From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [Qemu-devel] [PULL 02/27] target-arm/translate.c: Handle non-executable page-straddling Thumb insns
Date: Tue, 27 Oct 2015 14:33:04 +0000 [thread overview]
Message-ID: <1445956409-1818-3-git-send-email-peter.maydell@linaro.org> (raw)
In-Reply-To: <1445956409-1818-1-git-send-email-peter.maydell@linaro.org>
When the memory we're trying to translate code from is not executable we have
to turn this into a guest fault. In order to report the correct PC for this
fault, and to make sure it is not reported until after any other possible
faults for instructions earlier in execution, we must terminate TBs at
the end of a page, in case the next instruction is in a non-executable page.
This is simple for T16, A32 and A64 instructions, which are always aligned
to their size. However T32 instructions may be 32-bits but only 16-aligned,
so they can straddle a page boundary.
Correct the condition that checks whether the next instruction will touch
the following page, to ensure that if we're 2 bytes before the boundary
and this insn is T32 then we end the TB.
Reported-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target-arm/translate.c | 45 ++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 44 insertions(+), 1 deletion(-)
diff --git a/target-arm/translate.c b/target-arm/translate.c
index 9f1d740..6be2c72 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -11179,6 +11179,35 @@ undef:
default_exception_el(s));
}
+static bool insn_crosses_page(CPUARMState *env, DisasContext *s)
+{
+ /* Return true if the insn at dc->pc might cross a page boundary.
+ * (False positives are OK, false negatives are not.)
+ */
+ uint16_t insn;
+
+ if ((s->pc & 3) == 0) {
+ /* At a 4-aligned address we can't be crossing a page */
+ return false;
+ }
+
+ /* This must be a Thumb insn */
+ insn = arm_lduw_code(env, s->pc, s->bswap_code);
+
+ if ((insn >> 11) >= 0x1d) {
+ /* Top five bits 0b11101 / 0b11110 / 0b11111 : this is the
+ * First half of a 32-bit Thumb insn. Thumb-1 cores might
+ * end up actually treating this as two 16-bit insns (see the
+ * code at the start of disas_thumb2_insn()) but we don't bother
+ * to check for that as it is unlikely, and false positives here
+ * are harmless.
+ */
+ return true;
+ }
+ /* Definitely a 16-bit insn, can't be crossing a page. */
+ return false;
+}
+
/* generate intermediate code in gen_opc_buf and gen_opparam_buf for
basic block 'tb'. */
void gen_intermediate_code(CPUARMState *env, TranslationBlock *tb)
@@ -11190,6 +11219,7 @@ void gen_intermediate_code(CPUARMState *env, TranslationBlock *tb)
target_ulong next_page_start;
int num_insns;
int max_insns;
+ bool end_of_page;
/* generate intermediate code */
@@ -11411,11 +11441,24 @@ void gen_intermediate_code(CPUARMState *env, TranslationBlock *tb)
* Otherwise the subsequent code could get translated several times.
* Also stop translation when a page boundary is reached. This
* ensures prefetch aborts occur at the right place. */
+
+ /* We want to stop the TB if the next insn starts in a new page,
+ * or if it spans between this page and the next. This means that
+ * if we're looking at the last halfword in the page we need to
+ * see if it's a 16-bit Thumb insn (which will fit in this TB)
+ * or a 32-bit Thumb insn (which won't).
+ * This is to avoid generating a silly TB with a single 16-bit insn
+ * in it at the end of this page (which would execute correctly
+ * but isn't very efficient).
