[PATCH] target/sh4: Use MO_ALIGN for system UNALIGN()

[PATCH] target/sh4: Use MO_ALIGN for system UNALIGN()

[Richard Henderson]

This should have been done before removing TARGET_ALIGNED_ONLY,
as we did for hppa and alpha.

Fixes: 8244189419f9 ("target/sh4: Remove TARGET_ALIGNED_ONLY")
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/sh4/translate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/sh4/translate.c b/target/sh4/translate.c
index bf8828fce8..70fd13aa3f 100644
--- a/target/sh4/translate.c
+++ b/target/sh4/translate.c
@@ -54,7 +54,7 @@ typedef struct DisasContext {
 #define UNALIGN(C)   (ctx->tbflags & TB_FLAG_UNALIGN ? MO_UNALN : MO_ALIGN)
 #else
 #define IS_USER(ctx) (!(ctx->tbflags & (1u << SR_MD)))
-#define UNALIGN(C)   0
+#define UNALIGN(C)   MO_ALIGN
 #endif
 
 /* Target-specific values for ctx->base.is_jmp.  */
-- 
2.43.0

Re: [PATCH] target/sh4: Use MO_ALIGN for system UNALIGN()

[Philippe Mathieu-Daudé]

On 3/5/25 23:27, Richard Henderson wrote:
> This should have been done before removing TARGET_ALIGNED_ONLY,
> as we did for hppa and alpha.
> 
> Fixes: 8244189419f9 ("target/sh4: Remove TARGET_ALIGNED_ONLY")
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
>   target/sh4/translate.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

Re: [PATCH] target/sh4: Use MO_ALIGN for system UNALIGN()

[Guenter Roeck]

Hi,

On Sat, May 03, 2025 at 02:27:08PM -0700, Richard Henderson wrote:
> This should have been done before removing TARGET_ALIGNED_ONLY,
> as we did for hppa and alpha.
> 
> Fixes: 8244189419f9 ("target/sh4: Remove TARGET_ALIGNED_ONLY")
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

When trying to run sh4 emulations with qemu 10.1.0, I get quite interesting
error messages. Bisect points to this patch, and reverting it fixes the
problem.

Guenter
---
Bisect log:

# bad: [f8b2f64e2336a28bf0d50b6ef8a7d8c013e9bcf3] Update version for the v10.1.0 release
# good: [7c949c53e936aa3a658d84ab53bae5cadaa5d59c] Update version for the v10.0.0 release
git bisect start 'v10.1.0' 'v10.0.0'
# bad: [14b5a799339d2d21826eac5ab1e98d00b1f1f89f] hpet: return errors from realize if properties are incorrect
git bisect bad 14b5a799339d2d21826eac5ab1e98d00b1f1f89f
# good: [54e54e594bc8273d210f7ff4448c165a989cbbe8] hw/i2c/imx: Always set interrupt status bit if interrupt condition occurs
git bisect good 54e54e594bc8273d210f7ff4448c165a989cbbe8
# good: [f0737158b483e7ec2b2512145aeab888b85cc1f7] Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
git bisect good f0737158b483e7ec2b2512145aeab888b85cc1f7
# bad: [e86c1f967a323165d13bcadfad4b92d0d34cdb08] hw/block: Drop unused nand.c
git bisect bad e86c1f967a323165d13bcadfad4b92d0d34cdb08
# good: [89d2a9f3f7564c9421d61153bbf7e24af95d34ee] hw/misc/aspeed_hace: Move register size to instance class and dynamically allocate regs
git bisect good 89d2a9f3f7564c9421d61153bbf7e24af95d34ee
# bad: [981f2beb161b9bcaeedc1f91ad22bff255856cb2] target: Use cpu_pointer_wrap_uint32 for 32-bit targets
git bisect bad 981f2beb161b9bcaeedc1f91ad22bff255856cb2
# good: [221d22d830eb1a96f780eec28e6a45286b85fe85] hw/arm/aspeed_ast27x0: Fix unimplemented region overlap with vbootrom
git bisect good 221d22d830eb1a96f780eec28e6a45286b85fe85
# good: [beea772666fb1bb86136042fd8ee7140a01bb36f] target/microblaze: Implement extended address load/store out of line
git bisect good beea772666fb1bb86136042fd8ee7140a01bb36f
# good: [36a9529e60e09b0d0b6b5ebad614255c97bf9322] target/microblaze: Simplify compute_ldst_addr_type{a,b}
git bisect good 36a9529e60e09b0d0b6b5ebad614255c97bf9322
# bad: [eb978e50e42f3439e7a7a104e76aafc81bc4a028] target/sh4: Use MO_ALIGN for system UNALIGN()
git bisect bad eb978e50e42f3439e7a7a104e76aafc81bc4a028
# good: [11efde54f248c2da9e164910b8b1945e78a7168e] tcg: Drop TCGContext.page_{mask,bits}
git bisect good 11efde54f248c2da9e164910b8b1945e78a7168e
# first bad commit: [eb978e50e42f3439e7a7a104e76aafc81bc4a028] target/sh4: Use MO_ALIGN for system UNALIGN()

