* [Qemu-devel] [PATCH 0/2] tcg: aarch64: use 32-bit offset for 32-bit user-mode emulation
@ 2015-07-15 15:26 Paolo Bonzini
2015-07-15 15:27 ` [Qemu-devel] [PATCH 1/2] tcg: aarch64: add ext argument to tcg_out_insn_3310 Paolo Bonzini
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Paolo Bonzini @ 2015-07-15 15:26 UTC (permalink / raw)
To: qemu-devel; +Cc: claudio.fontana, aurelien, rth
The register allocator may sometimes pass a 64-bit value to a 32-bit
operation if truncations are considered no-ops by the backend.
When this happens, user-mode emulation may use an incorrect offset
for loads and stores. This affects aarch64 and x86, because other
architectures already zero-extend the offset before using it for a
load or store.
To fix this for aarch64, use the uxtw modifier on load and store
instructions.
Paolo
Paolo Bonzini (2):
tcg: aarch64: add ext argument to tcg_out_insn_3310
tcg: aarch64: use 32-bit offset for 32-bit user-mode emulation
tcg/aarch64/tcg-target.c | 63 +++++++++++++++++++++++++++---------------------
1 file changed, 36 insertions(+), 27 deletions(-)
--
2.4.3
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Qemu-devel] [PATCH 1/2] tcg: aarch64: add ext argument to tcg_out_insn_3310
2015-07-15 15:26 [Qemu-devel] [PATCH 0/2] tcg: aarch64: use 32-bit offset for 32-bit user-mode emulation Paolo Bonzini
@ 2015-07-15 15:27 ` Paolo Bonzini
2015-07-15 16:09 ` Aurelien Jarno
2015-07-15 15:27 ` [Qemu-devel] [PATCH 2/2] tcg: aarch64: use 32-bit offset for 32-bit user-mode emulation Paolo Bonzini
2015-07-23 21:19 ` [Qemu-devel] [PATCH 0/2] " Richard Henderson
2 siblings, 1 reply; 6+ messages in thread
From: Paolo Bonzini @ 2015-07-15 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: claudio.fontana, aurelien, rth
The new argument lets you pick uxtw or uxtx mode for the offset
register. For now, all callers pass TCG_TYPE_I64 so that uxtx
is generated. The bits for uxtx are removed from I3312_TO_I3310.
Reported-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
tcg/aarch64/tcg-target.c | 41 ++++++++++++++++++++++-------------------
1 file changed, 22 insertions(+), 19 deletions(-)
diff --git a/tcg/aarch64/tcg-target.c b/tcg/aarch64/tcg-target.c
index fe44ad7..5395202 100644
--- a/tcg/aarch64/tcg-target.c
+++ b/tcg/aarch64/tcg-target.c
@@ -280,7 +280,7 @@ typedef enum {
I3312_LDRSHX = 0x38000000 | LDST_LD_S_X << 22 | MO_16 << 30,
I3312_LDRSWX = 0x38000000 | LDST_LD_S_X << 22 | MO_32 << 30,
- I3312_TO_I3310 = 0x00206800,
+ I3312_TO_I3310 = 0x00200800,
I3312_TO_I3313 = 0x01000000,
/* Load/store register pair instructions. */
@@ -496,13 +496,14 @@ static void tcg_out_insn_3509(TCGContext *s, AArch64Insn insn, TCGType ext,
}
