* [PULL 00/20] tricore queue
@ 2023-06-21 16:14 Bastian Koppelmann
2023-06-21 16:14 ` [PULL 01/20] target/tricore: Introduce ISA 1.6.2 feature Bastian Koppelmann
` (20 more replies)
0 siblings, 21 replies; 28+ messages in thread
From: Bastian Koppelmann @ 2023-06-21 16:14 UTC (permalink / raw)
To: qemu-devel; +Cc: kbastian
The following changes since commit c5ffd16ba4c8fd3601742cc9d2b3cff03995dd5d:
Revert "cputlb: Restrict SavedIOTLB to system emulation" (2023-06-21 07:19:46 +0200)
are available in the Git repository at:
https://github.com/bkoppelmann/qemu.git tags/pull-tricore-20230621-1
for you to fetch changes up to a9c37abdff65a07d0191123a21d318c4d8cc7f33:
target/tricore: Fix ICR.IE offset in RESTORE insn (2023-06-21 18:09:54 +0200)
----------------------------------------------------------------
- Implement privilege levels for TriCore
- Fix missing REG_PAIR() for insns using two 32 regs
- Fix erroneously saving PSW.CDC on CALL insns
- Added some missing v1.6.2 insns
----------------------------------------------------------------
Bastian Koppelmann (19):
target/tricore: Introduce ISA 1.6.2 feature
target/tricore: Add popcnt.w insn
target/tricore: Add LHA insn
target/tricore: Add crc32l.w insn
target/tricore: Add crc32.b insn
target/tricore: Add shuffle insn
target/tricore: Implement SYCSCALL insn
target/tricore: Add DISABLE insn variant
target/tricore: Correctly fix saving PSW.CDE to CSA on call
target/tricore: Add CHECK_REG_PAIR() for insn accessing 64 bit regs
target/tricore: Fix helper_ret() not correctly restoring PSW
target/tricore: Fix RR_JLI clobbering reg A[11]
target/tricore: Introduce DISAS_TARGET_EXIT
target/tricore: ENABLE exit to main-loop
target/tricore: Indirect jump insns use tcg_gen_lookup_and_goto_ptr()
target/tricore: Introduce priv tb flag
target/tricore: Implement privilege level for all insns
target/tricore: Honour privilege changes on PSW write
target/tricore: Fix ICR.IE offset in RESTORE insn
Siqi Chen (1):
target/tricore: Fix out-of-bounds index in imask instruction
target/tricore/cpu.c | 13 +++
target/tricore/cpu.h | 18 +++--
target/tricore/helper.h | 5 +-
target/tricore/op_helper.c | 69 ++++++++++++++--
target/tricore/translate.c | 167 ++++++++++++++++++++++++++++++---------
target/tricore/tricore-opcodes.h | 16 +++-
6 files changed, 237 insertions(+), 51 deletions(-)
^ permalink raw reply [flat|nested] 28+ messages in thread
* [PULL 01/20] target/tricore: Introduce ISA 1.6.2 feature
2023-06-21 16:14 [PULL 00/20] tricore queue Bastian Koppelmann
@ 2023-06-21 16:14 ` Bastian Koppelmann
2023-06-21 16:14 ` [PULL 02/20] target/tricore: Add popcnt.w insn Bastian Koppelmann
` (19 subsequent siblings)
20 siblings, 0 replies; 28+ messages in thread
From: Bastian Koppelmann @ 2023-06-21 16:14 UTC (permalink / raw)
To: qemu-devel; +Cc: kbastian, Richard Henderson
we also introduce the tc37x CPU that implements that ISA version.
Acked-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230614100039.1337971-2-kbastian@mail.uni-paderborn.de>
---
target/tricore/cpu.c | 13 +++++++++++++
target/tricore/cpu.h | 1 +
2 files changed, 14 insertions(+)
diff --git a/target/tricore/cpu.c b/target/tricore/cpu.c
index 7fa113fed2..f15169bd1b 100644
--- a/target/tricore/cpu.c
+++ b/target/tricore/cpu.c
@@ -104,6 +104,10 @@ static void tricore_cpu_realizefn(DeviceState *dev, Error **errp)
}
/* Some features automatically imply others */
+ if (tricore_feature(env, TRICORE_FEATURE_162)) {
+ set_feature(env, TRICORE_FEATURE_161);
+ }
+
if (tricore_feature(env, TRICORE_FEATURE_161)) {
set_feature(env, TRICORE_FEATURE_16);
}
@@ -164,6 +168,14 @@ static void tc27x_initfn(Object *obj)
set_feature(&cpu->env, TRICORE_FEATURE_161);
}
+static void tc37x_initfn(Object *obj)
+{
+ TriCoreCPU *cpu = TRICORE_CPU(obj);
+
+ set_feature(&cpu->env, TRICORE_FEATURE_162);
+}
+
+
#include "hw/core/sysemu-cpu-ops.h"
static const struct SysemuCPUOps tricore_sysemu_ops = {
@@ -226,6 +238,7 @@ static const TypeInfo tricore_cpu_type_infos[] = {
DEFINE_TRICORE_CPU_TYPE("tc1796", tc1796_initfn),
DEFINE_TRICORE_CPU_TYPE("tc1797", tc1797_initfn),
DEFINE_TRICORE_CPU_TYPE("tc27x", tc27x_initfn),
+ DEFINE_TRICORE_CPU_TYPE("tc37x", tc37x_initfn),
};
DEFINE_TYPES(tricore_cpu_type_infos)
diff --git a/target/tricore/cpu.h b/target/tricore/cpu.h
index d98a3fb671..041fc0b6e5 100644
--- a/target/tricore/cpu.h
+++ b/target/tricore/cpu.h
@@ -273,6 +273,7 @@ enum tricore_features {
TRICORE_FEATURE_131,
TRICORE_FEATURE_16,
TRICORE_FEATURE_161,
+ TRICORE_FEATURE_162,
};
static inline int tricore_feature(CPUTriCoreState *env, int feature)
--
2.40.1
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [PULL 02/20] target/tricore: Add popcnt.w insn
