* [Qemu-devel] [PATCH v2 for-2.9 0/2] tcg/sparc: zero extend ld/st helper args @ 2017-03-30 10:52 Peter Maydell 2017-03-30 10:52 ` [Qemu-devel] [PATCH v2 for-2.9 1/2] tcg/sparc: Zero extend data argument to store helpers Peter Maydell 2017-03-30 10:52 ` [Qemu-devel] [PATCH v2 for-2.9 2/2] tcg/sparc: Zero extend address argument to ld/st helpers Peter Maydell 0 siblings, 2 replies; 4+ messages in thread From: Peter Maydell @ 2017-03-30 10:52 UTC (permalink / raw) To: qemu-devel; +Cc: patches, Richard Henderson, Philippe Mathieu-Daudé These patches fix problems with the SPARC TCG backend code which calls the load and store helpers. Where the argument being passed to the helper is narrower than the size of the native register, the SPARC calling convention requires that we extend it to the register size, but we weren't doing that. This meant we passed the host code registers which might have garbage in the high parts, and if the host code was built with optimization this resulted in wrong behaviour. Changes v1->v2: * fix argument order to emit_extend() in 32-bit host case * switch on (op & MO_SIZE) rather than just op thanks -- PMM Peter Maydell (2): tcg/sparc: Zero extend data argument to store helpers tcg/sparc: Zero extend address argument to ld/st helpers tcg/sparc/tcg-target.inc.c | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) -- 2.7.4 ^ permalink raw reply [flat|nested] 4+ messages in thread
* [Qemu-devel] [PATCH v2 for-2.9 1/2] tcg/sparc: Zero extend data argument to store helpers 2017-03-30 10:52 [Qemu-devel] [PATCH v2 for-2.9 0/2] tcg/sparc: zero extend ld/st helper args Peter Maydell @ 2017-03-30 10:52 ` Peter Maydell 2017-03-30 17:45 ` Philippe Mathieu-Daudé 2017-03-30 10:52 ` [Qemu-devel] [PATCH v2 for-2.9 2/2] tcg/sparc: Zero extend address argument to ld/st helpers Peter Maydell 1 sibling, 1 reply; 4+ messages in thread From: Peter Maydell @ 2017-03-30 10:52 UTC (permalink / raw) To: qemu-devel; +Cc: patches, Richard Henderson, Philippe Mathieu-Daudé The C store helper functions take the data argument as a uint8_t, uint16_t, etc depending on the store size. The SPARC calling convention requires that data types smaller than the register size must be extended by the caller. We weren't doing this, which meant that if QEMU was compiled with optimizations enabled we could end up storing incorrect values to guest memory. (In particular the i386 guest BIOS would crash on startup.) Add code to the trampolines that call the store helpers to do the zero extension as required. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- v1->v2: fix incorrect argument order to emit_extend() for sparc32 codepath; switch on op & MO_SIZE rather than just op. --- tcg/sparc/tcg-target.inc.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/tcg/sparc/tcg-target.inc.c b/tcg/sparc/tcg-target.inc.c index d1f4c0d..ab34039 100644 --- a/tcg/sparc/tcg-target.inc.c +++ b/tcg/sparc/tcg-target.inc.c @@ -843,6 +843,29 @@ static void tcg_out_mb(TCGContext *s, TCGArg a0) static tcg_insn_unit *qemu_ld_trampoline[16]; static tcg_insn_unit *qemu_st_trampoline[16]; +static void emit_extend(TCGContext *s, TCGReg r, int op) +{ + /* Emit zero extend of 8, 16 or 32 bit data as + * required by the MO_* value op; do nothing for 64 bit. + */ + switch (op & MO_SIZE) { + case MO_8: + tcg_out_arithi(s, r, r, 0xff, ARITH_AND); + break; + case MO_16: + tcg_out_arithi(s, r, r, 16, SHIFT_SLL); + tcg_out_arithi(s, r, r, 16, SHIFT_SRL); + break; + case MO_32: + if (SPARC64) { + tcg_out_arith(s, r, r, 0, SHIFT_SRL); + } + break; + case MO_64: + break; + } +} + static void build_trampolines(TCGContext *s) { static void * const qemu_ld_helpers[16] = { @@ -910,6 +933,7 @@ static void build_trampolines(TCGContext *s) qemu_st_trampoline[i] = s->code_ptr; if (SPARC64) { + emit_extend(s, TCG_REG_O2, i); ra = TCG_REG_O4; } else { ra = TCG_REG_O1; @@ -925,6 +949,7 @@ static void build_trampolines(TCGContext *s) tcg_out_arithi(s, ra, ra + 1, 32, SHIFT_SRLX); ra += 2; } else { + emit_extend(s, ra, i); ra += 1; } /* Skip the oi argument. */ -- 2.7.4 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [Qemu-devel] [PATCH v2 for-2.9 1/2] tcg/sparc: Zero extend data argument to store helpers 2017-03-30 10:52 ` [Qemu-devel] [PATCH v2 for-2.9 1/2] tcg/sparc: Zero extend data argument to store helpers Peter Maydell @ 2017-03-30 17:45 ` Philippe Mathieu-Daudé 0 siblings, 0 replies; 4+ messages in thread From: Philippe Mathieu-Daudé @ 2017-03-30 17:45 UTC (permalink / raw) To: Peter Maydell; +Cc: qemu-devel, Richard Henderson, patches On 03/30/2017 07:52 AM, Peter Maydell wrote: > The C store helper functions take the data argument as a uint8_t, > uint16_t, etc depending on the store size. The SPARC calling > convention requires that data types smaller than the register > size must be extended by the caller. We weren't doing this, > which meant that if QEMU was compiled with optimizations enabled > we could end up storing incorrect values to guest memory. > (In particular the i386 guest BIOS would crash on startup.) > > Add code to the trampolines that call the store helpers to > do the zero extension as required. > > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> > --- > v1->v2: fix incorrect argument order to emit_extend() for > sparc32 codepath; switch on op & MO_SIZE rather than just op. > --- > tcg/sparc/tcg-target.inc.c | 25 +++++++++++++++++++++++++ > 1 file changed, 25 insertions(+) > > diff --git a/tcg/sparc/tcg-target.inc.c b/tcg/sparc/tcg-target.inc.c > index d1f4c0d..ab34039 100644 > --- a/tcg/sparc/tcg-target.inc.c > +++ b/tcg/sparc/tcg-target.inc.c > @@ -843,6 +843,29 @@ static void tcg_out_mb(TCGContext *s, TCGArg a0) > static tcg_insn_unit *qemu_ld_trampoline[16]; > static tcg_insn_unit *qemu_st_trampoline[16]; > > +static void emit_extend(TCGContext *s, TCGReg r, int op) > +{ > + /* Emit zero extend of 8, 16 or 32 bit data as > + * required by the MO_* value op; do nothing for 64 bit. > + */ > + switch (op & MO_SIZE) { > + case MO_8: > + tcg_out_arithi(s, r, r, 0xff, ARITH_AND); > + break; > + case MO_16: > + tcg_out_arithi(s, r, r, 16, SHIFT_SLL); > + tcg_out_arithi(s, r, r, 16, SHIFT_SRL); > + break; > + case MO_32: > + if (SPARC64) { > + tcg_out_arith(s, r, r, 0, SHIFT_SRL); > + } > + break; > + case MO_64: > + break; > + } > +} > + > static void build_trampolines(TCGContext *s) > { > static void * const qemu_ld_helpers[16] = { > @@ -910,6 +933,7 @@ static void build_trampolines(TCGContext *s) > qemu_st_trampoline[i] = s->code_ptr; > > if (SPARC64) { > + emit_extend(s, TCG_REG_O2, i); > ra = TCG_REG_O4; > } else { > ra = TCG_REG_O1; > @@ -925,6 +949,7 @@ static void build_trampolines(TCGContext *s) > tcg_out_arithi(s, ra, ra + 1, 32, SHIFT_SRLX); > ra += 2; > } else { > + emit_extend(s, ra, i); > ra += 1; > } > /* Skip the oi argument. */ > ^ permalink raw reply [flat|nested] 4+ messages in thread
* [Qemu-devel] [PATCH v2 for-2.9 2/2] tcg/sparc: Zero extend address argument to ld/st helpers 2017-03-30 10:52 [Qemu-devel] [PATCH v2 for-2.9 0/2] tcg/sparc: zero extend ld/st helper args Peter Maydell 2017-03-30 10:52 ` [Qemu-devel] [PATCH v2 for-2.9 1/2] tcg/sparc: Zero extend data argument to store helpers Peter Maydell @ 2017-03-30 10:52 ` Peter Maydell 1 sibling, 0 replies; 4+ messages in thread From: Peter Maydell @ 2017-03-30 10:52 UTC (permalink / raw) To: qemu-devel; +Cc: patches, Richard Henderson, Philippe Mathieu-Daudé The C store helper functions take the address argument as a target_ulong type; if this is 32 bit but the host is 64 bit then the SPARC calling convention requires that the caller must zero extend the value. We weren't doing this, which meant we could pass values to the caller with high bits set and QEMU would crash if it was compiled with optimizations. In particular, the i386 BIOS would not start. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- tcg/sparc/tcg-target.inc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tcg/sparc/tcg-target.inc.c b/tcg/sparc/tcg-target.inc.c index ab34039..3785d77 100644 --- a/tcg/sparc/tcg-target.inc.c +++ b/tcg/sparc/tcg-target.inc.c @@ -1144,7 +1144,7 @@ static void tcg_out_qemu_ld(TCGContext *s, TCGReg data, TCGReg addr, /* Skip the high-part; we'll perform the extract in the trampoline. */ param++; } - tcg_out_mov(s, TCG_TYPE_REG, param++, addr); + tcg_out_mov(s, TCG_TYPE_REG, param++, addrz); /* We use the helpers to extend SB and SW data, leaving the case of SL needing explicit extending below. */ @@ -1224,7 +1224,7 @@ static void tcg_out_qemu_st(TCGContext *s, TCGReg data, TCGReg addr, /* Skip the high-part; we'll perform the extract in the trampoline. */ param++; } - tcg_out_mov(s, TCG_TYPE_REG, param++, addr); + tcg_out_mov(s, TCG_TYPE_REG, param++, addrz); if (!SPARC64 && (memop & MO_SIZE) == MO_64) { /* Skip the high-part; we'll perform the extract in the trampoline. */ param++; -- 2.7.4 ^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-03-30 17:45 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2017-03-30 10:52 [Qemu-devel] [PATCH v2 for-2.9 0/2] tcg/sparc: zero extend ld/st helper args Peter Maydell 2017-03-30 10:52 ` [Qemu-devel] [PATCH v2 for-2.9 1/2] tcg/sparc: Zero extend data argument to store helpers Peter Maydell 2017-03-30 17:45 ` Philippe Mathieu-Daudé 2017-03-30 10:52 ` [Qemu-devel] [PATCH v2 for-2.9 2/2] tcg/sparc: Zero extend address argument to ld/st helpers Peter Maydell
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).