static void tcg_out_insn_3310(TCGContext *s, AArch64Insn insn,
- TCGReg rd, TCGReg base, TCGReg regoff)
+ TCGReg rd, TCGReg base, TCGType ext,
+ TCGReg regoff)
{
/* Note the AArch64Insn constants above are for C3.3.12. Adjust. */
- tcg_out32(s, insn | I3312_TO_I3310 | regoff << 16 | base << 5 | rd);
+ tcg_out32(s, insn | I3312_TO_I3310 | regoff << 16 |
+ 0x4000 | ext << 13 | base << 5 | rd);
}
-
static void tcg_out_insn_3312(TCGContext *s, AArch64Insn insn,
TCGReg rd, TCGReg rn, intptr_t offset)
{
@@ -677,7 +678,7 @@ static void tcg_out_ldst(TCGContext *s, AArch64Insn insn,
/* Worst-case scenario, move offset to temp register, use reg offset. */
tcg_out_movi(s, TCG_TYPE_I64, TCG_REG_TMP, offset);
- tcg_out_ldst_r(s, insn, rd, rn, TCG_REG_TMP);
+ tcg_out_ldst_r(s, insn, rd, rn, TCG_TYPE_I64, TCG_REG_TMP);
}
static inline void tcg_out_mov(TCGContext *s,
@@ -1111,48 +1112,49 @@ static void tcg_out_qemu_ld_direct(TCGContext *s, TCGMemOp memop, TCGType ext,
TCGReg data_r, TCGReg addr_r, TCGReg off_r)
{
const TCGMemOp bswap = memop & MO_BSWAP;
+ const TCGType otype = TCG_TYPE_I64;
switch (memop & MO_SSIZE) {
case MO_UB:
- tcg_out_ldst_r(s, I3312_LDRB, data_r, addr_r, off_r);
+ tcg_out_ldst_r(s, I3312_LDRB, data_r, addr_r, otype, off_r);
break;
case MO_SB:
tcg_out_ldst_r(s, ext ? I3312_LDRSBX : I3312_LDRSBW,
- data_r, addr_r, off_r);
+ data_r, addr_r, otype, off_r);
break;
case MO_UW:
- tcg_out_ldst_r(s, I3312_LDRH, data_r, addr_r, off_r);
+ tcg_out_ldst_r(s, I3312_LDRH, data_r, addr_r, otype, off_r);
if (bswap) {
tcg_out_rev16(s, data_r, data_r);
}
break;
case MO_SW:
if (bswap) {
- tcg_out_ldst_r(s, I3312_LDRH, data_r, addr_r, off_r);
+ tcg_out_ldst_r(s, I3312_LDRH, data_r, addr_r, otype, off_r);
tcg_out_rev16(s, data_r, data_r);
tcg_out_sxt(s, ext, MO_16, data_r, data_r);
} else {
- tcg_out_ldst_r(s, ext ? I3312_LDRSHX : I3312_LDRSHW,
- data_r, addr_r, off_r);
+ tcg_out_ldst_r(s, (ext ? I3312_LDRSHX : I3312_LDRSHW),
+ data_r, addr_r, otype, off_r);
}
break;
case MO_UL:
- tcg_out_ldst_r(s, I3312_LDRW, data_r, addr_r, off_r);
+ tcg_out_ldst_r(s, I3312_LDRW, data_r, addr_r, otype, off_r);
if (bswap) {
tcg_out_rev32(s, data_r, data_r);
}
break;
case MO_SL:
if (bswap) {
- tcg_out_ldst_r(s, I3312_LDRW, data_r, addr_r, off_r);
+ tcg_out_ldst_r(s, I3312_LDRW, data_r, addr_r, otype, off_r);
tcg_out_rev32(s, data_r, data_r);
tcg_out_sxt(s, TCG_TYPE_I64, MO_32, data_r, data_r);
} else {
- tcg_out_ldst_r(s, I3312_LDRSWX, data_r, addr_r, off_r);
+ tcg_out_ldst_r(s, I3312_LDRSWX, data_r, addr_r, otype, off_r);
}
break;
case MO_Q:
- tcg_out_ldst_r(s, I3312_LDRX, data_r, addr_r, off_r);
+ tcg_out_ldst_r(s, I3312_LDRX, data_r, addr_r, otype, off_r);
if (bswap) {
tcg_out_rev64(s, data_r, data_r);
}
