| Message ID | 1350744508-7066-1-git-send-email-aurelien@aurel32.net |
|---|---|
| State | New |
| Headers | show |
On 2012-10-21 00:48, Aurelien Jarno wrote: > I am not sure it is the real problem, but at least the optimization of > using the destination register as a temporary is wrong when the > instruction might trigger an exception. In that case the result is > written to the destination register while it should have not. > > This reverts commit 5793f2a47e201d251856c7956d6f7907ec0d9f1f. Which insn might trigger an exception? Most OP=2 insns don't. There's divide, but that's done out-of-line, so the assignment to dst does not happen before the exception... Is this sparc64? I assume so, since I did test sparc32... r~
On Sun, Oct 21, 2012 at 08:48:52AM +1000, Richard Henderson wrote: > On 2012-10-21 00:48, Aurelien Jarno wrote: > > I am not sure it is the real problem, but at least the optimization of > > using the destination register as a temporary is wrong when the > > instruction might trigger an exception. In that case the result is > > written to the destination register while it should have not. > > > > This reverts commit 5793f2a47e201d251856c7956d6f7907ec0d9f1f. > > Which insn might trigger an exception? Most OP=2 insns don't. There's > divide, but that's done out-of-line, so the assignment to dst does not > happen before the exception... Indeed there a are a few one triggering exception, but I looked too quickly and indeed they do the assignment before. There should be another problem elsewhere as reverting this patch fixes the issue. > Is this sparc64? I assume so, since I did test sparc32... > Yes it's with a sparc64 kernel. I can reproduce the problem with both a 32 and 64-bit userland, though it happens earlier with a 32-bit userland.
diff --git a/target-sparc/translate.c b/target-sparc/translate.c index 4321393..04f3ac4 100644 --- a/target-sparc/translate.c +++ b/target-sparc/translate.c @@ -48,7 +48,7 @@ static TCGv cpu_y; #ifndef CONFIG_USER_ONLY static TCGv cpu_tbr; #endif -static TCGv cpu_cond; +static TCGv cpu_cond, cpu_dst; #ifdef TARGET_SPARC64 static TCGv_i32 cpu_xcc, cpu_asi, cpu_fprs; static TCGv cpu_gsr; @@ -2525,6 +2525,7 @@ static void disas_sparc_insn(DisasContext * dc, unsigned int insn) } opc = GET_FIELD(insn, 0, 1); + rd = GET_FIELD(insn, 2, 6); switch (opc) { @@ -2633,7 +2634,6 @@ static void disas_sparc_insn(DisasContext * dc, unsigned int insn) case 2: /* FPU & Logical Operations */ { unsigned int xop = GET_FIELD(insn, 7, 12); - TCGv cpu_dst = gen_dest_gpr(dc, rd); TCGv cpu_tmp0; if (xop == 0x3a) { /* generate trap */ @@ -5295,9 +5295,13 @@ static inline void gen_intermediate_code_internal(TranslationBlock * tb, last_pc = dc->pc; insn = cpu_ldl_code(env, dc->pc); + cpu_dst = tcg_temp_new(); + disas_sparc_insn(dc, insn); num_insns++; + tcg_temp_free(cpu_dst); + if (dc->is_br) break; /* if the next PC is different, we abort now */
Commit 5793f2a47e201d251856c7956d6f7907ec0d9f1f causes data corruption in system mode: | [....] Synthesizing the initial hotplug events...udevd[291]: timeout: killing 'net.agent' [302] | udevd[291]: 'net.agent' [302] terminated by signal 9 (Killed) | udevd[299]: timeout: killing '/sbin/modprobe -b of:NpackagesT<NULL>' [313] | udevd[301]: timeout: killing '/sbin/modprobe -b of:Nvirtual-memoryT<NULL>' [314] | udevd[300]: timeout: killing '/sbin/modprobe -b of:NmemoryTmemory' [315] | udevd[299]: '/sbin/modprobe -b of:NpackagesT<NULL>' [313] terminated by signal 9 (Killed) | udevd[301]: '/sbin/modprobe -b of:Nvirtual-memoryT<NULL>' [314] terminated by signal 9 (Killed) | udevd[300]: '/sbin/modprobe -b of:NmemoryTmemory' [315] terminated by signal 9 (Killed) | udevd[290]: timeout '/sbin/blkid -o udev -p /dev/vda1' | done. | [ ok ] Waiting for /dev to be fully populated...done. | [....] Activating swap...[ 44.814485] Adding 1048568k swap on /dev/vda2. Priority:-1 extents:1 across:1048568k | done. | [ 46.619096] EXT4-fs (vda4): re-mounted. Opts: (null) | [....] Checking root file system...fsck from util-linux 2.20.1 | e2fsck 1.42.5 (29-Jul-2012) | ext2fs_open2: The ext2 superblock is corrupt | fsck.ext4: Superblock invalid, trying backup blocks... | fsck.ext4: The ext2 superblock is corrupt while trying to open /dev/vda4 | | The superblock could not be read or does not describe a correct ext2 | filesystem. If the device is valid and it really contains an ext2 | filesystem (and not swap or ufs or something else), then the superblock | is corrupt, and you might try running e2fsck with an alternate superblock: | e2fsck -b 8193 <device> | | fsck died with exit status 8 | udevd[332]: timeout '/sbin/blkid -o udev -p /dev/vda4' I am not sure it is the real problem, but at least the optimization of using the destination register as a temporary is wrong when the instruction might trigger an exception. In that case the result is written to the destination register while it should have not. This reverts commit 5793f2a47e201d251856c7956d6f7907ec0d9f1f. Cc: Blue Swirl <blauwirbel@gmail.com> Cc: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> --- target-sparc/translate.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-)