From patchwork Mon Oct 10 18:11:15 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thomas Hanson X-Patchwork-Id: 680517 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3st7XW2WTpz9sBR for ; Tue, 11 Oct 2016 05:13:15 +1100 (AEDT) Received: from localhost ([::1]:51856 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1btf4a-0002eK-9M for incoming@patchwork.ozlabs.org; Mon, 10 Oct 2016 14:13:12 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49282) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1btf3O-0001o4-0m for qemu-devel@nongnu.org; Mon, 10 Oct 2016 14:11:59 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1btf3J-0003td-OR for qemu-devel@nongnu.org; Mon, 10 Oct 2016 14:11:56 -0400 Received: from g4t3427.houston.hpe.com ([15.241.140.73]:7267) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1btf3J-0003qo-GD for qemu-devel@nongnu.org; Mon, 10 Oct 2016 14:11:53 -0400 Received: from TomH-Z-Workstation.americas.hpqcorp.net (tomh-z-workstation.americas.hpqcorp.net [16.78.178.129]) by g4t3427.houston.hpe.com (Postfix) with ESMTP id D569A55; Mon, 10 Oct 2016 18:11:48 +0000 (UTC) From: Thomas Hanson To: qemu-devel@nongnu.org Date: Mon, 10 Oct 2016 12:11:15 -0600 Message-Id: <1476123077-35698-3-git-send-email-thomas.hanson@linaro.org> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1476123077-35698-1-git-send-email-thomas.hanson@linaro.org> References: <1476123077-35698-1-git-send-email-thomas.hanson@linaro.org> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 15.241.140.73 Subject: [Qemu-devel] [PATCH v2 2/4] target-arm: Code changes to implement overwrite of tag field on PC load X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: grant.likely@hpe.com, peter.maydell@linaro.org, thomas.hanson@linaro.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" For BR, BLR and RET instructions, if tagged addresses are enabled, the tag field in the address must be cleared out prior to loading the address into the PC. Depending on the current EL, it will be set to either all 0's or all 1's. Signed-off-by: Thomas Hanson --- target-arm/translate-a64.c | 81 +++++++++++++++++++++++++++++++++++++++++++--- target-arm/translate.h | 1 + 2 files changed, 77 insertions(+), 5 deletions(-) diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c index 3b15d2c..14e91fb 100644 --- a/target-arm/translate-a64.c +++ b/target-arm/translate-a64.c @@ -41,6 +41,7 @@ static TCGv_i64 cpu_pc; /* Load/store exclusive handling */ static TCGv_i64 cpu_exclusive_high; +static TCGv_i64 cpu_reg(DisasContext *s, int reg); static const char *regnames[] = { "x0", "x1", "x2", "x3", "x4", "x5", "x6", "x7", @@ -176,6 +177,75 @@ void gen_a64_set_pc_im(uint64_t val) tcg_gen_movi_i64(cpu_pc, val); } +/* Load the PC from a register. + * + * If address tagging is enabled via the TCR TBI bits, then loading + * an address into the PC will clear out any tag in the it: + * + for EL2 and EL3 there is only one TBI bit, and if it is set + * then the address is zero-extended, clearing bits [63:56] + * + for EL0 and EL1, TBI0 controls addresses with bit 55 == 0 + * and TBI1 controls addressses with bit 55 == 1. + * If the