* [PATCH v3 0/6] target/arm: Fix insn exception priorities
@ 2021-09-20 2:44 Richard Henderson
2021-09-20 2:44 ` [PATCH v3 1/6] linux-user/aarch64: Handle EC_PCALIGNMENT Richard Henderson
` (5 more replies)
0 siblings, 6 replies; 8+ messages in thread
From: Richard Henderson @ 2021-09-20 2:44 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Raise pc alignment faults.
Fix single-step and pc-align priority over breakpoints.
Not yet fixing insn abort priority over breakpoints.
Based-on: 20210919015718.466207-1-richard.henderson@linaro.org
("linux-user: Clean up siginfo_t handling")
Changes for v3:
* Rebase on siginfo_t patch set -- while probably only
force_sig_fault is required, I suspect minor conflicts
with the other cleanups.
* Typo fix.
Changes for v2:
* Handle the exceptions in cpu_loop.
* Fix how the instruction is raised for aa32 el1.
* Add pc alignment test cases.
r~
Richard Henderson (6):
linux-user/aarch64: Handle EC_PCALIGNMENT
linux-user/arm: Report SIGBUS and SIGSEGV correctly
target/arm: Take an exception if PC is misaligned
target/arm: Assert thumb pc is aligned
target/arm: Suppress bp for exceptions with more priority
tests/tcg: Add arm and aarch64 pc alignment tests
target/arm/helper.h | 1 +
target/arm/syndrome.h | 5 ++++
linux-user/aarch64/cpu_loop.c | 44 +++++++++++++++++------------
linux-user/arm/cpu_loop.c | 39 ++++++++++++++++++++++----
target/arm/debug_helper.c | 23 ++++++++++++++++
target/arm/gdbstub.c | 9 ++++--
target/arm/machine.c | 9 ++++++
target/arm/tlb_helper.c | 24 ++++++++++++++++
target/arm/translate-a64.c | 23 ++++++++++++++--
target/arm/translate.c | 42 +++++++++++++++++++++++-----
tests/tcg/aarch64/pcalign-a64.c | 37 +++++++++++++++++++++++++
tests/tcg/arm/pcalign-a32.c | 46 +++++++++++++++++++++++++++++++
tests/tcg/aarch64/Makefile.target | 4 +--
tests/tcg/arm/Makefile.target | 4 +++
14 files changed, 274 insertions(+), 36 deletions(-)
create mode 100644 tests/tcg/aarch64/pcalign-a64.c
create mode 100644 tests/tcg/arm/pcalign-a32.c
--
2.25.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH v3 1/6] linux-user/aarch64: Handle EC_PCALIGNMENT
2021-09-20 2:44 [PATCH v3 0/6] target/arm: Fix insn exception priorities Richard Henderson
@ 2021-09-20 2:44 ` Richard Henderson
2021-09-20 2:45 ` [PATCH v3 2/6] linux-user/arm: Report SIGBUS and SIGSEGV correctly Richard Henderson
` (4 subsequent siblings)
5 siblings, 0 replies; 8+ messages in thread
From: Richard Henderson @ 2021-09-20 2:44 UTC (permalink / raw)
To: qemu-devel; +Cc: Peter Maydell, qemu-arm
This will shortly be raised for execution with a misaligned pc.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
linux-user/aarch64/cpu_loop.c | 44 +++++++++++++++++++++--------------
1 file changed, 27 insertions(+), 17 deletions(-)
diff --git a/linux-user/aarch64/cpu_loop.c b/linux-user/aarch64/cpu_loop.c
index 11e34cb100..6e03afb2bd 100644
--- a/linux-user/aarch64/cpu_loop.c
+++ b/linux-user/aarch64/cpu_loop.c
@@ -78,7 +78,7 @@
void cpu_loop(CPUARMState *env)
{
CPUState *cs = env_cpu(env);
- int trapnr, ec, fsc, si_code;
+ int trapnr, ec, fsc, si_sig, si_code;
abi_long ret;
for (;;) {
@@ -112,28 +112,38 @@ void cpu_loop(CPUARMState *env)
break;
case EXCP_PREFETCH_ABORT:
case EXCP_DATA_ABORT:
- /* We should only arrive here with EC in {DATAABORT, INSNABORT}. */
ec = syn_get_ec(env->exception.syndrome);
