[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] ee0d0b: target-s390x: fix CC computation for
|
From: |
GitHub |
|
Subject: |
[Qemu-commits] [qemu/qemu] ee0d0b: target-s390x: fix CC computation for EX instructio... |
|
Date: |
Fri, 05 Jun 2015 05:30:07 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: ee0d0be16819896cc6c8018cbe171a632b61489c
https://github.com/qemu/qemu/commit/ee0d0be16819896cc6c8018cbe171a632b61489c
Author: Aurelien Jarno <address@hidden>
Date: 2015-06-05 (Fri, 05 Jun 2015)
Changed paths:
M target-s390x/translate.c
Log Message:
-----------
target-s390x: fix CC computation for EX instruction
Commit 7a6c7067f optimized CC computation by only saving cc_op before
calling helpers as they either don't touch the CC or generate a new
static value. This however doesn't work for the EX instruction as the
helper changes or not the CC value depending on the actual executed
instruction (e.g. MVC vs CLC).
This patches force a CC computation before calling the helper. This
fixes random memory corruption occuring in guests.
Signed-off-by: Aurelien Jarno <address@hidden>
[agraf: remove set_cc_static in op_ex as suggested by rth]
Signed-off-by: Alexander Graf <address@hidden>
Commit: 2aaa1940684a3bf2b381fd2a8ff26c287a05109d
https://github.com/qemu/qemu/commit/2aaa1940684a3bf2b381fd2a8ff26c287a05109d
Author: Aurelien Jarno <address@hidden>
Date: 2015-06-05 (Fri, 05 Jun 2015)
Changed paths:
M target-s390x/cc_helper.c
Log Message:
-----------
target-s390x: fix CC computation for LOAD POSITIVE instructions
LOAD POSITIVE instructions (LPR, LPGR and LPGFR) set the following
condition code:
0: Result zero; no overflow
1: --
2: Result greater than zero; no overflow
3: Overflow
The current code wrongly returns 1 instead of 2 in case of a result
greater than 0. This patches fixes that. This fixes the marshalling of
the value '0L' in Python.
Signed-off-by: Aurelien Jarno <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
Commit: d30107814c8d02f1896bd57249aef1b5aaed38c9
https://github.com/qemu/qemu/commit/d30107814c8d02f1896bd57249aef1b5aaed38c9
Author: Aurelien Jarno <address@hidden>
Date: 2015-06-05 (Fri, 05 Jun 2015)
Changed paths:
M target-s390x/helper.h
M target-s390x/int_helper.c
M target-s390x/translate.c
Log Message:
-----------
target-s390x: optimize (negative-) abs computation
Now that movcond exists, it's easy to write (negative-) absolute value
using TCG code instead of an helper.
Signed-off-by: Aurelien Jarno <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
Commit: a91a1b20a23424412a3e7bb184422ec30ae64453
https://github.com/qemu/qemu/commit/a91a1b20a23424412a3e7bb184422ec30ae64453
Author: Aurelien Jarno <address@hidden>
Date: 2015-06-05 (Fri, 05 Jun 2015)
Changed paths:
M target-s390x/helper.h
M target-s390x/int_helper.c
Log Message:
-----------
target-s390x: remove unused helpers
Signed-off-by: Aurelien Jarno <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
Commit: 9cb32c442e11d16b747fa07e29dd29b5d8227b57
https://github.com/qemu/qemu/commit/9cb32c442e11d16b747fa07e29dd29b5d8227b57
Author: Aurelien Jarno <address@hidden>
Date: 2015-06-05 (Fri, 05 Jun 2015)
Changed paths:
M target-s390x/cpu.h
M target-s390x/misc_helper.c
Log Message:
-----------
target-s390x: add a tod2time function
Add a tod2time function similar to the time2tod one, instead of open
coding the conversion.
