From patchwork Fri Sep 16 17:34:47 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Hanson X-Patchwork-Id: 76409 Delivered-To: patch@linaro.org Received: by 10.140.106.72 with SMTP id d66csp611357qgf; Fri, 16 Sep 2016 10:37:16 -0700 (PDT) X-Received: by 10.55.10.22 with SMTP id 22mr17723721qkk.215.1474047436047; Fri, 16 Sep 2016 10:37:16 -0700 (PDT) Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id w22si9176121qkb.106.2016.09.16.10.37.15 for (version=TLS1 cipher=AES128-SHA bits=128/128); Fri, 16 Sep 2016 10:37:16 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:42859 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bkx4c-0005IU-QT for patch@linaro.org; Fri, 16 Sep 2016 13:37:15 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37825) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bkx2v-0004e8-5O for qemu-devel@nongnu.org; Fri, 16 Sep 2016 13:35:30 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bkx2s-0008EO-IB for qemu-devel@nongnu.org; Fri, 16 Sep 2016 13:35:29 -0400 Received: from g2t2355.austin.hpe.com ([15.233.44.28]:57930) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bkx2s-0008Ca-Bx for qemu-devel@nongnu.org; Fri, 16 Sep 2016 13:35:26 -0400 Received: from TomH-Z-Workstation.americas.hpqcorp.net (tomh-z-workstation.americas.hpqcorp.net [16.78.178.129]) by g2t2355.austin.hpe.com (Postfix) with ESMTP id 525CC69; Fri, 16 Sep 2016 17:35:22 +0000 (UTC) From: Thomas Hanson To: qemu-devel@nongnu.org Date: Fri, 16 Sep 2016 11:34:47 -0600 Message-Id: <1474047287-145701-4-git-send-email-thomas.hanson@linaro.org> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1474047287-145701-1-git-send-email-thomas.hanson@linaro.org> References: <1474047287-145701-1-git-send-email-thomas.hanson@linaro.org> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 15.233.44.28 Subject: [Qemu-devel] [PATCH 3/3] target-arm: Comments to mark location of pending work for 56 bit addresses X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: grant.likely@hpe.com, peter.maydell@linaro.org, thomas.hanson@linaro.org Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" Certain instructions which can not directly load a tagged address value may trigger a corner case when the address size is 56 bits. This is because incrementing or offsetting from the current PC can cause an arithetic roll-over into the tag bits. Per the ARM ARM spec, these cases should also be addressed by cleaning up the tag field. This work was not done at this time since the changes could not be tested with current CPU models. Comments have been added to flag the locations where this will need to be fixed once a model is available. 3 comments added in same file to identify cases in a switch. Signed-off-by: Thomas Hanson --- target-arm/translate-a64.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) -- 1.9.1 diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c index 4d6f951..8810180 100644 --- a/target-arm/translate-a64.c +++ b/target-arm/translate-a64.c @@ -1205,6 +1205,9 @@ static inline AArch64DecodeFn *lookup_disas_fn(const AArch64DecodeTable *table, */ static void disas_uncond_b_imm(DisasContext *s, uint32_t insn) { + /*If/when address size is 56 bits, this could overflow into address tag + * byte, and that byte should be fixed per ARM ARM spec. + */ uint64_t addr = s->pc + sextract32(insn, 0, 26) * 4 - 4; if (insn & (1U << 31)) { @@ -1232,6 +1235,9 @@ static void disas_comp_b_imm(DisasContext *s, uint32_t insn) sf = extract32(insn, 31, 1); op = extract32(insn, 24, 1); /* 0: CBZ; 1: CBNZ */ rt = extract32(insn, 0, 5); + /*If/when address size is 56 bits, this could overflow into address tag + * byte, and that byte should be fixed per ARM ARM spec. + */ addr = s->pc + sextract32(insn, 5, 19) * 4 - 4; tcg_cmp = read_cpu_reg(s, rt, sf); @@ -1260,6 +1266,9 @@ static void disas_test_b_imm(DisasContext *s, uint32_t insn) bit_pos = (extract32(insn, 31, 1) << 5) | extract32(insn, 19, 5); op = extract32(insn, 24, 1); /* 0: TBZ; 1: TBNZ */ + /*If/when address size is 56 bits, this could overflow into address tag + * byte, and that byte should be fixed per ARM ARM spec. + */ addr = s->pc + sextract32(insn, 5, 14) * 4 - 4; rt = extract32(insn, 0, 5); @@ -1289,6 +1298,9 @@ static void disas_cond_b_imm(DisasContext *s, uint32_t insn) unallocated_encoding(s); return; } + /*If/when address size is 56 bits, this could overflow into address tag + * byte, and that byte should be fixed per ARM ARM spec. + */ addr = s->pc + sextract32(insn, 5, 19) * 4 - 4; cond = extract32(insn, 0, 4); @@ -1636,12 +1648,12 @@ static void disas_exc(DisasContext *s, uint32_t insn) * instruction works properly. */ switch (op2_ll) { - case 1: + case 1: /* SVC */ gen_ss_advance(s); gen_exception_insn(s, 0, EXCP_SWI, syn_aa64_svc(imm16), default_exception_el(s)); break; - case 2: + case 2: /* HVC */ if (s->current_el == 0) { unallocated_encoding(s); break; @@ -1654,7 +1666,7 @@ static void disas_exc(DisasContext *s, uint32_t insn) gen_ss_advance(s); gen_exception_insn(s, 0, EXCP_HVC, syn_aa64_hvc(imm16), 2); break; - case 3: + case 3: /* SMC */ if (s->current_el == 0) { unallocated_encoding(s); break;