- assert(ec == EC_DATAABORT || ec == EC_INSNABORT);
-
- /* Both EC have the same format for FSC, or close enough. */
- fsc = extract32(env->exception.syndrome, 0, 6);
- switch (fsc) {
- case 0x04 ... 0x07: /* Translation fault, level {0-3} */
- si_code = TARGET_SEGV_MAPERR;
+ switch (ec) {
+ case EC_DATAABORT:
+ case EC_INSNABORT:
+ /* Both EC have the same format for FSC, or close enough. */
+ fsc = extract32(env->exception.syndrome, 0, 6);
+ switch (fsc) {
+ case 0x04 ... 0x07: /* Translation fault, level {0-3} */
+ si_sig = TARGET_SIGSEGV;
+ si_code = TARGET_SEGV_MAPERR;
+ break;
+ case 0x09 ... 0x0b: /* Access flag fault, level {1-3} */
+ case 0x0d ... 0x0f: /* Permission fault, level {1-3} */
+ si_sig = TARGET_SIGSEGV;
+ si_code = TARGET_SEGV_ACCERR;
+ break;
+ case 0x11: /* Synchronous Tag Check Fault */
+ si_sig = TARGET_SIGSEGV;
+ si_code = TARGET_SEGV_MTESERR;
+ break;
+ default:
+ g_assert_not_reached();
+ }
break;
- case 0x09 ... 0x0b: /* Access flag fault, level {1-3} */
- case 0x0d ... 0x0f: /* Permission fault, level {1-3} */
- si_code = TARGET_SEGV_ACCERR;
- break;
- case 0x11: /* Synchronous Tag Check Fault */
- si_code = TARGET_SEGV_MTESERR;
+ case EC_PCALIGNMENT:
+ si_sig = TARGET_SIGBUS;
+ si_code = TARGET_BUS_ADRALN;
break;
default:
g_assert_not_reached();
}
-
- force_sig_fault(TARGET_SIGSEGV, si_code, env->exception.vaddress);
+ force_sig_fault(si_sig, si_code, env->exception.vaddress);
break;
case EXCP_DEBUG:
case EXCP_BKPT:
--
2.25.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH v3 2/6] linux-user/arm: Report SIGBUS and SIGSEGV correctly
2021-09-20 2:44 [PATCH v3 0/6] target/arm: Fix insn exception priorities Richard Henderson
2021-09-20 2:44 ` [PATCH v3 1/6] linux-user/aarch64: Handle EC_PCALIGNMENT Richard Henderson
@ 2021-09-20 2:45 ` Richard Henderson
2021-09-20 2:45 ` [PATCH v3 3/6] target/arm: Take an exception if PC is misaligned Richard Henderson
` (3 subsequent siblings)
5 siblings, 0 replies; 8+ messages in thread
From: Richard Henderson @ 2021-09-20 2:45 UTC (permalink / raw)
To: qemu-devel; +Cc: Peter Maydell, qemu-arm
Pull the fault information from where we placed it, in
arm_cpu_tlb_fill and arm_cpu_do_unaligned_access.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
linux-user/arm/cpu_loop.c | 39 ++++++++++++++++++++++++++++++++++-----
1 file changed, 34 insertions(+), 5 deletions(-)
diff --git a/linux-user/arm/cpu_loop.c b/linux-user/arm/cpu_loop.c
index d4b4f0c71f..1377a80620 100644
--- a/linux-user/arm/cpu_loop.c
+++ b/linux-user/arm/cpu_loop.c
@@ -24,6 +24,7 @@
#include "cpu_loop-common.h"
#include "signal-common.h"
#include "semihosting/common-semi.h"
+#include "target/arm/syndrome.h"
#define get_user_code_u32(x, gaddr, env) \
({ abi_long __r = get_user_u32((x), (gaddr)); \
@@ -279,8 +280,8 @@ static bool emulate_arm_fpa11(CPUARMState *env, uint32_t opcode)
void cpu_loop(CPUARMState *env)
{
CPUState *cs = env_cpu(env);
- int trapnr;
- unsigned int n, insn;
+ int trapnr, si_signo, si_code;
+ unsigned int n, insn, ec, fsc;
abi_ulong ret;
for(;;) {
@@ -422,9 +423,37 @@ void cpu_loop(CPUARMState *env)
break;
case EXCP_PREFETCH_ABORT:
case EXCP_DATA_ABORT:
- /* XXX: check env->error_code */
- force_sig_fault(TARGET_SIGSEGV, TARGET_SEGV_MAPERR,
- env->exception.vaddress);
+ /*
+ * For user-only we don't set TTBCR_EAE, so we always get
+ * short-form FSC, which then tells us to look at the FSR.
