0800)

----------------------------------------------------------------
Richard Henderson (3):
      target-i386: Fix CC_OP_CLR vs PF
      target-i386: Fix SSE status flag corruption
      target-i386: Fix ucomis and comis memory access

 target-i386/cc_helper.c  |  2 +-
 target-i386/cpu.h        |  3 +++
 target-i386/fpu_helper.c | 15 ++++++++-------
 target-i386/gdbstub.c    |  2 +-
 target-i386/translate.c  | 48 +++++++++++++++++++++++++++++++++++++-----------
 5 files changed, 50 insertions(+), 20 deletions(-)

[Qemu-devel] [PULL 1/3] target-i386: Fix CC_OP_CLR vs PF

[Richard Henderson]

Parity should be set for a zero result.

Cc: qemu-stable@nongnu.org
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
---
 target-i386/cc_helper.c | 2 +-
 target-i386/translate.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/target-i386/cc_helper.c b/target-i386/cc_helper.c
index ee04092..05dd12b 100644
--- a/target-i386/cc_helper.c
+++ b/target-i386/cc_helper.c
@@ -103,7 +103,7 @@ target_ulong helper_cc_compute_all(target_ulong dst, target_ulong src1,
     case CC_OP_EFLAGS:
         return src1;
     case CC_OP_CLR:
-        return CC_Z;
+        return CC_Z | CC_P;
 
     case CC_OP_MULB:
         return compute_all_mulb(dst, src1);
diff --git a/target-i386/translate.c b/target-i386/translate.c
index 5dd2450..aa985fa 100644
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -748,7 +748,7 @@ static void gen_compute_eflags(DisasContext *s)
         return;
     }
     if (s->cc_op == CC_OP_CLR) {
-        tcg_gen_movi_tl(cpu_cc_src, CC_Z);
+        tcg_gen_movi_tl(cpu_cc_src, CC_Z | CC_P);
         set_cc_op(s, CC_OP_EFLAGS);
         return;
     }
-- 
1.8.5.3

[Qemu-devel] [PULL 2/3] target-i386: Fix SSE status flag corruption

[Richard Henderson]

When we restore the mxcsr register with FXRSTOR, or set it with gdb,
we need to update the various SSE status flags in CPUX86State

Reported-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
---
 target-i386/cpu.h        |  3 +++
 target-i386/fpu_helper.c | 15 ++++++++-------
 target-i386/gdbstub.c    |  2 +-
 3 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/target-i386/cpu.h b/target-i386/cpu.h
index 1b94f0f..5d3f143 100644
--- a/target-i386/cpu.h
+++ b/target-i386/cpu.h
@@ -1259,6 +1259,9 @@ static inline void cpu_load_efer(CPUX86State *env, uint64_t val)
     }
 }
 
+/* fpu_helper.c */
+void cpu_set_mxcsr(CPUX86State *env, uint32_t val);
+
 /* svm_helper.c */
 void cpu_svm_check_intercept_param(CPUX86State *env1, uint32_t type,
                                    uint64_t param);
diff --git a/target-i386/fpu_helper.c b/target-i386/fpu_helper.c
index c0427fe..de7ba76 100644
--- a/target-i386/fpu_helper.c
+++ b/target-i386/fpu_helper.c
@@ -1179,7 +1179,7 @@ void helper_fxrstor(CPUX86State *env, target_ulong ptr, int data64)
 
     if (env->cr[4] & CR4_OSFXSR_MASK) {
         /* XXX: finish it */
-        env->mxcsr = cpu_ldl_data(env, ptr + 0x18);
+        cpu_set_mxcsr(env, cpu_ldl_data(env, ptr + 0x18));
         /* cpu_ldl_data(env, ptr + 0x1c); */
         if (env->hflags & HF_CS64_MASK) {
             nb_xmm_regs = 16;
@@ -1229,12 +1229,14 @@ floatx80 cpu_set_fp80(uint64_t mant, uint16_t upper)
 #define SSE_RC_CHOP         0x6000
 #define SSE_FZ              0x8000
 
-static void update_sse_status(CPUX86State *env)
+void cpu_set_mxcsr(CPUX86State *env, uint32_t mxcsr)
 {
     int rnd_type;
 
+    env->mxcsr = mxcsr;
+
     /* set rounding mode */
-    switch (env->mxcsr & SSE_RC_MASK) {
+    switch (mxcsr & SSE_RC_MASK) {
     default:
     case SSE_RC_NEAR:
         rnd_type = float_round_nearest_even;
@@ -1252,16 +1254,15 @@ static void update_sse_status(CPUX86State *env)
     set_float_rounding_mode(rnd_type, &env->sse_status);
 
     /* set denormals are zero */
-    set_flush_inputs_to_zero((env->mxcsr & SSE_DAZ) ? 1 : 0, &env->sse_status);
+    set_flush_inputs_to_zero((mxcsr & SSE_DAZ) ? 1 : 0, &env->sse_status);
 
