diff mbox

target-s390x: fix CC computation for EX instruction

Message ID 1431818883-14944-1-git-send-email-aurelien@aurel32.net
State New
Headers show

Commit Message

Aurelien Jarno May 16, 2015, 11:28 p.m. UTC 
Commit 7a6c7067f optimized CC computation by only saving cc_op before
calling helpers as they either don't touch the CC or generate a new
static value. This however doesn't work for the EX instruction as the
helper changes or not the CC value depending on the actual executed
instruction (e.g. MVC vs CLC).

This patches force a CC computation before calling the helper. This
fixes random memory corruption occuring in guests.

Cc: Richard Henderson <rth@twiddle.net>
Cc: Alexander Graf <agraf@suse.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
---
 target-s390x/translate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Alexander Graf May 18, 2015, 1:18 p.m. UTC | #1 
On 05/17/2015 01:28 AM, Aurelien Jarno wrote:
> Commit 7a6c7067f optimized CC computation by only saving cc_op before
> calling helpers as they either don't touch the CC or generate a new
> static value. This however doesn't work for the EX instruction as the
> helper changes or not the CC value depending on the actual executed
> instruction (e.g. MVC vs CLC).
>
> This patches force a CC computation before calling the helper. This
> fixes random memory corruption occuring in guests.
>
> Cc: Richard Henderson <rth@twiddle.net>
> Cc: Alexander Graf <agraf@suse.de>
> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

Sounds plausible to me, though I'm surprised I didn't run into this 
myself yet.

Richard?


Alex

> ---
>   target-s390x/translate.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/target-s390x/translate.c b/target-s390x/translate.c
> index 80e3a54..10522df 100644
> --- a/target-s390x/translate.c
> +++ b/target-s390x/translate.c
> @@ -2095,7 +2095,7 @@ static ExitStatus op_ex(DisasContext *s, DisasOps *o)
>       TCGv_i64 tmp;
>   
>       update_psw_addr(s);
> -    update_cc_op(s);
> +    gen_op_calc_cc(s);
>   
>       tmp = tcg_const_i64(s->next_pc);
>       gen_helper_ex(cc_op, cpu_env, cc_op, o->in1, o->in2, tmp);
Richard Henderson May 18, 2015, 3:35 p.m. UTC | #2 
On 05/16/2015 04:28 PM, Aurelien Jarno wrote:
> Commit 7a6c7067f optimized CC computation by only saving cc_op before
> calling helpers as they either don't touch the CC or generate a new
> static value. This however doesn't work for the EX instruction as the
> helper changes or not the CC value depending on the actual executed
> instruction (e.g. MVC vs CLC).
> 
> This patches force a CC computation before calling the helper. This
> fixes random memory corruption occuring in guests.
> 
> Cc: Richard Henderson <rth@twiddle.net>
> Cc: Alexander Graf <agraf@suse.de>
> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
> ---
>  target-s390x/translate.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/target-s390x/translate.c b/target-s390x/translate.c
> index 80e3a54..10522df 100644
> --- a/target-s390x/translate.c
> +++ b/target-s390x/translate.c
> @@ -2095,7 +2095,7 @@ static ExitStatus op_ex(DisasContext *s, DisasOps *o)
>      TCGv_i64 tmp;
>  
>      update_psw_addr(s);
> -    update_cc_op(s);
> +    gen_op_calc_cc(s);
>  
>      tmp = tcg_const_i64(s->next_pc);
>      gen_helper_ex(cc_op, cpu_env, cc_op, o->in1, o->in2, tmp);

I agree this is a bug, and the right fix.

