qemu: fix "Bad FPU state detected" fault on qemu-system-i386

Qemu introduced a commit "target/i386: Enable AVX cpuid bits when using TCG" since v7.2.0. It causes qemu-system-i386 hang with following error: traps: rndc-confgen[342] general protection fault ip:b7ef5545 sp:bfcc6e6c error:0 ------------[ cut here ]------------ Bad FPU state detected at __restore_fpregs_from_fpstate+0x2f/0x60, reinitializing FPU registers. WARNING: CPU: 7 PID: 353 at arch/x86/mm/extable.c:65 fixup_exception+0x29c/0x2d0 Modules linked in: cfg80211 8021q parport_pc parport sch_fq_codel openvswitch nsh nf_conncount nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 kvm irqbypass fuse configfs CPU: 7 PID: 353 Comm: in:imklog Not tainted 5.15.78-yocto-standard #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.1-0-g3208b098f51a-prebuilt.qemu.org 04/01/2014 EIP: fixup_exception+0x29c/0x2d0 Code: 05 ed da 89 df 01 68 b0 cb 5f df e8 4f e7 b6 00 0f 0b 58 e9 9d fe ff ff c6 05 ef da 89 df 01 50 68 f0 cb 5f df e8 35 e7 b6 00 <0f> 0b 5b 5e e9 0a ff ff ff ba 01 00 00 00 89 f0 e8 8a c1 b6 00 0f EAX: 00000060 EBX: df734b60 ECX: f5be9cd0 EDX: f5be9ccc ESI: c3485eec EDI: 0000000d EBP: c3485e64 ESP: c3485e4c DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00000096 CR0: 80050033 CR2: b79fdde0 CR3: 03cbe000 CR4: 001506d0 Call Trace: ? __restore_fpregs_from_fpstate+0x2f/0x60 exc_general_protection+0x9a/0x390 ? exc_bounds+0x90/0x90 handle_exception+0x133/0x133 Upstream has been fixed this issue[1], so backport the patch to fix it. Ref: [1] https://gitlab.com/qemu-project/qemu/-/commit/48b60eb6c917646df9efa7ddb4c25929f358d647 (From OE-Core rev: 11370f237dcf140e05014f82200e07d5cff38bd3) Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Xiangyu Chen <xiangyu.chen@windriver.com> 2023-11-08 21:44:54 +0800
committer: Steve Sakoman <steve@sakoman.com> 2023-11-11 08:23:01 -1000
commit: 271877ff3915cb577eb5a586c782c576d20fa3f0 (patch)
tree: 8c3cbaf3acf2c8fb68e788526e316e5953e46053
parent: 8134b3dd7b5c835d33712fd15255384397cc975c (diff)
download: poky-271877ff3915cb577eb5a586c782c576d20fa3f0.tar.gz
2 files changed, 59 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index a7f1099dd5..80b5d966e4 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -43,6 +43,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
           file://CVE-2023-3354.patch \
           file://CVE-2023-3180.patch \
           file://CVE-2023-42467.patch \
+           file://0001-target-i386-fix-avx2-instructions-vzeroall-and-vperm.patch \
           "
 UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
diff --git a/meta/recipes-devtools/qemu/qemu/0001-target-i386-fix-avx2-instructions-vzeroall-and-vperm.patch b/meta/recipes-devtools/qemu/qemu/0001-target-i386-fix-avx2-instructions-vzeroall-and-vperm.patch
new file mode 100644
index 0000000000..a687862445
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0001-target-i386-fix-avx2-instructions-vzeroall-and-vperm.patch
@@ -0,0 +1,58 @@
+From 06690248bdb917f71b673183de9334c92f4a1eaa Mon Sep 17 00:00:00 2001
+From: Xinyu Li <lixinyu20s@ict.ac.cn>
+Date: Wed, 10 May 2023 22:52:22 +0800
+Subject: [PATCH] target/i386: fix avx2 instructions vzeroall and vpermdq
+vzeroall: xmm_regs should be used instead of xmm_t0
+vpermdq: bit 3 and 7 of imm should be considered
+Upstream-Status: Backport from
+[https://gitlab.com/qemu-project/qemu/-/commit/48b60eb6c917646df9efa7ddb4c25929f358d647]
+Signed-off-by: Xinyu Li <lixinyu20s@ict.ac.cn>
+Message-Id: <20230510145222.586487-1-lixinyu20s@ict.ac.cn>
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+(cherry picked from commit 056d649007bc9fdae9f1d576e77c1316e9a34468)
+Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
+Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
+---
+ target/i386/ops_sse.h      | 8 ++++++++
+ target/i386/tcg/emit.c.inc | 2 +-
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+diff --git a/target/i386/ops_sse.h b/target/i386/ops_sse.h
+index 3cbc36a59d..44c1e70093 100644
+--- a/target/i386/ops_sse.h
+++ b/target/i386/ops_sse.h
+@@ -2493,6 +2493,14 @@ void helper_vpermdq_ymm(Reg *d, Reg *v, Reg *s, uint32_t order)
+     d->Q(1) = r1;
+     d->Q(2) = r2;
+     d->Q(3) = r3;
+    if (order & 0x8) {
+        d->Q(0) = 0;
+        d->Q(1) = 0;
+    }
+    if (order & 0x80) {
+        d->Q(2) = 0;
+        d->Q(3) = 0;
+    }
+ }
+ 
+ void helper_vpermq_ymm(Reg *d, Reg *s, uint32_t order)
+diff --git a/target/i386/tcg/emit.c.inc b/target/i386/tcg/emit.c.inc
+index 7037ff91c6..34028a7475 100644
+--- a/target/i386/tcg/emit.c.inc
+++ b/target/i386/tcg/emit.c.inc
+@@ -2283,7 +2283,7 @@ static void gen_VZEROALL(DisasContext *s, CPUX86State *env, X86DecodedInsn *deco
+ {
+     TCGv_ptr ptr = tcg_temp_new_ptr();
+ 
+-    tcg_gen_addi_ptr(ptr, cpu_env, offsetof(CPUX86State, xmm_t0));
+    tcg_gen_addi_ptr(ptr, cpu_env, offsetof(CPUX86State, xmm_regs));
+     gen_helper_memset(ptr, ptr, tcg_constant_i32(0),
+                       tcg_constant_ptr(CPU_NB_REGS * sizeof(ZMMReg)));
+     tcg_temp_free_ptr(ptr);
+-- 
+2.25.1
author	Xiangyu Chen <xiangyu.chen@windriver.com>	2023-11-08 21:44:54 +0800
committer	Steve Sakoman <steve@sakoman.com>	2023-11-11 08:23:01 -1000
commit	271877ff3915cb577eb5a586c782c576d20fa3f0 (patch)
tree	8c3cbaf3acf2c8fb68e788526e316e5953e46053
parent	8134b3dd7b5c835d33712fd15255384397cc975c (diff)
download	poky-271877ff3915cb577eb5a586c782c576d20fa3f0.tar.gz

diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index a7f1099dd5..80b5d966e4 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -43,6 +43,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
43	file://CVE-2023-3354.patch \	43	file://CVE-2023-3354.patch \
44	file://CVE-2023-3180.patch \	44	file://CVE-2023-3180.patch \
45	file://CVE-2023-42467.patch \	45	file://CVE-2023-42467.patch \
		46	file://0001-target-i386-fix-avx2-instructions-vzeroall-and-vperm.patch \
46	"	47	"
47	UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"	48	UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
48		49


diff --git a/meta/recipes-devtools/qemu/qemu/0001-target-i386-fix-avx2-instructions-vzeroall-and-vperm.patch b/meta/recipes-devtools/qemu/qemu/0001-target-i386-fix-avx2-instructions-vzeroall-and-vperm.patch new file mode 100644 index 0000000000..a687862445 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0001-target-i386-fix-avx2-instructions-vzeroall-and-vperm.patch
@@ -0,0 +1,58 @@
		1	From 06690248bdb917f71b673183de9334c92f4a1eaa Mon Sep 17 00:00:00 2001
		2	From: Xinyu Li <lixinyu20s@ict.ac.cn>
		3	Date: Wed, 10 May 2023 22:52:22 +0800
		4	Subject: [PATCH] target/i386: fix avx2 instructions vzeroall and vpermdq
		5
		6	vzeroall: xmm_regs should be used instead of xmm_t0
		7	vpermdq: bit 3 and 7 of imm should be considered
		8
		9	Upstream-Status: Backport from
		10	[https://gitlab.com/qemu-project/qemu/-/commit/48b60eb6c917646df9efa7ddb4c25929f358d647]
		11
		12	Signed-off-by: Xinyu Li <lixinyu20s@ict.ac.cn>
		13	Message-Id: <20230510145222.586487-1-lixinyu20s@ict.ac.cn>
		14	Cc: qemu-stable@nongnu.org
		15	Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
		16	(cherry picked from commit 056d649007bc9fdae9f1d576e77c1316e9a34468)
		17	Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
		18	Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
		19	---
		20	target/i386/ops_sse.h \| 8 ++++++++
		21	target/i386/tcg/emit.c.inc \| 2 +-
		22	2 files changed, 9 insertions(+), 1 deletion(-)
		23
		24	diff --git a/target/i386/ops_sse.h b/target/i386/ops_sse.h
		25	index 3cbc36a59d..44c1e70093 100644
		26	--- a/target/i386/ops_sse.h
		27	+++ b/target/i386/ops_sse.h
		28	@@ -2493,6 +2493,14 @@ void helper_vpermdq_ymm(Reg d, Reg v, Reg *s, uint32_t order)
		29	d->Q(1) = r1;
		30	d->Q(2) = r2;
		31	d->Q(3) = r3;
		32	+ if (order & 0x8) {
		33	+ d->Q(0) = 0;
		34	+ d->Q(1) = 0;
		35	+ }
		36	+ if (order & 0x80) {
		37	+ d->Q(2) = 0;
		38	+ d->Q(3) = 0;
		39	+ }
		40	}
		41
		42	void helper_vpermq_ymm(Reg d, Reg s, uint32_t order)
		43	diff --git a/target/i386/tcg/emit.c.inc b/target/i386/tcg/emit.c.inc
		44	index 7037ff91c6..34028a7475 100644
		45	--- a/target/i386/tcg/emit.c.inc
		46	+++ b/target/i386/tcg/emit.c.inc
		47	@@ -2283,7 +2283,7 @@ static void gen_VZEROALL(DisasContext s, CPUX86State env, X86DecodedInsn *deco
		48	{
		49	TCGv_ptr ptr = tcg_temp_new_ptr();
		50
		51	- tcg_gen_addi_ptr(ptr, cpu_env, offsetof(CPUX86State, xmm_t0));
		52	+ tcg_gen_addi_ptr(ptr, cpu_env, offsetof(CPUX86State, xmm_regs));
		53	gen_helper_memset(ptr, ptr, tcg_constant_i32(0),
		54	tcg_constant_ptr(CPU_NB_REGS * sizeof(ZMMReg)));
		55	tcg_temp_free_ptr(ptr);
		56	--
		57	2.25.1
		58