@@ -1166,31 +1168,32 @@ static void tcg_out_qemu_st_direct(TCGContext *s, TCGMemOp memop,
TCGReg data_r, TCGReg addr_r, TCGReg off_r)
{
const TCGMemOp bswap = memop & MO_BSWAP;
+ const TCGType otype = TCG_TYPE_I64;
switch (memop & MO_SIZE) {
case MO_8:
- tcg_out_ldst_r(s, I3312_STRB, data_r, addr_r, off_r);
+ tcg_out_ldst_r(s, I3312_STRB, data_r, addr_r, otype, off_r);
break;
case MO_16:
if (bswap && data_r != TCG_REG_XZR) {
tcg_out_rev16(s, TCG_REG_TMP, data_r);
data_r = TCG_REG_TMP;
}
- tcg_out_ldst_r(s, I3312_STRH, data_r, addr_r, off_r);
+ tcg_out_ldst_r(s, I3312_STRH, data_r, addr_r, otype, off_r);
break;
case MO_32:
if (bswap && data_r != TCG_REG_XZR) {
tcg_out_rev32(s, TCG_REG_TMP, data_r);
data_r = TCG_REG_TMP;
}
- tcg_out_ldst_r(s, I3312_STRW, data_r, addr_r, off_r);
+ tcg_out_ldst_r(s, I3312_STRW, data_r, addr_r, otype, off_r);
break;
case MO_64:
if (bswap && data_r != TCG_REG_XZR) {
tcg_out_rev64(s, TCG_REG_TMP, data_r);
data_r = TCG_REG_TMP;
}
- tcg_out_ldst_r(s, I3312_STRX, data_r, addr_r, off_r);
+ tcg_out_ldst_r(s, I3312_STRX, data_r, addr_r, otype, off_r);
break;
default:
tcg_abort();
--
2.4.3
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [Qemu-devel] [PATCH 2/2] tcg: aarch64: use 32-bit offset for 32-bit user-mode emulation
2015-07-15 15:26 [Qemu-devel] [PATCH 0/2] tcg: aarch64: use 32-bit offset for 32-bit user-mode emulation Paolo Bonzini
2015-07-15 15:27 ` [Qemu-devel] [PATCH 1/2] tcg: aarch64: add ext argument to tcg_out_insn_3310 Paolo Bonzini
@ 2015-07-15 15:27 ` Paolo Bonzini
2015-07-15 16:10 ` Aurelien Jarno
2015-07-23 21:19 ` [Qemu-devel] [PATCH 0/2] " Richard Henderson
2 siblings, 1 reply; 6+ messages in thread
From: Paolo Bonzini @ 2015-07-15 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: claudio.fontana, aurelien, rth
Thanks to the previous patch, it is now easy for tcg_out_qemu_ld and
tcg_out_qemu_st to use a 32-bit zero extended offset. However, the
guest base register x28 must be the base and addr_reg must be the
index.
Reported-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
tcg/aarch64/tcg-target.c | 26 ++++++++++++++++----------
1 file changed, 16 insertions(+), 10 deletions(-)
diff --git a/tcg/aarch64/tcg-target.c b/tcg/aarch64/tcg-target.c
index 5395202..4aca883 100644
--- a/tcg/aarch64/tcg-target.c
+++ b/tcg/aarch64/tcg-target.c
@@ -1109,10 +1109,10 @@ static void tcg_out_tlb_read(TCGContext *s, TCGReg addr_reg, TCGMemOp s_bits,
#endif /* CONFIG_SOFTMMU */
static void tcg_out_qemu_ld_direct(TCGContext *s, TCGMemOp memop, TCGType ext,
- TCGReg data_r, TCGReg addr_r, TCGReg off_r)
+ TCGReg data_r, TCGReg addr_r,
+ TCGType otype, TCGReg off_r)
{
const TCGMemOp bswap = memop & MO_BSWAP;
- const TCGType otype = TCG_TYPE_I64;