You can also remove the set_cc_static at the end of op_ex, since that's done by
gen_op_calc_cc.


r~
Alexander Graf May 18, 2015, 5:07 p.m. UTC | #3 
On 05/18/2015 05:35 PM, Richard Henderson wrote:
> On 05/16/2015 04:28 PM, Aurelien Jarno wrote:
>> Commit 7a6c7067f optimized CC computation by only saving cc_op before
>> calling helpers as they either don't touch the CC or generate a new
>> static value. This however doesn't work for the EX instruction as the
>> helper changes or not the CC value depending on the actual executed
>> instruction (e.g. MVC vs CLC).
>>
>> This patches force a CC computation before calling the helper. This
>> fixes random memory corruption occuring in guests.
>>
>> Cc: Richard Henderson <rth@twiddle.net>
>> Cc: Alexander Graf <agraf@suse.de>
>> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
>> ---
>>   target-s390x/translate.c | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/target-s390x/translate.c b/target-s390x/translate.c
>> index 80e3a54..10522df 100644
>> --- a/target-s390x/translate.c
>> +++ b/target-s390x/translate.c
>> @@ -2095,7 +2095,7 @@ static ExitStatus op_ex(DisasContext *s, DisasOps *o)
>>       TCGv_i64 tmp;
>>   
>>       update_psw_addr(s);
>> -    update_cc_op(s);
>> +    gen_op_calc_cc(s);
>>   
>>       tmp = tcg_const_i64(s->next_pc);
>>       gen_helper_ex(cc_op, cpu_env, cc_op, o->in1, o->in2, tmp);
> I agree this is a bug, and the right fix.
>
> You can also remove the set_cc_static at the end of op_ex, since that's done by
> gen_op_calc_cc.

Thanks, I applied the patch and did the change to remove set_cc_static 
from op_ex locally.


Alex
Aurelien Jarno May 18, 2015, 5:32 p.m. UTC | #4 
On 2015-05-18 19:07, Alexander Graf wrote:
> On 05/18/2015 05:35 PM, Richard Henderson wrote:
> >On 05/16/2015 04:28 PM, Aurelien Jarno wrote:
> >>Commit 7a6c7067f optimized CC computation by only saving cc_op before
> >>calling helpers as they either don't touch the CC or generate a new
> >>static value. This however doesn't work for the EX instruction as the
> >>helper changes or not the CC value depending on the actual executed
> >>instruction (e.g. MVC vs CLC).
> >>
> >>This patches force a CC computation before calling the helper. This
> >>fixes random memory corruption occuring in guests.
> >>
> >>Cc: Richard Henderson <rth@twiddle.net>
> >>Cc: Alexander Graf <agraf@suse.de>
> >>Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
> >>---
> >>  target-s390x/translate.c | 2 +-
> >>  1 file changed, 1 insertion(+), 1 deletion(-)
> >>
> >>diff --git a/target-s390x/translate.c b/target-s390x/translate.c
> >>index 80e3a54..10522df 100644
> >>--- a/target-s390x/translate.c
> >>+++ b/target-s390x/translate.c
> >>@@ -2095,7 +2095,7 @@ static ExitStatus op_ex(DisasContext *s, DisasOps *o)
> >>      TCGv_i64 tmp;
> >>      update_psw_addr(s);
> >>-    update_cc_op(s);
> >>+    gen_op_calc_cc(s);
> >>      tmp = tcg_const_i64(s->next_pc);
> >>      gen_helper_ex(cc_op, cpu_env, cc_op, o->in1, o->in2, tmp);
> >I agree this is a bug, and the right fix.
> >
> >You can also remove the set_cc_static at the end of op_ex, since that's done by
> >gen_op_calc_cc.
> 
> Thanks, I applied the patch and did the change to remove set_cc_static from
> op_ex locally.

Thanks!

Aurelien
diff mbox

Patch

diff --git a/target-s390x/translate.c b/target-s390x/translate.c
index 80e3a54..10522df 100644
--- a/target-s390x/translate.c
+++ b/target-s390x/translate.c
@@ -2095,7 +2095,7 @@  static ExitStatus op_ex(DisasContext *s, DisasOps *o)
     TCGv_i64 tmp;
 
     update_psw_addr(s);
-    update_cc_op(s);
+    gen_op_calc_cc(s);
 
     tmp = tcg_const_i64(s->next_pc);
     gen_helper_ex(cc_op, cpu_env, cc_op, o->in1, o->in2, tmp);