From 0786a3b6051ed081ddaa8dfe1c1e13ce0cfabc4a Mon Sep 17 00:00:00 2001 From: Helge Deller Date: Wed, 28 Sep 2022 20:49:13 +0200 Subject: [PATCH 1/2] target/hppa: Generate illegal instruction exception for 64-bit instructions Qemu currently emulates a 32-bit CPU only, and crashes with this error when it faces a 64-bit load (e.g. "ldd 0(r26),r0") or a 64-bit store (e.g. "std r26,0(r26)") instruction in the guest: ERROR:../qemu/tcg/tcg-op.c:2822:tcg_canonicalize_memop: code should not be reached Add checks for 64-bit sizes and generate an illegal instruction exception if necessary. Signed-off-by: Helge Deller Reviewed-by: Richard Henderson --- target/hppa/translate.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/target/hppa/translate.c b/target/hppa/translate.c index 1af77473da..d15b9e27c7 100644 --- a/target/hppa/translate.c +++ b/target/hppa/translate.c @@ -2899,14 +2899,22 @@ static bool trans_cmpiclr(DisasContext *ctx, arg_rri_cf *a) static bool trans_ld(DisasContext *ctx, arg_ldst *a) { - return do_load(ctx, a->t, a->b, a->x, a->scale ? a->size : 0, + if (unlikely(TARGET_REGISTER_BITS == 32 && a->size > MO_32)) { + return gen_illegal(ctx); + } else { + return do_load(ctx, a->t, a->b, a->x, a->scale ? a->size : 0, a->disp, a->sp, a->m, a->size | MO_TE); + } } static bool trans_st(DisasContext *ctx, arg_ldst *a) { assert(a->x == 0 && a->scale == 0); - return do_store(ctx, a->t, a->b, a->disp, a->sp, a->m, a->size | MO_TE); + if (unlikely(TARGET_REGISTER_BITS == 32 && a->size > MO_32)) { + return gen_illegal(ctx); + } else { + return do_store(ctx, a->t, a->b, a->disp, a->sp, a->m, a->size | MO_TE); + } } static bool trans_ldc(DisasContext *ctx, arg_ldst *a) From 59f8c04b222ff4b9f3799fe92a7e5d427ae48197 Mon Sep 17 00:00:00 2001 From: Helge Deller Date: Thu, 27 Oct 2022 19:03:05 +0200 Subject: [PATCH 2/2] target/hppa: Fix fid instruction emulation The fid instruction (Floating-Point Identify) puts the FPU model and revision into the Status Register. Since those values shouldn't be 0, store values there which a PCX-L2 (for 32-bit) or a PCX-W2 (for 64-bit) would return. Noticed while trying to install MPE/iX. Signed-off-by: Helge Deller Reviewed-by: Richard Henderson --- target/hppa/insns.decode | 5 +---- target/hppa/translate.c | 11 +++++++++++ 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/target/hppa/insns.decode b/target/hppa/insns.decode index c7a7e997f9..27341d27b2 100644 --- a/target/hppa/insns.decode +++ b/target/hppa/insns.decode @@ -388,10 +388,7 @@ fmpyfadd_d 101110 rm1:5 rm2:5 ... 0 1 ..0 0 0 neg:1 t:5 ra3=%rc32 # Floating point class 0 -# FID. With r = t = 0, which via fcpy puts 0 into fr0. -# This is machine/revision = 0, which is reserved for simulator. -fcpy_f 001100 00000 00000 00000 000000 00000 \ - &fclass01 r=0 t=0 +fid_f 001100 00000 00000 000 00 000000 00000 fcpy_f 001100 ..... ..... 010 00 ...... ..... @f0c_0 fabs_f 001100 ..... ..... 011 00 ...... ..... @f0c_0 diff --git a/target/hppa/translate.c b/target/hppa/translate.c index d15b9e27c7..981f8ee03d 100644 --- a/target/hppa/translate.c +++ b/target/hppa/translate.c @@ -3622,6 +3622,17 @@ static void gen_fcpy_f(TCGv_i32 dst, TCGv_env unused, TCGv_i32 src) tcg_gen_mov_i32(dst, src); } +static bool trans_fid_f(DisasContext *ctx, arg_fid_f *a) +{ + nullify_over(ctx); +#if TARGET_REGISTER_BITS == 64 + save_frd(0, tcg_const_i64(0x13080000000000ULL)); /* PA8700 (PCX-W2) */ +#else + save_frd(0, tcg_const_i64(0x0f080000000000ULL)); /* PA7300LC (PCX-L2) */ +#endif + return nullify_end(ctx); +} + static bool trans_fcpy_f(DisasContext *ctx, arg_fclass01 *a) { return do_fop_wew(ctx, a->t, a->r, gen_fcpy_f);