switch (memop & MO_SSIZE) {
case MO_UB:
@@ -1165,10 +1165,10 @@ static void tcg_out_qemu_ld_direct(TCGContext *s, TCGMemOp memop, TCGType ext,
}
static void tcg_out_qemu_st_direct(TCGContext *s, TCGMemOp memop,
- TCGReg data_r, TCGReg addr_r, TCGReg off_r)
+ TCGReg data_r, TCGReg addr_r,
+ TCGType otype, TCGReg off_r)
{
const TCGMemOp bswap = memop & MO_BSWAP;
- const TCGType otype = TCG_TYPE_I64;
switch (memop & MO_SIZE) {
case MO_8:
@@ -1210,12 +1210,15 @@ static void tcg_out_qemu_ld(TCGContext *s, TCGReg data_reg, TCGReg addr_reg,
tcg_insn_unit *label_ptr;
tcg_out_tlb_read(s, addr_reg, s_bits, &label_ptr, mem_index, 1);
- tcg_out_qemu_ld_direct(s, memop, ext, data_reg, addr_reg, TCG_REG_X1);
+ tcg_out_qemu_ld_direct(s, memop, ext, data_reg, addr_reg,
+ TCG_TYPE_I64, TCG_REG_X1);
add_qemu_ldst_label(s, true, oi, ext, data_reg, addr_reg,
s->code_ptr, label_ptr);
#else /* !CONFIG_SOFTMMU */
- tcg_out_qemu_ld_direct(s, memop, ext, data_reg, addr_reg,
- GUEST_BASE ? TCG_REG_GUEST_BASE : TCG_REG_XZR);
+ const TCGType otype = TARGET_LONG_BITS == 64 ? TCG_TYPE_I64 : TCG_TYPE_I32;
+ tcg_out_qemu_ld_direct(s, memop, ext, data_reg,
+ GUEST_BASE ? TCG_REG_GUEST_BASE : TCG_REG_XZR,
+ otype, addr_reg);
#endif /* CONFIG_SOFTMMU */
}
@@ -1229,12 +1232,15 @@ static void tcg_out_qemu_st(TCGContext *s, TCGReg data_reg, TCGReg addr_reg,
tcg_insn_unit *label_ptr;
tcg_out_tlb_read(s, addr_reg, s_bits, &label_ptr, mem_index, 0);
- tcg_out_qemu_st_direct(s, memop, data_reg, addr_reg, TCG_REG_X1);
+ tcg_out_qemu_st_direct(s, memop, data_reg, addr_reg,
+ TCG_TYPE_I64, TCG_REG_X1);
add_qemu_ldst_label(s, false, oi, s_bits == MO_64, data_reg, addr_reg,
s->code_ptr, label_ptr);
#else /* !CONFIG_SOFTMMU */
- tcg_out_qemu_st_direct(s, memop, data_reg, addr_reg,
- GUEST_BASE ? TCG_REG_GUEST_BASE : TCG_REG_XZR);
+ const TCGType otype = TARGET_LONG_BITS == 64 ? TCG_TYPE_I64 : TCG_TYPE_I32;
+ tcg_out_qemu_st_direct(s, memop, data_reg,
+ GUEST_BASE ? TCG_REG_GUEST_BASE : TCG_REG_XZR,
+ otype, addr_reg);
#endif /* CONFIG_SOFTMMU */
}
--
2.4.3
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [Qemu-devel] [PATCH 1/2] tcg: aarch64: add ext argument to tcg_out_insn_3310
2015-07-15 15:27 ` [Qemu-devel] [PATCH 1/2] tcg: aarch64: add ext argument to tcg_out_insn_3310 Paolo Bonzini
@ 2015-07-15 16:09 ` Aurelien Jarno
0 siblings, 0 replies; 6+ messages in thread
From: Aurelien Jarno @ 2015-07-15 16:09 UTC (permalink / raw)
To: Paolo Bonzini; +Cc: claudio.fontana, qemu-devel, rth
On 2015-07-15 17:27, Paolo Bonzini wrote:
> The new argument lets you pick uxtw or uxtx mode for the offset
> register. For now, all callers pass TCG_TYPE_I64 so that uxtx
> is generated. The bits for uxtx are removed from I3312_TO_I3310.