2023-06-21 16:14 [PULL 00/20] tricore queue Bastian Koppelmann
2023-06-21 16:14 ` [PULL 01/20] target/tricore: Introduce ISA 1.6.2 feature Bastian Koppelmann
@ 2023-06-21 16:14 ` Bastian Koppelmann
2023-06-21 16:14 ` [PULL 03/20] target/tricore: Add LHA insn Bastian Koppelmann
` (18 subsequent siblings)
20 siblings, 0 replies; 28+ messages in thread
From: Bastian Koppelmann @ 2023-06-21 16:14 UTC (permalink / raw)
To: qemu-devel; +Cc: kbastian, Richard Henderson
reported in https://gitlab.com/qemu-project/qemu/-/issues/1667
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230614100039.1337971-3-kbastian@mail.uni-paderborn.de>
---
target/tricore/translate.c | 7 +++++++
target/tricore/tricore-opcodes.h | 1 +
2 files changed, 8 insertions(+)
diff --git a/target/tricore/translate.c b/target/tricore/translate.c
index cd33a1dcdd..26b284bcec 100644
--- a/target/tricore/translate.c
+++ b/target/tricore/translate.c
@@ -6197,6 +6197,13 @@ static void decode_rr_divide(DisasContext *ctx)
generate_trap(ctx, TRAPC_INSN_ERR, TIN2_IOPC);
}
break;
+ case OPC2_32_RR_POPCNT_W:
+ if (has_feature(ctx, TRICORE_FEATURE_162)) {
+ tcg_gen_ctpop_tl(cpu_gpr_d[r3], cpu_gpr_d[r1]);
+ } else {
+ generate_trap(ctx, TRAPC_INSN_ERR, TIN2_IOPC);
+ }
+ break;
case OPC2_32_RR_DIV:
if (has_feature(ctx, TRICORE_FEATURE_16)) {
GEN_HELPER_RR(divide, cpu_gpr_d[r3], cpu_gpr_d[r3+1], cpu_gpr_d[r1],
diff --git a/target/tricore/tricore-opcodes.h b/target/tricore/tricore-opcodes.h
index f7135f183d..59aa39a7a5 100644
--- a/target/tricore/tricore-opcodes.h
+++ b/target/tricore/tricore-opcodes.h
@@ -1133,6 +1133,7 @@ enum {
OPC2_32_RR_PARITY = 0x02,
OPC2_32_RR_UNPACK = 0x08,
OPC2_32_RR_CRC32 = 0x03,
+ OPC2_32_RR_POPCNT_W = 0x22, /* 1.6.2 only */
OPC2_32_RR_DIV = 0x20,
OPC2_32_RR_DIV_U = 0x21,
OPC2_32_RR_MUL_F = 0x04,
--
2.40.1
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [PULL 03/20] target/tricore: Add LHA insn
2023-06-21 16:14 [PULL 00/20] tricore queue Bastian Koppelmann
2023-06-21 16:14 ` [PULL 01/20] target/tricore: Introduce ISA 1.6.2 feature Bastian Koppelmann
2023-06-21 16:14 ` [PULL 02/20] target/tricore: Add popcnt.w insn Bastian Koppelmann
@ 2023-06-21 16:14 ` Bastian Koppelmann
2023-06-21 16:14 ` [PULL 04/20] target/tricore: Add crc32l.w insn Bastian Koppelmann
` (17 subsequent siblings)
20 siblings, 0 replies; 28+ messages in thread
From: Bastian Koppelmann @ 2023-06-21 16:14 UTC (permalink / raw)
To: qemu-devel; +Cc: kbastian, Richard Henderson
reported in https://gitlab.com/qemu-project/qemu/-/issues/1667
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230614100039.1337971-4-kbastian@mail.uni-paderborn.de>
---
target/tricore/translate.c | 14 ++++++++++++--
target/tricore/tricore-opcodes.h | 9 ++++++++-
2 files changed, 20 insertions(+), 3 deletions(-)
diff --git a/target/tricore/translate.c b/target/tricore/translate.c
index 26b284bcec..898557d22a 100644
--- a/target/tricore/translate.c
+++ b/target/tricore/translate.c
@@ -7931,7 +7931,7 @@ static void decode_sys_interrupts(DisasContext *ctx)
static void decode_32Bit_opc(DisasContext *ctx)
{
- int op1;
+ int op1, op2;
int32_t r1, r2, r3;
int32_t address, const16;
int8_t b, const4;
@@ -7982,9 +7982,19 @@ static void decode_32Bit_opc(DisasContext *ctx)
tcg_gen_qemu_ld_tl(cpu_gpr_d[r1], temp, ctx->mem_idx, MO_LEUW);
tcg_gen_shli_tl(cpu_gpr_d[r1], cpu_gpr_d[r1], 16);
break;
- case OPC1_32_ABS_LEA:
+ case OPCM_32_ABS_LEA_LHA:
address = MASK_OP_ABS_OFF18(ctx->opcode);
r1 = MASK_OP_ABS_S1D(ctx->opcode);
+
+ if (has_feature(ctx, TRICORE_FEATURE_162)) {
+ op2 = MASK_OP_ABS_OP2(ctx->opcode);
+ if (op2 == OPC2_32_ABS_LHA) {
+ tcg_gen_movi_tl(cpu_gpr_a[r1], address << 14);
+ break;
+ }
+ /* otherwise translate regular LEA */
+ }
+
tcg_gen_movi_tl(cpu_gpr_a[r1], EA_ABS_FORMAT(address));
break;
/* ABSB-format */
diff --git a/target/tricore/tricore-opcodes.h b/target/tricore/tricore-opcodes.h
index 59aa39a7a5..9fab4bd75c 100644
--- a/target/tricore/tricore-opcodes.h
+++ b/target/tricore/tricore-opcodes.h
@@ -430,7 +430,7 @@ enum {
OPCM_32_ABS_STOREB_H = 0x25,
OPC1_32_ABS_STOREQ = 0x65,
OPC1_32_ABS_LD_Q = 0x45,
- OPC1_32_ABS_LEA = 0xc5,
+ OPCM_32_ABS_LEA_LHA = 0xc5,
/* ABSB Format */
OPC1_32_ABSB_ST_T = 0xd5,
/* B Format */
@@ -592,6 +592,13 @@ enum {
OPC2_32_ABS_ST_B = 0x00,
OPC2_32_ABS_ST_H = 0x02,
};
+
+/* OPCM_32_ABS_LEA_LHA */
+enum {
+ OPC2_32_ABS_LEA = 0x00,
+ OPC2_32_ABS_LHA = 0x01,
+};
+
/*
* Bit Format
*/
--
2.40.1
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [PULL 04/20] target/tricore: Add crc32l.w insn
2023-06-21 16:14 [PULL 00/20] tricore queue Bastian Koppelmann
` (2 preceding siblings ...)
