From ead5078cf1a5f11d16e3e8462154c859620bcc7e Mon Sep 17 00:00:00 2001 From: Helge Deller Date: Tue, 3 Sep 2024 17:22:10 +0200 Subject: target/hppa: Fix PSW V-bit packaging in cpu_hppa_get for hppa64 While adding hppa64 support, the psw_v variable got extended from 32 to 64 bits. So, when packaging the PSW-V bit from the psw_v variable for interrupt processing, check bit 31 instead the 63th (sign) bit. This fixes a hard to find Linux kernel boot issue where the loss of the PSW-V bit due to an ITLB interruption in the middle of a series of ds/addc instructions (from the divU milicode library) generated the wrong division result and thus triggered a Linux kernel crash. Link: https://lore.kernel.org/lkml/718b8afe-222f-4b3a-96d3-93af0e4ceff1@roeck-us.net/ Reported-by: Guenter Roeck Signed-off-by: Helge Deller Reviewed-by: Richard Henderson Tested-by: Guenter Roeck Fixes: 931adff31478 ("target/hppa: Update cpu_hppa_get/put_psw for hppa64") Cc: qemu-stable@nongnu.org # v8.2+ --- target/hppa/cpu.h | 2 +- target/hppa/helper.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/target/hppa/cpu.h b/target/hppa/cpu.h index 2bcb3b602b..5478b183dc 100644 --- a/target/hppa/cpu.h +++ b/target/hppa/cpu.h @@ -211,7 +211,7 @@ typedef struct CPUArchState { uint32_t psw; /* All psw bits except the following: */ uint32_t psw_xb; /* X and B, in their normal positions */ target_ulong psw_n; /* boolean */ - target_long psw_v; /* in most significant bit */ + target_long psw_v; /* in bit 31 */ /* Splitting the carry-borrow field into the MSB and "the rest", allows * for "the rest" to be deleted when it is unused, but the MSB is in use. diff --git a/target/hppa/helper.c b/target/hppa/helper.c index b79ddd8184..d4b1a3cd5a 100644 --- a/target/hppa/helper.c +++ b/target/hppa/helper.c @@ -53,7 +53,7 @@ target_ulong cpu_hppa_get_psw(CPUHPPAState *env) } psw |= env->psw_n * PSW_N; - psw |= (env->psw_v < 0) * PSW_V; + psw |= ((env->psw_v >> 31) & 1) * PSW_V; psw |= env->psw | env->psw_xb; return psw; -- cgit v1.2.3 From d33d3adb573794903380e03e767e06470514cefe Mon Sep 17 00:00:00 2001 From: Helge Deller Date: Tue, 3 Sep 2024 18:21:28 +0200 Subject: target/hppa: Fix random 32-bit linux-user crashes The linux-user hppa target crashes randomly for me since commit 081a0ed188d8 ("target/hppa: Do not mask in copy_iaoq_entry"). That commit dropped the masking of the IAOQ addresses while copying them from other registers and instead keeps them with all 64 bits up until the full gva is formed with the help of hppa_form_gva_psw(). So, when running in linux-user mode on an emulated 64-bit CPU, we need to mask to a 32-bit address space at the very end in hppa_form_gva_psw() if the PSW-W flag isn't set (which is the case for linux-user on hppa). Fixes: 081a0ed188d8 ("target/hppa: Do not mask in copy_iaoq_entry") Cc: qemu-stable@nongnu.org # v9.1+ Signed-off-by: Helge Deller Reviewed-by: Richard Henderson --- target/hppa/cpu.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/hppa/cpu.h b/target/hppa/cpu.h index 5478b183dc..43074d80bf 100644 --- a/target/hppa/cpu.h +++ b/target/hppa/cpu.h @@ -319,7 +319,7 @@ static inline target_ulong hppa_form_gva_psw(target_ulong psw, uint64_t spc, target_ulong off) { #ifdef CONFIG_USER_ONLY - return off; + return off & gva_offset_mask(psw); #else return spc | (off & gva_offset_mask(psw)); #endif -- cgit v1.2.3