     /* set flush to zero */
-    set_flush_to_zero((env->mxcsr & SSE_FZ) ? 1 : 0, &env->fp_status);
+    set_flush_to_zero((mxcsr & SSE_FZ) ? 1 : 0, &env->fp_status);
 }
 
 void helper_ldmxcsr(CPUX86State *env, uint32_t val)
 {
-    env->mxcsr = val;
-    update_sse_status(env);
+    cpu_set_mxcsr(env, val);
 }
 
 void helper_enter_mmx(CPUX86State *env)
diff --git a/target-i386/gdbstub.c b/target-i386/gdbstub.c
index 15bebef..d34e535 100644
--- a/target-i386/gdbstub.c
+++ b/target-i386/gdbstub.c
@@ -222,7 +222,7 @@ int x86_cpu_gdb_write_register(CPUState *cs, uint8_t *mem_buf, int n)
             return 4;
 
         case IDX_MXCSR_REG:
-            env->mxcsr = ldl_p(mem_buf);
+            cpu_set_mxcsr(env, ldl_p(mem_buf));
             return 4;
         }
     }
-- 
1.8.5.3

[Qemu-devel] [PULL 3/3] target-i386: Fix ucomis and comis memory access

[Richard Henderson]

We were loading 16 bytes for both single and double-precision
scalar comparisons.

Reported-by: Alexander Bluhm <bluhm@openbsd.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
---
 target-i386/translate.c | 46 ++++++++++++++++++++++++++++++++++++----------
 1 file changed, 36 insertions(+), 10 deletions(-)

diff --git a/target-i386/translate.c b/target-i386/translate.c
index aa985fa..707ebd5 100644
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -4284,22 +4284,48 @@ static void gen_sse(CPUX86State *env, DisasContext *s, int b,
         if (is_xmm) {
             op1_offset = offsetof(CPUX86State,xmm_regs[reg]);
             if (mod != 3) {
+                int sz = 4;
+
                 gen_lea_modrm(env, s, modrm);
                 op2_offset = offsetof(CPUX86State,xmm_t0);
-                if (b1 >= 2 && ((b >= 0x50 && b <= 0x5f && b != 0x5b) ||
-                                b == 0xc2)) {
-                    /* specific case for SSE single instructions */
+
+                switch (b) {
+                case 0x50 ... 0x5a:
+                case 0x5c ... 0x5f:
+                case 0xc2:
+                    /* Most sse scalar operations.  */
                     if (b1 == 2) {
-                        /* 32 bit access */
-                        gen_op_ld_v(s, MO_32, cpu_T[0], cpu_A0);
-                        tcg_gen_st32_tl(cpu_T[0], cpu_env, offsetof(CPUX86State,xmm_t0.XMM_L(0)));
+                        sz = 2;
+                    } else if (b1 == 3) {
+                        sz = 3;
+                    }
+                    break;
+
+                case 0x2e:  /* ucomis[sd] */
+                case 0x2f:  /* comis[sd] */
+                    if (b1 == 0) {
+                        sz = 2;
                     } else {
-                        /* 64 bit access */
-                        gen_ldq_env_A0(s, offsetof(CPUX86State,
-                                                   xmm_t0.XMM_D(0)));
+                        sz = 3;
                     }
-                } else {
+                    break;
+                }
+
+                switch (sz) {
+                case 2:
+                    /* 32 bit access */
+                    gen_op_ld_v(s, MO_32, cpu_T[0], cpu_A0);
+                    tcg_gen_st32_tl(cpu_T[0], cpu_env,
+                                    offsetof(CPUX86State,xmm_t0.XMM_L(0)));
+                    break;
+                case 3:
+                    /* 64 bit access */
+                    gen_ldq_env_A0(s, offsetof(CPUX86State, xmm_t0.XMM_D(0)));
+                    break;
+                default:
+                    /* 128 bit access */
                     gen_ldo_env_A0(s, op2_offset);
+                    break;
                 }
             } else {
                 rm = (modrm & 7) | REX_B(s);
-- 
1.8.5.3

Re: [Qemu-devel] [PULL 0/3] target-i386 updates

[Peter Maydell]

On 28 February 2014 17:14, Richard Henderson <rth@twiddle.net> wrote:
> I wasn't able to solicit additional review on patch 3, but
> at least the first two managed a R-B.
>
>
> r~
>
>
> The following changes since commit d844a7b6569fb2b5252773444b18841426e5b906:
>
>   modules: Fix building with --enable-modules (2014-02-28 12:30:13 +0000)
>
> are available in the git repository at:
>
>   git://github.com/rth7680/qemu.git i386-fix
>
> for you to fetch changes up to cb48da7f8140b5cbb648d990876720da9cd04d8f:
>
>   target-i386: Fix ucomis and comis memory access (2014-02-28 08:44:26 -0800)

Applied, thanks.

-- PMM