[2/2] target/m68k: Perform writback before modifying SR

Message ID	20220913142818.7802-3-richard.henderson@linaro.org
State	Superseded
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; From: Richard Henderson <richard.henderson@linaro.org> To: qemu-devel@nongnu.org Cc: laurent@vivier.eu, mark.cave-ayland@ilande.co.uk Subject: [PATCH 2/2] target/m68k: Perform writback before modifying SR Date: Tue, 13 Sep 2022 15:28:18 +0100 Message-Id: <20220913142818.7802-3-richard.henderson@linaro.org> In-Reply-To: <20220913142818.7802-1-richard.henderson@linaro.org> References: <20220913142818.7802-1-richard.henderson@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2a00:1450:4864:20::433; envelope-from=richard.henderson@linaro.org; helo=mail-wr1-x433.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action Precedence: list Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Series	target/m68k: fix two writes to %sr \| expand [0/2] target/m68k: fix two writes to %sr [1/2] target/m68k: Fix MACSR to CCR [2/2] target/m68k: Perform writback before modifying SR

Message ID

20220913142818.7802-3-richard.henderson@linaro.org

State

Superseded

Headers

Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Cc: laurent@vivier.eu,
	mark.cave-ayland@ilande.co.uk
Subject: [PATCH 2/2] target/m68k: Perform writback before modifying SR
Date: Tue, 13 Sep 2022 15:28:18 +0100
Message-Id: <20220913142818.7802-3-richard.henderson@linaro.org>
In-Reply-To: <20220913142818.7802-1-richard.henderson@linaro.org>
References: <20220913142818.7802-1-richard.henderson@linaro.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=2a00:1450:4864:20::433;
 envelope-from=richard.henderson@linaro.org; helo=mail-wr1-x433.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+patch=linaro.org@nongnu.org>

Series

target/m68k: fix two writes to %sr | expand

Commit Message

Richard Henderson Sept. 13, 2022, 2:28 p.m. UTC

Writes to SR may change security state, which may involve
a swap of %ssp with %usp as reflected in %a7.  Finish the
writeback of %sp@+ before swapping stack pointers.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1206
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/m68k/translate.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

Comments

Laurent Vivier Sept. 13, 2022, 2:47 p.m. UTC | #1

Le 13/09/2022 à 16:28, Richard Henderson a écrit :
> Writes to SR may change security state, which may involve
> a swap of %ssp with %usp as reflected in %a7.  Finish the
> writeback of %sp@+ before swapping stack pointers.
> 
> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1206
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
>   target/m68k/translate.c | 8 +++++---
>   1 file changed, 5 insertions(+), 3 deletions(-)
> 

Reviewed-by: Laurent Vivier <laurent@vivier.eu>

Mark Cave-Ayland Sept. 13, 2022, 4:24 p.m. UTC | #2

On 13/09/2022 15:28, Richard Henderson wrote:

> Writes to SR may change security state, which may involve
> a swap of %ssp with %usp as reflected in %a7.  Finish the
> writeback of %sp@+ before swapping stack pointers.
> 
> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1206
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
>   target/m68k/translate.c | 8 +++++---
>   1 file changed, 5 insertions(+), 3 deletions(-)
> 
> diff --git a/target/m68k/translate.c b/target/m68k/translate.c
> index 87044382c3..8506da0a0b 100644
> --- a/target/m68k/translate.c
> +++ b/target/m68k/translate.c
> @@ -2285,9 +2285,9 @@ static void gen_set_sr_im(DisasContext *s, uint16_t val, int ccr_only)
>           tcg_gen_movi_i32(QREG_CC_N, val & CCF_N ? -1 : 0);
>           tcg_gen_movi_i32(QREG_CC_X, val & CCF_X ? 1 : 0);
>       } else {
> -        TCGv sr = tcg_const_i32(val);
> -        gen_helper_set_sr(cpu_env, sr);
> -        tcg_temp_free(sr);
> +        /* Must writeback before changing security state. */
> +        do_writebacks(s);
> +        gen_helper_set_sr(cpu_env, tcg_constant_i32(val));
>       }
>       set_cc_op(s, CC_OP_FLAGS);
>   }
> @@ -2297,6 +2297,8 @@ static void gen_set_sr(DisasContext *s, TCGv val, int ccr_only)
>       if (ccr_only) {
>           gen_helper_set_ccr(cpu_env, val);
>       } else {
> +        /* Must writeback before changing security state. */
> +        do_writebacks(s);
>           gen_helper_set_sr(cpu_env, val);
>       }
>       set_cc_op(s, CC_OP_FLAGS);

