* [Qemu-devel] [PATCH v1] target-s390x: fix risbg handling
@ 2017-06-22 23:12 David Hildenbrand
2017-06-25 22:19 ` Aurelien Jarno
0 siblings, 1 reply; 4+ messages in thread
From: David Hildenbrand @ 2017-06-22 23:12 UTC (permalink / raw)
To: qemu-devel; +Cc: rth, agraf, Aurelien Jarno, thuth, david
If we have for example: r3 contains 0x00000000ffffffff
ec 33 3f bf 61 55 risbg %r3,%r3,63,191,97
We want to rotate 33 to the left and only keep MSB bit 63 of that. So the
result is then exactly 1 (we're reading the sign of the 32 bit value).
Current code assumes that we can do that via an extract, which is not
true (at least not that easy) and produces a 0.
Let's just get rid of this special handling.
Signed-off-by: David Hildenbrand <david@redhat.com>
---
This effectively allows to start a linux kernel, compiled for z10 using
the qemu model under tcg (with other patches currently on the list):
qemu-system-s390x ... -cpu qemu,mvcos=on,stfle=on,ldisp=on,ldisphp=on, \
eimm=on,stckf=on,csst=on,csst2=on,ginste=on, \
exrl=on ...
I found this by compiling the kvm-unit-tests for z10 and noticing
elementary selftests failing. The kernel would trigger weird
BUG_ONs very early while starting up, which basically gave not really
many hints of what was actually going wrong.
target/s390x/translate.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index 188ab8b..81419dd 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -3450,12 +3450,6 @@ static ExitStatus op_risbg(DisasContext *s, DisasOps *o)
pos += 32;
}
- /* In some cases we can implement this with extract. */
- if (imask == 0 && pos == 0 && len > 0 && rot + len <= 64) {
- tcg_gen_extract_i64(o->out, o->in2, rot, len);
- return NO_EXIT;
- }
-
/* In some cases we can implement this with deposit. */
if (len > 0 && (imask == 0 || ~mask == imask)) {
/* Note that we rotate the bits to be inserted to the lsb, not to
--
2.9.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [Qemu-devel] [PATCH v1] target-s390x: fix risbg handling
2017-06-22 23:12 [Qemu-devel] [PATCH v1] target-s390x: fix risbg handling David Hildenbrand
@ 2017-06-25 22:19 ` Aurelien Jarno
2017-07-01 20:27 ` Richard Henderson
0 siblings, 1 reply; 4+ messages in thread
From: Aurelien Jarno @ 2017-06-25 22:19 UTC (permalink / raw)
To: David Hildenbrand; +Cc: qemu-devel, rth, agraf, thuth
On 2017-06-23 01:12, David Hildenbrand wrote:
> If we have for example: r3 contains 0x00000000ffffffff
> ec 33 3f bf 61 55 risbg %r3,%r3,63,191,97
>
> We want to rotate 33 to the left and only keep MSB bit 63 of that. So the
> result is then exactly 1 (we're reading the sign of the 32 bit value).
>
> Current code assumes that we can do that via an extract, which is not
> true (at least not that easy) and produces a 0.
I think the mistake there is that the rotation is done to the left,
while in extract the "shift" is done to the right. The following patch
should be enough:
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -3441,8 +3441,8 @@ static ExitStatus op_risbg(DisasContext *s, DisasOps *o)
}
/* In some cases we can implement this with extract. */
- if (imask == 0 && pos == 0 && len > 0 && rot + len <= 64) {
- tcg_gen_extract_i64(o->out, o->in2, rot, len);
+ if (imask == 0 && pos == 0 && len > 0 && rot - len >= 0) {
+ tcg_gen_extract_i64(o->out, o->in2, 64 - rot, len);
return NO_EXIT;
> Let's just get rid of this special handling.
>
> Signed-off-by: David Hildenbrand <david@redhat.com>
> ---
>
> This effectively allows to start a linux kernel, compiled for z10 using
> the qemu model under tcg (with other patches currently on the list):
>
> qemu-system-s390x ... -cpu qemu,mvcos=on,stfle=on,ldisp=on,ldisphp=on, \
> eimm=on,stckf=on,csst=on,csst2=on,ginste=on, \
> exrl=on ...
>
> I found this by compiling the kvm-unit-tests for z10 and noticing
> elementary selftests failing. The kernel would trigger weird
> BUG_ONs very early while starting up, which basically gave not really
> many hints of what was actually going wrong.
