| Message ID | 20230203171858.3279252-1-richard.henderson@linaro.org |
|---|---|
| State | Superseded |
| Headers | show |
| Series | tcg/aarch64: Fix patching of LDR in tb_target_set_jmp_target | expand |
On 3/2/23 18:18, Richard Henderson wrote: > 'offset' should be bits [23:5] of LDR instruction, rather than [4:0]. > > Fixes: d59d83a1c388 ("tcg/aarch64: Reorg goto_tb implementation") > Reported-by: Zenghui Yu <yuzenghui@huawei.com> > Signed-off-by: Richard Henderson <richard.henderson@linaro.org> > --- > tcg/aarch64/tcg-target.c.inc | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Is it worth Cc'ing qemu-stable@ ?
On 2/3/23 07:25, Philippe Mathieu-Daudé wrote: > On 3/2/23 18:18, Richard Henderson wrote: >> 'offset' should be bits [23:5] of LDR instruction, rather than [4:0]. >> >> Fixes: d59d83a1c388 ("tcg/aarch64: Reorg goto_tb implementation") >> Reported-by: Zenghui Yu <yuzenghui@huawei.com> >> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> >> --- >> tcg/aarch64/tcg-target.c.inc | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) > > Is it worth Cc'ing qemu-stable@ ? > The patch being fixed is not in v7.2. r~
On 2023/2/4 1:18, Richard Henderson wrote: > 'offset' should be bits [23:5] of LDR instruction, rather than [4:0]. > > Fixes: d59d83a1c388 ("tcg/aarch64: Reorg goto_tb implementation") > Reported-by: Zenghui Yu <yuzenghui@huawei.com> > Signed-off-by: Richard Henderson <richard.henderson@linaro.org> > --- > tcg/aarch64/tcg-target.c.inc | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/tcg/aarch64/tcg-target.c.inc b/tcg/aarch64/tcg-target.c.inc > index fde3b30ad1..a091326f84 100644 > --- a/tcg/aarch64/tcg-target.c.inc > +++ b/tcg/aarch64/tcg-target.c.inc > @@ -1914,7 +1914,7 @@ void tb_target_set_jmp_target(const TranslationBlock *tb, int n, > ptrdiff_t i_offset = i_addr - jmp_rx; > > /* Note that we asserted this in range in tcg_out_goto_tb. */ > - insn = deposit32(I3305_LDR | TCG_REG_TMP, 0, 5, i_offset >> 2); > + insn = deposit32(I3305_LDR | TCG_REG_TMP, 5, 19, i_offset >> 2); > } > qatomic_set((uint32_t *)jmp_rw, insn); > flush_idcache_range(jmp_rx, jmp_rw, 4); Reviewed-by: Zenghui Yu <yuzenghui@huawei.com> Thanks!
diff --git a/tcg/aarch64/tcg-target.c.inc b/tcg/aarch64/tcg-target.c.inc index fde3b30ad1..a091326f84 100644 --- a/tcg/aarch64/tcg-target.c.inc +++ b/tcg/aarch64/tcg-target.c.inc @@ -1914,7 +1914,7 @@ void tb_target_set_jmp_target(const TranslationBlock *tb, int n, ptrdiff_t i_offset = i_addr - jmp_rx; /* Note that we asserted this in range in tcg_out_goto_tb. */ - insn = deposit32(I3305_LDR | TCG_REG_TMP, 0, 5, i_offset >> 2); + insn = deposit32(I3305_LDR | TCG_REG_TMP, 5, 19, i_offset >> 2); } qatomic_set((uint32_t *)jmp_rw, insn); flush_idcache_range(jmp_rx, jmp_rw, 4);
'offset' should be bits [23:5] of LDR instruction, rather than [4:0]. Fixes: d59d83a1c388 ("tcg/aarch64: Reorg goto_tb implementation") Reported-by: Zenghui Yu <yuzenghui@huawei.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> --- tcg/aarch64/tcg-target.c.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)