[Qemu-devel] [PULL 0/3] ppc-for-2.6 queue 20160418

[Qemu-devel] [PULL 0/3] ppc-for-2.6 queue 20160418

[David Gibson]

The following changes since commit c7b45f12828c1ba7105dbc029c63d7de68eaa91c:

  Merge remote-tracking branch 'remotes/armbru/tags/pull-backends-2016-04-15' into staging (2016-04-15 17:43:34 +0100)

are available in the git repository at:

  git://github.com/dgibson/qemu.git tags/ppc-for-2.6-20160418

for you to fetch changes up to aa378598fea819b15c00d48048bedfa0dc631132:

  ppc: Fix migration of the XER register (2016-04-18 15:14:38 +1000)

----------------------------------------------------------------
ppc patch queue for 2-16-04-18

Three bugfixe patches for 2.6 here.
* Two for bad implementation of some of the strong load/store
  instructions

* One for bad migration of the XER register.  This is a regression
  from 2.5, cause by a change in the way we represent at XER during
  runtime.

----------------------------------------------------------------
Thomas Huth (3):
      ppc: Fix the range check in the LSWI instruction
      ppc: Fix the bad exception NIP value and the range check in LSWX
      ppc: Fix migration of the XER register

 target-ppc/cpu.h        | 10 ++++++++++
 target-ppc/machine.c    |  2 +-
 target-ppc/mem_helper.c |  5 +++--
 target-ppc/translate.c  |  6 ++----
 4 files changed, 16 insertions(+), 7 deletions(-)

[Qemu-devel] [PULL 1/3] ppc: Fix the range check in the LSWI instruction

[David Gibson]

From: Thomas Huth <thuth@redhat.com>

There are two issues: First, the number of registers that are used has
to be calculated with "(nb + 3) / 4" (i.e. round always up, not down).
Second, the "start <= ra && (start + nr - 32) > ra" condition for the
wrap-around case is wrong: It has to be tested with "||" instead of "&&".
Since we can reuse this check later for the LSWX instruction, let's
place the fixed code into a helper function, too.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 target-ppc/cpu.h       | 10 ++++++++++
 target-ppc/translate.c |  6 ++----
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/target-ppc/cpu.h b/target-ppc/cpu.h
index 9d4e43c..5282533 100644
--- a/target-ppc/cpu.h
+++ b/target-ppc/cpu.h
@@ -2415,6 +2415,16 @@ static inline bool msr_is_64bit(CPUPPCState *env, target_ulong msr)
     return msr & (1ULL << MSR_SF);
 }
 
+/**
+ * Check whether register rx is in the range between start and
+ * start + nregs (as needed by the LSWX and LSWI instructions)
+ */
+static inline bool lsw_reg_in_range(int start, int nregs, int rx)
+{
+    return (start + nregs <= 32 && rx >= start && rx < start + nregs) ||
+           (start + nregs > 32 && (rx >= start || rx < start + nregs - 32));
+}
+
 extern void (*cpu_ppc_hypercall)(PowerPCCPU *);
 
 #include "exec/exec-all.h"
diff --git a/target-ppc/translate.c b/target-ppc/translate.c
index 6f0e7b4..b3860ec 100644
--- a/target-ppc/translate.c
+++ b/target-ppc/translate.c
@@ -3227,10 +3227,8 @@ static void gen_lswi(DisasContext *ctx)
 
     if (nb == 0)
         nb = 32;
-    nr = nb / 4;
-    if (unlikely(((start + nr) > 32  &&
-                  start <= ra && (start + nr - 32) > ra) ||
-                 ((start + nr) <= 32 && start <= ra && (start + nr) > ra))) {
+    nr = (nb + 3) / 4;
+    if (unlikely(lsw_reg_in_range(start, nr, ra))) {
         gen_inval_exception(ctx, POWERPC_EXCP_INVAL_LSWX);
         return;
     }
-- 
2.5.5

[Qemu-devel] [PULL 2/3] ppc: Fix the bad exception NIP value and the range check in LSWX

[David Gibson]

From: Thomas Huth <thuth@redhat.com>

The range checks in the LSWX instruction are completely insufficient:
They do not take the wrap-around case into account, and the check
"reg < rx" should be "reg <= rx" instead. Fix it by using the new
lsw_reg_in_range() helper function that is already used for LSWI, too.

