RTEMS | PowerPC QorIQ BSP does not correctly save/restore r3 on interrupt when SPE is enabled (#5389)

Thomas Wucher (@thomaswucher) gitlab at rtems.org
Tue Nov 4 10:42:10 UTC 2025 


Thomas Wucher created an issue: https://gitlab.rtems.org/rtems/rtos/rtems/-/issues/5389



## Summary

Running the QorIQ BSP on a PowerPC e500v2 with SPE causes issues when floating point calculations are interrupted by external interrupts (e.g. timers).

This is caused by `ppc_exc_interrupt` and its prologue not correctly saving the full r3 to the stack. Thus, at the end of the `ppc_exc_interrupt` bogus data is restored from the stack into the extended bits of r3.

## Steps to reproduce

* Compile RTEMS using the QorIQ BSP with SPE enabled.
* Create an RTEMS application doing floating point operations using SPE instructions and using register r3. A good example is calling a function with a double argument and double return value, as r3 is used for both (e.g. `__ieee753_exp(1.0)`). Make sure this function is interrupted by a timer interrupt and `ppc_exc_interrupt` is called.
* The mathematical function (e.g. `__ieee753_exp`) returns a wrong result.

## Analysis of the problem

* In the prologue of `ppc_exc_interrupt` the normally accessible parts of r3 are saved to offset 84 on the stack:

  ```
  000041f0 <bsp_exc_vector_base>:
  ...
      4230:       94 21 ff 60     stwu    r1,-160(r1)
      4234:       90 61 00 54     stw     r3,84(r1)
      4238:       38 60 00 04     li      r3,4
      423c:       48 00 28 0c     b       6a48 <ppc_exc_interrupt>
  ...
  ```
  This is correct.
* In `ppc_exc_interrupt+0x14` and `ppc_exc_interrupt+0x18` the following two instructions claim to save the extended bits to the stack to offset 80:
  ```
  00006a48 <ppc_exc_interrupt>:
  ...
      6a5c:       10 63 72 2c     evmergehi r3,r3,r14
      6a60:       91 c1 00 50     stw     r14,80(r1)
  ...
  ```

  Looking closely at the `evmergehi` instruction, the intention is to copy the extended bits of `r3` to the normally accessible bits of `r14` then store `r14` on the stack with `stw`, but this is not what the instruction actually does as the operands are swapped. The correct sequence of instructions is this one:

  ```
    00006a48 <ppc_exc_interrupt>:
    ...
        6a5c:       11 c3 1a 2c     evmergehi r14,r3,r3
        6a60:       91 c1 00 50     stw     r14,80(r1)
    ...
  ```

/cc @sebhub

-- 
View it on GitLab: https://gitlab.rtems.org/rtems/rtos/rtems/-/issues/5389
You're receiving this email because of your account on gitlab.rtems.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rtems.org/pipermail/bugs/attachments/20251104/30e16dc8/attachment.htm>

More information about the bugs mailing list