---
Sample error log from Linux:

delay-slot-insn faulting in handle_unaligned_delayslot: 0000 [#2]
Modules linked in:

CPU: 0 UID: 0 PID: 1928 Comm: kunit_try_catch Tainted: G      D          N  6.17.0-09936-gcbf33b8e0b36 #1 NONE 
Tainted: [D]=DIE, [N]=TEST
PC is at gso_test_func+0x298/0x6b4
PR is at gso_test_func+0x23c/0x6b4
PC  : 8c5073c4 SP  : 8cfedebc SR  : 40008001 TEA : 8ecf141d
R0  : 00000000 R1  : 8ecf13f1 R2  : 8cc77c50 R3  : 00000000
R4  : 8ffd8e40 R5  : 000003e8 R6  : 00000000 R7  : 00000000
R8  : 8cc29e48 R9  : 8c73fed8 R10 : 8cc77c60 R11 : 8c7bfb60
R12 : 8ffd8e40 R13 : 8cc77c7c R14 : 00000000
MACH: 00007696 MACL: daaa5ec5 GBR : 00000000 PR  : 8c507368

Call trace:
 [<8c057258>] __pick_eevdf+0x0/0x3bc
 [<8c5c21b4>] __schedule+0x2ec/0x6ec
 [<8c5c21ce>] __schedule+0x306/0x6ec
 [<8c21f978>] kunit_try_run_case+0x58/0x174
 [<8c221d08>] kunit_generic_run_threadfn_adapter+0x0/0x24
 [<8c04a8e4>] to_kthread+0x0/0x1c
 [<8c089678>] ktime_get_ts64+0x0/0x184
 [<8c5c25ce>] schedule+0x1a/0xf8
 [<8c221d08>] kunit_generic_run_threadfn_adapter+0x0/0x24
 [<8c04a8e4>] to_kthread+0x0/0x1c
 [<8c221d18>] kunit_generic_run_threadfn_adapter+0x10/0x24
 [<8c221d08>] kunit_generic_run_threadfn_adapter+0x0/0x24
 [<8c04a8e4>] to_kthread+0x0/0x1c
 [<8c04aca8>] kthread+0xb8/0x1b4
 [<8c0241c4>] ret_from_kernel_thread+0xc/0x14
 [<8c020698>] arch_local_save_flags+0x0/0x8
 [<8c054198>] schedule_tail+0x0/0x58
 [<8c04abf0>] kthread+0x0/0x1b4

