From b9f38374ac466b6582f4e6e42dbff7372da079b2 Mon Sep 17 00:00:00 2001 From: Ilya Leoshkevich Date: Mon, 25 Mar 2024 20:22:59 +0100 Subject: [PATCH 1/7] linux-user: Fix semctl() strace The indices of arguments used with semctl() are all off-by-1, because arg1 is the ipc() command. Fix them. While at it, reuse print_semctl(). New output (for a small test program): 3540333 semctl(999,888,SEM_INFO,0x00007fe5051ee9a0) = -1 errno=14 (Bad address) Fixes: 7ccfb2eb5f9d ("Fix warnings that would be caused by gcc flag -Wwrite-strings") Reviewed-by: Richard Henderson Signed-off-by: Ilya Leoshkevich Message-Id: <20240325192436.561154-2-iii@linux.ibm.com> Signed-off-by: Richard Henderson --- linux-user/strace.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/linux-user/strace.c b/linux-user/strace.c index 8d13e55a5b..51a5bdd95f 100644 --- a/linux-user/strace.c +++ b/linux-user/strace.c @@ -657,7 +657,6 @@ print_newselect(CPUArchState *cpu_env, const struct syscallname *name, } #endif -#ifdef TARGET_NR_semctl static void print_semctl(CPUArchState *cpu_env, const struct syscallname *name, abi_long arg1, abi_long arg2, abi_long arg3, @@ -668,7 +667,6 @@ print_semctl(CPUArchState *cpu_env, const struct syscallname *name, print_ipc_cmd(arg3); qemu_log(",0x" TARGET_ABI_FMT_lx ")", arg4); } -#endif static void print_shmat(CPUArchState *cpu_env, const struct syscallname *name, @@ -698,10 +696,8 @@ print_ipc(CPUArchState *cpu_env, const struct syscallname *name, { switch(arg1) { case IPCOP_semctl: - qemu_log("semctl(" TARGET_ABI_FMT_ld "," TARGET_ABI_FMT_ld ",", - arg1, arg2); - print_ipc_cmd(arg3); - qemu_log(",0x" TARGET_ABI_FMT_lx ")", arg4); + print_semctl(cpu_env, &(const struct syscallname){ .name = "semctl" }, + arg2, arg3, arg4, arg5, 0, 0); break; case IPCOP_shmat: print_shmat(cpu_env, &(const struct syscallname){ .name = "shmat" }, From e6763d7dfc69ae41bb97541de15fa9108d8d6ce2 Mon Sep 17 00:00:00 2001 From: Ilya Leoshkevich Date: Mon, 25 Mar 2024 20:23:00 +0100 Subject: [PATCH 2/7] linux-user: Fix shmat() strace The indices of arguments passed to print_shmat() are all off-by-1, because arg1 is the ipc() command. Fix them. New output for linux-shmat-maps test: 3501769 shmat(4784214,0x0000000000800000,SHM_RND) = 0 Fixes: 9f7c97324c27 ("linux-user: Add strace for shmat") Reviewed-by: Richard Henderson Signed-off-by: Ilya Leoshkevich Message-Id: <20240325192436.561154-3-iii@linux.ibm.com> Signed-off-by: Richard Henderson --- linux-user/strace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linux-user/strace.c b/linux-user/strace.c index 51a5bdd95f..b4d1098170 100644 --- a/linux-user/strace.c +++ b/linux-user/strace.c @@ -701,7 +701,7 @@ print_ipc(CPUArchState *cpu_env, const struct syscallname *name, break; case IPCOP_shmat: print_shmat(cpu_env, &(const struct syscallname){ .name = "shmat" }, - arg1, arg4, arg2, 0, 0, 0); + arg2, arg5, arg3, 0, 0, 0); break; default: qemu_log(("%s(" From fa527b44c2d65d48cc3c5ac018dc935cc286f5a9 Mon Sep 17 00:00:00 2001 From: Ilya Leoshkevich Date: Mon, 25 Mar 2024 20:23:01 +0100 Subject: [PATCH 3/7] linux-user: Fix shmat(NULL) for h != g In the h != g && shmaddr == NULL && !reserved_va case, target_shmat() incorrectly mmap()s the initial anonymous range with MAP_FIXED_NOREPLACE, even though the earlier mmap_find_vma() has already reserved the respective address range. Fix by using MAP_FIXED when "mapped", which