1. Patchew
  2. QEMU
  3. View series

[PATCH v1] target/loongarch: Fix qemu-loongarch64 hang when executing 'll.d $t0, $t0, 0'

Song Gao posted 1 patch 1 month, 1 week ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20240319063202.1313243-1-gaosong@loongson.cn
Maintainers: Song Gao <gaosong@loongson.cn>
There is a newer version of this series
target/loongarch/tcg/insn_trans/trans_atomic.c.inc | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
[PATCH v1] target/loongarch: Fix qemu-loongarch64 hang when executing 'll.d $t0, $t0, 0'
Posted by Song Gao 1 month, 1 week ago 
On gen_ll, if a->imm is 0, The value of t0 should be src1.

Links: https://www.openwall.com/lists/musl/2024/03/12/4

Signed-off-by: Song Gao <gaosong@loongson.cn>
---
 target/loongarch/tcg/insn_trans/trans_atomic.c.inc | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/target/loongarch/tcg/insn_trans/trans_atomic.c.inc b/target/loongarch/tcg/insn_trans/trans_atomic.c.inc
index 80c2e286fd..fab951a892 100644
--- a/target/loongarch/tcg/insn_trans/trans_atomic.c.inc
+++ b/target/loongarch/tcg/insn_trans/trans_atomic.c.inc
@@ -7,7 +7,13 @@ static bool gen_ll(DisasContext *ctx, arg_rr_i *a, MemOp mop)
 {
     TCGv dest = gpr_dst(ctx, a->rd, EXT_NONE);
     TCGv src1 = gpr_src(ctx, a->rj, EXT_NONE);
-    TCGv t0 = make_address_i(ctx, src1, a->imm);
+    TCGv t0 = tcg_temp_new();
+
+    if (a->imm) {
+        t0 = make_address_i(ctx, src1, a->imm);
+    } else {
+        tcg_gen_mov_tl(t0, src1);
+    }
 
     tcg_gen_qemu_ld_i64(dest, t0, ctx->mem_idx, mop);
     tcg_gen_st_tl(t0, tcg_env, offsetof(CPULoongArchState, lladdr));
-- 
2.25.1
Re: [PATCH v1] target/loongarch: Fix qemu-loongarch64 hang when executing 'll.d $t0, $t0, 0'
Posted by Richard Henderson 1 month, 1 week ago 
On 3/18/24 20:32, Song Gao wrote:
> On gen_ll, if a->imm is 0, The value of t0 should be src1.
> 
> Links: https://www.openwall.com/lists/musl/2024/03/12/4
> 
> Signed-off-by: Song Gao <gaosong@loongson.cn>
> ---
>   target/loongarch/tcg/insn_trans/trans_atomic.c.inc | 8 +++++++-
>   1 file changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git a/target/loongarch/tcg/insn_trans/trans_atomic.c.inc b/target/loongarch/tcg/insn_trans/trans_atomic.c.inc
> index 80c2e286fd..fab951a892 100644
> --- a/target/loongarch/tcg/insn_trans/trans_atomic.c.inc
> +++ b/target/loongarch/tcg/insn_trans/trans_atomic.c.inc
> @@ -7,7 +7,13 @@ static bool gen_ll(DisasContext *ctx, arg_rr_i *a, MemOp mop)
>   {
>       TCGv dest = gpr_dst(ctx, a->rd, EXT_NONE);
>       TCGv src1 = gpr_src(ctx, a->rj, EXT_NONE);
> -    TCGv t0 = make_address_i(ctx, src1, a->imm);
> +    TCGv t0 = tcg_temp_new();
> +
> +    if (a->imm) {
> +        t0 = make_address_i(ctx, src1, a->imm);
> +    } else {
> +        tcg_gen_mov_tl(t0, src1);
> +    }
>   
>       tcg_gen_qemu_ld_i64(dest, t0, ctx->mem_idx, mop);
>       tcg_gen_st_tl(t0, tcg_env, offsetof(CPULoongArchState, lladdr));

This is definitely wrong, since you're ignoring va32.

But I see the problem with make_address_x returning src1 when addend == NULL, because the 
load to destination may clobber src1.

I suggest always using a new destination instead:

     TCGv src1 = gpr_src(...);
     TCGv t0 = make_address_i(...);
     TCGv t1 = tcg_temp_new();

     tcg_gen_qemu_ld_i64(t1, t0, ...);
     tcg_gen_st_tl(t0, ... lladdr);
     gen_set_gpr(a->rd, t1, EXT_NONE);


r~

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.