From patchwork Tue May 30 13:12:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicholas Piggin X-Patchwork-Id: 1787513 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20221208 header.b=Ahl0bdQo; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4QVtB50f9cz20Py for ; Tue, 30 May 2023 23:13:17 +1000 (AEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1q3z9S-0004tt-6l; Tue, 30 May 2023 09:12:38 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q3z9I-0004MH-N0; Tue, 30 May 2023 09:12:29 -0400 Received: from mail-pf1-x42b.google.com ([2607:f8b0:4864:20::42b]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1q3z9G-0004QQ-GL; Tue, 30 May 2023 09:12:27 -0400 Received: by mail-pf1-x42b.google.com with SMTP id d2e1a72fcca58-64f47448aeaso3206888b3a.0; Tue, 30 May 2023 06:12:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1685452344; x=1688044344; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=R6Fe9x97hEqw5QBCZS01HGEHoTDqD1DWVgjBpUt1stg=; b=Ahl0bdQoHOnXR8idb6cSSkNsdyfUeD9OGp6NYugSnMBDHpOx94qvVeMfiiKKytHrX4 B6DuLPRTqBjv0lSN3aCshQfrK35Co6RiiR2QT4lHqW3WZaf1z/epbBt8iSn6wx9h1Jie jwH5NhnPWey+XQi85ylh+qqvJnqgZSTQjhOYc8byBrzHQBvpk2z/wF81m9j+QdwY0Srh miBxZncgO9C0o75Z8WZrocgCq+t9ebe+q/7QAL07VsVNkoLXbSeg1EjJgaFcHCxR+1IC ebVHbXwqYg7w8xj5MxhDgCfigVc2HI0tO2UQtqxsRwqzrwIcQVxY/C6v8Ejpc8k903dz G9IA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685452344; x=1688044344; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=R6Fe9x97hEqw5QBCZS01HGEHoTDqD1DWVgjBpUt1stg=; b=bSWtApt82DO0x42zZU+2TueR83f0Fs8Qhgv3AnAjKrSiC4VjOUut82ac+m1rQJXk0q n+otQMcmvGT3E7U2fwTTzuTP4NTAlhGdvdFHOQJpEbyRSCOtvd7HOcH9YgGohFf9ZuHv NykNDP3/65OdRlVtL9FCjf/0UoDkpZZq1SEeS3CBQSxKZxVSQK4crOp5BFlxxzGtMSmt 1QnWpi2hMefTeTyT10ps3ey6j9haaMo9czKGAx1hkuEFY3l6hwYYdeHM8WB5e2LJstL3 pwgmhkqvxbHv0vSnWSFNPXCRYUp3E19NoP4SRUpuF3iE5Oe8HlTpzaoklsvQZdVeXm2d suKg== X-Gm-Message-State: AC+VfDwHhPNLbxpdXvGrb6fry3+u+BtQRtSnNIBy2e9f2e8VQHZIlJ3x gyxDELKBjWY1eL/SqvuuucxA4mP2PfI= X-Google-Smtp-Source: ACHHUZ4COggjRiGZqgbJY3Yqw0Tud/IRFBCLtEQ7E7Lnn07Om+YhiA57MvrZVqfc7HQF+EUdvRAPWQ== X-Received: by 2002:a05:6a21:32a2:b0:10d:12a8:c95b with SMTP id yt34-20020a056a2132a200b0010d12a8c95bmr2822640pzb.0.1685452343677; Tue, 30 May 2023 06:12:23 -0700 (PDT) Received: from wheely.local0.net ([203.221.142.9]) by smtp.gmail.com with ESMTPSA id b23-20020a6567d7000000b0050a0227a4bcsm7904796pgs.57.2023.05.30.06.12.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 May 2023 06:12:23 -0700 (PDT) From: Nicholas Piggin To: qemu-ppc@nongnu.org Cc: Nicholas Piggin , qemu-devel@nongnu.org, Daniel Henrique Barboza , sdicaro@DDCI.com Subject: [PATCH v1 1/2] target/ppc: Fix decrementer time underflow and infinite timer loop Date: Tue, 30 May 2023 23:12:12 +1000 Message-Id: <20230530131214.373524-1-npiggin@gmail.com> X-Mailer: git-send-email 2.40.1 MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::42b; envelope-from=npiggin@gmail.com; helo=mail-pf1-x42b.