Process: kunit_try_catch (pid: 1928, stack limit = (ptrval))
Stack: (0x8cfedebc to 0x8cfee000)
dea0:                                                                8cc2c000 
dec0: 8cc2c060 8c057258 00000000 8cc77c00 00000000 8cc29d0c 8cc77c40 8c5c21b4 
dee0: 00000000 8cf03c00 8cc2c000 8cfedf10 8c5c21ce a16aaf05 8c21f978 8cc29d2c 
df00: 8c221d08 8c04a8e4 8c089678 8cf7f000 8c78310c 8cc29d0c 8cc2c428 8cc2c000 
df20: 00000021 00000000 07dc6b68 00000000 00000000 00000000 00000002 a16aaf05 
df40: 8c5c25ce 8cfedf60 8c221d08 8c04a8e4 a16aaf05 8c221d18 8c221d08 8c04a8e4 
df60: 8cc29ab0 8ecd43c0 8ecd43c0 8cc29d2c 8c04aca8 00000000 00000000 00000000 
df80: a16aaf05 8c0241c4 8cc35f1c 8c78e25c 8cc2c77c 8c020698 00000000 8cf03c00 
dfa0: 8c054198 00000000 00000000 00000000 00000000 8ecf0ae0 8c04abf0 00000000 
dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 
dfe0: 00000000 00000000 00000000 40008000 00000000 00000000 00000000 00000000 
---[ end trace 0000000000000000 ]---
    # gso_test_func: try faulted: last line seen net/core/net_test.c:170
    # gso_test_func: internal error occurred preventing test case from running: -4
        not ok 3 frags
delay-slot-insn faulting in handle_unaligned_delayslot: 0000 [#3]
Modules linked in:

CPU: 0 UID: 0 PID: 1930 Comm: kunit_try_catch Tainted: G      D          N  6.17.0-09936-gcbf33b8e0b36 #1 NONE 
Tainted: [D]=DIE, [N]=TEST
PC is at gso_test_func+0x298/0x6b4
PR is at gso_test_func+0x23c/0x6b4
PC  : 8c5073c4 SP  : 8cfedebc SR  : 40008001 TEA : 8ecf3035
R0  : 00000000 R1  : 8ecf3009 R2  : 8cc77e90 R3  : 00000000
R4  : 8ffd8e80 R5  : 000003e8 R6  : 00000000 R7  : 00000000
R8  : 8cc29e48 R9  : 8c73fed8 R10 : 8cc77ea0 R11 : 8c7bfb84
R12 : 8ffd8e80 R13 : 8cc77ebc R14 : 00000000
MACH: 00003b51 MACL: efffda09 GBR : 00000000 PR  : 8c507368

Call trace:
 [<8c057258>] __pick_eevdf+0x0/0x3bc
 [<8c5c21b4>] __schedule+0x2ec/0x6ec
 [<8c5c21ce>] __schedule+0x306/0x6ec
 [<8c21f978>] kunit_try_run_case+0x58/0x174
 [<8c221d08>] kunit_generic_run_threadfn_adapter+0x0/0x24
 [<8c04a8e4>] to_kthread+0x0/0x1c
 [<8c089678>] ktime_get_ts64+0x0/0x184
 [<8c5c25ce>] schedule+0x1a/0xf8
 [<8c221d08>] kunit_generic_run_threadfn_adapter+0x0/0x24
 [<8c04a8e4>] to_kthread+0x0/0x1c
 [<8c221d18>] kunit_generic_run_threadfn_adapter+0x10/0x24
 [<8c221d08>] kunit_generic_run_threadfn_adapter+0x0/0x24
 [<8c04a8e4>] to_kthread+0x0/0x1c
 [<8c04aca8>] kthread+0xb8/0x1b4
 [<8c0241c4>] ret_from_kernel_thread+0xc/0x14
 [<8c020698>] arch_local_save_flags+0x0/0x8
 [<8c054198>] schedule_tail+0x0/0x58
 [<8c04abf0>] kthread+0x0/0x1b4

Re: [PATCH] target/sh4: Use MO_ALIGN for system UNALIGN()

[Guenter Roeck]

On Sat, Oct 04, 2025 at 05:14:45PM -0700, Guenter Roeck wrote:
> Hi,
> 
> On Sat, May 03, 2025 at 02:27:08PM -0700, Richard Henderson wrote:
> > This should have been done before removing TARGET_ALIGNED_ONLY,
> > as we did for hppa and alpha.
> > 
> > Fixes: 8244189419f9 ("target/sh4: Remove TARGET_ALIGNED_ONLY")
> > Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> > Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
> 
> When trying to run sh4 emulations with qemu 10.1.0, I get quite interesting
> error messages. Bisect points to this patch, and reverting it fixes the
> problem.