+ */
+ end_of_page = (dc->pc >= next_page_start) ||
+ ((dc->pc >= next_page_start - 3) && insn_crosses_page(env, dc));
+
} while (!dc->is_jmp && !tcg_op_buf_full() &&
!cs->singlestep_enabled &&
!singlestep &&
!dc->ss_active &&
- dc->pc < next_page_start &&
+ !end_of_page &&
num_insns < max_insns);
if (tb->cflags & CF_LAST_IO) {
--
1.9.1
next prev parent reply other threads:[~2015-10-27 14:33 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-27 14:33 [Qemu-devel] [PULL 00/27] target-arm queue Peter Maydell
2015-10-27 14:33 ` [Qemu-devel] [PULL 01/27] target-arm: Fix "no 64-bit EL2" assumption in arm_excp_unmasked() Peter Maydell
2015-10-27 14:33 ` Peter Maydell [this message]
2015-10-27 14:33 ` [Qemu-devel] [PULL 03/27] target-arm: Add support for SPSR_(ABT|UND|IRQ|FIQ) Peter Maydell
2015-10-27 14:33 ` [Qemu-devel] [PULL 04/27] arm_gic_kvm: Disable live migration if not supported Peter Maydell
2015-10-27 14:33 ` [Qemu-devel] [PULL 05/27] hw/arm/virt: don't use a15memmap directly Peter Maydell
2015-10-27 14:33 ` [Qemu-devel] [PULL 06/27] i.MX: Standardize i.MX serial debug Peter Maydell
2015-10-27 14:33 ` [Qemu-devel] [PULL 07/27] i.MX: Standardize i.MX GPIO debug Peter Maydell
2015-10-27 14:33 ` [Qemu-devel] [PULL 08/27] i.MX: Standardize i.MX I2C debug Peter Maydell
2015-10-27 14:33 ` [Qemu-devel] [PULL 09/27] i.MX: Standardize i.MX AVIC debug Peter Maydell
2015-10-27 14:33 ` [Qemu-devel] [PULL 10/27] i.MX: Standardize i.MX CCM debug Peter Maydell
2015-10-27 14:33 ` [Qemu-devel] [PULL 11/27] i.MX: Standardize i.MX FEC debug Peter Maydell
2015-10-27 14:33 ` [Qemu-devel] [PULL 12/27] i.MX: Standardize i.MX EPIT debug Peter Maydell
2015-10-27 14:33 ` [Qemu-devel] [PULL 13/27] i.MX: Standardize i.MX GPT debug Peter Maydell
2015-10-27 14:33 ` [Qemu-devel] [PULL 14/27] target-arm: Add HPFAR_EL2 Peter Maydell
2015-10-27 14:33 ` [Qemu-devel] [PULL 15/27] target-arm: lpae: Make t0sz and t1sz signed integers Peter Maydell
2015-10-27 14:33 ` [Qemu-devel] [PULL 16/27] target-arm: lpae: Move declaration of t0sz and t1sz Peter Maydell
2015-10-27 14:33 ` [Qemu-devel] [PULL 17/27] target-arm: Add support for AArch32 S2 negative t0sz Peter Maydell
2015-10-27 14:33 ` [Qemu-devel] [PULL 18/27] target-arm: lpae: Replace tsz with computed inputsize Peter Maydell
2015-10-27 14:33 ` [Qemu-devel] [PULL 19/27] target-arm: lpae: Rename granule_sz to stride Peter Maydell
2015-10-27 14:33 ` [Qemu-devel] [PULL 20/27] target-arm: Add computation of starting level for S2 PTW Peter Maydell
2015-10-27 14:33 ` [Qemu-devel] [PULL 21/27] target-arm: Add support for S2 page-table protection bits Peter Maydell
2015-10-27 14:33 ` [Qemu-devel] [PULL 22/27] target-arm: Avoid inline for get_phys_addr Peter Maydell
2015-10-27 14:33 ` [Qemu-devel] [PULL 23/27] target-arm: Add ARMMMUFaultInfo Peter Maydell
2015-10-27 14:33 ` [Qemu-devel] [PULL 24/27] target-arm: Add S2 translation to 64bit S1 PTWs Peter Maydell
2015-10-27 14:33 ` [Qemu-devel] [PULL 25/27] target-arm: Add S2 translation to 32bit " Peter Maydell
2015-10-27 14:33 ` [Qemu-devel] [PULL 26/27] target-arm: Route S2 MMU faults to EL2 Peter Maydell
2015-10-27 14:33 ` [Qemu-devel] [PULL 27/27] target-arm: Add support for S1 + S2 MMU translations Peter Maydell
2015-10-27 15:57 ` [Qemu-devel] [PULL 00/27] target-arm queue Peter Maydell
2015-10-27 16:00 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1445956409-1818-3-git-send-email-peter.maydell@linaro.org \
--to=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).