>
> Reported-by: Leon Alrae <leon.alrae@imgtec.com>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
> tcg/aarch64/tcg-target.c | 41 ++++++++++++++++++++++-------------------
> 1 file changed, 22 insertions(+), 19 deletions(-)
>
> diff --git a/tcg/aarch64/tcg-target.c b/tcg/aarch64/tcg-target.c
> index fe44ad7..5395202 100644
> --- a/tcg/aarch64/tcg-target.c
> +++ b/tcg/aarch64/tcg-target.c
> @@ -280,7 +280,7 @@ typedef enum {
> I3312_LDRSHX = 0x38000000 | LDST_LD_S_X << 22 | MO_16 << 30,
> I3312_LDRSWX = 0x38000000 | LDST_LD_S_X << 22 | MO_32 << 30,
>
> - I3312_TO_I3310 = 0x00206800,
> + I3312_TO_I3310 = 0x00200800,
> I3312_TO_I3313 = 0x01000000,
>
> /* Load/store register pair instructions. */
> @@ -496,13 +496,14 @@ static void tcg_out_insn_3509(TCGContext *s, AArch64Insn insn, TCGType ext,
> }
>
> static void tcg_out_insn_3310(TCGContext *s, AArch64Insn insn,
> - TCGReg rd, TCGReg base, TCGReg regoff)
> + TCGReg rd, TCGReg base, TCGType ext,
> + TCGReg regoff)
> {
> /* Note the AArch64Insn constants above are for C3.3.12. Adjust. */
> - tcg_out32(s, insn | I3312_TO_I3310 | regoff << 16 | base << 5 | rd);
> + tcg_out32(s, insn | I3312_TO_I3310 | regoff << 16 |
> + 0x4000 | ext << 13 | base << 5 | rd);
> }
>
> -
> static void tcg_out_insn_3312(TCGContext *s, AArch64Insn insn,
> TCGReg rd, TCGReg rn, intptr_t offset)
> {
> @@ -677,7 +678,7 @@ static void tcg_out_ldst(TCGContext *s, AArch64Insn insn,
>
> /* Worst-case scenario, move offset to temp register, use reg offset. */
> tcg_out_movi(s, TCG_TYPE_I64, TCG_REG_TMP, offset);
> - tcg_out_ldst_r(s, insn, rd, rn, TCG_REG_TMP);
> + tcg_out_ldst_r(s, insn, rd, rn, TCG_TYPE_I64, TCG_REG_TMP);
> }
>
> static inline void tcg_out_mov(TCGContext *s,
> @@ -1111,48 +1112,49 @@ static void tcg_out_qemu_ld_direct(TCGContext *s, TCGMemOp memop, TCGType ext,
> TCGReg data_r, TCGReg addr_r, TCGReg off_r)
> {
> const TCGMemOp bswap = memop & MO_BSWAP;
> + const TCGType otype = TCG_TYPE_I64;
>
> switch (memop & MO_SSIZE) {
> case MO_UB:
> - tcg_out_ldst_r(s, I3312_LDRB, data_r, addr_r, off_r);
> + tcg_out_ldst_r(s, I3312_LDRB, data_r, addr_r, otype, off_r);
> break;
> case MO_SB:
> tcg_out_ldst_r(s, ext ? I3312_LDRSBX : I3312_LDRSBW,
> - data_r, addr_r, off_r);
> + data_r, addr_r, otype, off_r);
> break;
> case MO_UW:
> - tcg_out_ldst_r(s, I3312_LDRH, data_r, addr_r, off_r);
> + tcg_out_ldst_r(s, I3312_LDRH, data_r, addr_r, otype, off_r);
> if (bswap) {
> tcg_out_rev16(s, data_r, data_r);
> }
> break;
> case MO_SW:
> if (bswap) {
> - tcg_out_ldst_r(s, I3312_LDRH, data_r, addr_r, off_r);
> + tcg_out_ldst_r(s, I3312_LDRH, data_r, addr_r, otype, off_r);
> tcg_out_rev16(s, data_r, data_r);
> tcg_out_sxt(s, ext, MO_16, data_r, data_r);
> } else {
> - tcg_out_ldst_r(s, ext ? I3312_LDRSHX : I3312_LDRSHW,
> - data_r, addr_r, off_r);
> + tcg_out_ldst_r(s, (ext ? I3312_LDRSHX : I3312_LDRSHW),