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org It is possible to store a very large value to the decrementer that it does not raise the decrementer exception so the timer is scheduled, but the next time value wraps and is treated as in the past. This can occur if (u64)-1 is stored on a zero-triggered exception, or (u64)-1 is stored twice on an underflow-triggered exception, for example. If such a value is set in DECAR, it gets stored to the decrementer by the timer function, which then immediately causes another timer, which hangs QEMU. Clamp the decrementer to the implemented width, and use that as the value for the timer calculation, effectively preventing this overflow. Reported-by: sdicaro@DDCI.com Signed-off-by: Nicholas Piggin Reviewed-by: Daniel Henrique Barboza --- sdicaro@DDCI.com debugged and reported this, I just changed their fix to extract variable bits so it works with large decrementer. So most of the credit goes to them. Thanks, Nick hw/ppc/ppc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hw/ppc/ppc.c b/hw/ppc/ppc.c index 4e816c68c7..d80b0adc6c 100644 --- a/hw/ppc/ppc.c +++ b/hw/ppc/ppc.c @@ -798,6 +798,8 @@ static void __cpu_ppc_store_decr(PowerPCCPU *cpu, uint64_t *nextp, int64_t signed_decr; /* Truncate value to decr_width and sign extend for simplicity */ + value = extract64(value, 0, nr_bits); + decr = extract64(decr, 0, nr_bits); signed_value = sextract64(value, 0, nr_bits); signed_decr = sextract64(decr, 0, nr_bits); From patchwork Tue May 30 13:12:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicholas Piggin X-Patchwork-Id: 1787512 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20221208 header.b=pP8Y1jF2; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4QVt9V5LGgz20Py for ; Tue, 30 May 2023 23:12:46 +1000 (AEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1q3z9S-0004to-3K; Tue, 30 May 2023 09:12:38 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q3z9L-0004Rj-9U; Tue, 30 May 2023 09:12:31 -0400 Received: from mail-pf1-x42d.google.com ([2607:f8b0:4864:20::42d]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1q3z9J-0004Qz-Lz; Tue, 30 May 2023 09:12:31 -0400 Received: by mail-pf1-x42d.google.com with SMTP id d2e1a72fcca58-64d41763796so3237067b3a.2; Tue, 30 May 2023 06:12:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1685452347; x=1688044347; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=HZk9HFHylUBGQNTOU+ahJjareCkgZMqckVE8wTORKio=; b=pP8Y1jF2I762XP70tIquZFBVpgD2laaf3CYALGiDIJtrd2+usoKpAi4x9EZdU+6Ylw WvE3VktQ50ZjDT651gn4Ib8EjUooJe+oGu0Pu3TFi4/pMF01zije1SVPQ6e8VjNBNC1l JpXVT20fvGPv+n9WifNTa2pKfBFeq9Njn2sFlThlgXL5A1l32QJLmT1X5YqATibbATO8 BuRAtiM7tHP/rdExfqfjjjzUdGlOWq23Dd7DhnpP+GSQTuYIA1pw1pnFogp/CAG+0Ymi 2zoEWjhRy8ZUud/MRtutpKX2edQX4wSYjIyamjlLv3PGYQfMnfSQ8uBLk9qlyp55BNgU Ve6Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685452347; x=1688044347; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=HZk9HFHylUBGQNTOU+ahJjareCkgZMqckVE8wTORKio=; b=l+VdsaCvposRQ64OxizaGFGMua943Kdb0fFuhGp48HGt6HdD74nAtTTTgoWnlciVOY yYI/W6Im3TXiW3vAY9LRsALpWCf2FsYDaA3wSJxl9f2lG2HnARaEyo4gd/GXpow8MOLE zX+Nd1KSCU2PyimDOt1oMwOKzl4itRg5SSREqffZaRzkuZYAcVvgb9RPlq8+9sQjMSaB zi4hLUFrA5pHgV0q/AgYmafwUwLBhn4K4ZeaWpXe4bwbLwipLGhkFyGDDZYKzxI6SZKW VuoOZhAoeCj7mDTbjt8XvI6YOgGlaqGg0+PpOcQpL254BShLglsXPHo9qyXJdXeI51nD hlNA== X-Gm-Message-State: AC+VfDz1THFCLehrzKIPcqAwfzsoZBPbmKqPl+Ev4C0tliF1IqfLxaSO