2023-06-21 16:14 ` [PULL 03/20] target/tricore: Add LHA insn Bastian Koppelmann
@ 2023-06-21 16:14 ` Bastian Koppelmann
2023-06-21 16:14 ` [PULL 05/20] target/tricore: Add crc32.b insn Bastian Koppelmann
` (16 subsequent siblings)
20 siblings, 0 replies; 28+ messages in thread
From: Bastian Koppelmann @ 2023-06-21 16:14 UTC (permalink / raw)
To: qemu-devel; +Cc: kbastian, Richard Henderson
reported in https://gitlab.com/qemu-project/qemu/-/issues/1667
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230614100039.1337971-5-kbastian@mail.uni-paderborn.de>
---
target/tricore/helper.h | 3 ++-
target/tricore/op_helper.c | 10 +++++++++-
target/tricore/translate.c | 12 ++++++++++--
target/tricore/tricore-opcodes.h | 3 ++-
4 files changed, 23 insertions(+), 5 deletions(-)
diff --git a/target/tricore/helper.h b/target/tricore/helper.h
index b64780c37d..24da5e97c0 100644
--- a/target/tricore/helper.h
+++ b/target/tricore/helper.h
@@ -131,7 +131,8 @@ DEF_HELPER_FLAGS_5(mul_h, TCG_CALL_NO_RWG_SE, i64, i32, i32, i32, i32, i32)
DEF_HELPER_FLAGS_5(mulm_h, TCG_CALL_NO_RWG_SE, i64, i32, i32, i32, i32, i32)
DEF_HELPER_FLAGS_5(mulr_h, TCG_CALL_NO_RWG_SE, i32, i32, i32, i32, i32, i32)
/* crc32 */
-DEF_HELPER_FLAGS_2(crc32, TCG_CALL_NO_RWG_SE, i32, i32, i32)
+DEF_HELPER_FLAGS_2(crc32_be, TCG_CALL_NO_RWG_SE, i32, i32, i32)
+DEF_HELPER_FLAGS_2(crc32_le, TCG_CALL_NO_RWG_SE, i32, i32, i32)
/* CSA */
DEF_HELPER_2(call, void, env, i32)
DEF_HELPER_1(ret, void, env)
diff --git a/target/tricore/op_helper.c b/target/tricore/op_helper.c
index 54f54811d9..8ce404cb93 100644
--- a/target/tricore/op_helper.c
+++ b/target/tricore/op_helper.c
@@ -2284,7 +2284,7 @@ uint32_t helper_mulr_h(uint32_t arg00, uint32_t arg01,
return (result1 & 0xffff0000) | (result0 >> 16);
}
-uint32_t helper_crc32(uint32_t arg0, uint32_t arg1)
+uint32_t helper_crc32_be(uint32_t arg0, uint32_t arg1)
{
uint8_t buf[4];
stl_be_p(buf, arg0);
@@ -2292,6 +2292,14 @@ uint32_t helper_crc32(uint32_t arg0, uint32_t arg1)
return crc32(arg1, buf, 4);
}
+uint32_t helper_crc32_le(uint32_t arg0, uint32_t arg1)
+{
+ uint8_t buf[4];
+ stl_le_p(buf, arg0);
+
+ return crc32(arg1, buf, 4);
+}
+
/* context save area (CSA) related helpers */
static int cdc_increment(target_ulong *psw)
diff --git a/target/tricore/translate.c b/target/tricore/translate.c
index 898557d22a..250de80de5 100644
--- a/target/tricore/translate.c
+++ b/target/tricore/translate.c
@@ -6190,13 +6190,21 @@ static void decode_rr_divide(DisasContext *ctx)
CHECK_REG_PAIR(r3);
gen_unpack(cpu_gpr_d[r3], cpu_gpr_d[r3+1], cpu_gpr_d[r1]);
break;
- case OPC2_32_RR_CRC32:
+ case OPC2_32_RR_CRC32: /* CRC32B.W in 1.6.2 */
if (has_feature(ctx, TRICORE_FEATURE_161)) {
- gen_helper_crc32(cpu_gpr_d[r3], cpu_gpr_d[r1], cpu_gpr_d[r2]);
+ gen_helper_crc32_be(cpu_gpr_d[r3], cpu_gpr_d[r1], cpu_gpr_d[r2]);
} else {
generate_trap(ctx, TRAPC_INSN_ERR, TIN2_IOPC);
}
break;
+ case OPC2_32_RR_CRC32L_W:
+ if (has_feature(ctx, TRICORE_FEATURE_162)) {
+ gen_helper_crc32_le(cpu_gpr_d[r3], cpu_gpr_d[r1], cpu_gpr_d[r2]);
+ } else {
+ generate_trap(ctx, TRAPC_INSN_ERR, TIN2_IOPC);
+ }
+ break;
+
case OPC2_32_RR_POPCNT_W:
if (has_feature(ctx, TRICORE_FEATURE_162)) {
tcg_gen_ctpop_tl(cpu_gpr_d[r3], cpu_gpr_d[r1]);
diff --git a/target/tricore/tricore-opcodes.h b/target/tricore/tricore-opcodes.h
index 9fab4bd75c..be07f82ec1 100644
--- a/target/tricore/tricore-opcodes.h
+++ b/target/tricore/tricore-opcodes.h
@@ -1139,7 +1139,8 @@ enum {
OPC2_32_RR_DVINIT_U = 0x0a,
OPC2_32_RR_PARITY = 0x02,
OPC2_32_RR_UNPACK = 0x08,
- OPC2_32_RR_CRC32 = 0x03,
+ OPC2_32_RR_CRC32 = 0x03, /* CRC32B.W in 1.6.2 */
+ OPC2_32_RR_CRC32L_W = 0x07, /* 1.6.2 only */
OPC2_32_RR_POPCNT_W = 0x22, /* 1.6.2 only */
OPC2_32_RR_DIV = 0x20,
OPC2_32_RR_DIV_U = 0x21,
--
2.40.1
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [PULL 05/20] target/tricore: Add crc32.b insn
2023-06-21 16:14 [PULL 00/20] tricore queue Bastian Koppelmann
` (3 preceding siblings ...)
2023-06-21 16:14 ` [PULL 04/20] target/tricore: Add crc32l.w insn Bastian Koppelmann
@ 2023-06-21 16:14 ` Bastian Koppelmann
2023-06-21 16:14 ` [PULL 06/20] target/tricore: Add shuffle insn Bastian Koppelmann
` (15 subsequent siblings)
20 siblings, 0 replies; 28+ messages in thread
From: Bastian Koppelmann @ 2023-06-21 16:14 UTC (permalink / raw)
To: qemu-devel; +Cc: kbastian, Richard Henderson
reported in https://gitlab.com/qemu-project/qemu/-/issues/1667
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230614100039.1337971-6-kbastian@mail.uni-paderborn.de>
---
target/tricore/helper.h | 1 +
target/tricore/op_helper.c | 8 ++++++++
target/tricore/translate.c | 7 +++++++
target/tricore/tricore-opcodes.h | 1 +
4 files changed, 17 insertions(+)
diff --git a/target/tricore/helper.h b/target/tricore/helper.h
index 24da5e97c0..a10576e09e 100644
--- a/target/tricore/helper.h
+++ b/target/tricore/helper.h
@@ -131,6 +131,7 @@ DEF_HELPER_FLAGS_5(mul_h, TCG_CALL_NO_RWG_SE, i64, i32, i32, i32, i32, i32)
DEF_HELPER_FLAGS_5(mulm_h, TCG_CALL_NO_RWG_SE, i64, i32, i32, i32, i32, i32)
DEF_HELPER_FLAGS_5(mulr_h, TCG_CALL_NO_RWG_SE, i32, i32, i32, i32, i32, i32)
/* crc32 */
+DEF_HELPER_FLAGS_2(crc32b, TCG_CALL_NO_RWG_SE, i32, i32, i32)
DEF_HELPER_FLAGS_2(crc32_be, TCG_CALL_NO_RWG_SE, i32, i32, i32)
DEF_HELPER_FLAGS_2(crc32_le, TCG_CALL_NO_RWG_SE, i32, i32, i32)
/* CSA */
diff --git a/target/tricore/op_helper.c b/target/tricore/op_helper.c
index 8ce404cb93..b6ef1462e4 100644
--- a/target/tricore/op_helper.c
+++ b/target/tricore/op_helper.c
@@ -2284,6 +2284,14 @@ uint32_t helper_mulr_h(uint32_t arg00, uint32_t arg01,
return (result1 & 0xffff0000) | (result0 >> 16);
}
+uint32_t helper_crc32b(uint32_t arg0, uint32_t arg1)
+{
+ uint8_t buf[1] = { arg0 & 0xff };
+
+ return crc32(arg1, buf, 1);
+}
+
+
uint32_t helper_crc32_be(uint32_t arg0, uint32_t arg1)
{
uint8_t buf[4];
diff --git a/target/tricore/translate.c b/target/tricore/translate.c
index 250de80de5..85526ef4db 100644
--- a/target/tricore/translate.c
+++ b/target/tricore/translate.c
@@ -6190,6 +6190,13 @@ static void decode_rr_divide(DisasContext *ctx)
CHECK_REG_PAIR(r3);
gen_unpack(cpu_gpr_d[r3], cpu_gpr_d[r3+1], cpu_gpr_d[r1]);
break;
+ case OPC2_32_RR_CRC32_B:
+ if (has_feature(ctx, TRICORE_FEATURE_162)) {
+ gen_helper_crc32b(cpu_gpr_d[r3], cpu_gpr_d[r1], cpu_gpr_d[r2]);
+ } else {
+ generate_trap(ctx, TRAPC_INSN_ERR, TIN2_IOPC);
+ }
+ break;
case OPC2_32_RR_CRC32: /* CRC32B.W in 1.6.2 */
if (has_feature(ctx, TRICORE_FEATURE_161)) {
gen_helper_crc32_be(cpu_gpr_d[r3], cpu_gpr_d[r1], cpu_gpr_d[r2]);
diff --git a/target/tricore/tricore-opcodes.h b/target/tricore/tricore-opcodes.h
index be07f82ec1..27f80e1702 100644
--- a/target/tricore/tricore-opcodes.h
+++ b/target/tricore/tricore-opcodes.h
@@ -1140,6 +1140,7 @@ enum {
OPC2_32_RR_PARITY = 0x02,
OPC2_32_RR_UNPACK = 0x08,
OPC2_32_RR_CRC32 = 0x03, /* CRC32B.W in 1.6.2 */
+ OPC2_32_RR_CRC32_B = 0x06, /* 1.6.2 only */
OPC2_32_RR_CRC32L_W = 0x07, /* 1.6.2 only */
OPC2_32_RR_POPCNT_W = 0x22, /* 1.6.2 only */
OPC2_32_RR_DIV = 0x20,
--
2.40.1
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [PULL 06/20] target/tricore: Add shuffle insn
2023-06-21 16:14 [PULL 00/20] tricore queue Bastian Koppelmann
` (4 preceding siblings ...)
