From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:57306)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Julian_Brown@mentor.com>) id 1c2LrM-0005Rc-R9
	for qemu-devel@nongnu.org; Thu, 03 Nov 2016 13:31:29 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Julian_Brown@mentor.com>) id 1c2LrI-0007am-Sm
	for qemu-devel@nongnu.org; Thu, 03 Nov 2016 13:31:28 -0400
Received: from relay1.mentorg.com ([192.94.38.131]:48015)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <Julian_Brown@mentor.com>)
	id 1c2LrI-0007aW-N0
	for qemu-devel@nongnu.org; Thu, 03 Nov 2016 13:31:24 -0400
Received: from nat-ies.mentorg.com ([192.94.31.2]
	helo=SVR-IES-MBX-04.mgc.mentorg.com)
	by relay1.mentorg.com with esmtp
	id 1c2LrH-00023M-Lh from Julian_Brown@mentor.com
	for qemu-devel@nongnu.org; Thu, 03 Nov 2016 10:31:23 -0700
From: Julian Brown <julian@codesourcery.com>
Date: Thu, 3 Nov 2016 10:30:57 -0700
Message-ID: <1478194258-75276-5-git-send-email-julian@codesourcery.com>
In-Reply-To: <1478194258-75276-1-git-send-email-julian@codesourcery.com>
References: <1478194258-75276-1-git-send-email-julian@codesourcery.com>
MIME-Version: 1.0
Content-Type: text/plain
Subject: [Qemu-devel] [PATCH 4/5] ARM BE32 watchpoint fix.
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

In BE32 mode, sub-word size watchpoints can fail to trigger because the
address of the access is adjusted in the opcode helpers before being
compared with the watchpoint registers.  This patch reversed the address
adjustment before performing the comparison.

Signed-off-by: Julian Brown <julian@codesourcery.com>
---
 exec.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/exec.c b/exec.c
index 4c84389..eadab54 100644
--- a/exec.c
+++ b/exec.c
@@ -2047,6 +2047,19 @@ static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
         return;
     }
     vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
+#if defined(TARGET_ARM) && !defined(CONFIG_USER_ONLY)
+    /* In BE32 system mode, target memory is stored byteswapped (FIXME:
+       relative to a little-endian host system), and by the time we reach here
+       (via an opcode helper) the addresses of subword accesses have been
+       adjusted to account for that, which means that watchpoints will not
+       match.  Undo the adjustment here.  */
+    if (arm_sctlr_b(env)) {
+        if (len == 1)
+            vaddr ^= 3;
+        else if (len == 2)
+            vaddr ^= 2;
+    }
+#endif
     QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
         if (cpu_watchpoint_address_matches(wp, vaddr, len)
             && (wp->flags & flags)) {
-- 
1.9.1