From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Cc: peter.maydell@linaro.org
Subject: [Qemu-devel] [PULL v4 15/43] target/hppa: Avoid privilege level decrease during branches
Date: Sun, 28 Jan 2018 15:15:00 -0800 [thread overview]
Message-ID: <20180128231528.22719-16-richard.henderson@linaro.org> (raw)
In-Reply-To: <20180128231528.22719-1-richard.henderson@linaro.org>
These instructions force the destination privilege level
of the branch destination to be no higher than current.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/hppa/translate.c | 52 ++++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 47 insertions(+), 5 deletions(-)
diff --git a/target/hppa/translate.c b/target/hppa/translate.c
index 6be9e0c3ff..4a69f05a91 100644
--- a/target/hppa/translate.c
+++ b/target/hppa/translate.c
@@ -1862,6 +1862,40 @@ static DisasJumpType do_ibranch(DisasContext *ctx, TCGv_reg dest,
return DISAS_NEXT;
}
+/* Implement
+ * if (IAOQ_Front{30..31} < GR[b]{30..31})
+ * IAOQ_Next{30..31} ← GR[b]{30..31};
+ * else
+ * IAOQ_Next{30..31} ← IAOQ_Front{30..31};
+ * which keeps the privilege level from being increased.
+ */
+static TCGv_reg do_ibranch_priv(DisasContext *ctx, TCGv_reg offset)
+{
+#ifdef CONFIG_USER_ONLY
+ return offset;
+#else
+ TCGv_reg dest;
+ switch (ctx->privilege) {
+ case 0:
+ /* Privilege 0 is maximum and is allowed to decrease. */
+ return offset;
+ case 3:
+ /* Privilege 3 is minimum and is never allowed increase. */
+ dest = get_temp(ctx);
+ tcg_gen_ori_reg(dest, offset, 3);
+ break;
+ default:
+ dest = tcg_temp_new();
+ tcg_gen_andi_reg(dest, offset, -4);
+ tcg_gen_ori_reg(dest, dest, ctx->privilege);
+ tcg_gen_movcond_reg(TCG_COND_GTU, dest, dest, offset, dest, offset);
+ tcg_temp_free(dest);
+ break;
+ }
+ return dest;
+#endif
+}
+
#ifdef CONFIG_USER_ONLY
/* On Linux, page zero is normally marked execute only + gateway.
Therefore normal read or write is supposed to fail, but specific
@@ -3441,6 +3475,7 @@ static DisasJumpType trans_be(DisasContext *ctx, uint32_t insn, bool is_l)
unsigned n = extract32(insn, 1, 1);
unsigned b = extract32(insn, 21, 5);
target_sreg disp = assemble_17(insn);
+ TCGv_reg tmp;
/* unsigned s = low_uextract(insn, 13, 3); */
/* ??? It seems like there should be a good way of using
@@ -3449,16 +3484,19 @@ static DisasJumpType trans_be(DisasContext *ctx, uint32_t insn, bool is_l)
manage along side branch delay slots. Therefore we handle
entry into the gateway page via absolute address. */
+#ifdef CONFIG_USER_ONLY
/* Since we don't implement spaces, just branch. Do notice the special
case of "be disp(*,r0)" using a direct branch to disp, so that we can
goto_tb to the TB containing the syscall. */
if (b == 0) {
return do_dbranch(ctx, disp, is_l ? 31 : 0, n);
- } else {
- TCGv_reg tmp = get_temp(ctx);
- tcg_gen_addi_reg(tmp, load_gpr(ctx, b), disp);
- return do_ibranch(ctx, tmp, is_l ? 31 : 0, n);
}
+#endif
+
+ tmp = get_temp(ctx);
+ tcg_gen_addi_reg(tmp, load_gpr(ctx, b), disp);
+ tmp = do_ibranch_priv(ctx, tmp);
