From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:52293)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mark.cave-ayland@ilande.co.uk>) id 1aorJX-0007Bi-Ov
	for qemu-devel@nongnu.org; Sat, 09 Apr 2016 07:44:32 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mark.cave-ayland@ilande.co.uk>) id 1aorJU-0008F2-Iq
	for qemu-devel@nongnu.org; Sat, 09 Apr 2016 07:44:31 -0400
Received: from chuckie.co.uk ([82.165.15.123]:37576
	helo=s16892447.onlinehome-server.info)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mark.cave-ayland@ilande.co.uk>) id 1aorJU-0008EE-CV
	for qemu-devel@nongnu.org; Sat, 09 Apr 2016 07:44:28 -0400
From: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Date: Sat,  9 Apr 2016 12:43:32 +0100
Message-Id: <1460202212-14946-1-git-send-email-mark.cave-ayland@ilande.co.uk>
Subject: [Qemu-devel] [PATCH for-2.6] target-sparc: fix ldstub
 sign-extension bug
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org, peter.maydell@linaro.org, rth@twiddle.net, atar4qemu@gmail.com

ldstub [addr], reg incorrectly reads a signed byte from memory which causes
problems in the 32-bit Solaris mutex code. Here the byte value being read is
0xff which is incorrectly sign-extended to 0xffffffff before being written back
to the target register causing lock detection to behave incorrectly.

This fixes the intermittent hangs and MUTEX_HELD warnings issued to the
console when running 32-bit Solaris images under qemu-system-sparc.

With thanks to Joseph Dery for providing a condensed test image to consistently
reproduce the problem on demand, and Martin Husemann for allowing me access to
real hardware for comparison.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
---
 target-sparc/translate.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target-sparc/translate.c b/target-sparc/translate.c
index 58572c3..7998ff5 100644
--- a/target-sparc/translate.c
+++ b/target-sparc/translate.c
@@ -4670,7 +4670,7 @@ static void disas_sparc_insn(DisasContext * dc, unsigned int insn)
                         TCGv r_const;
 
                         gen_address_mask(dc, cpu_addr);
-                        tcg_gen_qemu_ld8s(cpu_val, cpu_addr, dc->mem_idx);
+                        tcg_gen_qemu_ld8u(cpu_val, cpu_addr, dc->mem_idx);
                         r_const = tcg_const_tl(0xff);
                         tcg_gen_qemu_st8(r_const, cpu_addr, dc->mem_idx);
                         tcg_temp_free(r_const);
-- 
1.7.10.4