+ */
+ ec = syn_get_ec(env->exception.syndrome);
+ assert(ec == EC_DATAABORT || ec == EC_INSNABORT);
+ fsc = extract32(env->exception.syndrome, 0, 6);
+ assert(fsc == 0x3f);
+ switch (env->exception.fsr & 0x1f) {
+ case 0x1: /* Alignment */
+ si_signo = TARGET_SIGBUS;
+ si_code = TARGET_BUS_ADRALN;
+ break;
+ case 0x3: /* Access flag fault, level 1 */
+ case 0x6: /* Access flag fault, level 2 */
+ case 0x9: /* Domain fault, level 1 */
+ case 0xb: /* Domain fault, level 2 */
+ case 0xd: /* Permission fault, level 1 */
+ case 0xf: /* Permission fault, level 2 */
+ si_signo = TARGET_SIGSEGV;
+ si_code = TARGET_SEGV_ACCERR;
+ break;
+ case 0x5: /* Translation fault, level 1 */
+ case 0x7: /* Translation fault, level 2 */
+ si_signo = TARGET_SIGSEGV;
+ si_code = TARGET_SEGV_MAPERR;
+ break;
+ default:
+ g_assert_not_reached();
+ }
+ force_sig_fault(si_signo, si_code, env->exception.vaddress);
break;
case EXCP_DEBUG:
case EXCP_BKPT:
--
2.25.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH v3 3/6] target/arm: Take an exception if PC is misaligned
2021-09-20 2:44 [PATCH v3 0/6] target/arm: Fix insn exception priorities Richard Henderson
2021-09-20 2:44 ` [PATCH v3 1/6] linux-user/aarch64: Handle EC_PCALIGNMENT Richard Henderson
2021-09-20 2:45 ` [PATCH v3 2/6] linux-user/arm: Report SIGBUS and SIGSEGV correctly Richard Henderson
@ 2021-09-20 2:45 ` Richard Henderson
2021-09-20 9:05 ` Peter Maydell
2021-09-20 2:45 ` [PATCH v3 4/6] target/arm: Assert thumb pc is aligned Richard Henderson
` (2 subsequent siblings)
5 siblings, 1 reply; 8+ messages in thread
From: Richard Henderson @ 2021-09-20 2:45 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
For A64, any input to an indirect branch can cause this.
For A32, many indirect branch paths force the branch to be aligned,
but BXWritePC does not. This includes the BX instruction but also
other interworking changes to PC. Prior to v8, this case is UNDEFINED.
With v8, this is CONSTRAINED UNPREDICTABLE and may either raise an
exception or force align the PC.
We choose to raise an exception because we have the infrastructure,
it makes the generated code for gen_bx simpler, and it has the
possibility of catching more guest bugs.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/helper.h | 1 +
target/arm/syndrome.h | 5 +++++
target/arm/tlb_helper.c | 24 +++++++++++++++++++++++
target/arm/translate-a64.c | 23 +++++++++++++++++++---
target/arm/translate.c | 39 +++++++++++++++++++++++++++++++-------
5 files changed, 82 insertions(+), 10 deletions(-)
diff --git a/target/arm/helper.h b/target/arm/helper.h
index 448a86edfd..b463d9343b 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -47,6 +47,7 @@ DEF_HELPER_FLAGS_3(sel_flags, TCG_CALL_NO_RWG_SE,
DEF_HELPER_2(exception_internal, void, env, i32)
DEF_HELPER_4(exception_with_syndrome, void, env, i32, i32, i32)
DEF_HELPER_2(exception_bkpt_insn, void, env, i32)
+DEF_HELPER_2(exception_pc_alignment, noreturn, env, tl)
DEF_HELPER_1(setend, void, env)
DEF_HELPER_2(wfi, void, env, i32)
DEF_HELPER_1(wfe, void, env)
diff --git a/target/arm/syndrome.h b/target/arm/syndrome.h
index f30f4130a2..8cde8e7243 100644
--- a/target/arm/syndrome.h
+++ b/target/arm/syndrome.h
@@ -282,4 +282,9 @@ static inline uint32_t syn_illegalstate(void)
return (EC_ILLEGALSTATE << ARM_EL_EC_SHIFT) | ARM_EL_IL;
}
+static inline uint32_t syn_pcalignment(void)
+{
+ return (EC_PCALIGNMENT << ARM_EL_EC_SHIFT) | ARM_EL_IL;
+}
+
#endif /* TARGET_ARM_SYNDROME_H */