+ return do_ibranch(ctx, tmp, is_l ? 31 : 0, n);
}
static DisasJumpType trans_bl(DisasContext *ctx, uint32_t insn,
@@ -3490,6 +3528,7 @@ static DisasJumpType trans_blr(DisasContext *ctx, uint32_t insn,
tcg_gen_shli_reg(tmp, load_gpr(ctx, rx), 3);
tcg_gen_addi_reg(tmp, tmp, ctx->iaoq_f + 8);
+ /* The computation here never changes privilege level. */
return do_ibranch(ctx, tmp, link, n);
}
@@ -3508,6 +3547,7 @@ static DisasJumpType trans_bv(DisasContext *ctx, uint32_t insn,
tcg_gen_shli_reg(dest, load_gpr(ctx, rx), 3);
tcg_gen_add_reg(dest, dest, load_gpr(ctx, rb));
}
+ dest = do_ibranch_priv(ctx, dest);
return do_ibranch(ctx, dest, 0, n);
}
@@ -3517,8 +3557,10 @@ static DisasJumpType trans_bve(DisasContext *ctx, uint32_t insn,
unsigned n = extract32(insn, 1, 1);
unsigned rb = extract32(insn, 21, 5);
unsigned link = extract32(insn, 13, 1) ? 2 : 0;
+ TCGv_reg dest;
- return do_ibranch(ctx, load_gpr(ctx, rb), link, n);
+ dest = do_ibranch_priv(ctx, load_gpr(ctx, rb));
+ return do_ibranch(ctx, dest, link, n);
}
static const DisasInsn table_branch[] = {
--
2.14.3
next prev parent reply other threads:[~2018-01-28 23:16 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-28 23:14 [Qemu-devel] [PULL v4 00/43] hppa-softmmu Richard Henderson
2018-01-28 23:14 ` [Qemu-devel] [PULL v4 01/43] target/hppa: Skeleton support for hppa-softmmu Richard Henderson
2018-01-28 23:14 ` [Qemu-devel] [PULL v4 02/43] target/hppa: Define the rest of the PSW Richard Henderson
2018-01-28 23:14 ` [Qemu-devel] [PULL v4 03/43] target/hppa: Disable gateway page emulation for system mode Richard Henderson
2018-01-28 23:14 ` [Qemu-devel] [PULL v4 04/43] target/hppa: Define hardware exception types Richard Henderson
2018-01-28 23:14 ` [Qemu-devel] [PULL v4 05/43] target/hppa: Split address size from register size Richard Henderson
2018-01-28 23:14 ` [Qemu-devel] [PULL v4 06/43] target/hppa: Implement mmu_idx from IA privilege level Richard Henderson
2018-01-28 23:14 ` [Qemu-devel] [PULL v4 07/43] target/hppa: Implement the system mask instructions Richard Henderson
2018-01-28 23:14 ` [Qemu-devel] [PULL v4 08/43] target/hppa: Add space registers Richard Henderson
2018-01-28 23:14 ` [Qemu-devel] [PULL v4 09/43] target/hppa: Add control registers Richard Henderson
2018-01-28 23:14 ` [Qemu-devel] [PULL v4 10/43] target/hppa: Adjust insn mask for mfctl, w Richard Henderson
2018-01-28 23:14 ` [Qemu-devel] [PULL v4 11/43] target/hppa: Implement rfi Richard Henderson
2018-01-28 23:14 ` [Qemu-devel] [PULL v4 12/43] target/hppa: Fill in hppa_cpu_do_interrupt/hppa_cpu_exec_interrupt Richard Henderson
2018-01-28 23:14 ` [Qemu-devel] [PULL v4 13/43] target/hppa: Implement unaligned access trap Richard Henderson
2018-01-28 23:14 ` [Qemu-devel] [PULL v4 14/43] target/hppa: Use space registers in data operations Richard Henderson
2018-01-28 23:15 ` Richard Henderson [this message]
2018-01-28 23:15 ` [Qemu-devel] [PULL v4 16/43] target/hppa: Implement IASQ Richard Henderson
2018-01-28 23:15 ` [Qemu-devel] [PULL v4 17/43] target/hppa: Implement tlb_fill Richard Henderson
