* [Qemu-devel] [PATCH 2.2 0/2] target-xtensa: fix missing window check in entry
@ 2014-11-07 20:40 Max Filippov
2014-11-07 20:40 ` [Qemu-devel] [PATCH 2.2 1/2] target-xtensa: add missing window check for entry Max Filippov
2014-11-07 20:40 ` [Qemu-devel] [PATCH 2.2 2/2] target-xtensa: add entry overflow test Max Filippov
0 siblings, 2 replies; 3+ messages in thread
From: Max Filippov @ 2014-11-07 20:40 UTC (permalink / raw)
To: qemu-devel; +Cc: Max Filippov
Hi,
this series fixes missing window check in the entry opcode and adds a test
for it.
Max Filippov (2):
target-xtensa: add missing window check for entry
target-xtensa: add entry overflow test
target-xtensa/cpu.h | 6 +++++
target-xtensa/op_helper.c | 6 +++++
tests/tcg/xtensa/test_windowed.S | 51 ++++++++++++++++++++++++++++++++++++++++
3 files changed, 63 insertions(+)
--
1.8.1.4
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Qemu-devel] [PATCH 2.2 1/2] target-xtensa: add missing window check for entry
2014-11-07 20:40 [Qemu-devel] [PATCH 2.2 0/2] target-xtensa: fix missing window check in entry Max Filippov
@ 2014-11-07 20:40 ` Max Filippov
2014-11-07 20:40 ` [Qemu-devel] [PATCH 2.2 2/2] target-xtensa: add entry overflow test Max Filippov
1 sibling, 0 replies; 3+ messages in thread
From: Max Filippov @ 2014-11-07 20:40 UTC (permalink / raw)
To: qemu-devel; +Cc: Max Filippov, qemu-stable
Entry opcode needs to check if moving to new register frame would cause
register window overflow. Entry used in function prologue never
overflows because preceding windowed call* opcode writes return address
to the target register window frame, causing overflow exceptions at the
point of call. But when a sequence of entry opcodes is used for register
window spilling there may not be a call or other opcode that would cause
window check between entries and they would not raise overflow exception
themselves resulting in data corruption.
Cc: qemu-stable@nongnu.org
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
---
target-xtensa/cpu.h | 6 ++++++
target-xtensa/op_helper.c | 6 ++++++
2 files changed, 12 insertions(+)
diff --git a/target-xtensa/cpu.h b/target-xtensa/cpu.h
index beb5486..ac463f2 100644
--- a/target-xtensa/cpu.h
+++ b/target-xtensa/cpu.h
@@ -472,6 +472,12 @@ static inline xtensa_tlb_entry *xtensa_tlb_get_entry(CPUXtensaState *env,
env->itlb[wi] + ei;
}
+static inline uint32_t xtensa_replicate_windowstart(CPUXtensaState *env)
+{
+ return env->sregs[WINDOW_START] |
+ (env->sregs[WINDOW_START] << env->config->nareg / 4);
+}
+
/* MMU modes definitions */
#define MMU_MODE0_SUFFIX _ring0
#define MMU_MODE1_SUFFIX _ring1
diff --git a/target-xtensa/op_helper.c b/target-xtensa/op_helper.c
index dae1386..872e5a8 100644
--- a/target-xtensa/op_helper.c
+++ b/target-xtensa/op_helper.c
@@ -235,6 +235,12 @@ void HELPER(entry)(CPUXtensaState *env, uint32_t pc, uint32_t s, uint32_t imm)
pc, env->sregs[PS]);
HELPER(exception_cause)(env, pc, ILLEGAL_INSTRUCTION_CAUSE);
} else {
+ uint32_t windowstart = xtensa_replicate_windowstart(env) >>
+ (env->sregs[WINDOW_BASE] + 1);
+
+ if (windowstart & ((1 << callinc) - 1)) {
+ HELPER(window_check)(env, pc, callinc);
+ }
env->regs[(callinc << 2) | (s & 3)] = env->regs[s] - (imm << 3);
rotate_window(env, callinc);
env->sregs[WINDOW_START] |=
--
1.8.1.4
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Qemu-devel] [PATCH 2.2 2/2] target-xtensa: add entry overflow test
2014-11-07 20:40 [Qemu-devel] [PATCH 2.2 0/2] target-xtensa: fix missing window check in entry Max Filippov
2014-11-07 20:40 ` [Qemu-devel] [PATCH 2.2 1/2] target-xtensa: add missing window check for entry Max Filippov
@ 2014-11-07 20:40 ` Max Filippov
1 sibling, 0 replies; 3+ messages in thread
From: Max Filippov @ 2014-11-07 20:40 UTC (permalink / raw)
To: qemu-devel; +Cc: Max Filippov
Check that entry instruction raises window overflow exception when
PS.CALLINC points to live registers.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
---
tests/tcg/xtensa/test_windowed.S | 51 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 51 insertions(+)
diff --git a/tests/tcg/xtensa/test_windowed.S b/tests/tcg/xtensa/test_windowed.S
index 3de6d37..d851e8f 100644
--- a/tests/tcg/xtensa/test_windowed.S
+++ b/tests/tcg/xtensa/test_windowed.S
@@ -299,4 +299,55 @@ test entry
entry_test 12
test_end
+.macro entry_overflow_test window, free, next_window
+ set_vector window_overflow_4, 0
+ set_vector window_overflow_8, 0
+ set_vector window_overflow_12, 0
+ set_vector window_overflow_\next_window, 10f
+
+ movi a2, \window
+ movi a2, \free
+ movi a2, \next_window
+ reset_window %(1 | ((1 | (1 << ((\next_window) / 4))) << ((\free) / 4)))
+ reset_ps
+ movi a2, 0x4000f | ((\window) << 14)
+ wsr a2, ps
+ isync
+ movi a3, 0x12345678
+ j 1f
+ .align 4
+1:
+ entry a3, 0x5678
+ test_fail
+ .align 4
+10:
+ rsr a2, epc1
+ movi a3, 1b
+ assert eq, a2, a3
+ movi a2, 2f
+ wsr a2, epc1
+
+ rsr a2, windowbase
+ movi a3, (\free) / 4
+ assert eq, a2, a3
+ rfwo
+2:
+.endm
+
+.macro all_entry_overflow_tests
+ .irp window, 4, 8, 12
+ .irp next_window, 4, 8, 12
+ .irp free, 4, 8, 12
+ .if \free <= \window
+ entry_overflow_test \window, \free, \next_window
+ .endif
+ .endr
+ .endr
+ .endr
+.endm
+
+test entry_overflow
+ all_entry_overflow_tests
+test_end
+
test_suite_end
--
1.8.1.4
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-11-07 20:41 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-11-07 20:40 [Qemu-devel] [PATCH 2.2 0/2] target-xtensa: fix missing window check in entry Max Filippov
2014-11-07 20:40 ` [Qemu-devel] [PATCH 2.2 1/2] target-xtensa: add missing window check for entry Max Filippov
2014-11-07 20:40 ` [Qemu-devel] [PATCH 2.2 2/2] target-xtensa: add entry overflow test Max Filippov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).