From patchwork Sun Dec 14 05:58:39 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Max Filippov <jcmvbkbc@gmail.com>
X-Patchwork-Id: 420829
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 6E5BA140082
	for <incoming@patchwork.ozlabs.org>;
	Sun, 14 Dec 2014 16:59:25 +1100 (AEDT)
Received: from localhost ([::1]:35109 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)
	id 1Y02D9-0002ER-TZ
	for incoming@patchwork.ozlabs.org; Sun, 14 Dec 2014 00:59:19 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:42764)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <jcmvbkbc@gmail.com>) id 1Y02Cn-0001vL-8U
	for qemu-devel@nongnu.org; Sun, 14 Dec 2014 00:59:03 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <jcmvbkbc@gmail.com>) id 1Y02Ch-00089o-9U
	for qemu-devel@nongnu.org; Sun, 14 Dec 2014 00:58:57 -0500
Received: from mail-lb0-x22e.google.com ([2a00:1450:4010:c04::22e]:39141)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <jcmvbkbc@gmail.com>)
	id 1Y02Ch-00089e-19; Sun, 14 Dec 2014 00:58:51 -0500
Received: by mail-lb0-f174.google.com with SMTP id 10so7707733lbg.19
	for <multiple recipients>; Sat, 13 Dec 2014 21:58:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=GvGvP+8pEdxHVh9RehWebNmaK9Af7gDYs1I217bSdVs=;
	b=VYqBP1I12WfEKla1c7vIxDhxGYOwG0VxX20JURbhf2VTQ2/J1RByUhDLDimg93WYyj
	8Dh2NHqDZIe3atQzmeXmXC/tzHpLkxwvQh4CLfSlmzVs2xpcYtmbX1EyfIOz+sPSCihj
	Y8WZHzq6aaxWe+msUmm3cYYbu3V5qVOhrbFoHPl3caQIzAACsUS6IMMxwG5TaxiH/Rie
	xkcRZew7N5vSdqffguC5BS5JCHKCyYuSK2bQbhYeFaaNxwvG5fV4L34eeQv1W6ECDsT1
	lgriBBSSZ+HDKsdCXOffwxl19LQfPa9yjrwQ7liO3V+Kj4tRJp+Ehlupk/WdIEPfngP8
	9MpQ==
X-Received: by 10.152.20.7 with SMTP id j7mr12831560lae.37.1418536730200;
	Sat, 13 Dec 2014 21:58:50 -0800 (PST)
Received: from octofox.metropolis ([5.19.183.212])
	by mx.google.com with ESMTPSA id
	vr7sm1670832lbb.21.2014.12.13.21.58.48 for <multiple recipients>
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Sat, 13 Dec 2014 21:58:49 -0800 (PST)
From: Max Filippov <jcmvbkbc@gmail.com>
To: qemu-devel@nongnu.org
Date: Sun, 14 Dec 2014 08:58:39 +0300
Message-Id: <1418536720-28070-2-git-send-email-jcmvbkbc@gmail.com>
X-Mailer: git-send-email 1.8.1.4
In-Reply-To: <1418536720-28070-1-git-send-email-jcmvbkbc@gmail.com>
References: <1418536720-28070-1-git-send-email-jcmvbkbc@gmail.com>
X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address
	(bad octet value).
X-Received-From: 2a00:1450:4010:c04::22e
Cc: Max Filippov <jcmvbkbc@gmail.com>, qemu-stable@nongnu.org
Subject: [Qemu-devel] [PATCH 1/2] target-xtensa: fix translation for opcodes
	crossing page boundary
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

If TB ends with an opcode that crosses page boundary and the following
page is not executable then EPC1 for the code fetch exception wrongly
points at the beginning of the TB. Always treat instruction that crosses
page boundary as a separate TB.

Cc: qemu-stable@nongnu.org
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
---
 target-xtensa/translate.c | 27 +++++++++++++++++++++++----
 1 file changed, 23 insertions(+), 4 deletions(-)

diff --git a/target-xtensa/translate.c b/target-xtensa/translate.c
index badca19..a81573d 100644
--- a/target-xtensa/translate.c
+++ b/target-xtensa/translate.c
@@ -887,6 +887,11 @@ static TCGv_i32 gen_mac16_m(TCGv_i32 v, bool hi, bool is_unsigned)
     return m;
 }
 
+static inline unsigned xtensa_op0_insn_len(unsigned op0)
+{
+    return op0 >= 8 ? 2 : 3;
+}
+
 static void disas_xtensa_insn(CPUXtensaState *env, DisasContext *dc)
 {
 #define HAS_OPTION_BITS(opt) do { \
@@ -989,6 +994,7 @@ static void disas_xtensa_insn(CPUXtensaState *env, DisasContext *dc)
     uint8_t b0 = cpu_ldub_code(env, dc->pc);
     uint8_t b1 = cpu_ldub_code(env, dc->pc + 1);
     uint8_t b2 = 0;
+    unsigned len = xtensa_op0_insn_len(OP0);
 
     static const uint32_t B4CONST[] = {
         0xffffffff, 1, 2, 3, 4, 5, 6, 7, 8, 10, 12, 16, 32, 64, 128, 256
@@ -998,13 +1004,19 @@ static void disas_xtensa_insn(CPUXtensaState *env, DisasContext *dc)
         32768, 65536, 2, 3, 4, 5, 6, 7, 8, 10, 12, 16, 32, 64, 128, 256
     };
 
-    if (OP0 >= 8) {
-        dc->next_pc = dc->pc + 2;
+    switch (len) {
+    case 2:
         HAS_OPTION(XTENSA_OPTION_CODE_DENSITY);
-    } else {
-        dc->next_pc = dc->pc + 3;
+        break;
+
+    case 3:
         b2 = cpu_ldub_code(env, dc->pc + 2);
+        break;
+
+    default:
+        RESERVED();
     }
+    dc->next_pc = dc->pc + len;
 
     switch (OP0) {
     case 0: /*QRST*/
@@ -2949,6 +2961,12 @@ invalid_opcode:
 #undef HAS_OPTION
 }
 
+static inline unsigned xtensa_insn_len(CPUXtensaState *env, DisasContext *dc)
+{
+    uint8_t b0 = cpu_ldub_code(env, dc->pc);
+    return xtensa_op0_insn_len(OP0);
+}
+
 static void check_breakpoint(CPUXtensaState *env, DisasContext *dc)
 {
     CPUState *cs = CPU(xtensa_env_get_cpu(env));
@@ -3081,6 +3099,7 @@ void gen_intermediate_code_internal(XtensaCPU *cpu,
     } while (dc.is_jmp == DISAS_NEXT &&
             insn_count < max_insns &&
             dc.pc < next_page_start &&
+            dc.pc + xtensa_insn_len(env, &dc) <= next_page_start &&
             tcg_ctx.gen_opc_ptr < gen_opc_end);
 
     reset_litbase(&dc);