diff --git a/target/arm/tlb_helper.c b/target/arm/tlb_helper.c
index dc5860180f..1a50927bd6 100644
--- a/target/arm/tlb_helper.c
+++ b/target/arm/tlb_helper.c
@@ -9,6 +9,7 @@
#include "cpu.h"
#include "internals.h"
#include "exec/exec-all.h"
+#include "exec/helper-proto.h"
static inline uint32_t merge_syn_data_abort(uint32_t template_syn,
unsigned int target_el,
@@ -123,6 +124,29 @@ void arm_cpu_do_unaligned_access(CPUState *cs, vaddr vaddr,
arm_deliver_fault(cpu, vaddr, access_type, mmu_idx, &fi);
}
+void helper_exception_pc_alignment(CPUARMState *env, target_ulong pc)
+{
+ int target_el = exception_target_el(env);
+
+ if (target_el == 2 || arm_el_is_aa64(env, target_el)) {
+ /*
+ * To aarch64 and aarch32 el2, pc alignment has a
+ * special exception class.
+ */
+ env->exception.vaddress = pc;
+ env->exception.fsr = 0;
+ raise_exception(env, EXCP_PREFETCH_ABORT, syn_pcalignment(), target_el);
+ } else {
+ /*
+ * To aarch32 el1, pc alignment is like data alignment
+ * except with a prefetch abort.
+ */
+ ARMMMUFaultInfo fi = { .type = ARMFault_Alignment };
+ arm_deliver_fault(env_archcpu(env), pc, MMU_INST_FETCH,
+ cpu_mmu_index(env, true), &fi);
+ }
+}
+
#if !defined(CONFIG_USER_ONLY)
/*
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index ab6b346e35..8c72e37de3 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -14752,8 +14752,10 @@ static void aarch64_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
{
DisasContext *s = container_of(dcbase, DisasContext, base);
CPUARMState *env = cpu->env_ptr;
+ uint64_t pc = s->base.pc_next;
uint32_t insn;
+ /* Singlestep exceptions have the highest priority. */
if (s->ss_active && !s->pstate_ss) {
/* Singlestep state is Active-pending.
* If we're in this state at the start of a TB then either
@@ -14768,13 +14770,28 @@ static void aarch64_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
assert(s->base.num_insns == 1);
gen_swstep_exception(s, 0, 0);
s->base.is_jmp = DISAS_NORETURN;
+ s->base.pc_next = pc + 4;
return;
}
- s->pc_curr = s->base.pc_next;
- insn = arm_ldl_code(env, &s->base, s->base.pc_next, s->sctlr_b);
+ if (pc & 3) {
+ /*
+ * PC alignment fault. This has priority over the instruction abort
+ * that we would receive from a translation fault via arm_ldl_code.
+ * This should only be possible after an indirect branch, at the
+ * start of the TB.
+ */
+ assert(s->base.num_insns == 1);
+ gen_helper_exception_pc_alignment(cpu_env, tcg_constant_tl(pc));
+ s->base.is_jmp = DISAS_NORETURN;
+ s->base.pc_next = QEMU_ALIGN_UP(pc, 4);
+ return;
+ }
+
+ s->pc_curr = pc;
+ insn = arm_ldl_code(env, &s->base, pc, s->sctlr_b);
s->insn = insn;
- s->base.pc_next += 4;
+ s->base.pc_next = pc + 4;
s->fp_access_checked = false;
s->sve_access_checked = false;
diff --git a/target/arm/translate.c b/target/arm/translate.c
index caefb1e1a1..62c396b880 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -9497,7 +9497,7 @@ static void arm_tr_insn_start(DisasContextBase *dcbase, CPUState *cpu)
dc->insn_start = tcg_last_op();
}
-static bool arm_pre_translate_insn(DisasContext *dc)
+static bool arm_check_kernelpage(DisasContext *dc)
{
#ifdef CONFIG_USER_ONLY
/* Intercept jump to the magic kernel page. */
@@ -9509,7 +9509,11 @@ static bool arm_pre_translate_insn(DisasContext *dc)
return true;
}
#endif
+ return false;
+}
+static bool arm_check_ss_active(DisasContext *dc)
+{
if (dc->ss_active && !dc->pstate_ss) {
/* Singlestep state is Active-pending.