Then there is a second problem: In case the INVAL exception is generated,
the NIP value is wrong, it currently points to the instruction before
the LSWX instruction. This is because gen_lswx() already decreases the
NIP value by 4 (to be prepared for page fault exceptions), and
powerpc_excp() later decreases it again by 4 while handling the program
exception. So to get this right, we've got to undo the "- 4" from
gen_lswx() here before calling helper_raise_exception_err().

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 target-ppc/mem_helper.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/target-ppc/mem_helper.c b/target-ppc/mem_helper.c
index 581d9fa..6d584c9 100644
--- a/target-ppc/mem_helper.c
+++ b/target-ppc/mem_helper.c
@@ -102,8 +102,9 @@ void helper_lswx(CPUPPCState *env, target_ulong addr, uint32_t reg,
 {
     if (likely(xer_bc != 0)) {
         int num_used_regs = (xer_bc + 3) / 4;
-        if (unlikely((ra != 0 && reg < ra && (reg + num_used_regs) > ra) ||
-                     (reg < rb && (reg + num_used_regs) > rb))) {
+        if (unlikely((ra != 0 && lsw_reg_in_range(reg, num_used_regs, ra)) ||
+                     lsw_reg_in_range(reg, num_used_regs, rb))) {
+            env->nip += 4;     /* Compensate the "nip - 4" from gen_lswx() */
             helper_raise_exception_err(env, POWERPC_EXCP_PROGRAM,
                                        POWERPC_EXCP_INVAL |
                                        POWERPC_EXCP_INVAL_LSWX);
-- 
2.5.5

[Qemu-devel] [PULL 3/3] ppc: Fix migration of the XER register

[David Gibson]

From: Thomas Huth <thuth@redhat.com>

env->xer only holds the lower bits of the XER register nowadays, the
SO, OV and CA bits are stored in separate variables (see the function
cpu_write_xer() for details). Since the migration code currently only
reads the "xer" variable, the upper bits are lost during migration.
Fix it by using cpu_read_xer() instead.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 target-ppc/machine.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target-ppc/machine.c b/target-ppc/machine.c
index 692121e..46684fb 100644
--- a/target-ppc/machine.c
+++ b/target-ppc/machine.c
@@ -136,7 +136,7 @@ static void cpu_pre_save(void *opaque)
 
     env->spr[SPR_LR] = env->lr;
     env->spr[SPR_CTR] = env->ctr;
-    env->spr[SPR_XER] = env->xer;
+    env->spr[SPR_XER] = cpu_read_xer(env);
 #if defined(TARGET_PPC64)
     env->spr[SPR_CFAR] = env->cfar;
 #endif
-- 
2.5.5

Re: [Qemu-devel] [PULL 0/3] ppc-for-2.6 queue 20160418

[Peter Maydell]

On 18 April 2016 at 06:17, David Gibson <david@gibson.dropbear.id.au> wrote:
> The following changes since commit c7b45f12828c1ba7105dbc029c63d7de68eaa91c:
>
>   Merge remote-tracking branch 'remotes/armbru/tags/pull-backends-2016-04-15' into staging (2016-04-15 17:43:34 +0100)
>
> are available in the git repository at:
>
>   git://github.com/dgibson/qemu.git tags/ppc-for-2.6-20160418
>
> for you to fetch changes up to aa378598fea819b15c00d48048bedfa0dc631132:
>
>   ppc: Fix migration of the XER register (2016-04-18 15:14:38 +1000)
>
> ----------------------------------------------------------------
> ppc patch queue for 2-16-04-18
>
> Three bugfixe patches for 2.6 here.
> * Two for bad implementation of some of the strong load/store
>   instructions
>
> * One for bad migration of the XER register.  This is a regression
>   from 2.5, cause by a change in the way we represent at XER during
>   runtime.

Applied, thanks.

-- PMM