Signed-off-by: Aurelien Jarno <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
Commit: c941f07485e56e4b2653048e166b720428307acb
https://github.com/qemu/qemu/commit/c941f07485e56e4b2653048e166b720428307acb
Author: Aurelien Jarno <address@hidden>
Date: 2015-06-05 (Fri, 05 Jun 2015)
Changed paths:
M target-s390x/misc_helper.c
Log Message:
-----------
target-s390x: simplify SCKC helper
The clock comparator and the QEMU timer work the same way, triggering
at a given time, they just differ by the origin and the scale. It is
therefore possible to go from one to another without using the current
clock value. This spares two calls to qemu_clock_get_ns, which probably
return slightly different values, possibly reducing the accuracy.
Signed-off-by: Aurelien Jarno <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
Commit: d9d55f1108f45c866098731d95fef88409ff1e94
https://github.com/qemu/qemu/commit/d9d55f1108f45c866098731d95fef88409ff1e94
Author: Aurelien Jarno <address@hidden>
Date: 2015-06-05 (Fri, 05 Jun 2015)
Changed paths:
M target-s390x/misc_helper.c
Log Message:
-----------
target-s390x: streamline STCK helper
Now that clock_value is only used in one place, we can inline it in
the STCK helper.
Signed-off-by: Aurelien Jarno <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
Commit: aa9e14e684506e8ddf02bd5cff720520827bf244
https://github.com/qemu/qemu/commit/aa9e14e684506e8ddf02bd5cff720520827bf244
Author: Aurelien Jarno <address@hidden>
Date: 2015-06-05 (Fri, 05 Jun 2015)
Changed paths:
M target-s390x/misc_helper.c
Log Message:
-----------
target-s390x: implement STCKC helper
The STCKC instruction just returns the last written clock comparator
value and KVM already provides the corresponding variable.
Signed-off-by: Aurelien Jarno <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
Commit: b8ae94bd398ff772f40fb232887ecbcbd244c3d4
https://github.com/qemu/qemu/commit/b8ae94bd398ff772f40fb232887ecbcbd244c3d4
Author: Aurelien Jarno <address@hidden>
Date: 2015-06-05 (Fri, 05 Jun 2015)
Changed paths:
M target-s390x/misc_helper.c
Log Message:
-----------
target-s390x: implement STPT helper
Save the timer target value in the SPT helper, so that the STPT helper
can compute the remaining time.
This allow the Linux kernel to correctly do time accounting.
Signed-off-by: Aurelien Jarno <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
Commit: aa752a4afc2a4b7ede58a960a9d553b3fd9e6882
https://github.com/qemu/qemu/commit/aa752a4afc2a4b7ede58a960a9d553b3fd9e6882
Author: Aurelien Jarno <address@hidden>
Date: 2015-06-05 (Fri, 05 Jun 2015)
Changed paths:
M target-s390x/translate.c
Log Message:
-----------
target-s390x: fix LOAD MULTIPLE instruction on page boundary
When consecutive memory locations are on page boundary a page fault
might occur when using the LOAD MULTIPLE instruction. In that case real
hardware doesn't load any register.
This is an important detail in case the base register is in the list
of registers to be loaded. If a page fault occurs this register might be
overwritten and when the instruction is later restarted the wrong
base register value is useD.
Fix this by first loading the first and last value from memory, hence
triggering all possible page faults, and then the remaining registers.
This fixes random segmentation faults seen in the guest.
Signed-off-by: Aurelien Jarno <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
Commit: 9bebf9863bd16cc824231ad71959a338dc1819ac
https://github.com/qemu/qemu/commit/9bebf9863bd16cc824231ad71959a338dc1819ac
Author: Aurelien Jarno <address@hidden>
Date: 2015-06-05 (Fri, 05 Jun 2015)
Changed paths:
M target-s390x/misc_helper.c
Log Message:
-----------
target-s390x: fix PSW value on dynamical exception from helpers
runtime_exception computes the psw.addr value using the actual exception
address and the instruction length computed by calling the get_ilen
function. However as explained above the get_ilen code, it returns the
actual instruction length, and not the ILC. Therefore there is no need to
multiply the value by 2.