* If we're in this state at the start of a TB then either
@@ -9543,17 +9547,38 @@ static void arm_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
{
DisasContext *dc = container_of(dcbase, DisasContext, base);
CPUARMState *env = cpu->env_ptr;
+ uint32_t pc = dc->base.pc_next;
unsigned int insn;
- if (arm_pre_translate_insn(dc)) {
- dc->base.pc_next += 4;
+ /* Singlestep exceptions have the highest priority. */
+ if (arm_check_ss_active(dc)) {
+ dc->base.pc_next = pc + 4;
return;
}
- dc->pc_curr = dc->base.pc_next;
- insn = arm_ldl_code(env, &dc->base, dc->base.pc_next, dc->sctlr_b);
+ if (pc & 3) {
+ /*
+ * PC alignment fault. This has priority over the instruction abort
+ * that we would receive from a translation fault via arm_ldl_code
+ * (or the execution of the kernelpage entrypoint). This should only
+ * be possible after an indirect branch, at the start of the TB.
+ */
+ assert(dc->base.num_insns == 1);
+ gen_helper_exception_pc_alignment(cpu_env, tcg_constant_tl(pc));
+ dc->base.is_jmp = DISAS_NORETURN;
+ dc->base.pc_next = QEMU_ALIGN_UP(pc, 4);
+ return;
+ }
+
+ if (arm_check_kernelpage(dc)) {
+ dc->base.pc_next = pc + 4;
+ return;
+ }
+
+ dc->pc_curr = pc;
+ insn = arm_ldl_code(env, &dc->base, pc, dc->sctlr_b);
dc->insn = insn;
- dc->base.pc_next += 4;
+ dc->base.pc_next = pc + 4;
disas_arm_insn(dc, insn);
arm_post_translate_insn(dc);
@@ -9615,7 +9640,7 @@ static void thumb_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
uint32_t insn;
bool is_16bit;
- if (arm_pre_translate_insn(dc)) {
+ if (arm_check_ss_active(dc) || arm_check_kernelpage(dc)) {
dc->base.pc_next += 2;
return;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH v3 4/6] target/arm: Assert thumb pc is aligned
2021-09-20 2:44 [PATCH v3 0/6] target/arm: Fix insn exception priorities Richard Henderson
` (2 preceding siblings ...)
2021-09-20 2:45 ` [PATCH v3 3/6] target/arm: Take an exception if PC is misaligned Richard Henderson
@ 2021-09-20 2:45 ` Richard Henderson
2021-09-20 2:45 ` [PATCH v3 5/6] target/arm: Suppress bp for exceptions with more priority Richard Henderson
2021-09-20 2:45 ` [PATCH v3 6/6] tests/tcg: Add arm and aarch64 pc alignment tests Richard Henderson
5 siblings, 0 replies; 8+ messages in thread
From: Richard Henderson @ 2021-09-20 2:45 UTC (permalink / raw)
To: qemu-devel; +Cc: Peter Maydell, qemu-arm
Misaligned thumb PC is architecturally impossible.
Assert is better than proceeding, in case we've missed
something somewhere.
Expand a comment about aligning the pc in gdbstub.
Fail an incoming migrate if a thumb pc is misaligned.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/gdbstub.c | 9 +++++++--
target/arm/machine.c | 9 +++++++++
target/arm/translate.c | 3 +++
3 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/target/arm/gdbstub.c b/target/arm/gdbstub.c
index 826601b341..a54b42418b 100644
--- a/target/arm/gdbstub.c
+++ b/target/arm/gdbstub.c
@@ -76,8 +76,13 @@ int arm_cpu_gdb_write_register(CPUState *cs, uint8_t *mem_buf, int n)
tmp = ldl_p(mem_buf);
- /* Mask out low bit of PC to workaround gdb bugs. This will probably
- cause problems if we ever implement the Jazelle DBX extensions. */
+ /*
+ * Mask out low bits of PC to workaround gdb bugs.
+ * This avoids an assert in thumb_tr_translate_insn, because it is
+ * architecturally impossible to misalign the pc.
+ * This will probably cause problems if we ever implement the
+ * Jazelle DBX extensions.