2023-06-21 16:14 ` [PULL 05/20] target/tricore: Add crc32.b insn Bastian Koppelmann
@ 2023-06-21 16:14 ` Bastian Koppelmann
2023-06-21 16:14 ` [PULL 07/20] target/tricore: Implement SYCSCALL insn Bastian Koppelmann
` (14 subsequent siblings)
20 siblings, 0 replies; 28+ messages in thread
From: Bastian Koppelmann @ 2023-06-21 16:14 UTC (permalink / raw)
To: qemu-devel; +Cc: kbastian, Richard Henderson
this is based on code by volumit (https://github.com/volumit/qemu/).
Reported in https://gitlab.com/qemu-project/qemu/-/issues/1667
and https://gitlab.com/qemu-project/qemu/-/issues/1452.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230614100039.1337971-7-kbastian@mail.uni-paderborn.de>
---
target/tricore/helper.h | 1 +
target/tricore/op_helper.c | 36 ++++++++++++++++++++++++++++++++
target/tricore/translate.c | 8 +++++++
target/tricore/tricore-opcodes.h | 1 +
4 files changed, 46 insertions(+)
diff --git a/target/tricore/helper.h b/target/tricore/helper.h
index a10576e09e..31d71eac7a 100644
--- a/target/tricore/helper.h
+++ b/target/tricore/helper.h
@@ -134,6 +134,7 @@ DEF_HELPER_FLAGS_5(mulr_h, TCG_CALL_NO_RWG_SE, i32, i32, i32, i32, i32, i32)
DEF_HELPER_FLAGS_2(crc32b, TCG_CALL_NO_RWG_SE, i32, i32, i32)
DEF_HELPER_FLAGS_2(crc32_be, TCG_CALL_NO_RWG_SE, i32, i32, i32)
DEF_HELPER_FLAGS_2(crc32_le, TCG_CALL_NO_RWG_SE, i32, i32, i32)
+DEF_HELPER_FLAGS_2(shuffle, TCG_CALL_NO_RWG_SE, i32, i32, i32)
/* CSA */
DEF_HELPER_2(call, void, env, i32)
DEF_HELPER_1(ret, void, env)
diff --git a/target/tricore/op_helper.c b/target/tricore/op_helper.c
index b6ef1462e4..026e15f3e0 100644
--- a/target/tricore/op_helper.c
+++ b/target/tricore/op_helper.c
@@ -2308,6 +2308,42 @@ uint32_t helper_crc32_le(uint32_t arg0, uint32_t arg1)
return crc32(arg1, buf, 4);
}
+uint32_t helper_shuffle(uint32_t arg0, uint32_t arg1)
+{
+ uint32_t resb;
+ uint32_t byte_select;
+ uint32_t res = 0;
+
+ byte_select = arg1 & 0x3;
+ resb = extract32(arg0, byte_select * 8, 8);
+ res |= resb << 0;
+
+ byte_select = (arg1 >> 2) & 0x3;
+ resb = extract32(arg0, byte_select * 8, 8);
+ res |= resb << 8;
+
+ byte_select = (arg1 >> 4) & 0x3;
+ resb = extract32(arg0, byte_select * 8, 8);
+ res |= resb << 16;
+
+ byte_select = (arg1 >> 6) & 0x3;
+ resb = extract32(arg0, byte_select * 8, 8);
+ res |= resb << 24;
+
+ if (arg1 & 0x100) {
+ /* Assign the correct nibble position. */
+ res = ((res & 0xf0f0f0f0) >> 4)
+ | ((res & 0x0f0f0f0f) << 4);
+ /* Assign the correct bit position. */
+ res = ((res & 0x88888888) >> 3)
+ | ((res & 0x44444444) >> 1)
+ | ((res & 0x22222222) << 1)
+ | ((res & 0x11111111) << 3);
+ }
+
+ return res;
+}
+
/* context save area (CSA) related helpers */
static int cdc_increment(target_ulong *psw)
diff --git a/target/tricore/translate.c b/target/tricore/translate.c
index 85526ef4db..a4c60e8ae2 100644
--- a/target/tricore/translate.c
+++ b/target/tricore/translate.c
@@ -5011,6 +5011,14 @@ static void decode_rc_logical_shift(DisasContext *ctx)
case OPC2_32_RC_XOR:
tcg_gen_xori_tl(cpu_gpr_d[r2], cpu_gpr_d[r1], const9);
break;
+ case OPC2_32_RC_SHUFFLE:
+ if (has_feature(ctx, TRICORE_FEATURE_162)) {
+ TCGv temp = tcg_constant_i32(const9);
+ gen_helper_shuffle(cpu_gpr_d[r2], cpu_gpr_d[r1], temp);
+ } else {
+ generate_trap(ctx, TRAPC_INSN_ERR, TIN2_IOPC);
+ }
+ break;
default:
generate_trap(ctx, TRAPC_INSN_ERR, TIN2_IOPC);
}
diff --git a/target/tricore/tricore-opcodes.h b/target/tricore/tricore-opcodes.h
index 27f80e1702..af63926731 100644
--- a/target/tricore/tricore-opcodes.h
+++ b/target/tricore/tricore-opcodes.h
@@ -885,6 +885,7 @@ enum {
OPC2_32_RC_SHAS = 0x02,
OPC2_32_RC_XNOR = 0x0d,
OPC2_32_RC_XOR = 0x0c,
+ OPC2_32_RC_SHUFFLE = 0x07, /* v1.6.2 only */
};
/* OPCM_32_RC_ACCUMULATOR */
enum {
--
2.40.1
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [PULL 07/20] target/tricore: Implement SYCSCALL insn
2023-06-21 16:14 [PULL 00/20] tricore queue Bastian Koppelmann
` (5 preceding siblings ...)