Signed-off-by: Aurelien Jarno <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
Commit: 1f65958d9c21fd3b461f6b645e7884866313c1f3
https://github.com/qemu/qemu/commit/1f65958d9c21fd3b461f6b645e7884866313c1f3
Author: Aurelien Jarno <address@hidden>
Date: 2015-06-05 (Fri, 05 Jun 2015)
Changed paths:
M target-s390x/cpu.h
Log Message:
-----------
target-s390x: fix MMU index computation
The cpu_mmu_index function wrongly looks at PSW P bit to determine the
MMU index, while this bit actually only control the use of priviledge
instructions. The addressing mode is detected by looking at the PSW ASC
bits instead.
This used to work more or less correctly up to kernel 3.6 as the kernel
was running in primary space and userland in secondary space. Since
kernel 3.7 the default is to run the kernel in home space and userland
in primary space. While the current QEMU code seems to work it open some
security issues, like accessing the lowcore memory in R/W mode from a
userspace process once it has been accessed by the kernel (it is then
cached by the QEMU TLB).
At the same time change the MMU_USER_IDX value so that it matches the
value used in recent kernels.
Signed-off-by: Aurelien Jarno <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
Commit: 2daea9c16ffe61377b6e5426d9c52014bf538df3
https://github.com/qemu/qemu/commit/2daea9c16ffe61377b6e5426d9c52014bf538df3
Author: Aurelien Jarno <address@hidden>
Date: 2015-06-05 (Fri, 05 Jun 2015)
Changed paths:
M fpu/softfloat-specialize.h
Log Message:
-----------
target-s390x: define default NaN values
Signed-off-by: Aurelien Jarno <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
Commit: f821135cdd4df09b1362666ddfbdfd162b905b1f
https://github.com/qemu/qemu/commit/f821135cdd4df09b1362666ddfbdfd162b905b1f
Author: Aurelien Jarno <address@hidden>
Date: 2015-06-05 (Fri, 05 Jun 2015)
Changed paths:
M target-s390x/fpu_helper.c
Log Message:
-----------
target-s390x: silence NaNs for LOAD LENGTHENED and LOAD ROUNDED
LOAD LENGTHENED and LOAD ROUNDED are considered as FP operations and
thus need to convert input sNaN into corresponding qNaN.
Signed-off-by: Aurelien Jarno <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
Commit: 4a33565f9f46145d8cc701ab623b18bf423c469e
https://github.com/qemu/qemu/commit/4a33565f9f46145d8cc701ab623b18bf423c469e
Author: Aurelien Jarno <address@hidden>
Date: 2015-06-05 (Fri, 05 Jun 2015)
Changed paths:
M target-s390x/cpu.c
Log Message:
-----------
target-s390x: detect tininess before rounding for FP operations
The s390x floating point unit detects tininess before rounding, so set
the softfloat fp_status up appropriately.
Signed-off-by: Aurelien Jarno <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
Commit: 92892330e78ffca7bebf03f4f7161c5bbd6602d2
https://github.com/qemu/qemu/commit/92892330e78ffca7bebf03f4f7161c5bbd6602d2
Author: Aurelien Jarno <address@hidden>
Date: 2015-06-05 (Fri, 05 Jun 2015)
Changed paths:
M target-s390x/insn-data.def
Log Message:
-----------
target-s390x: move a few instructions to the correct facility
LY is part of the long-displacement facility.
RISBHG and RISBLG are part of the high-word facility.
STCMH is part of the z/Architecture.
Signed-off-by: Aurelien Jarno <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
Commit: a1c7610a68795d66249c25166220324d4d0b9289
https://github.com/qemu/qemu/commit/a1c7610a68795d66249c25166220324d4d0b9289
Author: Aurelien Jarno <address@hidden>
Date: 2015-06-05 (Fri, 05 Jun 2015)
Changed paths:
M target-s390x/insn-data.def
M target-s390x/translate.c
Log Message:
-----------
target-s390x: implement LAY and LAEY instructions
This complete the general-instructions-extension facility, enable it.