Actually, it is worse: Commit a4027ed7d4 ("target: Use cpu_pointer_wrap_notreached
for strict align targets")  claims that "Alpha, HPPA, and SH4 always use aligned
addresses" which just is not true. At least sh4 generates an unaligned trap and
handles the problem in the trap handler. Result is

ERROR:../accel/tcg/cputlb.c:2944:cpu_pointer_wrap_notreached: code should not be reached
Bail out! ERROR:../accel/tcg/cputlb.c:2944:cpu_pointer_wrap_notreached: code should not be reached

after reverting this patch. Also, hppa64 has the same problem, meaning
the hppa64 (parisc64) emulation no longer works with qemu 10.1.

I thought I can revert a couple of patches, but the problem is too deep
for me to track down. I'll have to give up on using 10.1 for the time being.

Guenter

Re: [PATCH] target/sh4: Use MO_ALIGN for system UNALIGN()

[Richard Henderson]

On 10/5/25 08:43, Guenter Roeck wrote:
> On Sat, Oct 04, 2025 at 05:14:45PM -0700, Guenter Roeck wrote:
>> Hi,
>>
>> On Sat, May 03, 2025 at 02:27:08PM -0700, Richard Henderson wrote:
>>> This should have been done before removing TARGET_ALIGNED_ONLY,
>>> as we did for hppa and alpha.
>>>
>>> Fixes: 8244189419f9 ("target/sh4: Remove TARGET_ALIGNED_ONLY")
>>> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
>>> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
>>
>> When trying to run sh4 emulations with qemu 10.1.0, I get quite interesting
>> error messages. Bisect points to this patch, and reverting it fixes the
>> problem.
> 
> Actually, it is worse: Commit a4027ed7d4 ("target: Use cpu_pointer_wrap_notreached
> for strict align targets")  claims that "Alpha, HPPA, and SH4 always use aligned
> addresses" which just is not true. At least sh4 generates an unaligned trap and
> handles the problem in the trap handler. Result is
> 
> ERROR:../accel/tcg/cputlb.c:2944:cpu_pointer_wrap_notreached: code should not be reached
> Bail out! ERROR:../accel/tcg/cputlb.c:2944:cpu_pointer_wrap_notreached: code should not be reached

Yes, I posted a fix for this one yesterday.

https://patchew.org/QEMU/20251004192414.1404950-1-richard.henderson@linaro.org/


r~

Re: [PATCH] target/sh4: Use MO_ALIGN for system UNALIGN()

[Guenter Roeck]

On 10/5/25 11:30, Richard Henderson wrote:
> On 10/5/25 08:43, Guenter Roeck wrote:
>> On Sat, Oct 04, 2025 at 05:14:45PM -0700, Guenter Roeck wrote:
>>> Hi,
>>>
>>> On Sat, May 03, 2025 at 02:27:08PM -0700, Richard Henderson wrote:
>>>> This should have been done before removing TARGET_ALIGNED_ONLY,
>>>> as we did for hppa and alpha.
>>>>
>>>> Fixes: 8244189419f9 ("target/sh4: Remove TARGET_ALIGNED_ONLY")
>>>> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
>>>> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
>>>
>>> When trying to run sh4 emulations with qemu 10.1.0, I get quite interesting
>>> error messages. Bisect points to this patch, and reverting it fixes the
>>> problem.
>>
>> Actually, it is worse: Commit a4027ed7d4 ("target: Use cpu_pointer_wrap_notreached
>> for strict align targets")  claims that "Alpha, HPPA, and SH4 always use aligned
>> addresses" which just is not true. At least sh4 generates an unaligned trap and
>> handles the problem in the trap handler. Result is
>>
>> ERROR:../accel/tcg/cputlb.c:2944:cpu_pointer_wrap_notreached: code should not be reached
>> Bail out! ERROR:../accel/tcg/cputlb.c:2944:cpu_pointer_wrap_notreached: code should not be reached
> 
> Yes, I posted a fix for this one yesterday.
> 
> https://patchew.org/QEMU/20251004192414.1404950-1-richard.henderson@linaro.org/
> 

With the above patch applied, I still get the below backtrace when trying
to boot upstream Linux on sh4 with qemu 10.1. Reverting the MO_ALIGN patch
as well fixes the problem.