2023-06-21 16:14 ` [PULL 06/20] target/tricore: Add shuffle insn Bastian Koppelmann
@ 2023-06-21 16:14 ` Bastian Koppelmann
2023-06-21 16:14 ` [PULL 08/20] target/tricore: Add DISABLE insn variant Bastian Koppelmann
` (13 subsequent siblings)
20 siblings, 0 replies; 28+ messages in thread
From: Bastian Koppelmann @ 2023-06-21 16:14 UTC (permalink / raw)
To: qemu-devel; +Cc: kbastian, Richard Henderson
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1452
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230614100039.1337971-8-kbastian@mail.uni-paderborn.de>
---
target/tricore/translate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/tricore/translate.c b/target/tricore/translate.c
index a4c60e8ae2..f01000efd4 100644
--- a/target/tricore/translate.c
+++ b/target/tricore/translate.c
@@ -5236,7 +5236,7 @@ static void decode_rc_serviceroutine(DisasContext *ctx)
gen_helper_1arg(bisr, const9);
break;
case OPC2_32_RC_SYSCALL:
- /* TODO: Add exception generation */
+ generate_trap(ctx, TRAPC_SYSCALL, const9 & 0xff);
break;
default:
generate_trap(ctx, TRAPC_INSN_ERR, TIN2_IOPC);
--
2.40.1
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [PULL 08/20] target/tricore: Add DISABLE insn variant
2023-06-21 16:14 [PULL 00/20] tricore queue Bastian Koppelmann
` (6 preceding siblings ...)
2023-06-21 16:14 ` [PULL 07/20] target/tricore: Implement SYCSCALL insn Bastian Koppelmann
@ 2023-06-21 16:14 ` Bastian Koppelmann
2023-06-21 16:14 ` [PULL 09/20] target/tricore: Fix out-of-bounds index in imask instruction Bastian Koppelmann
` (12 subsequent siblings)
20 siblings, 0 replies; 28+ messages in thread
From: Bastian Koppelmann @ 2023-06-21 16:14 UTC (permalink / raw)
To: qemu-devel; +Cc: kbastian, Richard Henderson
this variant saves the 'IE' bit to a 'd' register. The 'IE' bitfield
changed from ISA version 1.6.1, so we add icr_ie_offset to DisasContext
as with the other DISABLE insn.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230614100039.1337971-9-kbastian@mail.uni-paderborn.de>
---
target/tricore/translate.c | 11 ++++++++++-
target/tricore/tricore-opcodes.h | 1 +
2 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/target/tricore/translate.c b/target/tricore/translate.c
index f01000efd4..6712d98f6e 100644
--- a/target/tricore/translate.c
+++ b/target/tricore/translate.c
@@ -75,7 +75,7 @@ typedef struct DisasContext {
int mem_idx;
uint32_t hflags, saved_hflags;
uint64_t features;
- uint32_t icr_ie_mask;
+ uint32_t icr_ie_mask, icr_ie_offset;
} DisasContext;
static int has_feature(DisasContext *ctx, int feature)
@@ -7883,6 +7883,13 @@ static void decode_sys_interrupts(DisasContext *ctx)
case OPC2_32_SYS_DISABLE:
tcg_gen_andi_tl(cpu_ICR, cpu_ICR, ~ctx->icr_ie_mask);
break;
+ case OPC2_32_SYS_DISABLE_D:
+ if (has_feature(ctx, TRICORE_FEATURE_16)) {
+ tcg_gen_extract_tl(cpu_gpr_d[r1], cpu_ICR, ctx->icr_ie_offset, 1);
+ tcg_gen_andi_tl(cpu_ICR, cpu_ICR, ~ctx->icr_ie_mask);
+ } else {
+ generate_trap(ctx, TRAPC_INSN_ERR, TIN2_IOPC);
+ }
case OPC2_32_SYS_DSYNC:
break;
case OPC2_32_SYS_ENABLE:
@@ -8302,8 +8309,10 @@ static void tricore_tr_init_disas_context(DisasContextBase *dcbase,
ctx->features = env->features;
if (has_feature(ctx, TRICORE_FEATURE_161)) {
ctx->icr_ie_mask = R_ICR_IE_161_MASK;
+ ctx->icr_ie_offset = R_ICR_IE_161_SHIFT;
} else {
ctx->icr_ie_mask = R_ICR_IE_13_MASK;
+ ctx->icr_ie_offset = R_ICR_IE_13_SHIFT;
}
}
diff --git a/target/tricore/tricore-opcodes.h b/target/tricore/tricore-opcodes.h
index af63926731..bc62b73173 100644
--- a/target/tricore/tricore-opcodes.h
+++ b/target/tricore/tricore-opcodes.h
@@ -1467,6 +1467,7 @@ enum {
enum {
OPC2_32_SYS_DEBUG = 0x04,
OPC2_32_SYS_DISABLE = 0x0d,
+ OPC2_32_SYS_DISABLE_D = 0x0f, /* 1.6 up */
OPC2_32_SYS_DSYNC = 0x12,
OPC2_32_SYS_ENABLE = 0x0c,
OPC2_32_SYS_ISYNC = 0x13,
--
2.40.1
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [PULL 09/20] target/tricore: Fix out-of-bounds index in imask instruction
2023-06-21 16:14 [PULL 00/20] tricore queue Bastian Koppelmann
` (7 preceding siblings ...)
2023-06-21 16:14 ` [PULL 08/20] target/tricore: Add DISABLE insn variant Bastian Koppelmann
@ 2023-06-21 16:14 ` Bastian Koppelmann
2023-06-22 7:43 ` Michael Tokarev
2023-06-21 16:14 ` [PULL 10/20] target/tricore: Correctly fix saving PSW.CDE to CSA on call Bastian Koppelmann
` (11 subsequent siblings)
20 siblings, 1 reply; 28+ messages in thread
From: Bastian Koppelmann @ 2023-06-21 16:14 UTC (permalink / raw)
To: qemu-devel; +Cc: kbastian, Siqi Chen
From: Siqi Chen <coc.cyqh@gmail.com>
When translating "imask" instruction of Tricore architecture, QEMU did not check whether the register index was out of bounds, resulting in a global-buffer-overflow.
Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1698
Reported-by: Siqi Chen <coc.cyqh@gmail.com>
Signed-off-by: Siqi Chen <coc.cyqh@gmail.com>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230612065633.149152-1-coc.cyqh@gmail.com>
Message-Id: <20230612113245.56667-2-kbastian@mail.uni-paderborn.de>
---
target/tricore/translate.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/target/tricore/translate.c b/target/tricore/translate.c
index 6712d98f6e..74faad4794 100644
--- a/target/tricore/translate.c
+++ b/target/tricore/translate.c
@@ -5339,6 +5339,7 @@ static void decode_rcrw_insert(DisasContext *ctx)
switch (op2) {
case OPC2_32_RCRW_IMASK:
+ CHECK_REG_PAIR(r4);
tcg_gen_andi_tl(temp, cpu_gpr_d[r3], 0x1f);
tcg_gen_movi_tl(temp2, (1 << width) - 1);
tcg_gen_shl_tl(cpu_gpr_d[r4 + 1], temp2, temp);
--
2.40.1
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [PULL 10/20] target/tricore: Correctly fix saving PSW.CDE to CSA on call
2023-06-21 16:14 [PULL 00/20] tricore queue Bastian Koppelmann
` (8 preceding siblings ...)
2023-06-21 16:14 ` [PULL 09/20] target/tricore: Fix out-of-bounds index in imask instruction Bastian Koppelmann
@ 2023-06-21 16:14 ` Bastian Koppelmann
2023-06-21 16:14 ` [PULL 11/20] target/tricore: Add CHECK_REG_PAIR() for insn accessing 64 bit regs Bastian Koppelmann
` (10 subsequent siblings)
20 siblings, 0 replies; 28+ messages in thread
From: Bastian Koppelmann @ 2023-06-21 16:14 UTC (permalink / raw)
To: qemu-devel; +Cc: kbastian
we don't want to save PSW.CDC to the CSA, but PSW.CDE must be saved.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1699
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230612113245.56667-3-kbastian@mail.uni-paderborn.de>
---
target/tricore/op_helper.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/target/tricore/op_helper.c b/target/tricore/op_helper.c
index 026e15f3e0..9a7a26b171 100644
--- a/target/tricore/op_helper.c
+++ b/target/tricore/op_helper.c
@@ -2499,7 +2499,12 @@ void helper_call(CPUTriCoreState *env, uint32_t next_pc)
}
/* PSW.CDE = 1;*/
psw |= MASK_PSW_CDE;
- psw_write(env, psw);
+ /*
+ * we need to save PSW.CDE and not PSW.CDC into the CSAs. psw already
+ * contains the CDC from cdc_increment(), so we cannot call psw_write()
+ * here.