is set after mmap_find_vma(), is true. Fixes: 78bc8ed9a8f0 ("linux-user: Rewrite target_shmat") Reviewed-by: Richard Henderson Signed-off-by: Ilya Leoshkevich Message-Id: <20240325192436.561154-4-iii@linux.ibm.com> Signed-off-by: Richard Henderson --- linux-user/mmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linux-user/mmap.c b/linux-user/mmap.c index 4505fd7376..be3b9a68eb 100644 --- a/linux-user/mmap.c +++ b/linux-user/mmap.c @@ -1354,7 +1354,7 @@ abi_ulong target_shmat(CPUArchState *cpu_env, int shmid, if (h_len != t_len) { int mmap_p = PROT_READ | (shmflg & SHM_RDONLY ? 0 : PROT_WRITE); int mmap_f = MAP_PRIVATE | MAP_ANONYMOUS - | (reserved_va || (shmflg & SHM_REMAP) + | (reserved_va || mapped || (shmflg & SHM_REMAP) ? MAP_FIXED : MAP_FIXED_NOREPLACE); test = mmap(want, m_len, mmap_p, mmap_f, -1, 0); From 889cd5a8e2dd6cf8793faba22fda38b78553ae24 Mon Sep 17 00:00:00 2001 From: Ilya Leoshkevich Date: Mon, 25 Mar 2024 20:23:02 +0100 Subject: [PATCH 4/7] tests/tcg: Test shmat(NULL) Add a small test to prevent regressions. Reviewed-by: Richard Henderson Signed-off-by: Ilya Leoshkevich Message-Id: <20240325192436.561154-5-iii@linux.ibm.com> Signed-off-by: Richard Henderson --- tests/tcg/multiarch/linux/linux-shmat-null.c | 38 ++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 tests/tcg/multiarch/linux/linux-shmat-null.c diff --git a/tests/tcg/multiarch/linux/linux-shmat-null.c b/tests/tcg/multiarch/linux/linux-shmat-null.c new file mode 100644 index 0000000000..94eaaec371 --- /dev/null +++ b/tests/tcg/multiarch/linux/linux-shmat-null.c @@ -0,0 +1,38 @@ +/* + * Test shmat(NULL). + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ +#include +#include +#include +#include + +int main(void) +{ + int shmid; + char *p; + int err; + + /* Create, attach and intialize shared memory. */ + shmid = shmget(IPC_PRIVATE, 1, IPC_CREAT | 0600); + assert(shmid != -1); + p = shmat(shmid, NULL, 0); + assert(p != (void *)-1); + *p = 42; + + /* Reattach, check that the value is still there. */ + err = shmdt(p); + assert(err == 0); + p = shmat(shmid, NULL, 0); + assert(p != (void *)-1); + assert(*p == 42); + + /* Detach. */ + err = shmdt(p); + assert(err == 0); + err = shmctl(shmid, IPC_RMID, NULL); + assert(err == 0); + + return EXIT_SUCCESS; +} From 2911e9b95f3bb03783ae5ca3e2494dc3b44a9161 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Tue, 26 Mar 2024 11:21:38 -1000 Subject: [PATCH 5/7] tcg/optimize: Fix sign_mask for logical right-shift MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The 'sign' computation is attempting to locate the sign bit that has been repeated, so that we can test if that bit is known zero. That computation can be zero if there are no known sign repetitions. Cc: qemu-stable@nongnu.org Fixes: 93a967fbb57 ("tcg/optimize: Propagate sign info for shifting") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2248 Signed-off-by: Richard Henderson Reviewed-by: Philippe Mathieu-Daudé --- tcg/optimize.c | 2 +- tests/tcg/aarch64/Makefile.target | 1 + tests/tcg/aarch64/test-2248.c | 28 ++++++++++++++++++++++++++++ 3 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 tests/tcg/aarch64/test-2248.c diff --git a/tcg/optimize.c b/tcg/optimize.c index 752cc5c56b..275db77b42 100644 --- a/tcg/optimize.c +++ b/tcg/optimize.c @@ -2376,7 +2376,7 @@ static bool fold_shift(OptContext *ctx, TCGOp *op) * will not reduced the number of input sign repetitions. */ sign = (s_mask & -s_mask) >> 1; - if (!