2018-01-28 23:15 ` [Qemu-devel] [PULL v4 18/43] target/hppa: Implement external interrupts Richard Henderson
2018-01-28 23:15 ` [Qemu-devel] [PULL v4 19/43] target/hppa: Implement the interval timer Richard Henderson
2018-01-28 23:15 ` [Qemu-devel] [PULL v4 20/43] target/hppa: Log unimplemented instructions Richard Henderson
2018-01-28 23:15 ` [Qemu-devel] [PULL v4 21/43] target/hppa: Implement I*TLBA and I*TLBP insns Richard Henderson
2018-01-28 23:15 ` [Qemu-devel] [PULL v4 22/43] target/hppa: Implement P*TLB and P*TLBE insns Richard Henderson
2018-01-28 23:15 ` [Qemu-devel] [PULL v4 23/43] target/hppa: Implement LDWA Richard Henderson
2018-01-28 23:15 ` [Qemu-devel] [PULL v4 24/43] target/hppa: Implement LPA Richard Henderson
2018-01-28 23:15 ` [Qemu-devel] [PULL v4 25/43] target/hppa: Implement LCI Richard Henderson
2018-01-28 23:15 ` [Qemu-devel] [PULL v4 26/43] target/hppa: Implement SYNCDMA insn Richard Henderson
2018-01-28 23:15 ` [Qemu-devel] [PULL v4 27/43] target/hppa: Implement halt and reset instructions Richard Henderson
2018-01-28 23:15 ` [Qemu-devel] [PULL v4 28/43] target/hppa: Optimize for flat addressing space Richard Henderson
2018-01-28 23:15 ` [Qemu-devel] [PULL v4 29/43] target/hppa: Add system registers to gdbstub Richard Henderson
2018-01-28 23:15 ` [Qemu-devel] [PULL v4 30/43] target/hppa: Add migration for the cpu Richard Henderson
2018-01-28 23:15 ` [Qemu-devel] [PULL v4 31/43] target/hppa: Implement B,GATE insn Richard Henderson
2018-01-28 23:15 ` [Qemu-devel] [PULL v4 32/43] target/hppa: Only use EXCP_DTLB_MISS Richard Henderson
2018-01-28 23:15 ` [Qemu-devel] [PULL v4 33/43] target/hppa: Increase number of temp regs Richard Henderson
2018-01-28 23:15 ` [Qemu-devel] [PULL v4 34/43] target/hppa: Fix comment Richard Henderson
2018-01-28 23:15 ` [Qemu-devel] [PULL v4 35/43] target/hppa: Implement LDSID for system mode Richard Henderson
2018-01-28 23:15 ` [Qemu-devel] [PULL v4 36/43] target/hppa: Implement a pause instruction Richard Henderson
2018-01-28 23:15 ` [Qemu-devel] [PULL v4 37/43] target/hppa: Implement STWA Richard Henderson
2018-01-28 23:15 ` [Qemu-devel] [PULL v4 38/43] target/hppa: Enable MTTCG Richard Henderson
2018-01-28 23:15 ` [Qemu-devel] [PULL v4 39/43] hw/hppa: Implement DINO system board Richard Henderson
2018-01-28 23:15 ` [Qemu-devel] [PULL v4 40/43] pc-bios: Add hppa-firmware.img and git submodule Richard Henderson
2018-01-28 23:15 ` [Qemu-devel] [PULL v4 41/43] hw/hppa: Add MAINTAINERS entry Richard Henderson
2018-01-28 23:15 ` [Qemu-devel] [PULL v4 42/43] target/hppa: Fix 32-bit operand masks for 0E FCVT Richard Henderson
2018-01-28 23:15 ` [Qemu-devel] [PULL v4 43/43] target/hppa: Implement PROBE for system mode Richard Henderson
2018-01-28 23:59 ` [Qemu-devel] [PULL v4 00/43] hppa-softmmu no-reply
2018-01-29 13:12 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180128231528.22719-16-richard.henderson@linaro.org \
--to=richard.henderson@linaro.org \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).