[Qemu-devel] [PATCH] Sparc: fix non-faulting unassigned memory accesses

[Qemu-devel] [PATCH] Sparc: fix non-faulting unassigned memory accesses

[Blue Swirl]

[-- Attachment #1: Type: text/plain, Size: 2833 bytes --]

Commit b14ef7c9ab41ea824c3ccadb070ad95567cca84e
introduced cpu_unassigned_access() function. On Sparc,
the function does not restore AREG0 used for global CPUState
on function exit, causing bugs with non-faulting unassigned
memory accesses. Alpha, Microblaze and MIPS are not affected.

Fix by restoring AREG0 on exit. Remove excess saving by
do_unassigned_access() functions.

Also ignore unassigned accesses outside of CPU context.

Reported-by: Bob Breuer <breuerr@mc.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
---
 target-sparc/op_helper.c |   25 ++++++++-----------------
 1 files changed, 8 insertions(+), 17 deletions(-)

diff --git a/target-sparc/op_helper.c b/target-sparc/op_helper.c
index c1c4d4b..5aeca2b 100644
--- a/target-sparc/op_helper.c
+++ b/target-sparc/op_helper.c
@@ -4252,13 +4252,8 @@ void tlb_fill(target_ulong addr, int is_write,
int mmu_idx, void *retaddr)
 static void do_unassigned_access(target_phys_addr_t addr, int is_write,
                                  int is_exec, int is_asi, int size)
 {
-    CPUState *saved_env;
     int fault_type;

-    /* XXX: hack to restore env in all cases, even if not called from
-       generated code */
-    saved_env = env;
-    env = cpu_single_env;
 #ifdef DEBUG_UNASSIGNED
     if (is_asi)
         printf("Unassigned mem %s access of %d byte%s to " TARGET_FMT_plx
@@ -4306,8 +4301,6 @@ static void
do_unassigned_access(target_phys_addr_t addr, int is_write,
     if (env->mmuregs[0] & MMU_NF) {
         tlb_flush(env, 1);
     }
-
-    env = saved_env;
 }
 #endif
 #else
@@ -4319,13 +4312,6 @@ static void
do_unassigned_access(target_phys_addr_t addr, int is_write,
                                  int is_exec, int is_asi, int size)
 #endif
 {
-    CPUState *saved_env;
-
-    /* XXX: hack to restore env in all cases, even if not called from
-       generated code */
-    saved_env = env;
-    env = cpu_single_env;
-
 #ifdef DEBUG_UNASSIGNED
     printf("Unassigned mem access to " TARGET_FMT_plx " from " TARGET_FMT_lx
            "\n", addr, env->pc);
@@ -4335,8 +4321,6 @@ static void
do_unassigned_access(target_phys_addr_t addr, int is_write,
         raise_exception(TT_CODE_ACCESS);
     else
         raise_exception(TT_DATA_ACCESS);
-
-    env = saved_env;
 }
 #endif

@@ -4370,7 +4354,14 @@ void helper_tick_set_limit(void *opaque, uint64_t limit)
 void cpu_unassigned_access(CPUState *env1, target_phys_addr_t addr,
                            int is_write, int is_exec, int is_asi, int size)
 {
+    CPUState *saved_env;
+
+    saved_env = env;
     env = env1;
-    do_unassigned_access(addr, is_write, is_exec, is_asi, size);
+    /* Ignore unassigned accesses outside of CPU context */
+    if (env1) {
+        do_unassigned_access(addr, is_write, is_exec, is_asi, size);
+    }
+    env = saved_env;
 }
 #endif
-- 
1.6.2.4

[-- Attachment #2: 0001-Sparc-fix-non-faulting-unassigned-memory-accesses.patch --]
[-- Type: text/x-patch, Size: 3144 bytes --]

From 3e3dbb411f07fecff173eea4f6f6d52182d9945c Mon Sep 17 00:00:00 2001
Message-Id: <3e3dbb411f07fecff173eea4f6f6d52182d9945c.1312234275.git.blauwirbel@gmail.com>
From: Blue Swirl <blauwirbel@gmail.com>
Date: Mon, 1 Aug 2011 21:26:03 +0000
Subject: [PATCH] Sparc: fix non-faulting unassigned memory accesses

Commit b14ef7c9ab41ea824c3ccadb070ad95567cca84e
introduced cpu_unassigned_access() function. On Sparc,
the function does not restore AREG0 used for global CPUState
on function exit, causing bugs with non-faulting unassigned
memory accesses. Alpha, Microblaze and MIPS are not affected.

Fix by restoring AREG0 on exit. Remove excess saving by
do_unassigned_access() functions.

Also ignore unassigned accesses outside of CPU context.