> + data_r, addr_r, otype, off_r);
> }
> break;
> case MO_UL:
> - tcg_out_ldst_r(s, I3312_LDRW, data_r, addr_r, off_r);
> + tcg_out_ldst_r(s, I3312_LDRW, data_r, addr_r, otype, off_r);
> if (bswap) {
> tcg_out_rev32(s, data_r, data_r);
> }
> break;
> case MO_SL:
> if (bswap) {
> - tcg_out_ldst_r(s, I3312_LDRW, data_r, addr_r, off_r);
> + tcg_out_ldst_r(s, I3312_LDRW, data_r, addr_r, otype, off_r);
> tcg_out_rev32(s, data_r, data_r);
> tcg_out_sxt(s, TCG_TYPE_I64, MO_32, data_r, data_r);
> } else {
> - tcg_out_ldst_r(s, I3312_LDRSWX, data_r, addr_r, off_r);
> + tcg_out_ldst_r(s, I3312_LDRSWX, data_r, addr_r, otype, off_r);
> }
> break;
> case MO_Q:
> - tcg_out_ldst_r(s, I3312_LDRX, data_r, addr_r, off_r);
> + tcg_out_ldst_r(s, I3312_LDRX, data_r, addr_r, otype, off_r);
> if (bswap) {
> tcg_out_rev64(s, data_r, data_r);
> }
> @@ -1166,31 +1168,32 @@ static void tcg_out_qemu_st_direct(TCGContext *s, TCGMemOp memop,
> TCGReg data_r, TCGReg addr_r, TCGReg off_r)
> {
> const TCGMemOp bswap = memop & MO_BSWAP;
> + const TCGType otype = TCG_TYPE_I64;
>
> switch (memop & MO_SIZE) {
> case MO_8:
> - tcg_out_ldst_r(s, I3312_STRB, data_r, addr_r, off_r);
> + tcg_out_ldst_r(s, I3312_STRB, data_r, addr_r, otype, off_r);
> break;
> case MO_16:
> if (bswap && data_r != TCG_REG_XZR) {
> tcg_out_rev16(s, TCG_REG_TMP, data_r);
> data_r = TCG_REG_TMP;
> }
> - tcg_out_ldst_r(s, I3312_STRH, data_r, addr_r, off_r);
> + tcg_out_ldst_r(s, I3312_STRH, data_r, addr_r, otype, off_r);
> break;
> case MO_32:
> if (bswap && data_r != TCG_REG_XZR) {
> tcg_out_rev32(s, TCG_REG_TMP, data_r);
> data_r = TCG_REG_TMP;
> }
> - tcg_out_ldst_r(s, I3312_STRW, data_r, addr_r, off_r);
> + tcg_out_ldst_r(s, I3312_STRW, data_r, addr_r, otype, off_r);
> break;
> case MO_64:
> if (bswap && data_r != TCG_REG_XZR) {
> tcg_out_rev64(s, TCG_REG_TMP, data_r);
> data_r = TCG_REG_TMP;
> }
> - tcg_out_ldst_r(s, I3312_STRX, data_r, addr_r, off_r);
> + tcg_out_ldst_r(s, I3312_STRX, data_r, addr_r, otype, off_r);
> break;
> default:
> tcg_abort();
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
--
Aurelien Jarno GPG: 4096R/1DDD8C9B
aurelien@aurel32.net http://www.aurel32.net
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Qemu-devel] [PATCH 2/2] tcg: aarch64: use 32-bit offset for 32-bit user-mode emulation
2015-07-15 15:27 ` [Qemu-devel] [PATCH 2/2] tcg: aarch64: use 32-bit offset for 32-bit user-mode emulation Paolo Bonzini
@ 2015-07-15 16:10 ` Aurelien Jarno
0 siblings, 0 replies; 6+ messages in thread
From: Aurelien Jarno @ 2015-07-15 16:10 UTC (permalink / raw)
To: Paolo Bonzini; +Cc: claudio.fontana, qemu-devel, rth
On 2015-07-15 17:27, Paolo Bonzini wrote:
> Thanks to the previous patch, it is now easy for tcg_out_qemu_ld and
> tcg_out_qemu_st to use a 32-bit zero extended offset. However, the
> guest base register x28 must be the base and addr_reg must be the
> index.