+ */
+ env->PSW |= MASK_PSW_CDE;
/* tmp_FCX = FCX; */
tmp_FCX = env->FCX;
--
2.40.1
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [PULL 11/20] target/tricore: Add CHECK_REG_PAIR() for insn accessing 64 bit regs
2023-06-21 16:14 [PULL 00/20] tricore queue Bastian Koppelmann
` (9 preceding siblings ...)
2023-06-21 16:14 ` [PULL 10/20] target/tricore: Correctly fix saving PSW.CDE to CSA on call Bastian Koppelmann
@ 2023-06-21 16:14 ` Bastian Koppelmann
2023-06-21 16:14 ` [PULL 12/20] target/tricore: Fix helper_ret() not correctly restoring PSW Bastian Koppelmann
` (9 subsequent siblings)
20 siblings, 0 replies; 28+ messages in thread
From: Bastian Koppelmann @ 2023-06-21 16:14 UTC (permalink / raw)
To: qemu-devel; +Cc: kbastian, Siqi Chen
some insns were not checking if an even index was used to access a 64
bit register. In the worst case that could lead to a buffer overflow as
reported in https://gitlab.com/qemu-project/qemu/-/issues/1698.
Reported-by: Siqi Chen <coc.cyqh@gmail.com>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230612113245.56667-4-kbastian@mail.uni-paderborn.de>
---
target/tricore/translate.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/target/tricore/translate.c b/target/tricore/translate.c
index 74faad4794..d1b319e374 100644
--- a/target/tricore/translate.c
+++ b/target/tricore/translate.c
@@ -309,6 +309,7 @@ static void gen_cmpswap(DisasContext *ctx, int reg, TCGv ea)
{
TCGv temp = tcg_temp_new();
TCGv temp2 = tcg_temp_new();
+ CHECK_REG_PAIR(reg);
tcg_gen_qemu_ld_tl(temp, ea, ctx->mem_idx, MO_LEUL);
tcg_gen_movcond_tl(TCG_COND_EQ, temp2, cpu_gpr_d[reg+1], temp,
cpu_gpr_d[reg], temp);
@@ -321,7 +322,7 @@ static void gen_swapmsk(DisasContext *ctx, int reg, TCGv ea)
TCGv temp = tcg_temp_new();
TCGv temp2 = tcg_temp_new();
TCGv temp3 = tcg_temp_new();
-
+ CHECK_REG_PAIR(reg);
tcg_gen_qemu_ld_tl(temp, ea, ctx->mem_idx, MO_LEUL);
tcg_gen_and_tl(temp2, cpu_gpr_d[reg], cpu_gpr_d[reg+1]);
tcg_gen_andc_tl(temp3, temp, cpu_gpr_d[reg+1]);
@@ -3219,6 +3220,7 @@ static void decode_src_opc(DisasContext *ctx, int op1)
break;
case OPC1_16_SRC_MOV_E:
if (has_feature(ctx, TRICORE_FEATURE_16)) {
+ CHECK_REG_PAIR(r1);
tcg_gen_movi_tl(cpu_gpr_d[r1], const4);
tcg_gen_sari_tl(cpu_gpr_d[r1+1], cpu_gpr_d[r1], 31);
} else {
@@ -6180,6 +6182,7 @@ static void decode_rr_divide(DisasContext *ctx)
tcg_gen_sari_tl(cpu_gpr_d[r3+1], cpu_gpr_d[r1], 31);
break;
case OPC2_32_RR_DVINIT_U:
+ CHECK_REG_PAIR(r3);
/* overflow = (D[b] == 0) */
tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_PSW_V, cpu_gpr_d[r2], 0);
tcg_gen_shli_tl(cpu_PSW_V, cpu_PSW_V, 31);
@@ -6230,6 +6233,7 @@ static void decode_rr_divide(DisasContext *ctx)
break;
case OPC2_32_RR_DIV:
if (has_feature(ctx, TRICORE_FEATURE_16)) {
+ CHECK_REG_PAIR(r3);
GEN_HELPER_RR(divide, cpu_gpr_d[r3], cpu_gpr_d[r3+1], cpu_gpr_d[r1],
cpu_gpr_d[r2]);
} else {
@@ -6238,6 +6242,7 @@ static void decode_rr_divide(DisasContext *ctx)
break;
case OPC2_32_RR_DIV_U:
if (has_feature(ctx, TRICORE_FEATURE_16)) {
+ CHECK_REG_PAIR(r3);
GEN_HELPER_RR(divide_u, cpu_gpr_d[r3], cpu_gpr_d[r3+1],
cpu_gpr_d[r1], cpu_gpr_d[r2]);
} else {
@@ -6764,6 +6769,8 @@ static void decode_rrr2_msub(DisasContext *ctx)
cpu_gpr_d[r3], cpu_gpr_d[r3+1], cpu_gpr_d[r2]);
break;
case OPC2_32_RRR2_MSUB_U_64:
+ CHECK_REG_PAIR(r4);
+ CHECK_REG_PAIR(r3);
gen_msubu64_d(cpu_gpr_d[r4], cpu_gpr_d[r4+1], cpu_gpr_d[r1],
cpu_gpr_d[r3], cpu_gpr_d[r3+1], cpu_gpr_d[r2]);
break;
@@ -7847,7 +7854,7 @@ static void decode_rrrw_extract_insert(DisasContext *ctx)
break;
case OPC2_32_RRRW_IMASK:
temp2 = tcg_temp_new();
-
+ CHECK_REG_PAIR(r4);
tcg_gen_andi_tl(temp, cpu_gpr_d[r3], 0x1f);
tcg_gen_movi_tl(temp2, (1 << width) - 1);
tcg_gen_shl_tl(temp2, temp2, temp);
--
2.40.1
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [PULL 12/20] target/tricore: Fix helper_ret() not correctly restoring PSW
2023-06-21 16:14 [PULL 00/20] tricore queue Bastian Koppelmann
` (10 preceding siblings ...)
2023-06-21 16:14 ` [PULL 11/20] target/tricore: Add CHECK_REG_PAIR() for insn accessing 64 bit regs Bastian Koppelmann
@ 2023-06-21 16:14 ` Bastian Koppelmann
2023-06-21 16:14 ` [PULL 13/20] target/tricore: Fix RR_JLI clobbering reg A[11] Bastian Koppelmann
` (8 subsequent siblings)
20 siblings, 0 replies; 28+ messages in thread
From: Bastian Koppelmann @ 2023-06-21 16:14 UTC (permalink / raw)
To: qemu-devel; +Cc: kbastian
We are always taking the TRICORE_FEATURE_13 branch as every CPU has TRICORE_FEATURE_13.
For CPUs with ISA > 1.3 we have to take the else branch.