+ */
if (n == 15) {
tmp &= ~1;
}
diff --git a/target/arm/machine.c b/target/arm/machine.c
index 81e30de824..b5004a67e9 100644
--- a/target/arm/machine.c
+++ b/target/arm/machine.c
@@ -781,6 +781,15 @@ static int cpu_post_load(void *opaque, int version_id)
hw_breakpoint_update_all(cpu);
hw_watchpoint_update_all(cpu);
+ /*
+ * Misaligned thumb pc is architecturally impossible.
+ * We have an assert in thumb_tr_translate_insn to verify this.
+ * Fail an incoming migrate to avoid this assert.
+ */
+ if (!is_a64(env) && env->thumb && (env->regs[15] & 1)) {
+ return -1;
+ }
+
if (!kvm_enabled()) {
pmu_op_finish(&cpu->env);
}
diff --git a/target/arm/translate.c b/target/arm/translate.c
index 62c396b880..e522cd2fbe 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -9640,6 +9640,9 @@ static void thumb_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
uint32_t insn;
bool is_16bit;
+ /* Misaligned thumb PC is architecturally impossible. */
+ assert((dc->base.pc_next & 1) == 0);
+
if (arm_check_ss_active(dc) || arm_check_kernelpage(dc)) {
dc->base.pc_next += 2;
return;
--
2.25.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH v3 5/6] target/arm: Suppress bp for exceptions with more priority
2021-09-20 2:44 [PATCH v3 0/6] target/arm: Fix insn exception priorities Richard Henderson
` (3 preceding siblings ...)
2021-09-20 2:45 ` [PATCH v3 4/6] target/arm: Assert thumb pc is aligned Richard Henderson
@ 2021-09-20 2:45 ` Richard Henderson
2021-09-20 2:45 ` [PATCH v3 6/6] tests/tcg: Add arm and aarch64 pc alignment tests Richard Henderson
5 siblings, 0 replies; 8+ messages in thread
From: Richard Henderson @ 2021-09-20 2:45 UTC (permalink / raw)
To: qemu-devel; +Cc: Peter Maydell, qemu-arm
Both single-step and pc alignment faults have priority over
breakpoint exceptions.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/debug_helper.c | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c
index 2983e36dd3..32f3caec23 100644
--- a/target/arm/debug_helper.c
+++ b/target/arm/debug_helper.c
@@ -220,6 +220,7 @@ bool arm_debug_check_breakpoint(CPUState *cs)
{
ARMCPU *cpu = ARM_CPU(cs);
CPUARMState *env = &cpu->env;
+ target_ulong pc;
int n;
/*
@@ -231,6 +232,28 @@ bool arm_debug_check_breakpoint(CPUState *cs)
return false;
}
+ /*
+ * Single-step exceptions have priority over breakpoint exceptions.
+ * If single-step state is active-pending, suppress the bp.
+ */
+ if (arm_singlestep_active(env) && !(env->pstate & PSTATE_SS)) {
+ return false;
+ }
+
+ /*
+ * PC alignment faults have priority over breakpoint exceptions.
+ */
+ pc = is_a64(env) ? env->pc : env->regs[15];
+ if ((is_a64(env) || !env->thumb) && (pc & 3) != 0) {
+ return false;
+ }
+
+ /*
+ * Instruction aborts have priority over breakpoint exceptions.
+ * TODO: We would need to look up the page for PC and verify that
+ * it is present and executable.
+ */
+
for (n = 0; n < ARRAY_SIZE(env->cpu_breakpoint); n++) {
if (bp_wp_matches(cpu, n, false)) {
return true;
--
2.25.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH v3 6/6] tests/tcg: Add arm and aarch64 pc alignment tests
2021-09-20 2:44 [PATCH v3 0/6] target/arm: Fix insn exception priorities Richard Henderson
` (4 preceding siblings ...)