Signed-off-by: Aurelien Jarno <address@hidden>
[agraf: remove facility bit]
Signed-off-by: Alexander Graf <address@hidden>
Commit: 111d7f4a69751d333bac32526cd252add6b071d3
https://github.com/qemu/qemu/commit/111d7f4a69751d333bac32526cd252add6b071d3
Author: Aurelien Jarno <address@hidden>
Date: 2015-06-05 (Fri, 05 Jun 2015)
Changed paths:
M target-s390x/translate.c
Log Message:
-----------
target-s390x: fix exception for invalid operation code
When an operation code is not recognized (ie invalid instruction) an
operation exception should be generated instead of a specification
exception. The latter is for valid opcode, with invalid operands or
modifiers.
This give a very basic GDB support in the guest, as it uses the invalid
opcode 0x0001 to generate a trap.
Reviewed-by: Richard Henderson <address@hidden>
Signed-off-by: Aurelien Jarno <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
Commit: 1dedb9b76f061c8da730002f6c21a1fa2b76b106
https://github.com/qemu/qemu/commit/1dedb9b76f061c8da730002f6c21a1fa2b76b106
Author: Aurelien Jarno <address@hidden>
Date: 2015-06-05 (Fri, 05 Jun 2015)
Changed paths:
M target-s390x/insn-data.def
Log Message:
-----------
target-s390x: fix CLGIT instruction
The COMPARE LOGICAL IMMEDIATE AND TRAP instruction should compare the
numbers as unsigned, as its name implies.
Reviewed-by: Richard Henderson <address@hidden>
Signed-off-by: Aurelien Jarno <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
Commit: 74266b4a5837b46477034a39acc2be3a3afba431
https://github.com/qemu/qemu/commit/74266b4a5837b46477034a39acc2be3a3afba431
Author: Aurelien Jarno <address@hidden>
Date: 2015-06-05 (Fri, 05 Jun 2015)
Changed paths:
M target-s390x/insn-data.def
Log Message:
-----------
target-s390x: change CHRL and CGHRL format to RIL-b
Change to match the PoP. In practice both format RIL-a and RIL-b have
the same fields. They differ on the way we decode the fields, and it's
done correctly in QEMU.
Reviewed-by: Richard Henderson <address@hidden>
Signed-off-by: Aurelien Jarno <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
Commit: f7c2114067cc32eb8d8f79b7374a641ec5f4eb72
https://github.com/qemu/qemu/commit/f7c2114067cc32eb8d8f79b7374a641ec5f4eb72
Author: Aurelien Jarno <address@hidden>
Date: 2015-06-05 (Fri, 05 Jun 2015)
Changed paths:
M target-s390x/insn-data.def
Log Message:
-----------
target-s390x: move STORE CLOCK FAST to the correct facility
STORE CLOCK FAST should be in the SCF facility.
Reviewed-by: Richard Henderson <address@hidden>
Signed-off-by: Aurelien Jarno <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
Commit: 9182886d797a20925d801a3378ca5330c0d91dfb
https://github.com/qemu/qemu/commit/9182886d797a20925d801a3378ca5330c0d91dfb
Author: Aurelien Jarno <address@hidden>
Date: 2015-06-05 (Fri, 05 Jun 2015)
Changed paths:
M target-s390x/insn-data.def
Log Message:
-----------
target-s390x: move SET DFP ROUNDING MODE to the correct facility
It belongs to the DFP rounding facility.
Reviewed-by: Richard Henderson <address@hidden>
Signed-off-by: Aurelien Jarno <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
Commit: ed0bcecec105137567f461e5b57834e72c851855
https://github.com/qemu/qemu/commit/ed0bcecec105137567f461e5b57834e72c851855
Author: Aurelien Jarno <address@hidden>
Date: 2015-06-05 (Fri, 05 Jun 2015)
Changed paths:
M target-s390x/fpu_helper.c
M target-s390x/helper.h
M target-s390x/insn-data.def
M target-s390x/translate.c
Log Message:
-----------
target-s390x: implement LOAD FP INTEGER instructions
This is needed to pass the gcc.c-torture/execute/ieee/20010114-2.c test
in the gcc testsuite.