Guenter

---
ok 14 bitfields
     KTAP version 1
     # Subtest: blackholedev
     # module: blackhole_dev_kunit
     1..1
delay-slot-insn faulting in handle_unaligned_delayslot: 0000 [#1]
Modules linked in:
CPU: 0 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G                 N  6.17.0-12907-g8765f467912f #1 NONE
Tainted: [N]=TEST
PC is at test_blackholedev+0xc6/0x1c8
PR is at test_blackholedev+0xca/0x1c8
PC  : 8c228d16 SP  : 8d40bed0 SR  : 40008001 TEA : 8cce4026
R0  : 00000000 R1  : 00000000 R2  : 000000d2 R3  : 8cc77b80
R4  : 8cc77b40 R5  : 0000000e R6  : 8c228cea R7  : 8cce400e
R8  : 8cc77b40 R9  : 8cc77bbc R10 : 8cc77bbe R11 : 8c4b46b0
R12 : 8c78310c R13 : 8cc29cf4 R14 : 8c6e3a88
MACH: 0000d80d MACL: e554cb0f GBR : 00000000 PR  : 8c228d1a
Call trace:
  [<8c05b378>] pick_next_task_fair+0x94/0x164
  [<8c5c2bce>] __schedule+0x306/0x6ec
  [<8c21fa68>] kunit_try_run_case+0x58/0x174
  [<8c221df8>] kunit_generic_run_threadfn_adapter+0x0/0x24
  [<8c04a8e4>] to_kthread+0x0/0x1c
  [<8c0896a8>] ktime_get_ts64+0x0/0x184
  [<8c5c2fce>] schedule+0x1a/0xf8
  [<8c221df8>] kunit_generic_run_threadfn_adapter+0x0/0x24
  [<8c04a8e4>] to_kthread+0x0/0x1c
  [<8c221e08>] kunit_generic_run_threadfn_adapter+0x10/0x24
  [<8c221df8>] kunit_generic_run_threadfn_adapter+0x0/0x24
  [<8c04a8e4>] to_kthread+0x0/0x1c
  [<8c04aca8>] kthread+0xb8/0x1b4
  [<8c0241c4>] ret_from_kernel_thread+0xc/0x14
  [<8c020698>] arch_local_save_flags+0x0/0x8
  [<8c054198>] schedule_tail+0x0/0x58
  [<8c04abf0>] kthread+0x0/0x1b4
Process: kunit_try_catch (pid: 298, stack limit = (ptrval))
Stack: (0x8d40bed0 to 0x8d40c000)
bec0:                                     8c05b378 8d40bf10 00000000 8cc29bb8
bee0: 00000000 8cf03c00 8cc2c000 8d40bf10 8c5c2bce bbc23be9 8c21fa68 8cc29bd8
bf00: 8c221df8 8c04a8e4 8c0896a8 8cf27cc0 8c78310c 8cc29bb8 8cc2c428 8cc2c000
bf20: 00000007 00000000 364df8f1 00000000 00000000 00000000 00000002 bbc23be9
bf40: 8c5c2fce 8d40bf60 8c221df8 8c04a8e4 bbc23be9 8c221e08 8c221df8 8c04a8e4
bf60: 8cc29ab0 8cf843c0 8cf843c0 8cc29bd8 8c04aca8 00000000 00000000 00000000
bf80: bbc23be9 8c0241c4 8cc35f1c 8c78e25c 8cc2c77c 8c020698 00000000 8cf03c00
bfa0: 8c054198 00000000 00000000 00000000 00000000 8cf88080 8c04abf0 00000000
bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
bfe0: 00000000 00000000 00000000 40008000 00000000 00000000 00000000 00000000
---[ end trace 0000000000000000 ]---
     # test_blackholedev: try faulted: last line seen lib/tests/blackhole_dev_kunit.c:35
     # test_blackholedev: internal error occurred preventing test case from running: -4
     # test_blackholedev: pass:0 fail:1 skip:0 total:1