From patchwork Tue Jan 5 17:19:41 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Henderson X-Patchwork-Id: 356921 Delivered-To: patch@linaro.org Received: by 2002:a02:85a7:0:0:0:0:0 with SMTP id d36csp202641jai; Tue, 5 Jan 2021 10:05:52 -0800 (PST) X-Google-Smtp-Source: ABdhPJwrFvvkC2jZBDj0VFTPx3Wy6D9i2hvhl69BoFUevKhFbu9ToCNRSUwHapmp56J56IJIBuci X-Received: by 2002:a67:2a46:: with SMTP id q67mr558400vsq.40.1609869952274; Tue, 05 Jan 2021 10:05:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1609869952; cv=none; d=google.com; s=arc-20160816; b=pmrhSH9eDCjh7sf51hLMH0MBn7ich+paKLQ86dtHE/56pd5vywoKOtUpQWq2BibOLO OTENnTg0hSGgIEzlKGd6JhPX6rbe0fdVq+nFJ8qvvemQmA0qLzyCTs9A2hii5fDdxcCk HXitLWGeOV41phDrsvlFc39T40ZraaCNoNX4C+yzKZGfysJ2uuJ2ZPrEq0HfSPRPiNPK bObj83hYD1JGVOrEq1cJaUD07wpRUwrnNh9rUaRTcTaEPPO/37vBRurItUozjavRJCf7 zpdxW2mex1JEBb04w5ooeR6dKYMNSs12udjP5Rc0u8XWmQ4CjJgagqPSXYLOLctEiNeC LhMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:to:from :dkim-signature; bh=sam4hUV/EzcXgGAJgfUtLyaqNJNq9uqdrP2iGsKVsYI=; b=OQOKzVDg+Qd6cVYjGE9l/qRxjH2q8uhrbGLrInSQwsj5oTATH3De6SsDAweTp0eJY3 OAqf4Aydz46Lo/H9v+GK54P135N6pWBukAB9PCLiA5sGFwXWM0WSELXirayrE/Jin+0R coCfClbUwjwmX6LerDc9zn9SQwSZRv11KTr18lWLZkaCSLLt0AbOsZbFyL/WxLxkwoNX tgR4P7hNOC8m+MA8J9biGau0mLVa1uR3mib7fJjoszkS3v1DBeK9p1EIdXn93iom4T8q 1JyGBzOf86lCXFBnVL5YV3Qjep8rcnyfqGZ6SPKOzMpEaPZoY8MD4M+egNcOWIJRkK0Z fw3g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=nfb0yi4j; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id i76si139796vke.48.2021.01.05.10.05.52 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Tue, 05 Jan 2021 10:05:52 -0800 (PST) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=nfb0yi4j; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:43830 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kwqiN-00074G-M8 for patch@linaro.org; Tue, 05 Jan 2021 13:05:51 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:51826) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kwq0t-0002rX-TV for qemu-devel@nongnu.org; Tue, 05 Jan 2021 12:20:55 -0500 Received: from mail-pl1-x62a.google.com ([2607:f8b0:4864:20::62a]:40028) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kwq0r-0006iO-Ub for qemu-devel@nongnu.org; Tue, 05 Jan 2021 12:20:55 -0500 Received: by mail-pl1-x62a.google.com with SMTP id q4so57354plr.7 for ; Tue, 05 Jan 2021 09:20:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=sam4hUV/EzcXgGAJgfUtLyaqNJNq9uqdrP2iGsKVsYI=; b=nfb0yi4j7KUzFliBn3KDEDyE2nptEtrrGI0Y57352g+zIWM1TXeLp+55gbr0q6bSkk TDbv70DdMtX5Zrg5nDTPdytf7ulh/1n+cSLq7wAFSo9sECmTg1oMjPrgXpcjlsEie2qZ ekHoMk2S/ovV3a3JS2U2/m7PHCbyZP3nG8eZ7fP39XzI+BGdr6HjFA4NQNTCzPg4YQnF 1lqWHmuRlGFQc2FG2fs/C9pnRVohOIRNFk86DxYTT3W/ms0GqP/G6ASH0lLGVTchBVCQ M3URo66QzxlmaDR5CtupMVFwbuX4IYkQLpPGDITVmCaf2+viG0HVz7MuBWfLxRXYd0n9 Rn5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=sam4hUV/EzcXgGAJgfUtLyaqNJNq9uqdrP2iGsKVsYI=; b=FknBtlKh6uGy/AgObJ/MVLsfXYRsAR9qx1Z+38Ti2tKaPh06w9oUHgVU71q9jc9/qa FreFkedhwwv/hy/yGJUbwdk18e7B7AlrIsZTMY5W8bejKoiLEtnhh6aETgQ4wIGSfI4r EHIN8YRMbiYrP53Ey0me9eziL1txArq5RBEMFELUgslHltJyNALyBdQK++BddjkuquJC RKCxxhgGVgfTIGcLWjpLrYntiCfPwflHvEPITWOfBDaBe7V63Xz6PGuJA5k7dnW4vg/i 63QFKm3nSPiK8Bt+7fpEBuuvIiANjYdzMncC3BikBeY8n3DxEQjHsF9saqmGlmhxCSDL h2TA== X-Gm-Message-State: AOAM532LSGXbYwWeoA56m7kmfoOLTnwXplAa6A2gKCGvUw1CMFGaZ96I i1vsPCFpN9F4BP4wzjCbYvOeUX47y/wQLg== X-Received: by 2002:a17:902:b584:b029:dc:1425:e5af with SMTP id a4-20020a170902b584b02900dc1425e5afmr343278pls.3.1609867252257; Tue, 05 Jan 2021 09:20:52 -0800 (PST) Received: from localhost.localdomain (rrcs-173-197-107-21.west.biz.rr.com. [173.197.107.21]) by smtp.gmail.com with ESMTPSA id u12sm2010pfh.98.2021.01.05.09.20.