Signed-off-by: Aurelien Jarno <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
Commit: 54f007750978ffbb98ce933077e0d1741e0202b0
https://github.com/qemu/qemu/commit/54f007750978ffbb98ce933077e0d1741e0202b0
Author: Aurelien Jarno <address@hidden>
Date: 2015-06-05 (Fri, 05 Jun 2015)
Changed paths:
M target-s390x/helper.h
M target-s390x/insn-data.def
M target-s390x/mem_helper.c
M target-s390x/translate.c
Log Message:
-----------
target-s390x: implement TRANSLATE AND TEST instruction
It is part of the basic zArchitecture instructions. Allow it to be call
from EXECUTE.
Reviewed-by: Richard Henderson <address@hidden>
Signed-off-by: Aurelien Jarno <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
Commit: 3f4de6756cd87b508b37c7ffa93f7b827832c4eb
https://github.com/qemu/qemu/commit/3f4de6756cd87b508b37c7ffa93f7b827832c4eb
Author: Aurelien Jarno <address@hidden>
Date: 2015-06-05 (Fri, 05 Jun 2015)
Changed paths:
M target-s390x/helper.h
M target-s390x/insn-data.def
M target-s390x/mem_helper.c
M target-s390x/translate.c
Log Message:
-----------
target-s390x: implement TRANSLATE EXTENDED instruction
It is part of the basic zArchitecture instructions.
Signed-off-by: Aurelien Jarno <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
Commit: df46283ce7be962002a30140a91ffbb56832cc2d
https://github.com/qemu/qemu/commit/df46283ce7be962002a30140a91ffbb56832cc2d
Author: Aurelien Jarno <address@hidden>
Date: 2015-06-05 (Fri, 05 Jun 2015)
Changed paths:
M target-s390x/insn-data.def
Log Message:
-----------
target-s390x: implement LPDFR and LNDFR instructions
This complete the floating point support sign handling facility.
Reviewed-by: Richard Henderson <address@hidden>
Signed-off-by: Aurelien Jarno <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
Commit: 375ee58bedcda359011fe7fa99e0647f66f9ffa0
https://github.com/qemu/qemu/commit/375ee58bedcda359011fe7fa99e0647f66f9ffa0
Author: Aurelien Jarno <address@hidden>
Date: 2015-06-05 (Fri, 05 Jun 2015)
Changed paths:
M target-s390x/insn-data.def
M target-s390x/translate.c
Log Message:
-----------
target-s390x: implement miscellaneous-instruction-extensions facility
RISBGN is the same as RISBG, but without setting the condition code.
CLT and CLGT are the same as CLRT and CLGRT, but using memory for the
second operand.
Reviewed-by: Richard Henderson <address@hidden>
Signed-off-by: Aurelien Jarno <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
Commit: 782a8479522f8e4a596f968e4acad5c10b77e061
https://github.com/qemu/qemu/commit/782a8479522f8e4a596f968e4acad5c10b77e061
Author: Aurelien Jarno <address@hidden>
Date: 2015-06-05 (Fri, 05 Jun 2015)
Changed paths:
M target-s390x/insn-data.def
M target-s390x/translate.c
Log Message:
-----------
target-s390x: implement load-and-trap facility
At the same time move the trap code from op_ct into gen_trap and use it
for all new functions. The value needs to be stored back to register
before the exception, but also before the brcond (as we don't use
temp locals). That's why we can't use wout helper.