We fix this by inverting the condition. We check for
TRICORE_FEATURE_131, which every CPU except TRICORE_FEATURE_13 CPUs
have.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1700
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230612113245.56667-5-kbastian@mail.uni-paderborn.de>
---
target/tricore/op_helper.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/target/tricore/op_helper.c b/target/tricore/op_helper.c
index 9a7a26b171..821a4b67cb 100644
--- a/target/tricore/op_helper.c
+++ b/target/tricore/op_helper.c
@@ -2584,12 +2584,12 @@ void helper_ret(CPUTriCoreState *env)
/* PCXI = new_PCXI; */
env->PCXI = new_PCXI;
- if (tricore_feature(env, TRICORE_FEATURE_13)) {
- /* PSW = new_PSW */
- psw_write(env, new_PSW);
- } else {
+ if (tricore_feature(env, TRICORE_FEATURE_131)) {
/* PSW = {new_PSW[31:26], PSW[25:24], new_PSW[23:0]}; */
psw_write(env, (new_PSW & ~(0x3000000)) + (psw & (0x3000000)));
+ } else { /* TRICORE_FEATURE_13 only */
+ /* PSW = new_PSW */
+ psw_write(env, new_PSW);
}
}
--
2.40.1
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [PULL 13/20] target/tricore: Fix RR_JLI clobbering reg A[11]
2023-06-21 16:14 [PULL 00/20] tricore queue Bastian Koppelmann
` (11 preceding siblings ...)
2023-06-21 16:14 ` [PULL 12/20] target/tricore: Fix helper_ret() not correctly restoring PSW Bastian Koppelmann
@ 2023-06-21 16:14 ` Bastian Koppelmann
2023-06-21 16:14 ` [PULL 14/20] target/tricore: Introduce DISAS_TARGET_EXIT Bastian Koppelmann
` (7 subsequent siblings)
20 siblings, 0 replies; 28+ messages in thread
From: Bastian Koppelmann @ 2023-06-21 16:14 UTC (permalink / raw)
To: qemu-devel; +Cc: kbastian, Richard Henderson
if A[r1] == A[11], then we would overwrite the destination address of
the jump with the return address.
Reported-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230621142302.1648383-2-kbastian@mail.uni-paderborn.de>
---
target/tricore/translate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/tricore/translate.c b/target/tricore/translate.c
index d1b319e374..cca52c75b2 100644
--- a/target/tricore/translate.c
+++ b/target/tricore/translate.c
@@ -6064,8 +6064,8 @@ static void decode_rr_idirect(DisasContext *ctx)
tcg_gen_andi_tl(cpu_PC, cpu_gpr_a[r1], ~0x1);
break;
case OPC2_32_RR_JLI:
- tcg_gen_movi_tl(cpu_gpr_a[11], ctx->pc_succ_insn);
tcg_gen_andi_tl(cpu_PC, cpu_gpr_a[r1], ~0x1);
+ tcg_gen_movi_tl(cpu_gpr_a[11], ctx->pc_succ_insn);
break;
case OPC2_32_RR_CALLI:
gen_helper_1arg(call, ctx->pc_succ_insn);
--
2.40.1
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [PULL 14/20] target/tricore: Introduce DISAS_TARGET_EXIT
2023-06-21 16:14 [PULL 00/20] tricore queue Bastian Koppelmann
` (12 preceding siblings ...)
2023-06-21 16:14 ` [PULL 13/20] target/tricore: Fix RR_JLI clobbering reg A[11] Bastian Koppelmann
@ 2023-06-21 16:14 ` Bastian Koppelmann
2023-06-21 16:14 ` [PULL 15/20] target/tricore: ENABLE exit to main-loop Bastian Koppelmann
` (6 subsequent siblings)
20 siblings, 0 replies; 28+ messages in thread
From: Bastian Koppelmann @ 2023-06-21 16:14 UTC (permalink / raw)
To: qemu-devel; +Cc: kbastian, Richard Henderson
this replaces all calls to tcg_gen_exit_tb() and moves them to
tricore_tb_stop().
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230621142302.1648383-3-kbastian@mail.uni-paderborn.de>
---
target/tricore/translate.c | 25 ++++++++++++-------------
1 file changed, 12 insertions(+), 13 deletions(-)
diff --git a/target/tricore/translate.c b/target/tricore/translate.c
index cca52c75b2..ef74e9f234 100644
--- a/target/tricore/translate.c
+++ b/target/tricore/translate.c
@@ -37,6 +37,7 @@
#include "exec/helper-info.c.inc"
#undef HELPER_H
+#define DISAS_EXIT DISAS_TARGET_0
/*
* TCG registers
@@ -2836,6 +2837,7 @@ static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
gen_save_pc(dest);
tcg_gen_lookup_and_goto_ptr();
}
+ ctx->base.is_jmp = DISAS_NORETURN;
}
static void generate_trap(DisasContext *ctx, int class, int tin)
@@ -2896,8 +2898,7 @@ static void gen_fret(DisasContext *ctx)
tcg_gen_qemu_ld_tl(cpu_gpr_a[11], cpu_gpr_a[10], ctx->mem_idx, MO_LESL);
tcg_gen_addi_tl(cpu_gpr_a[10], cpu_gpr_a[10], 4);
tcg_gen_mov_tl(cpu_PC, temp);
- tcg_gen_exit_tb(NULL, 0);
- ctx->base.is_jmp = DISAS_NORETURN;
+ ctx->base.is_jmp = DISAS_EXIT;
}
static void gen_compute_branch(DisasContext *ctx, uint32_t opc, int r1,
@@ -2996,12 +2997,12 @@ static void gen_compute_branch(DisasContext *ctx, uint32_t opc, int r1,
/* SR-format jumps */
case OPC1_16_SR_JI:
tcg_gen_andi_tl(cpu_PC, cpu_gpr_a[r1], 0xfffffffe);
- tcg_gen_exit_tb(NULL, 0);
+ ctx->base.is_jmp = DISAS_EXIT;
break;
case OPC2_32_SYS_RET:
case OPC2_16_SR_RET:
gen_helper_ret(cpu_env);
- tcg_gen_exit_tb(NULL, 0);
+ ctx->base.is_jmp = DISAS_EXIT;
break;
/* B-format */
case OPC1_32_B_CALLA:
@@ -3153,7 +3154,6 @@ static void gen_compute_branch(DisasContext *ctx, uint32_t opc, int r1,
default:
generate_trap(ctx, TRAPC_INSN_ERR, TIN2_IOPC);
}
- ctx->base.is_jmp = DISAS_NORETURN;
}
@@ -3495,8 +3495,7 @@ static void decode_sr_system(DisasContext *ctx)
break;
case OPC2_16_SR_RFE:
gen_helper_rfe(cpu_env);
- tcg_gen_exit_tb(NULL, 0);
- ctx->base.is_jmp = DISAS_NORETURN;
+ ctx->base.is_jmp = DISAS_EXIT;
break;
case OPC2_16_SR_DEBUG:
/* raise EXCP_DEBUG */
@@ -6078,8 +6077,7 @@ static void decode_rr_idirect(DisasContext *ctx)
default:
generate_trap(ctx, TRAPC_INSN_ERR, TIN2_IOPC);
}
- tcg_gen_exit_tb(NULL, 0);
- ctx->base.is_jmp = DISAS_NORETURN;
+ ctx->base.is_jmp = DISAS_EXIT;
}
static void decode_rr_divide(DisasContext *ctx)
@@ -7915,8 +7913,7 @@ static void decode_sys_interrupts(DisasContext *ctx)
break;
case OPC2_32_SYS_RFE:
gen_helper_rfe(cpu_env);
- tcg_gen_exit_tb(NULL, 0);
- ctx->base.is_jmp = DISAS_NORETURN;
+ ctx->base.is_jmp = DISAS_EXIT;
break;
case OPC2_32_SYS_RFM:
if ((ctx->hflags & TRICORE_HFLAG_KUU) == TRICORE_HFLAG_SM) {
@@ -7928,8 +7925,7 @@ static void decode_sys_interrupts(DisasContext *ctx)
tcg_gen_brcondi_tl(TCG_COND_NE, tmp, 1, l1);
gen_helper_rfm(cpu_env);
gen_set_label(l1);
- tcg_gen_exit_tb(NULL, 0);
- ctx->base.is_jmp = DISAS_NORETURN;
+ ctx->base.is_jmp = DISAS_EXIT;
} else {
/* generate privilege trap */
}
@@ -8391,6 +8387,9 @@ static void tricore_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
case DISAS_TOO_MANY:
gen_goto_tb(ctx, 0, ctx->base.pc_next);
break;
+ case DISAS_EXIT:
+ tcg_gen_exit_tb(NULL, 0);
+ break;
case DISAS_NORETURN:
break;
default:
--
2.40.1
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [PULL 15/20] target/tricore: ENABLE exit to main-loop
2023-06-21 16:14 [PULL 00/20] tricore queue Bastian Koppelmann
` (13 preceding siblings ...)