Thanks Richard! Subject needs s/writback/writeback/ but anyhow:

Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>


ATB,

Mark.

Laurent Vivier Sept. 21, 2022, 1:02 p.m. UTC | #3

Le 13/09/2022 à 16:28, Richard Henderson a écrit :
> Writes to SR may change security state, which may involve
> a swap of %ssp with %usp as reflected in %a7.  Finish the
> writeback of %sp@+ before swapping stack pointers.
> 
> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1206
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
>   target/m68k/translate.c | 8 +++++---
>   1 file changed, 5 insertions(+), 3 deletions(-)
> 
> diff --git a/target/m68k/translate.c b/target/m68k/translate.c
> index 87044382c3..8506da0a0b 100644
> --- a/target/m68k/translate.c
> +++ b/target/m68k/translate.c
> @@ -2285,9 +2285,9 @@ static void gen_set_sr_im(DisasContext *s, uint16_t val, int ccr_only)
>           tcg_gen_movi_i32(QREG_CC_N, val & CCF_N ? -1 : 0);
>           tcg_gen_movi_i32(QREG_CC_X, val & CCF_X ? 1 : 0);
>       } else {
> -        TCGv sr = tcg_const_i32(val);
> -        gen_helper_set_sr(cpu_env, sr);
> -        tcg_temp_free(sr);
> +        /* Must writeback before changing security state. */
> +        do_writebacks(s);
> +        gen_helper_set_sr(cpu_env, tcg_constant_i32(val));
>       }
>       set_cc_op(s, CC_OP_FLAGS);
>   }
> @@ -2297,6 +2297,8 @@ static void gen_set_sr(DisasContext *s, TCGv val, int ccr_only)
>       if (ccr_only) {
>           gen_helper_set_ccr(cpu_env, val);
>       } else {
> +        /* Must writeback before changing security state. */
> +        do_writebacks(s);
>           gen_helper_set_sr(cpu_env, val);
>       }
>       set_cc_op(s, CC_OP_FLAGS);

Applied to my m68k-for-7.2 branch

Thanks,
Laurent

diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index 87044382c3..8506da0a0b 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -2285,9 +2285,9 @@  static void gen_set_sr_im(DisasContext *s, uint16_t val, int ccr_only)
         tcg_gen_movi_i32(QREG_CC_N, val & CCF_N ? -1 : 0);
         tcg_gen_movi_i32(QREG_CC_X, val & CCF_X ? 1 : 0);
     } else {
-        TCGv sr = tcg_const_i32(val);
-        gen_helper_set_sr(cpu_env, sr);
-        tcg_temp_free(sr);
+        /* Must writeback before changing security state. */
+        do_writebacks(s);
+        gen_helper_set_sr(cpu_env, tcg_constant_i32(val));
     }
     set_cc_op(s, CC_OP_FLAGS);
 }
@@ -2297,6 +2297,8 @@  static void gen_set_sr(DisasContext *s, TCGv val, int ccr_only)
     if (ccr_only) {
         gen_helper_set_ccr(cpu_env, val);
     } else {
+        /* Must writeback before changing security state. */
+        do_writebacks(s);
         gen_helper_set_sr(cpu_env, val);
     }
     set_cc_op(s, CC_OP_FLAGS);

[2/2] target/m68k: Perform writback before modifying SR

Commit Message

Comments

Patch