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 Jan 2021 09:20:51 -0800 (PST) From: Richard Henderson To: qemu-devel@nongnu.org Subject: [PATCH v5 34/43] tcg/riscv: Fix branch range checks Date: Tue, 5 Jan 2021 07:19:41 -1000 Message-Id: <20210105171950.415486-35-richard.henderson@linaro.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210105171950.415486-1-richard.henderson@linaro.org> References: <20210105171950.415486-1-richard.henderson@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::62a; envelope-from=richard.henderson@linaro.org; helo=mail-pl1-x62a.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Alistair Francis Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" The offset even checks were folded into the range check incorrectly. By offsetting by 1, and not decrementing the width, we silently allowed out of range branches. Assert that the offset is always even instead. Move tcg_out_goto down into the CONFIG_SOFTMMU block so that it is not unused. Reviewed-by: Alistair Francis Signed-off-by: Richard Henderson --- tcg/riscv/tcg-target.c.inc | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) -- 2.25.1 diff --git a/tcg/riscv/tcg-target.c.inc b/tcg/riscv/tcg-target.c.inc index 0518595742..5b4c500a4b 100644 --- a/tcg/riscv/tcg-target.c.inc +++ b/tcg/riscv/tcg-target.c.inc @@ -429,7 +429,8 @@ static bool reloc_sbimm12(tcg_insn_unit *code_ptr, tcg_insn_unit *target) { intptr_t offset = (intptr_t)target - (intptr_t)code_ptr; - if (offset == sextreg(offset, 1, 12) << 1) { + tcg_debug_assert((offset & 1) == 0); + if (offset == sextreg(offset, 0, 12)) { code_ptr[0] |= encode_sbimm12(offset); return true; } @@ -441,7 +442,8 @@ static bool reloc_jimm20(tcg_insn_unit *code_ptr, tcg_insn_unit *target) { intptr_t offset = (intptr_t)target - (intptr_t)code_ptr; - if (offset == sextreg(offset, 1, 20) << 1) { + tcg_debug_assert((offset & 1) == 0); + if (offset == sextreg(offset, 0, 20)) { code_ptr[0] |= encode_ujimm20(offset); return true; } @@ -854,28 +856,21 @@ static void tcg_out_setcond2(TCGContext *s, TCGCond cond, TCGReg ret, g_assert_not_reached(); } -static inline void tcg_out_goto(TCGContext *s, tcg_insn_unit *target) -{ - ptrdiff_t offset = tcg_pcrel_diff(s, target); - tcg_debug_assert(offset == sextreg(offset, 1, 20) << 1); - tcg_out_opc_jump(s, OPC_JAL, TCG_REG_ZERO, offset); -} - static void tcg_out_call_int(TCGContext *s, const tcg_insn_unit *arg, bool tail) { TCGReg link = tail ? TCG_REG_ZERO : TCG_REG_RA; ptrdiff_t offset = tcg_pcrel_diff(s, arg); int ret; - if (offset == sextreg(offset, 1, 20) << 1) { + tcg_debug_assert((offset & 1) == 0); + if (offset == sextreg(offset, 0, 20)) { /* short jump: -2097150 to 2097152 */ tcg_out_opc_jump(s, OPC_JAL, link, offset); - } else if (TCG_TARGET_REG_BITS == 32 || - offset == sextreg(offset, 1, 31) << 1) { + } else if (TCG_TARGET_REG_BITS == 32 || offset == (int32_t)offset) { /* long jump: -2147483646 to 2147483648 */ tcg_out_opc_upper(s, OPC_AUIPC, TCG_REG_TMP0, 0); tcg_out_opc_imm(s, OPC_JALR, link, TCG_REG_TMP0, 0); - ret = reloc_call(s->code_ptr - 2, arg);\ + ret = reloc_call(s->code_ptr - 2, arg); tcg_debug_assert(ret == true); } else if (TCG_TARGET_REG_BITS == 64) { /* far jump: 64-bit */ @@ -962,6 +957,13 @@ QEMU_BUILD_BUG_ON(TCG_TARGET_REG_BITS < TARGET_LONG_BITS); QEMU_BUILD_BUG_ON(TLB_MASK_TABLE_OFS(0) > 0); QEMU_BUILD_BUG_ON(TLB_MASK_TABLE_OFS(0) < -(1 << 11)); +static void tcg_out_goto(TCGContext *s, tcg_insn_unit *target) +{ + tcg_out_opc_jump(s, OPC_JAL, TCG_REG_ZERO, 0); + bool ok = reloc_jimm20(s->code_ptr - 1, target); + tcg_debug_assert(ok); +} + static void tcg_out_tlb_load(TCGContext *s, TCGReg addrl, TCGReg addrh, TCGMemOpIdx oi, tcg_insn_unit **label_ptr, bool is_load)