Reviewed-by: Richard Henderson <address@hidden>
Signed-off-by: Aurelien Jarno <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
Commit: a1f12d855b6ec79a640fa6a74d12884f1646ecfe
https://github.com/qemu/qemu/commit/a1f12d855b6ec79a640fa6a74d12884f1646ecfe
Author: Aurelien Jarno <address@hidden>
Date: 2015-06-05 (Fri, 05 Jun 2015)
Changed paths:
M target-s390x/insn-data.def
M target-s390x/translate.c
Log Message:
-----------
target-s390x: implement high-word facility
Besides RISBHG and RISBLG, all high-word instructions are not
implemented. Fix that.
Reviewed-by: Richard Henderson <address@hidden>
Signed-off-by: Aurelien Jarno <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
Commit: 4decd76d71d6972a59bf0a16d0dea0c83490d001
https://github.com/qemu/qemu/commit/4decd76d71d6972a59bf0a16d0dea0c83490d001
Author: Aurelien Jarno <address@hidden>
Date: 2015-06-05 (Fri, 05 Jun 2015)
Changed paths:
M target-s390x/cpu.h
Log Message:
-----------
target-s390x: add a cpu_mmu_idx_to_asc function
Use constants to define the MMU indexes, and add a function to do
the reverse conversion of cpu_mmu_index.
Signed-off-by: Aurelien Jarno <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
Commit: c255ac601231e8c53007e10d640722ac58eb77cc
https://github.com/qemu/qemu/commit/c255ac601231e8c53007e10d640722ac58eb77cc
Author: Aurelien Jarno <address@hidden>
Date: 2015-06-05 (Fri, 05 Jun 2015)
Changed paths:
M target-s390x/helper.c
Log Message:
-----------
target-s390x: support non current ASC in s390_cpu_handle_mmu_fault
s390_cpu_handle_mmu_fault currently looks at the current ASC mode
defined in PSW mask instead of the MMU index. This prevent emulating
easily instructions using a specific ASC mode. Fix that by using the
MMU index converted back to ASC using the just added cpu_mmu_idx_to_asc
function.
Signed-off-by: Aurelien Jarno <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
Commit: a3084e8055067b3fe8ed653a609021d2ab368564
https://github.com/qemu/qemu/commit/a3084e8055067b3fe8ed653a609021d2ab368564
Author: Aurelien Jarno <address@hidden>
Date: 2015-06-05 (Fri, 05 Jun 2015)
Changed paths:
M target-s390x/mem_helper.c
Log Message:
-----------
target-s390x: use softmmu functions for mvcp/mvcs
mvcp and mvcs helper get access to the physical memory by a call to
mmu_translate for the virtual to real conversion and then using ldb_phys
and stb_phys to physically access the data. In practice this is quite
slow because it bypasses the QEMU softmmu TLB and because stb_phys calls
try to invalidate the corresponding memory for each access.
Instead use cpu_ldb_{primary,secondary} for the loads and
cpu_stb_{primary,secondary} for the stores. Ideally this should be
further optimized by a call to memcpy, but that already improves the
boot time of a guest by a factor 1.8.
Signed-off-by: Aurelien Jarno <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
Commit: 068593deea6cc61b06243a33c7fcfadb1650b654
https://github.com/qemu/qemu/commit/068593deea6cc61b06243a33c7fcfadb1650b654
Author: Aurelien Jarno <address@hidden>
Date: 2015-06-05 (Fri, 05 Jun 2015)
Changed paths:
M target-s390x/mem_helper.c
Log Message:
-----------
target-s390x: fix MVC instruction when areas overlap
The MVC instruction and the memmove C funtion do not have the same
semantic when memory areas overlap:
MVC: When the operands overlap, the result is obtained as if the
operands were processed one byte at a time and each result byte were
stored immediately after fetching the necessary operand byte.
memmove: Copying takes place as though the bytes in src are first copied
into a temporary array that does not overlap src or dest, and the bytes
are then copied from the temporary array to dest.
The behaviour is therefore the same when the destination is at a lower
address than the source, but not in the other case. This is actually a
trick for propagating a value to an area. While the current code detects
that and call memset in that case, it only does for 1-byte value. This
trick can and is used for propagating two or more bytes to an area.