appropriate TBI bit is set for the address then + * the address is sign-extended from bit 55 into bits [63:56] + * + * We can avoid doing this for relative-branches, because the + * PC + offset can never overflow into the tag bits (assuming + * that virtual addresses are less than 56 bits wide, as they + * are currently), but we must handle it for branch-to-register. + */ +void gen_a64_set_pc_reg(DisasContext *s, unsigned int rn) +{ + if (s->current_el <= 1) { + /* Test if NEITHER or BOTH TBI values are set. If so, no need to + * examine bit 55 of address, can just generate code. + * If mixed, then test via generated code + */ + if (s->tbi0 && s->tbi1) { + TCGv_i64 tmp_reg = tcg_temp_new_i64(); + /* Both bits set, sign extension from bit 55 into [63:56] will + * cover both cases + */ + tcg_gen_shli_i64(tmp_reg, cpu_reg(s, rn), 8); + tcg_gen_sari_i64(cpu_pc, tmp_reg, 8); + tcg_temp_free_i64(tmp_reg); + } else if (!s->tbi0 && !s->tbi1) { + /* Neither bit set, just load it as-is */ + tcg_gen_mov_i64(cpu_pc, cpu_reg(s, rn)); + } else { + TCGv_i64 tcg_tmpval = tcg_temp_new_i64(); + TCGv_i64 tcg_bit55 = tcg_temp_new_i64(); + TCGv_i64 tcg_zero = tcg_const_i64(0); + + tcg_gen_andi_i64(tcg_bit55, cpu_reg(s, rn), (1ull << 55)); + + if (s->tbi0) { + /* tbi0==1, tbi1==0, so 0-fill upper byte if bit 55 = 0 */ + tcg_gen_andi_i64(tcg_tmpval, cpu_reg(s, rn), + 0x00FFFFFFFFFFFFFFull); + tcg_gen_movcond_i64(TCG_COND_EQ, cpu_pc, tcg_bit55, tcg_zero, + tcg_tmpval, cpu_reg(s, rn)); + } else { + /* tbi0==0, tbi1==1, so 1-fill upper byte if bit 55 = 1 */ + tcg_gen_ori_i64(tcg_tmpval, cpu_reg(s, rn), + 0xFF00000000000000ull); + tcg_gen_movcond_i64(TCG_COND_NE, cpu_pc, tcg_bit55, tcg_zero, + tcg_tmpval, cpu_reg(s, rn)); + } + tcg_temp_free_i64(tcg_zero); + tcg_temp_free_i64(tcg_bit55); + tcg_temp_free_i64(tcg_tmpval); + } + } else { /* EL > 1 */ + if (s->tbi0) { + /* Force tag byte to all zero */ + tcg_gen_andi_i64(cpu_pc, cpu_reg(s, rn), 0x00FFFFFFFFFFFFFFull); + } else { + /* Load unmodified address */ + tcg_gen_mov_i64(cpu_pc, cpu_reg(s, rn)); + } + } +} + typedef struct DisasCompare64 { TCGCond cond; TCGv_i64 value; @@ -1704,12 +1774,13 @@ static void disas_uncond_b_reg(DisasContext *s, uint32_t insn) switch (opc) { case 0: /* BR */ - case 2: /* RET */ - tcg_gen_mov_i64(cpu_pc, cpu_reg(s, rn)); - break; case 1: /* BLR */ - tcg_gen_mov_i64(cpu_pc, cpu_reg(s, rn)); - tcg_gen_movi_i64(cpu_reg(s, 30), s->pc); + case 2: /* RET */ + gen_a64_set_pc_reg(s, rn); + /* BLR also needs to load return address */ + if (opc == 1) { + tcg_gen_movi_i64(cpu_reg(s, 30), s->pc); + } break; case 4: /* ERET */ if (s->current_el == 0) { diff --git a/target-arm/translate.h b/target-arm/translate.h index a53f25a..49c042e 100644 --- a/target-arm/translate.h +++ b/target-arm/translate.h @@ -129,6 +129,7 @@ static inline int default_exception_el(DisasContext *s) void a64_translate_init(void); void gen_intermediate_code_a64(ARMCPU *cpu, TranslationBlock *tb); void gen_a64_set_pc_im(uint64_t val); +void gen_a64_set_pc_reg(DisasContext *s, unsigned int rn); void aarch64_cpu_dump_state(CPUState *cs, FILE *f, fprintf_function cpu_fprintf, int flags); #else