>
> target/s390x/translate.c | 6 ------
> 1 file changed, 6 deletions(-)
But the patch is also correct.
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
--
Aurelien Jarno GPG: 4096R/1DDD8C9B
aurelien@aurel32.net http://www.aurel32.net
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Qemu-devel] [PATCH v1] target-s390x: fix risbg handling
2017-06-25 22:19 ` Aurelien Jarno
@ 2017-07-01 20:27 ` Richard Henderson
2017-07-03 9:08 ` David Hildenbrand
0 siblings, 1 reply; 4+ messages in thread
From: Richard Henderson @ 2017-07-01 20:27 UTC (permalink / raw)
To: Aurelien Jarno, David Hildenbrand; +Cc: agraf, thuth, qemu-devel
On 06/25/2017 03:19 PM, Aurelien Jarno wrote:
> On 2017-06-23 01:12, David Hildenbrand wrote:
>> If we have for example: r3 contains 0x00000000ffffffff
>> ec 33 3f bf 61 55 risbg %r3,%r3,63,191,97
>>
>> We want to rotate 33 to the left and only keep MSB bit 63 of that. So the
>> result is then exactly 1 (we're reading the sign of the 32 bit value).
>>
>> Current code assumes that we can do that via an extract, which is not
>> true (at least not that easy) and produces a 0.
>
> I think the mistake there is that the rotation is done to the left,
> while in extract the "shift" is done to the right. The following patch
> should be enough:
>
> --- a/target/s390x/translate.c
> +++ b/target/s390x/translate.c
> @@ -3441,8 +3441,8 @@ static ExitStatus op_risbg(DisasContext *s, DisasOps *o)
> }
>
> /* In some cases we can implement this with extract. */
> - if (imask == 0 && pos == 0 && len > 0 && rot + len <= 64) {
> - tcg_gen_extract_i64(o->out, o->in2, rot, len);
> + if (imask == 0 && pos == 0 && len > 0 && rot - len >= 0) {
> + tcg_gen_extract_i64(o->out, o->in2, 64 - rot, len);
> return NO_EXIT;
Agreed. Included.
r~
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Qemu-devel] [PATCH v1] target-s390x: fix risbg handling
2017-07-01 20:27 ` Richard Henderson
@ 2017-07-03 9:08 ` David Hildenbrand
0 siblings, 0 replies; 4+ messages in thread
From: David Hildenbrand @ 2017-07-03 9:08 UTC (permalink / raw)
To: Richard Henderson, Aurelien Jarno; +Cc: agraf, thuth, qemu-devel
On 01.07.2017 22:27, Richard Henderson wrote:
> On 06/25/2017 03:19 PM, Aurelien Jarno wrote:
>> On 2017-06-23 01:12, David Hildenbrand wrote:
>>> If we have for example: r3 contains 0x00000000ffffffff
>>> ec 33 3f bf 61 55 risbg %r3,%r3,63,191,97
>>>
>>> We want to rotate 33 to the left and only keep MSB bit 63 of that. So the
>>> result is then exactly 1 (we're reading the sign of the 32 bit value).
>>>
>>> Current code assumes that we can do that via an extract, which is not
>>> true (at least not that easy) and produces a 0.
>>
>> I think the mistake there is that the rotation is done to the left,
>> while in extract the "shift" is done to the right. The following patch
>> should be enough:
>>
>> --- a/target/s390x/translate.c
>> +++ b/target/s390x/translate.c
>> @@ -3441,8 +3441,8 @@ static ExitStatus op_risbg(DisasContext *s, DisasOps *o)
>> }
>>
>> /* In some cases we can implement this with extract. */
>> - if (imask == 0 && pos == 0 && len > 0 && rot + len <= 64) {
>> - tcg_gen_extract_i64(o->out, o->in2, rot, len);
>> + if (imask == 0 && pos == 0 && len > 0 && rot - len >= 0) {
>> + tcg_gen_extract_i64(o->out, o->in2, 64 - rot, len);
>> return NO_EXIT;
>
> Agreed. Included.
>
>
> r~
>
Was able to test it with your version and it works just fine!
Thanks!
--
Thanks,
David
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-07-03 9:08 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-06-22 23:12 [Qemu-devel] [PATCH v1] target-s390x: fix risbg handling David Hildenbrand
2017-06-25 22:19 ` Aurelien Jarno
2017-07-01 20:27 ` Richard Henderson
2017-07-03 9:08 ` David Hildenbrand
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).