diff mbox series

[v1] target/loongarch: Fix qemu-loongarch64 hang when executing 'll.d $t0, $t0, 0'

Message ID 20240319063202.1313243-1-gaosong@loongson.cn (mailing list archive)
State New, archived
Headers show
Series [v1] target/loongarch: Fix qemu-loongarch64 hang when executing 'll.d $t0, $t0, 0' | expand

Commit Message

gaosong March 19, 2024, 6:32 a.m. UTC 
On gen_ll, if a->imm is 0, The value of t0 should be src1.

Links: https://www.openwall.com/lists/musl/2024/03/12/4

Signed-off-by: Song Gao <gaosong@loongson.cn>
---
 target/loongarch/tcg/insn_trans/trans_atomic.c.inc | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

Comments

Richard Henderson March 19, 2024, 3:55 p.m. UTC | #1 
On 3/18/24 20:32, Song Gao wrote:
> On gen_ll, if a->imm is 0, The value of t0 should be src1.
> 
> Links: https://www.openwall.com/lists/musl/2024/03/12/4
> 
> Signed-off-by: Song Gao <gaosong@loongson.cn>
> ---
>   target/loongarch/tcg/insn_trans/trans_atomic.c.inc | 8 +++++++-
>   1 file changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git a/target/loongarch/tcg/insn_trans/trans_atomic.c.inc b/target/loongarch/tcg/insn_trans/trans_atomic.c.inc
> index 80c2e286fd..fab951a892 100644
> --- a/target/loongarch/tcg/insn_trans/trans_atomic.c.inc
> +++ b/target/loongarch/tcg/insn_trans/trans_atomic.c.inc
> @@ -7,7 +7,13 @@ static bool gen_ll(DisasContext *ctx, arg_rr_i *a, MemOp mop)
>   {
>       TCGv dest = gpr_dst(ctx, a->rd, EXT_NONE);
>       TCGv src1 = gpr_src(ctx, a->rj, EXT_NONE);
> -    TCGv t0 = make_address_i(ctx, src1, a->imm);
> +    TCGv t0 = tcg_temp_new();
> +
> +    if (a->imm) {
> +        t0 = make_address_i(ctx, src1, a->imm);
> +    } else {
> +        tcg_gen_mov_tl(t0, src1);
> +    }
>   
>       tcg_gen_qemu_ld_i64(dest, t0, ctx->mem_idx, mop);
>       tcg_gen_st_tl(t0, tcg_env, offsetof(CPULoongArchState, lladdr));

This is definitely wrong, since you're ignoring va32.

But I see the problem with make_address_x returning src1 when addend == NULL, because the 
load to destination may clobber src1.

I suggest always using a new destination instead:

     TCGv src1 = gpr_src(...);
     TCGv t0 = make_address_i(...);
     TCGv t1 = tcg_temp_new();

     tcg_gen_qemu_ld_i64(t1, t0, ...);
     tcg_gen_st_tl(t0, ... lladdr);
     gen_set_gpr(a->rd, t1, EXT_NONE);


r~
diff mbox series

Patch

diff --git a/target/loongarch/tcg/insn_trans/trans_atomic.c.inc b/target/loongarch/tcg/insn_trans/trans_atomic.c.inc
index 80c2e286fd..fab951a892 100644
--- a/target/loongarch/tcg/insn_trans/trans_atomic.c.inc
+++ b/target/loongarch/tcg/insn_trans/trans_atomic.c.inc
@@ -7,7 +7,13 @@  static bool gen_ll(DisasContext *ctx, arg_rr_i *a, MemOp mop)
 {
     TCGv dest = gpr_dst(ctx, a->rd, EXT_NONE);
     TCGv src1 = gpr_src(ctx, a->rj, EXT_NONE);
-    TCGv t0 = make_address_i(ctx, src1, a->imm);
+    TCGv t0 = tcg_temp_new();
+
+    if (a->imm) {
+        t0 = make_address_i(ctx, src1, a->imm);
+    } else {
+        tcg_gen_mov_tl(t0, src1);
+    }
 
     tcg_gen_qemu_ld_i64(dest, t0, ctx->mem_idx, mop);
     tcg_gen_st_tl(t0, tcg_env, offsetof(CPULoongArchState, lladdr));