>
> Reported-by: Leon Alrae <leon.alrae@imgtec.com>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
> tcg/aarch64/tcg-target.c | 26 ++++++++++++++++----------
> 1 file changed, 16 insertions(+), 10 deletions(-)
>
> diff --git a/tcg/aarch64/tcg-target.c b/tcg/aarch64/tcg-target.c
> index 5395202..4aca883 100644
> --- a/tcg/aarch64/tcg-target.c
> +++ b/tcg/aarch64/tcg-target.c
> @@ -1109,10 +1109,10 @@ static void tcg_out_tlb_read(TCGContext *s, TCGReg addr_reg, TCGMemOp s_bits,
> #endif /* CONFIG_SOFTMMU */
>
> static void tcg_out_qemu_ld_direct(TCGContext *s, TCGMemOp memop, TCGType ext,
> - TCGReg data_r, TCGReg addr_r, TCGReg off_r)
> + TCGReg data_r, TCGReg addr_r,
> + TCGType otype, TCGReg off_r)
> {
> const TCGMemOp bswap = memop & MO_BSWAP;
> - const TCGType otype = TCG_TYPE_I64;
>
> switch (memop & MO_SSIZE) {
> case MO_UB:
> @@ -1165,10 +1165,10 @@ static void tcg_out_qemu_ld_direct(TCGContext *s, TCGMemOp memop, TCGType ext,
> }
>
> static void tcg_out_qemu_st_direct(TCGContext *s, TCGMemOp memop,
> - TCGReg data_r, TCGReg addr_r, TCGReg off_r)
> + TCGReg data_r, TCGReg addr_r,
> + TCGType otype, TCGReg off_r)
> {
> const TCGMemOp bswap = memop & MO_BSWAP;
> - const TCGType otype = TCG_TYPE_I64;
>
> switch (memop & MO_SIZE) {
> case MO_8:
> @@ -1210,12 +1210,15 @@ static void tcg_out_qemu_ld(TCGContext *s, TCGReg data_reg, TCGReg addr_reg,
> tcg_insn_unit *label_ptr;
>
> tcg_out_tlb_read(s, addr_reg, s_bits, &label_ptr, mem_index, 1);
> - tcg_out_qemu_ld_direct(s, memop, ext, data_reg, addr_reg, TCG_REG_X1);
> + tcg_out_qemu_ld_direct(s, memop, ext, data_reg, addr_reg,
> + TCG_TYPE_I64, TCG_REG_X1);
> add_qemu_ldst_label(s, true, oi, ext, data_reg, addr_reg,
> s->code_ptr, label_ptr);
> #else /* !CONFIG_SOFTMMU */
> - tcg_out_qemu_ld_direct(s, memop, ext, data_reg, addr_reg,
> - GUEST_BASE ? TCG_REG_GUEST_BASE : TCG_REG_XZR);
> + const TCGType otype = TARGET_LONG_BITS == 64 ? TCG_TYPE_I64 : TCG_TYPE_I32;
> + tcg_out_qemu_ld_direct(s, memop, ext, data_reg,
> + GUEST_BASE ? TCG_REG_GUEST_BASE : TCG_REG_XZR,
> + otype, addr_reg);
> #endif /* CONFIG_SOFTMMU */
> }
>
> @@ -1229,12 +1232,15 @@ static void tcg_out_qemu_st(TCGContext *s, TCGReg data_reg, TCGReg addr_reg,
> tcg_insn_unit *label_ptr;
>
> tcg_out_tlb_read(s, addr_reg, s_bits, &label_ptr, mem_index, 0);
> - tcg_out_qemu_st_direct(s, memop, data_reg, addr_reg, TCG_REG_X1);
> + tcg_out_qemu_st_direct(s, memop, data_reg, addr_reg,
> + TCG_TYPE_I64, TCG_REG_X1);
> add_qemu_ldst_label(s, false, oi, s_bits == MO_64, data_reg, addr_reg,
> s->code_ptr, label_ptr);
> #else /* !CONFIG_SOFTMMU */
