[PULL 6/6] target/arm: Don't use DISAS_NORETURN in STXP !HAVE_CMPXCHG128 codegen

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PULL 6/6] target/arm: Don't use DISAS_NORETURN in STXP !HAVE_CMPXCHG128 codegen
Date: Fri,  1 Apr 2022 16:00:55 +0100	[thread overview]
Message-ID: <20220401150055.421608-7-peter.maydell@linaro.org> (raw)
In-Reply-To: <20220401150055.421608-1-peter.maydell@linaro.org>

In gen_store_exclusive(), if the host does not have a cmpxchg128
primitive then we generate bad code for STXP for storing two 64-bit
values.  We generate a call to the exit_atomic helper, which never
returns, and set is_jmp to DISAS_NORETURN.  However, this is
forgetting that we have already emitted a brcond that jumps over this
call for the case where we don't hold the exclusive.  The effect is
that we don't generate any code to end the TB for the
exclusive-not-held execution path, which falls into the "exit with
TB_EXIT_REQUESTED" code that gen_tb_end() emits.  This then causes an
assert at runtime when cpu_loop_exec_tb() sees an EXIT_REQUESTED TB
return that wasn't for an interrupt or icount.

In particular, you can hit this case when using the clang sanitizers
and trying to run the xlnx-versal-virt acceptance test in 'make
check-acceptance'.  This bug was masked until commit 848126d11e93ff
("meson: move int128 checks from configure") because we used to set
CONFIG_CMPXCHG128=1 and avoid the buggy codepath, but after that we
do not.

Fix the bug by not setting is_jmp.  The code after the exit_atomic
call up to the fail_label is dead, but TCG is smart enough to
eliminate it.  We do need to set 'tmp' to some valid value, though
(in the same way the exit_atomic-using code in tcg/tcg-op.c does).

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/953
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220331150858.96348-1-peter.maydell@linaro.org
---
 target/arm/translate-a64.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index d1a59fad9c2..9333d7be41a 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -2470,7 +2470,12 @@ static void gen_store_exclusive(DisasContext *s, int rd, int rt, int rt2,
         } else if (tb_cflags(s->base.tb) & CF_PARALLEL) {
             if (!HAVE_CMPXCHG128) {
                 gen_helper_exit_atomic(cpu_env);
-                s->base.is_jmp = DISAS_NORETURN;
+                /*
+                 * Produce a result so we have a well-formed opcode
+                 * stream when the following (dead) code uses 'tmp'.
+                 * TCG will remove the dead ops for us.
+                 */
+                tcg_gen_movi_i64(tmp, 0);
             } else if (s->be_data == MO_LE) {
                 gen_helper_paired_cmpxchg64_le_parallel(tmp, cpu_env,
                                                         cpu_exclusive_addr,
-- 
2.25.1

next prev parent reply	other threads:[~2022-04-01 15:07 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-04-01 15:00 [PULL 0/6] target-arm queue Peter Maydell
2022-04-01 15:00 ` [PULL 1/6] target/arm: Fix MTE access checks for disabled SEL2 Peter Maydell
2022-04-01 15:00 ` [PULL 2/6] target/arm: Check VSTCR.SW when assigning the stage 2 output PA space Peter Maydell
2022-04-01 15:00 ` [PULL 3/6] target/arm: Take VSTCR.SW, VTCR.NSW into account in final stage 2 walk Peter Maydell
2022-04-01 15:00 ` [PULL 4/6] target/arm: Determine final stage 2 output PA space based on original IPA Peter Maydell
2022-04-01 15:00 ` [PULL 5/6] MAINTAINERS: change Fred Konrad's email address Peter Maydell
2022-04-01 15:00 ` Peter Maydell [this message]
2022-04-02  8:35 ` [PULL 0/6] target-arm queue Peter Maydell

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:d1a59fad9c dfblob:9333d7be41 )
 OR (
bs:"[PULL 6/6] target/arm: Don't use DISAS_NORETURN in STXP !HAVE_CMPXCHG128 codegen" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220401150055.421608-7-peter.maydell@linaro.org \
    --to=peter.maydell@linaro.org \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).