[PATCH 0/1] target/arm: Fix offsets for TTBCR (#187)

[PATCH 0/1] target/arm: Fix offsets for TTBCR (#187)

[Richard Henderson]

This one patch fixes boot_linux_console test_arm_virt.

It does not fix all of the failures.  The next one on the
list is test_arm_emcraft_sf2, where the cpu boots fine but
the net device doesn't work correctly.


r~


Richard Henderson (1):
  target/arm: Fix offsets for TTBCR

 target/arm/helper.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

-- 
2.25.1

[PATCH 1/1] target/arm: Fix offsets for TTBCR

[Richard Henderson]

The functions vmsa_ttbcr_write and vmsa_ttbcr_raw_write expect
the offset to be for the complete TCR structure, not the offset
to the low 32-bits of a uint64_t.  Using offsetoflow32 in this
case breaks big-endian hosts.

For TTBCR2, we do want the high 32-bits of a uint64_t.
Use cp15.tcr_el[*].raw_tcr as the offsetofhigh32 argument to
clarify this.

Buglink: https://gitlab.com/qemu-project/qemu/-/issues/187
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/helper.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index a66c1f0b9e..3292e212e0 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -4106,8 +4106,9 @@ static const ARMCPRegInfo vmsa_cp_reginfo[] = {
       .access = PL1_RW, .accessfn = access_tvm_trvm,
       .type = ARM_CP_ALIAS, .writefn = vmsa_ttbcr_write,
       .raw_writefn = vmsa_ttbcr_raw_write,
-      .bank_fieldoffsets = { offsetoflow32(CPUARMState, cp15.tcr_el[3]),
-                             offsetoflow32(CPUARMState, cp15.tcr_el[1])} },
+      /* No offsetoflow32 -- pass the entire TCR to writefn/raw_writefn. */
+      .bank_fieldoffsets = { offsetof(CPUARMState, cp15.tcr_el[3]),
+                             offsetof(CPUARMState, cp15.tcr_el[1])} },
     REGINFO_SENTINEL
 };
 
@@ -4118,8 +4119,10 @@ static const ARMCPRegInfo ttbcr2_reginfo = {
     .name = "TTBCR2", .cp = 15, .opc1 = 0, .crn = 2, .crm = 0, .opc2 = 3,
     .access = PL1_RW, .accessfn = access_tvm_trvm,
     .type = ARM_CP_ALIAS,
-    .bank_fieldoffsets = { offsetofhigh32(CPUARMState, cp15.tcr_el[3]),
-                           offsetofhigh32(CPUARMState, cp15.tcr_el[1]) },
+    .bank_fieldoffsets = {
+        offsetofhigh32(CPUARMState, cp15.tcr_el[3].raw_tcr),
+        offsetofhigh32(CPUARMState, cp15.tcr_el[1].raw_tcr),
+    },
 };
 
 static void omap_ticonfig_write(CPUARMState *env, const ARMCPRegInfo *ri,
-- 
2.25.1

Re: [PATCH 0/1] target/arm: Fix offsets for TTBCR (#187)

[Peter Maydell]

On Sat, 10 Jul 2021 at 00:07, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> This one patch fixes boot_linux_console test_arm_virt.
>
> It does not fix all of the failures.  The next one on the
> list is test_arm_emcraft_sf2, where the cpu boots fine but
> the net device doesn't work correctly.

Applied to target-arm.next, thanks.

I'm not sure the TCR struct's precalculation of mask and base_mask
is still earning its keep as an optimization. We only use them in
get_level1_table_address() which is old-style v5/v6 page tables only,
and all it's saving us is a bitfield extract and some shifts, which
is peanuts compared to everything else we do in a page table walk.
Perhaps (not for 6.1) we could drop it entirely.

-- PMM