> - tcg_out_qemu_st_direct(s, memop, data_reg, addr_reg,
> - GUEST_BASE ? TCG_REG_GUEST_BASE : TCG_REG_XZR);
> + const TCGType otype = TARGET_LONG_BITS == 64 ? TCG_TYPE_I64 : TCG_TYPE_I32;
> + tcg_out_qemu_st_direct(s, memop, data_reg,
> + GUEST_BASE ? TCG_REG_GUEST_BASE : TCG_REG_XZR,
> + otype, addr_reg);
> #endif /* CONFIG_SOFTMMU */
> }
>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
--
Aurelien Jarno GPG: 4096R/1DDD8C9B
aurelien@aurel32.net http://www.aurel32.net
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Qemu-devel] [PATCH 0/2] tcg: aarch64: use 32-bit offset for 32-bit user-mode emulation
2015-07-15 15:26 [Qemu-devel] [PATCH 0/2] tcg: aarch64: use 32-bit offset for 32-bit user-mode emulation Paolo Bonzini
2015-07-15 15:27 ` [Qemu-devel] [PATCH 1/2] tcg: aarch64: add ext argument to tcg_out_insn_3310 Paolo Bonzini
2015-07-15 15:27 ` [Qemu-devel] [PATCH 2/2] tcg: aarch64: use 32-bit offset for 32-bit user-mode emulation Paolo Bonzini
@ 2015-07-23 21:19 ` Richard Henderson
2 siblings, 0 replies; 6+ messages in thread
From: Richard Henderson @ 2015-07-23 21:19 UTC (permalink / raw)
To: Paolo Bonzini, qemu-devel; +Cc: claudio.fontana, aurelien
On 07/15/2015 08:26 AM, Paolo Bonzini wrote:
> The register allocator may sometimes pass a 64-bit value to a 32-bit
> operation if truncations are considered no-ops by the backend.
> When this happens, user-mode emulation may use an incorrect offset
> for loads and stores. This affects aarch64 and x86, because other
> architectures already zero-extend the offset before using it for a
> load or store.
>
> To fix this for aarch64, use the uxtw modifier on load and store
> instructions.
>
> Paolo
>
> Paolo Bonzini (2):
> tcg: aarch64: add ext argument to tcg_out_insn_3310
> tcg: aarch64: use 32-bit offset for 32-bit user-mode emulation
>
> tcg/aarch64/tcg-target.c | 63 +++++++++++++++++++++++++++---------------------
> 1 file changed, 36 insertions(+), 27 deletions(-)
>
Applied to tcg-for-2.4.
r~
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2015-07-23 21:19 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-07-15 15:26 [Qemu-devel] [PATCH 0/2] tcg: aarch64: use 32-bit offset for 32-bit user-mode emulation Paolo Bonzini
2015-07-15 15:27 ` [Qemu-devel] [PATCH 1/2] tcg: aarch64: add ext argument to tcg_out_insn_3310 Paolo Bonzini
2015-07-15 16:09 ` Aurelien Jarno
2015-07-15 15:27 ` [Qemu-devel] [PATCH 2/2] tcg: aarch64: use 32-bit offset for 32-bit user-mode emulation Paolo Bonzini
2015-07-15 16:10 ` Aurelien Jarno
2015-07-23 21:19 ` [Qemu-devel] [PATCH 0/2] " Richard Henderson
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.