Reported-by: Bob Breuer <breuerr@mc.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
---
 target-sparc/op_helper.c |   25 ++++++++-----------------
 1 files changed, 8 insertions(+), 17 deletions(-)

diff --git a/target-sparc/op_helper.c b/target-sparc/op_helper.c
index c1c4d4b..5aeca2b 100644
--- a/target-sparc/op_helper.c
+++ b/target-sparc/op_helper.c
@@ -4252,13 +4252,8 @@ void tlb_fill(target_ulong addr, int is_write, int mmu_idx, void *retaddr)
 static void do_unassigned_access(target_phys_addr_t addr, int is_write,
                                  int is_exec, int is_asi, int size)
 {
-    CPUState *saved_env;
     int fault_type;
 
-    /* XXX: hack to restore env in all cases, even if not called from
-       generated code */
-    saved_env = env;
-    env = cpu_single_env;
 #ifdef DEBUG_UNASSIGNED
     if (is_asi)
         printf("Unassigned mem %s access of %d byte%s to " TARGET_FMT_plx
@@ -4306,8 +4301,6 @@ static void do_unassigned_access(target_phys_addr_t addr, int is_write,
     if (env->mmuregs[0] & MMU_NF) {
         tlb_flush(env, 1);
     }
-
-    env = saved_env;
 }
 #endif
 #else
@@ -4319,13 +4312,6 @@ static void do_unassigned_access(target_phys_addr_t addr, int is_write,
                                  int is_exec, int is_asi, int size)
 #endif
 {
-    CPUState *saved_env;
-
-    /* XXX: hack to restore env in all cases, even if not called from
-       generated code */
-    saved_env = env;
-    env = cpu_single_env;
-
 #ifdef DEBUG_UNASSIGNED
     printf("Unassigned mem access to " TARGET_FMT_plx " from " TARGET_FMT_lx
            "\n", addr, env->pc);
@@ -4335,8 +4321,6 @@ static void do_unassigned_access(target_phys_addr_t addr, int is_write,
         raise_exception(TT_CODE_ACCESS);
     else
         raise_exception(TT_DATA_ACCESS);
-
-    env = saved_env;
 }
 #endif
 
@@ -4370,7 +4354,14 @@ void helper_tick_set_limit(void *opaque, uint64_t limit)
 void cpu_unassigned_access(CPUState *env1, target_phys_addr_t addr,
                            int is_write, int is_exec, int is_asi, int size)
 {
+    CPUState *saved_env;
+
+    saved_env = env;
     env = env1;
-    do_unassigned_access(addr, is_write, is_exec, is_asi, size);
+    /* Ignore unassigned accesses outside of CPU context */
+    if (env1) {
+        do_unassigned_access(addr, is_write, is_exec, is_asi, size);
+    }
+    env = saved_env;
 }
 #endif
-- 
1.7.2.5

Re: [Qemu-devel] [PATCH] Sparc: fix non-faulting unassigned memory accesses

[Bob Breuer]

Blue Swirl wrote:
> Commit b14ef7c9ab41ea824c3ccadb070ad95567cca84e
> introduced cpu_unassigned_access() function. On Sparc,
> the function does not restore AREG0 used for global CPUState
> on function exit, causing bugs with non-faulting unassigned
> memory accesses. Alpha, Microblaze and MIPS are not affected.
> 
> Fix by restoring AREG0 on exit. Remove excess saving by
> do_unassigned_access() functions.
> 
> Also ignore unassigned accesses outside of CPU context.
> 
> Reported-by: Bob Breuer <breuerr@mc.net>
> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
> ---
>  target-sparc/op_helper.c |   25 ++++++++-----------------
>  1 files changed, 8 insertions(+), 17 deletions(-)
> 
[snip]

Works for my testcases.

Tested-by: Bob Breuer <breuerr@mc.net>

Re: [Qemu-devel] [PATCH] Sparc: fix non-faulting unassigned memory accesses

[Blue Swirl]

Thanks, applied.

On Tue, Aug 2, 2011 at 5:59 AM, Bob Breuer <breuerr@mc.net> wrote:
> Blue Swirl wrote:
>> Commit b14ef7c9ab41ea824c3ccadb070ad95567cca84e
>> introduced cpu_unassigned_access() function. On Sparc,
>> the function does not restore AREG0 used for global CPUState
>> on function exit, causing bugs with non-faulting unassigned
>> memory accesses. Alpha, Microblaze and MIPS are not affected.
>>
>> Fix by restoring AREG0 on exit. Remove excess saving by
>> do_unassigned_access() functions.
>>
>> Also ignore unassigned accesses outside of CPU context.
>>
>> Reported-by: Bob Breuer <breuerr@mc.net>
>> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
>> ---
>>  target-sparc/op_helper.c |   25 ++++++++-----------------
>>  1 files changed, 8 insertions(+), 17 deletions(-)
>>
> [snip]
>
> Works for my testcases.
>
> Tested-by: Bob Breuer <breuerr@mc.net>
>