Shi70mrmh2UIENSj8wB7sHgVNDtiklI= X-Google-Smtp-Source: ACHHUZ7KjYHEZVtQkZREa4Kkh2u+MDaO1n3U17FtFUtKfBjfQCZn0orZl0HmEFCv+L26YSYSXnsxLQ== X-Received: by 2002:a05:6a21:99a7:b0:105:53:998 with SMTP id ve39-20020a056a2199a700b0010500530998mr2762904pzb.12.1685452347270; Tue, 30 May 2023 06:12:27 -0700 (PDT) Received: from wheely.local0.net ([203.221.142.9]) by smtp.gmail.com with ESMTPSA id b23-20020a6567d7000000b0050a0227a4bcsm7904796pgs.57.2023.05.30.06.12.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 May 2023 06:12:26 -0700 (PDT) From: Nicholas Piggin To: qemu-ppc@nongnu.org Cc: Nicholas Piggin , qemu-devel@nongnu.org, Daniel Henrique Barboza , sdicaro@DDCI.com Subject: [PATCH v1 2/2] target/ppc: Decrementer fix BookE semantics Date: Tue, 30 May 2023 23:12:13 +1000 Message-Id: <20230530131214.373524-2-npiggin@gmail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230530131214.373524-1-npiggin@gmail.com> References: <20230530131214.373524-1-npiggin@gmail.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::42d; envelope-from=npiggin@gmail.com; helo=mail-pf1-x42d.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org The decrementer store function has logic that short-cuts the timer if a very small value is stored (0, 1, or 2) and raises an interrupt directly. There are two problem with this on BookE. First is that BookE says a decrementer interrupt should not be raised on a store of 0, only of a decrement from 1. Second is that raising the irq directly will bypass the auto-reload logic in the booke decr timer function, breaking autoreload when 1 or 2 is stored. Fix this by removing that small-value special case. It makes this tricky logic even more difficult to reason about, and it hardly matters for performance. Cc: sdicaro@DDCI.com Signed-off-by: Nicholas Piggin Reviewed-by: Daniel Henrique Barboza --- These were some booke decrementer corner case issues I saw, probably a little less important than the first patch so could go later. Thanks, Nick hw/ppc/ppc.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/hw/ppc/ppc.c b/hw/ppc/ppc.c index d80b0adc6c..1b1220c423 100644 --- a/hw/ppc/ppc.c +++ b/hw/ppc/ppc.c @@ -811,11 +811,7 @@ static void __cpu_ppc_store_decr(PowerPCCPU *cpu, uint64_t *nextp, } /* - * Going from 2 -> 1, 1 -> 0 or 0 -> -1 is the event to generate a DEC - * interrupt. - * - * If we get a really small DEC value, we can assume that by the time we - * handled it we should inject an interrupt already. + * Going from 1 -> 0 or 0 -> -1 is the event to generate a DEC interrupt. * * On MSB level based DEC implementations the MSB always means the interrupt * is pending, so raise it on those. @@ -823,8 +819,7 @@ static void __cpu_ppc_store_decr(PowerPCCPU *cpu, uint64_t *nextp, * On MSB edge based DEC implementations the MSB going from 0 -> 1 triggers * an edge interrupt, so raise it here too. */ - if ((value < 3) || - ((tb_env->flags & PPC_DECR_UNDERFLOW_LEVEL) && signed_value < 0) || + if (((tb_env->flags & PPC_DECR_UNDERFLOW_LEVEL) && signed_value < 0) || ((tb_env->flags & PPC_DECR_UNDERFLOW_TRIGGERED) && signed_value < 0 && signed_decr >= 0)) { (*raise_excp)(cpu);