(z_mask & sign)) { + if (sign && !(z_mask & sign)) { ctx->s_mask = s_mask; } break; diff --git a/tests/tcg/aarch64/Makefile.target b/tests/tcg/aarch64/Makefile.target index ea3e232e65..0efd565f05 100644 --- a/tests/tcg/aarch64/Makefile.target +++ b/tests/tcg/aarch64/Makefile.target @@ -10,6 +10,7 @@ VPATH += $(AARCH64_SRC) # Base architecture tests AARCH64_TESTS=fcvt pcalign-a64 lse2-fault +AARCH64_TESTS += test-2248 fcvt: LDFLAGS+=-lm diff --git a/tests/tcg/aarch64/test-2248.c b/tests/tcg/aarch64/test-2248.c new file mode 100644 index 0000000000..aac2e17836 --- /dev/null +++ b/tests/tcg/aarch64/test-2248.c @@ -0,0 +1,28 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* See https://gitlab.com/qemu-project/qemu/-/issues/2248 */ + +#include + +__attribute__((noinline)) +long test(long x, long y, long sh) +{ + long r; + asm("cmp %1, %2\n\t" + "cset x12, lt\n\t" + "and w11, w12, #0xff\n\t" + "cmp w11, #0\n\t" + "csetm x14, ne\n\t" + "lsr x13, x14, %3\n\t" + "sxtb %0, w13" + : "=r"(r) + : "r"(x), "r"(y), "r"(sh) + : "x11", "x12", "x13", "x14"); + return r; +} + +int main() +{ + long r = test(0, 1, 2); + assert(r == -1); + return 0; +} From 13af3af196c85a4bcd4399a0842f044c83bd6aa6 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Thu, 28 Mar 2024 08:04:59 -1000 Subject: [PATCH 6/7] disas: Show opcodes for target_disas and monitor_disas Fixes: 83b4613ba83 ("disas: introduce show_opcodes") Signed-off-by: Richard Henderson --- disas/disas-mon.c | 1 + disas/disas.c | 1 + 2 files changed, 2 insertions(+) diff --git a/disas/disas-mon.c b/disas/disas-mon.c index 48ac492c6c..5d6d9aa02d 100644 --- a/disas/disas-mon.c +++ b/disas/disas-mon.c @@ -34,6 +34,7 @@ void monitor_disas(Monitor *mon, CPUState *cpu, uint64_t pc, disas_initialize_debug_target(&s, cpu); s.info.fprintf_func = disas_gstring_printf; s.info.stream = (FILE *)ds; /* abuse this slot */ + s.info.show_opcodes = true; if (is_physical) { s.info.read_memory_func = physical_read_memory; diff --git a/disas/disas.c b/disas/disas.c index 17170d291e..7e3b0bb46c 100644 --- a/disas/disas.c +++ b/disas/disas.c @@ -211,6 +211,7 @@ void target_disas(FILE *out, CPUState *cpu, uint64_t code, size_t size) s.info.stream = out; s.info.buffer_vma = code; s.info.buffer_length = size; + s.info.show_opcodes = true; if (s.info.cap_arch >= 0 && cap_disas_target(&s.info, code, size)) { return; From dafa0ecc97850c325fe85cd87dc0b536858d171a Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Wed, 27 Mar 2024 17:21:59 -1000 Subject: [PATCH 7/7] accel/tcg: Use CPUState.get_pc in cpu_io_recompile Using log_pc produces the pc at the beginning of TB, not the actual pc installed by cpu_restore_state_from_tb, which could be any of the guest instructions within TB. Signed-off-by: Richard Henderson --- accel/tcg/translate-all.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c index c1f57e894a..83cc14fbde 100644 --- a/accel/tcg/translate-all.c +++ b/accel/tcg/translate-all.c @@ -634,7 +634,7 @@ void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr) cpu->cflags_next_tb = curr_cflags(cpu) | CF_MEMI_ONLY | n; if (qemu_loglevel_mask(CPU_LOG_EXEC)) { - vaddr pc = log_pc(cpu, tb); + vaddr pc = cpu->cc->get_pc(cpu); if (qemu_log_in_addr_range(pc)) { qemu_log("cpu_io_recompile: rewound execution of TB to %016" VADDR_PRIx "\n", pc);