[Qemu-devel] [PULL 02/13] target-arm: Break the TB after ISB to execute self-modified code correctly

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [Qemu-devel] [PULL 02/13] target-arm: Break the TB after ISB to execute self-modified code correctly
Date: Fri, 16 Oct 2015 14:57:56 +0100	[thread overview]
Message-ID: <1445003887-14475-3-git-send-email-peter.maydell@linaro.org> (raw)
In-Reply-To: <1445003887-14475-1-git-send-email-peter.maydell@linaro.org>

From: Sergey Sorokin <afarallax@yandex.ru>

If any store instruction writes the code inside the same TB
after this store insn, the execution of the TB must be stopped
to execute new code correctly.
As described in ARMv8 manual D3.4.6 self-modifying code must do an
IC invalidation to be valid, and an ISB after it. So it's enough to end
the TB after ISB instruction on the code translation.
Also this TB break is necessary to take any pending interrupts immediately
after an ISB (as required by ARMv8 ARM D1.14.4).

Signed-off-by: Sergey Sorokin <afarallax@yandex.ru>
[PMM: tweaked commit message and comments slightly]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/helper.c        |  6 +++++-
 target-arm/translate-a64.c |  8 +++++++-
 target-arm/translate.c     | 17 +++++++++++++++--
 3 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index 584f6df..b498670 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -657,8 +657,12 @@ static const ARMCPRegInfo v6_cp_reginfo[] = {
     { .name = "MVA_prefetch",
       .cp = 15, .crn = 7, .crm = 13, .opc1 = 0, .opc2 = 1,
       .access = PL1_W, .type = ARM_CP_NOP },
+    /* We need to break the TB after ISB to execute self-modifying code
+     * correctly and also to take any pending interrupts immediately.
+     * So use arm_cp_write_ignore() function instead of ARM_CP_NOP flag.
+     */
     { .name = "ISB", .cp = 15, .crn = 7, .crm = 5, .opc1 = 0, .opc2 = 4,
-      .access = PL0_W, .type = ARM_CP_NOP },
+      .access = PL0_W, .type = ARM_CP_NO_RAW, .writefn = arm_cp_write_ignore },
     { .name = "DSB", .cp = 15, .crn = 7, .crm = 10, .opc1 = 0, .opc2 = 4,
       .access = PL0_W, .type = ARM_CP_NOP },
     { .name = "DMB", .cp = 15, .crn = 7, .crm = 10, .opc1 = 0, .opc2 = 5,
diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index e65e309..a4580c0 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -1230,9 +1230,15 @@ static void handle_sync(DisasContext *s, uint32_t insn,
         return;
     case 4: /* DSB */
     case 5: /* DMB */
-    case 6: /* ISB */
         /* We don't emulate caches so barriers are no-ops */
         return;
+    case 6: /* ISB */
+        /* We need to break the TB after this insn to execute
+         * a self-modified code correctly and also to take
+         * any pending interrupts immediately.
+         */
+        s->is_jmp = DISAS_UPDATE;
+        return;
     default:
         unallocated_encoding(s);
         return;
diff --git a/target-arm/translate.c b/target-arm/translate.c
index 22c3587..1273000 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -7720,10 +7720,16 @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
                 return;
             case 4: /* dsb */
             case 5: /* dmb */
-            case 6: /* isb */
                 ARCH(7);
                 /* We don't emulate caches so these are a no-op.  */
                 return;
+            case 6: /* isb */
+                /* We need to break the TB after this insn to execute
+                 * self-modifying code correctly and also to take
+                 * any pending interrupts immediately.
+                 */
+                gen_lookup_tb(s);
+                return;
             default:
                 goto illegal_op;
             }
@@ -10030,9 +10036,16 @@ static int disas_thumb2_insn(CPUARMState *env, DisasContext *s, uint16_t insn_hw
                             break;
                         case 4: /* dsb */
                         case 5: /* dmb */
-                        case 6: /* isb */
                             /* These execute as NOPs.  */
                             break;
+                        case 6: /* isb */
+                            /* We need to break the TB after this insn
+                             * to execute self-modifying code correctly
+                             * and also to take any pending interrupts
+                             * immediately.
+                             */
+                            gen_lookup_tb(s);
+                            break;
                         default:
                             goto illegal_op;
                         }
-- 
1.9.1

next prev parent reply	other threads:[~2015-10-16 13:58 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-10-16 13:57 [Qemu-devel] [PULL 00/13] target-arm queue Peter Maydell
2015-10-16 13:57 ` [Qemu-devel] [PULL 01/13] target-arm: Add missing 'static' attribute Peter Maydell
2015-10-16 13:57 ` Peter Maydell [this message]
2015-10-16 13:57 ` [Qemu-devel] [PULL 03/13] target-arm: Avoid calling arm_el_is_aa64() function for unimplemented EL Peter Maydell
2015-10-16 13:57 ` [Qemu-devel] [PULL 04/13] hw/arm/virt: smbios: inform guest of kvm Peter Maydell
2015-10-16 13:57 ` [Qemu-devel] [PULL 05/13] target-arm: Implement AArch64 OSLAR/OSLSR_EL1 sysregs Peter Maydell
2015-10-16 13:58 ` [Qemu-devel] [PULL 06/13] target-arm: Provide model numbers for Sharp PDAs Peter Maydell
2015-10-16 13:58 ` [Qemu-devel] [PULL 07/13] arm: imx25-pdk: Fix machine name Peter Maydell
2015-10-16 13:58 ` [Qemu-devel] [PULL 08/13] misc: zynq_slcr: Fix MMIO writes Peter Maydell
2015-10-16 13:58 ` [Qemu-devel] [PULL 09/13] target-arm: Add MDCR_EL2 Peter Maydell
2015-10-16 13:58 ` [Qemu-devel] [PULL 10/13] hw/arm/virt: Allow zero address for PCI IO space Peter Maydell
2015-10-16 13:58 ` [Qemu-devel] [PULL 11/13] target-arm: implement arm_debug_target_el() Peter Maydell
2015-10-16 13:58 ` [Qemu-devel] [PULL 12/13] target-arm: Fix GDB breakpoint handling Peter Maydell
2015-10-16 13:58 ` [Qemu-devel] [PULL 13/13] target-arm: Fix CPU " Peter Maydell
2015-10-21 18:15   ` Sergey Fedorov
2015-11-02 11:09     ` Peter Maydell
2015-11-02 13:38       ` Sergey Fedorov
2015-10-17 14:05 ` [Qemu-devel] [PULL 00/13] target-arm queue Peter Maydell

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:584f6df dfblob:b498670 dfblob:e65e309 dfblob:a4580c0
dfblob:22c3587 dfblob:1273000 )
 OR (
bs:"[Qemu-devel] [PULL 02/13] target-arm: Break the TB after ISB to execute self-modified code correctly" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1445003887-14475-3-git-send-email-peter.maydell@linaro.org \
    --to=peter.maydell@linaro.org \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).