Commit bd8820aa7b for qemu.org
commit bd8820aa7b0b8c03441feeaa790047f6028dbc38
Author: James Hilliard <james.hilliard1@gmail.com>
Date: Wed Apr 8 20:54:28 2026 +0200
linux-user/mips, target/mips: honor MIPS_FIXADE for unaligned accesses
Linux/MIPS enables software fixups for user-mode unaligned scalar
accesses by default through MIPS_FIXADE/TIF_FIXADE. QEMU linux-user did
not model that ABI, so MIPS guests took fatal AdEL/AdES exceptions unless
translation was forced to use unaligned host accesses.
Key MIPS translation blocks on the linux-user unaligned policy, implement
sysmips(MIPS_FIXADE) to toggle that policy, and raise SIGBUS/BUS_ADRALN
when fixups are disabled.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20260520172313.23777-4-philmd@linaro.org>
diff --git a/linux-user/mips/cpu_loop.c b/linux-user/mips/cpu_loop.c
index fa264b27ec..ff9d293c29 100644
--- a/linux-user/mips/cpu_loop.c
+++ b/linux-user/mips/cpu_loop.c
@@ -161,6 +161,11 @@ done_syscall:
case EXCP_DSPDIS:
force_sig(TARGET_SIGILL);
break;
+ case EXCP_AdEL:
+ case EXCP_AdES:
+ force_sig_fault(TARGET_SIGBUS, TARGET_BUS_ADRALN,
+ env->CP0_BadVAddr);
+ break;
case EXCP_INTERRUPT:
/* just indicate that signals should be handled asap */
break;
diff --git a/linux-user/mips/target_syscall.h b/linux-user/mips/target_syscall.h
index 9206694f4f..be6942445a 100644
--- a/linux-user/mips/target_syscall.h
+++ b/linux-user/mips/target_syscall.h
@@ -11,6 +11,7 @@
#define TARGET_FORCE_SHMLBA
#define TARGET_SYSMIPS_FLUSH_CACHE 3
+#define TARGET_SYSMIPS_FIXADE 7
#define TARGET_SYSMIPS_ATOMIC_SET 2001
static inline abi_ulong target_shmlba(CPUMIPSState *env)
diff --git a/linux-user/mips64/target_syscall.h b/linux-user/mips64/target_syscall.h
index e07687f8ac..c11d0a0888 100644
--- a/linux-user/mips64/target_syscall.h
+++ b/linux-user/mips64/target_syscall.h
@@ -11,6 +11,7 @@
#define TARGET_FORCE_SHMLBA
#define TARGET_SYSMIPS_FLUSH_CACHE 3
+#define TARGET_SYSMIPS_FIXADE 7
#define TARGET_SYSMIPS_ATOMIC_SET 2001
static inline abi_ulong target_shmlba(CPUMIPSState *env)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 3df42aa159..7d7a7b489c 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -6663,9 +6663,17 @@ static abi_long do_sysmips_atomic_set(CPUArchState *env, abi_ulong addr,
static abi_long do_sysmips(CPUArchState *env, abi_long cmd, abi_long arg1,
abi_long arg2)
{
+ CPUState *cs = env_cpu(env);
+
switch (cmd) {
case TARGET_SYSMIPS_ATOMIC_SET:
return do_sysmips_atomic_set(env, arg1, arg2);
+ case TARGET_SYSMIPS_FIXADE:
+ if (arg1 & ~3) {
+ return -TARGET_EINVAL;
+ }
+ cs->prctl_unalign_sigbus = !(arg1 & 1);
+ return 0;
case TARGET_SYSMIPS_FLUSH_CACHE:
return 0;
default:
diff --git a/target/mips/cpu.c b/target/mips/cpu.c
index 99d4361382..fccc7a711d 100644
--- a/target/mips/cpu.c
+++ b/target/mips/cpu.c
@@ -560,11 +560,17 @@ static int mips_cpu_mmu_index(CPUState *cs, bool ifunc)
static TCGTBCPUState mips_get_tb_cpu_state(CPUState *cs)
{
CPUMIPSState *env = cpu_env(cs);
+ uint32_t flags = env->hflags & MIPS_HFLAG_TB_MASK;
+
+#ifdef CONFIG_USER_ONLY
+ if (!cs->prctl_unalign_sigbus) {
+ flags |= TB_FLAG_MIPS_FIXADE;
+ }
+#endif
return (TCGTBCPUState){
.pc = env->active_tc.PC,
- .flags = env->hflags & (MIPS_HFLAG_TMASK | MIPS_HFLAG_BMASK |
- MIPS_HFLAG_HWRENA_ULR),
+ .flags = flags,
};
}
diff --git a/target/mips/cpu.h b/target/mips/cpu.h
index cbb9b3e1b1..b478f834c1 100644
--- a/target/mips/cpu.h
+++ b/target/mips/cpu.h
@@ -1161,6 +1161,10 @@ typedef struct CPUArchState {
#define MIPS_HFLAG_ELPA 0x4000000
#define MIPS_HFLAG_ITC_CACHE 0x8000000 /* CACHE instr. operates on ITC tag */
#define MIPS_HFLAG_ERL 0x10000000 /* error level flag */
+#define MIPS_HFLAG_TB_MASK (MIPS_HFLAG_TMASK | MIPS_HFLAG_BMASK | \
+ MIPS_HFLAG_HWRENA_ULR)
+
+#define TB_FLAG_MIPS_FIXADE 0x40000000
target_ulong btarget; /* Jump / branch target */
target_ulong bcond; /* Branch condition (if needed) */
diff --git a/target/mips/tcg/translate.c b/target/mips/tcg/translate.c
index 54ed253a7d..dac30aff8d 100644
--- a/target/mips/tcg/translate.c
+++ b/target/mips/tcg/translate.c
@@ -15070,6 +15070,7 @@ static void mips_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
{
DisasContext *ctx = container_of(dcbase, DisasContext, base);
CPUMIPSState *env = cpu_env(cs);
+ uint32_t tb_flags = ctx->base.tb->flags;
ctx->page_start = ctx->base.pc_first & TARGET_PAGE_MASK;
ctx->saved_pc = -1;
@@ -15092,7 +15093,7 @@ static void mips_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
ctx->CP0_LLAddr_shift = env->CP0_LLAddr_shift;
ctx->cmgcr = (env->CP0_Config3 >> CP0C3_CMGCR) & 1;
/* Restore delay slot state from the tb context. */
- ctx->hflags = (uint32_t)ctx->base.tb->flags; /* FIXME: maybe use 64 bits? */
+ ctx->hflags = tb_flags & MIPS_HFLAG_TB_MASK;
ctx->ulri = (env->CP0_Config3 >> CP0C3_ULRI) & 1;
ctx->ps = ((env->active_fpu.fcr0 >> FCR0_PS) & 1) ||
(env->insn_flags & (INSN_LOONGSON2E | INSN_LOONGSON2F));
@@ -15112,6 +15113,9 @@ static void mips_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
ctx->default_tcg_memop_mask = (!(ctx->insn_flags & ISA_NANOMIPS32) &&
(ctx->insn_flags & (ISA_MIPS_R6 |
INSN_LOONGSON3A))) ? MO_UNALN : MO_ALIGN;
+ if (tb_flags & TB_FLAG_MIPS_FIXADE) {
+ ctx->default_tcg_memop_mask = MO_UNALN;
+ }
/*
* Execute a branch and its delay slot as a single instruction.