From patchwork Fri Sep 16 17:34:47 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thomas Hanson X-Patchwork-Id: 670984 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3sbMsD2HZtz9sC7 for ; Sat, 17 Sep 2016 03:36:32 +1000 (AEST) Received: from localhost ([::1]:42859 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bkx3t-0005IU-Qg for incoming@patchwork.ozlabs.org; Fri, 16 Sep 2016 13:36:29 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37825) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bkx2v-0004e8-5O for qemu-devel@nongnu.org; Fri, 16 Sep 2016 13:35:30 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bkx2s-0008EO-IB for qemu-devel@nongnu.org; Fri, 16 Sep 2016 13:35:29 -0400 Received: from g2t2355.austin.hpe.com ([15.233.44.28]:57930) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bkx2s-0008Ca-Bx for qemu-devel@nongnu.org; Fri, 16 Sep 2016 13:35:26 -0400 Received: from TomH-Z-Workstation.americas.hpqcorp.net (tomh-z-workstation.americas.hpqcorp.net [16.78.178.129]) by g2t2355.austin.hpe.com (Postfix) with ESMTP id 525CC69; Fri, 16 Sep 2016 17:35:22 +0000 (UTC) From: Thomas Hanson To: qemu-devel@nongnu.org Date: Fri, 16 Sep 2016 11:34:47 -0600 Message-Id: <1474047287-145701-4-git-send-email-thomas.hanson@linaro.org> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1474047287-145701-1-git-send-email-thomas.hanson@linaro.org> References: <1474047287-145701-1-git-send-email-thomas.hanson@linaro.org> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 15.233.44.28 Subject: [Qemu-devel] [PATCH 3/3] target-arm: Comments to mark location of pending work for 56 bit addresses X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: grant.likely@hpe.com, peter.maydell@linaro.org, thomas.hanson@linaro.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" Certain instructions which can not directly load a tagged address value may trigger a corner case when the address size is 56 bits. This is because incrementing or offsetting from the current PC can cause an arithetic roll-over into the tag bits. Per the ARM ARM spec, these cases should also be addressed by cleaning up the tag field. This work was not done at this time since the changes could not be tested with current CPU models. Comments have been added to flag the locations where this will need to be fixed once a model is available. 3 comments added in same file to identify cases in a switch. Signed-off-by: Thomas Hanson --- target-arm/translate-a64.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c index 4d6f951..8810180 100644 --- a/target-arm/translate-a64.c +++ b/target-arm/translate-a64.c @@ -1205,6 +1205,9 @@ static inline AArch64DecodeFn *lookup_disas_fn(const AArch64DecodeTable *table, */ static void disas_uncond_b_imm(DisasContext *s, uint32_t insn) { + /*If/when address size is 56 bits, this could overflow into address tag + * byte, and that byte should be fixed per ARM ARM spec. + */ uint64_t addr = s->pc + sextract32(insn, 0, 26) * 4 - 4; if (insn & (1U << 31)) { @@ -1232,6 +1235,9 @@ static void disas_comp_b_imm(DisasContext *s, uint32_t insn) sf = extract32(insn, 31, 1); op = extract32(insn, 24, 1); /* 0: CBZ; 1: CBNZ */ rt = extract32(insn, 0, 5); + /*If/when address size is 56 bits, this could overflow into address tag + * byte, and that byte should be fixed per ARM ARM spec. + */ addr = s->pc + sextract32(insn, 5, 19) * 4 - 4; tcg_cmp = read_cpu_reg(s, rt, sf); @@ -1260,6 +1266,9 @@ static void disas_test_b_imm(DisasContext *s, uint32_t insn) bit_pos = (extract32(insn, 31, 1) << 5) | extract32(insn, 19, 5); op = extract32(insn, 24, 1); /* 0: TBZ; 1: TBNZ */ + /*If/when address size is 56 bits, this could overflow into address tag + * byte, and that byte should be fixed per ARM ARM spec. + */ addr = s->pc + sextract32(insn, 5, 14) * 4 - 4; rt = extract32(insn, 0, 5); @@ -1289,6 +1298,9 @@ static void disas_cond_b_imm(DisasContext *s, uint32_t insn) unallocated_encoding(s); return; } + /*If/when address size is 56 bits, this could overflow into address tag + * byte, and that byte should be fixed per ARM ARM spec. + */ addr = s->pc + sextract32(insn, 5, 19) * 4 - 4; cond = extract32(insn, 0, 4); @@ -1636,12 +1648,12 @@ static void disas_exc(DisasContext *s, uint32_t insn) * instruction works properly. */ switch (op2_ll) { - case 1: + case 1: /* SVC */ gen_ss_advance(s); gen_exception_insn(s, 0, EXCP_SWI, syn_aa64_svc(imm16), default_exception_el(s)); break; - case 2: + case 2: /* HVC */ if (s->current_el == 0) { unallocated_encoding(s); break; @@ -1654,7 +1666,7 @@ static void disas_exc(DisasContext *s, uint32_t insn) gen_ss_advance(s); gen_exception_insn(s, 0, EXCP_HVC, syn_aa64_hvc(imm16), 2); break; - case 3: + case 3: /* SMC */ if (s->current_el == 0) { unallocated_encoding(s); break;