In the softmmu case, the call to mvc_fast_memmove is correct as the
above tests verify that source and destination are each within a page,
and both in a different page. The part doing the move 8 bytes by 8 bytes
is wrong and we need to check that if the source and destination
overlap, they do with a distance of minimum 8 bytes before copying 8
bytes at a time.
In the user code, we should check check that the destination is at a
lower address than source or than the end of the source is at a lower
address than the destination before calling memmove. In the opposite
case we fallback to the same code as the softmmu one. Note that l
represents (length - 1).
Signed-off-by: Aurelien Jarno <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
Commit: 9814fed0afa73f5c37f04e02ec17c915a5d59303
https://github.com/qemu/qemu/commit/9814fed0afa73f5c37f04e02ec17c915a5d59303
Author: Alexander Graf <address@hidden>
Date: 2015-06-05 (Fri, 05 Jun 2015)
Changed paths:
M target-s390x/mmu_helper.c
Log Message:
-----------
target-s390x: Only access allocated storage keys
We allocate ram_size / PAGE_SIZE storage keys, so we need to make sure that
we only access that many. Unfortunately the code can overrun this array by
one, potentially overwriting unrelated memory.
Fix it by limiting storage keys to their scope.
Signed-off-by: Alexander Graf <address@hidden>
Reviewed-by: Aurelien Jarno <address@hidden>
Commit: 00967f4e0bab246679d0ddc32fd31a7179345baf
https://github.com/qemu/qemu/commit/00967f4e0bab246679d0ddc32fd31a7179345baf
Author: Peter Maydell <address@hidden>
Date: 2015-06-05 (Fri, 05 Jun 2015)
Changed paths:
M fpu/softfloat-specialize.h
M target-s390x/cc_helper.c
M target-s390x/cpu.c
M target-s390x/cpu.h
M target-s390x/fpu_helper.c
M target-s390x/helper.c
M target-s390x/helper.h
M target-s390x/insn-data.def
M target-s390x/int_helper.c
M target-s390x/mem_helper.c
M target-s390x/misc_helper.c
M target-s390x/mmu_helper.c
M target-s390x/translate.c
Log Message:
-----------
Merge remote-tracking branch 'remotes/agraf/tags/signed-s390-for-upstream'
into staging
Patch queue for s390 - 2015-06-05
This time there are a lot of s390x TCG emulation bug fixes - almost all
of them from Aurelien, who returned from nirvana :).
# gpg: Signature made Fri Jun 5 00:39:27 2015 BST using RSA key ID 03FEDC60
# gpg: Good signature from "Alexander Graf <address@hidden>"
# gpg: aka "Alexander Graf <address@hidden>"
* remotes/agraf/tags/signed-s390-for-upstream: (34 commits)
target-s390x: Only access allocated storage keys
target-s390x: fix MVC instruction when areas overlap
target-s390x: use softmmu functions for mvcp/mvcs
target-s390x: support non current ASC in s390_cpu_handle_mmu_fault
target-s390x: add a cpu_mmu_idx_to_asc function
target-s390x: implement high-word facility
target-s390x: implement load-and-trap facility
target-s390x: implement miscellaneous-instruction-extensions facility
target-s390x: implement LPDFR and LNDFR instructions
target-s390x: implement TRANSLATE EXTENDED instruction
target-s390x: implement TRANSLATE AND TEST instruction
target-s390x: implement LOAD FP INTEGER instructions
target-s390x: move SET DFP ROUNDING MODE to the correct facility
target-s390x: move STORE CLOCK FAST to the correct facility
target-s390x: change CHRL and CGHRL format to RIL-b
target-s390x: fix CLGIT instruction
target-s390x: fix exception for invalid operation code
target-s390x: implement LAY and LAEY instructions
target-s390x: move a few instructions to the correct facility
target-s390x: detect tininess before rounding for FP operations
...
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/d6688ba17b93...00967f4e0bab
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] ee0d0b: target-s390x: fix CC computation for EX instructio...,
GitHub <=