[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] target/m68k: implement fmove.l #<data>,FPCR
|
From: |
Laurent Vivier |
|
Subject: |
[PATCH] target/m68k: implement fmove.l #<data>,FPCR |
|
Date: |
Sun, 31 May 2020 13:02:31 +0200 |
The immediate value mode was ignored and instruction execution
ends to an invalid access mode.
This was found running 'R' that set FPSR to 0 at startup with
a 'fmove.l #0,FPSR' in qemu-system-m68k emulation and triggers a
kernel crash:
[ 56.640000] *** ADDRESS ERROR *** FORMAT=2
[ 56.640000] Current process id is 728
[ 56.640000] BAD KERNEL TRAP: 00000000
[ 56.640000] Modules linked in: sg evdev mac_hid ip_tables x_tables
sha1_generic hmac ipv6 nf_defrag_ipv6 autofs4 ext4 crc16 mbcache jbd2
crc32c_generic sd_mod t10_pi crc_t10dif crct10dif_generic crct10dif_common
sr_mod cdrom mac_esp macsonic esp_scsi
[ 56.640000] PC: [<00016a2c>] X_UNSUPP+0x2c/0x3c
[ 56.640000] SR: 2004 SP: 3eb5e68c a2: c02e239a
[ 56.640000] d0: 00000040 d1: 00000002 d2: 8002adec d3: 8002ad50
[ 56.640000] d4: 8002c768 d5: 0000000d a0: ffffffc2 a1: ffffffc1
[ 56.640000] Process R (pid: 728, task=a3dfda5d)
[ 56.640000] Frame format=2 instr addr=00000000
[ 56.650000] Stack from 3a4d9f30:
[ 56.650000] 41000000 00000002 00000002 ffffffc2 ffffffc1 1fff0000
80000000 00000000
[ 56.650000] 3fbf0000 80000000 00000000 00000000 20000000 00000000
7fff0000 ffffffff
[ 56.650000] ffffffff 00000000 00050008 00000000 8000067c c02c2000
efffee20 000002d8
[ 56.650000] 00002a28 3a4d9f98 00000002 00000014 fffffffe 8002c768
00000002 00000041
[ 56.650000] 00000002 c041fc58 c0743758 ffffffff 00000000 0008c075
00002b24 00000012
[ 56.650000] 000007d0 00000024 00000002 c05bef04 c05bef04 0000005e
00000077 c28aca70
[ 56.650000] Call Trace: [<00050008>] copy_overflow+0x10/0x28
[ 56.650000] [<00002a28>] buserr+0x20/0x28
[ 56.650000] [<0008c075>] bpf_check+0x57f/0x1cfa
[ 56.650000] [<00002b24>] syscall+0x8/0xc
[ 56.650000] [<0000c019>] dn_sched_init+0x75/0x88
[ 56.650000] Code: 1017 0200 00f0 0c00 0040 66ff 0000 05ac <f23c> 8800 0000
0000 f23c 9000 0000 0000 222e ff84 082e 0005 ff1c 6600 000a 0281
[ 56.650000] Disabling lock debugging due to kernel taint
...
Reported-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
---
target/m68k/translate.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index 0f80888203d3..c093f6c683e8 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -4936,6 +4936,20 @@ static void gen_op_fmove_fcr(CPUM68KState *env,
DisasContext *s,
gen_store_fcr(s, AREG(insn, 0), mask);
}
return;
+ case 7: /* Immediate */
+ if (REG(insn, 0) == 4) {
+ if (is_write ||
+ (mask != M68K_FPIAR && mask != M68K_FPSR &&
+ mask != M68K_FPCR)) {
+ gen_exception(s, s->base.pc_next, EXCP_ILLEGAL);
+ return;
+ }
+ tmp = tcg_const_i32(read_im32(env, s));
+ gen_store_fcr(s, tmp, mask);
+ tcg_temp_free(tmp);
+ return;
+ }
+ break;
default:
break;
}
--
2.26.2
- [PATCH] target/m68k: implement fmove.l #<data>,FPCR,
Laurent Vivier <=