2021-09-20 2:45 ` [PATCH v3 5/6] target/arm: Suppress bp for exceptions with more priority Richard Henderson
@ 2021-09-20 2:45 ` Richard Henderson
5 siblings, 0 replies; 8+ messages in thread
From: Richard Henderson @ 2021-09-20 2:45 UTC (permalink / raw)
To: qemu-devel; +Cc: Peter Maydell, qemu-arm
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
tests/tcg/aarch64/pcalign-a64.c | 37 +++++++++++++++++++++++++
tests/tcg/arm/pcalign-a32.c | 46 +++++++++++++++++++++++++++++++
tests/tcg/aarch64/Makefile.target | 4 +--
tests/tcg/arm/Makefile.target | 4 +++
4 files changed, 89 insertions(+), 2 deletions(-)
create mode 100644 tests/tcg/aarch64/pcalign-a64.c
create mode 100644 tests/tcg/arm/pcalign-a32.c
diff --git a/tests/tcg/aarch64/pcalign-a64.c b/tests/tcg/aarch64/pcalign-a64.c
new file mode 100644
index 0000000000..6b9277f919
--- /dev/null
+++ b/tests/tcg/aarch64/pcalign-a64.c
@@ -0,0 +1,37 @@
+/* Test PC misalignment exception */
+
+#include <assert.h>
+#include <signal.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+static void *expected;
+
+static void sigbus(int sig, siginfo_t *info, void *vuc)
+{
+ assert(info->si_code == BUS_ADRALN);
+ assert(info->si_addr == expected);
+ exit(EXIT_SUCCESS);
+}
+
+int main()
+{
+ void *tmp;
+
+ struct sigaction sa = {
+ .sa_sigaction = sigbus,
+ .sa_flags = SA_SIGINFO
+ };
+
+ if (sigaction(SIGBUS, &sa, NULL) < 0) {
+ perror("sigaction");
+ return EXIT_FAILURE;
+ }
+
+ asm volatile("adr %0, 1f + 1\n\t"
+ "str %0, %1\n\t"
+ "br %0\n"
+ "1:"
+ : "=&r"(tmp), "=m"(expected));
+ abort();
+}
diff --git a/tests/tcg/arm/pcalign-a32.c b/tests/tcg/arm/pcalign-a32.c
new file mode 100644
index 0000000000..3c9c8cc97b
--- /dev/null
+++ b/tests/tcg/arm/pcalign-a32.c
@@ -0,0 +1,46 @@
+/* Test PC misalignment exception */
+
+#ifdef __thumb__
+#error "This test must be compiled for ARM"
+#endif
+
+#include <assert.h>
+#include <signal.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+static void *expected;
+
+static void sigbus(int sig, siginfo_t *info, void *vuc)
+{
+ assert(info->si_code == BUS_ADRALN);
+ assert(info->si_addr == expected);
+ exit(EXIT_SUCCESS);
+}
+
+int main()
+{
+ void *tmp;
+
+ struct sigaction sa = {
+ .sa_sigaction = sigbus,
+ .sa_flags = SA_SIGINFO
+ };
+
+ if (sigaction(SIGBUS, &sa, NULL) < 0) {
+ perror("sigaction");
+ return EXIT_FAILURE;
+ }
+
+ asm volatile("adr %0, 1f + 2\n\t"
+ "str %0, %1\n\t"
+ "bx %0\n"
+ "1:"
+ : "=&r"(tmp), "=m"(expected));
+
+ /*
+ * From v8, it is CONSTRAINED UNPREDICTABLE whether BXWritePC aligns
+ * the address or not. If so, we can legitimately fall through.
+ */
+ return EXIT_SUCCESS;
+}
diff --git a/tests/tcg/aarch64/Makefile.target b/tests/tcg/aarch64/Makefile.target
index 2c05c90d17..1d967901bd 100644
--- a/tests/tcg/aarch64/Makefile.target
+++ b/tests/tcg/aarch64/Makefile.target
@@ -8,8 +8,8 @@ VPATH += $(ARM_SRC)
AARCH64_SRC=$(SRC_PATH)/tests/tcg/aarch64
VPATH += $(AARCH64_SRC)
-# Float-convert Tests
-AARCH64_TESTS=fcvt
+# Base architecture tests
+AARCH64_TESTS=fcvt pcalign-a64
fcvt: LDFLAGS+=-lm
diff --git a/tests/tcg/arm/Makefile.target b/tests/tcg/arm/Makefile.target
index 5ab59ed6ce..f509d823d4 100644
--- a/tests/tcg/arm/Makefile.target
+++ b/tests/tcg/arm/Makefile.target
@@ -29,6 +29,10 @@ run-fcvt: fcvt
$(call run-test,fcvt,$(QEMU) $<,"$< on $(TARGET_NAME)")
$(call diff-out,fcvt,$(ARM_SRC)/fcvt.ref)
+# PC alignment test
+ARM_TESTS += pcalign-a32
+pcalign-a32: CFLAGS+=-marm
+
ifeq ($(CONFIG_ARM_COMPATIBLE_SEMIHOSTING),y)
# Semihosting smoke test for linux-user
--
2.25.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH v3 3/6] target/arm: Take an exception if PC is misaligned
2021-09-20 2:45 ` [PATCH v3 3/6] target/arm: Take an exception if PC is misaligned Richard Henderson
@ 2021-09-20 9:05 ` Peter Maydell
0 siblings, 0 replies; 8+ messages in thread
From: Peter Maydell @ 2021-09-20 9:05 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-arm, QEMU Developers
On Mon, 20 Sept 2021 at 03:48, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> For A64, any input to an indirect branch can cause this.
>
> For A32, many indirect branch paths force the branch to be aligned,
> but BXWritePC does not. This includes the BX instruction but also
> other interworking changes to PC. Prior to v8, this case is UNDEFINED.
> With v8, this is CONSTRAINED UNPREDICTABLE and may either raise an
> exception or force align the PC.
>
> We choose to raise an exception because we have the infrastructure,
> it makes the generated code for gen_bx simpler, and it has the
> possibility of catching more guest bugs.
> +void helper_exception_pc_alignment(CPUARMState *env, target_ulong pc)
> +{
> + int target_el = exception_target_el(env);
> +
> + if (target_el == 2 || arm_el_is_aa64(env, target_el)) {
> + /*
> + * To aarch64 and aarch32 el2, pc alignment has a
> + * special exception class.
> + */
> + env->exception.vaddress = pc;
> + env->exception.fsr = 0;
> + raise_exception(env, EXCP_PREFETCH_ABORT, syn_pcalignment(), target_el);
> + } else {
> + /*
> + * To aarch32 el1, pc alignment is like data alignment
> + * except with a prefetch abort.
> + */
> + ARMMMUFaultInfo fi = { .type = ARMFault_Alignment };
> + arm_deliver_fault(env_archcpu(env), pc, MMU_INST_FETCH,
> + cpu_mmu_index(env, true), &fi);
> + }
I still don't believe that you need to special case AArch32-non-Hyp
like this. Can you expand on what you think the difference is?
> +}
> +
> #if !defined(CONFIG_USER_ONLY)
>
> /*
> diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
> index ab6b346e35..8c72e37de3 100644
> --- a/target/arm/translate-a64.c
> +++ b/target/arm/translate-a64.c
> @@ -14752,8 +14752,10 @@ static void aarch64_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
> {
> DisasContext *s = container_of(dcbase, DisasContext, base);
> CPUARMState *env = cpu->env_ptr;
> + uint64_t pc = s->base.pc_next;
> uint32_t insn;
>
> + /* Singlestep exceptions have the highest priority. */
> if (s->ss_active && !s->pstate_ss) {
> /* Singlestep state is Active-pending.
> * If we're in this state at the start of a TB then either
> @@ -14768,13 +14770,28 @@ static void aarch64_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
> assert(s->base.num_insns == 1);
> gen_swstep_exception(s, 0, 0);
> s->base.is_jmp = DISAS_NORETURN;
> + s->base.pc_next = pc + 4;
Why are we adding this in this patch? Isn't this a separate
bugfix ?
> return;
> }
thanks
-- PMM
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2021-09-20 9:07 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-20 2:44 [PATCH v3 0/6] target/arm: Fix insn exception priorities Richard Henderson
2021-09-20 2:44 ` [PATCH v3 1/6] linux-user/aarch64: Handle EC_PCALIGNMENT Richard Henderson
2021-09-20 2:45 ` [PATCH v3 2/6] linux-user/arm: Report SIGBUS and SIGSEGV correctly Richard Henderson
2021-09-20 2:45 ` [PATCH v3 3/6] target/arm: Take an exception if PC is misaligned Richard Henderson
2021-09-20 9:05 ` Peter Maydell
2021-09-20 2:45 ` [PATCH v3 4/6] target/arm: Assert thumb pc is aligned Richard Henderson
2021-09-20 2:45 ` [PATCH v3 5/6] target/arm: Suppress bp for exceptions with more priority Richard Henderson
2021-09-20 2:45 ` [PATCH v3 6/6] tests/tcg: Add arm and aarch64 pc alignment tests Richard Henderson
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.