2023-06-21 16:14 ` [PULL 14/20] target/tricore: Introduce DISAS_TARGET_EXIT Bastian Koppelmann
@ 2023-06-21 16:14 ` Bastian Koppelmann
2023-06-21 16:14 ` [PULL 16/20] target/tricore: Indirect jump insns use tcg_gen_lookup_and_goto_ptr() Bastian Koppelmann
` (5 subsequent siblings)
20 siblings, 0 replies; 28+ messages in thread
From: Bastian Koppelmann @ 2023-06-21 16:14 UTC (permalink / raw)
To: qemu-devel; +Cc: kbastian, Richard Henderson
so we can recognize exceptions after re-enabling interrupts.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reported-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230621142302.1648383-4-kbastian@mail.uni-paderborn.de>
---
target/tricore/translate.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/target/tricore/translate.c b/target/tricore/translate.c
index ef74e9f234..98e2767d21 100644
--- a/target/tricore/translate.c
+++ b/target/tricore/translate.c
@@ -38,6 +38,7 @@
#undef HELPER_H
#define DISAS_EXIT DISAS_TARGET_0
+#define DISAS_EXIT_UPDATE DISAS_TARGET_1
/*
* TCG registers
@@ -7900,6 +7901,7 @@ static void decode_sys_interrupts(DisasContext *ctx)
break;
case OPC2_32_SYS_ENABLE:
tcg_gen_ori_tl(cpu_ICR, cpu_ICR, ctx->icr_ie_mask);
+ ctx->base.is_jmp = DISAS_EXIT_UPDATE;
break;
case OPC2_32_SYS_ISYNC:
break;
@@ -8387,6 +8389,9 @@ static void tricore_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
case DISAS_TOO_MANY:
gen_goto_tb(ctx, 0, ctx->base.pc_next);
break;
+ case DISAS_EXIT_UPDATE:
+ gen_save_pc(ctx->base.pc_next);
+ /* fall through */
case DISAS_EXIT:
tcg_gen_exit_tb(NULL, 0);
break;
--
2.40.1
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [PULL 16/20] target/tricore: Indirect jump insns use tcg_gen_lookup_and_goto_ptr()
2023-06-21 16:14 [PULL 00/20] tricore queue Bastian Koppelmann
` (14 preceding siblings ...)
2023-06-21 16:14 ` [PULL 15/20] target/tricore: ENABLE exit to main-loop Bastian Koppelmann
@ 2023-06-21 16:14 ` Bastian Koppelmann
2023-06-21 16:14 ` [PULL 17/20] target/tricore: Introduce priv tb flag Bastian Koppelmann
` (4 subsequent siblings)
20 siblings, 0 replies; 28+ messages in thread
From: Bastian Koppelmann @ 2023-06-21 16:14 UTC (permalink / raw)
To: qemu-devel; +Cc: kbastian, Richard Henderson
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230621142302.1648383-5-kbastian@mail.uni-paderborn.de>
---
target/tricore/translate.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/target/tricore/translate.c b/target/tricore/translate.c
index 98e2767d21..fb6f0caa24 100644
--- a/target/tricore/translate.c
+++ b/target/tricore/translate.c
@@ -39,6 +39,7 @@
#define DISAS_EXIT DISAS_TARGET_0
#define DISAS_EXIT_UPDATE DISAS_TARGET_1
+#define DISAS_JUMP DISAS_TARGET_2
/*
* TCG registers
@@ -6077,8 +6078,9 @@ static void decode_rr_idirect(DisasContext *ctx)
break;
default:
generate_trap(ctx, TRAPC_INSN_ERR, TIN2_IOPC);
+ return;
}
- ctx->base.is_jmp = DISAS_EXIT;
+ ctx->base.is_jmp = DISAS_JUMP;
}
static void decode_rr_divide(DisasContext *ctx)
@@ -8395,6 +8397,9 @@ static void tricore_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
case DISAS_EXIT:
tcg_gen_exit_tb(NULL, 0);
break;
+ case DISAS_JUMP:
+ tcg_gen_lookup_and_goto_ptr();
+ break;
case DISAS_NORETURN:
break;
default:
--
2.40.1
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [PULL 17/20] target/tricore: Introduce priv tb flag
2023-06-21 16:14 [PULL 00/20] tricore queue Bastian Koppelmann
` (15 preceding siblings ...)
2023-06-21 16:14 ` [PULL 16/20] target/tricore: Indirect jump insns use tcg_gen_lookup_and_goto_ptr() Bastian Koppelmann
@ 2023-06-21 16:14 ` Bastian Koppelmann
2023-06-21 16:14 ` [PULL 18/20] target/tricore: Implement privilege level for all insns Bastian Koppelmann
` (3 subsequent siblings)
20 siblings, 0 replies; 28+ messages in thread
From: Bastian Koppelmann @ 2023-06-21 16:14 UTC (permalink / raw)
To: qemu-devel; +Cc: kbastian, Richard Henderson
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230621142302.1648383-6-kbastian@mail.uni-paderborn.de>
---
target/tricore/cpu.h | 17 ++++++++++++-----
target/tricore/translate.c | 14 ++++++++------
2 files changed, 20 insertions(+), 11 deletions(-)
diff --git a/target/tricore/cpu.h b/target/tricore/cpu.h
index 041fc0b6e5..257fcf3cee 100644
--- a/target/tricore/cpu.h
+++ b/target/tricore/cpu.h
@@ -263,10 +263,11 @@ void icr_set_ie(CPUTriCoreState *env, uint32_t val);
#define MASK_DBGSR_PEVT 0x40
#define MASK_DBGSR_EVTSRC 0x1f00
-#define TRICORE_HFLAG_KUU 0x3
-#define TRICORE_HFLAG_UM0 0x00002 /* user mode-0 flag */
-#define TRICORE_HFLAG_UM1 0x00001 /* user mode-1 flag */
-#define TRICORE_HFLAG_SM 0x00000 /* kernel mode flag */
+enum tricore_priv_levels {
+ TRICORE_PRIV_UM0 = 0x0, /* user mode-0 flag */
+ TRICORE_PRIV_UM1 = 0x1, /* user mode-1 flag */
+ TRICORE_PRIV_SM = 0x2, /* kernel mode flag */
+};
enum tricore_features {
TRICORE_FEATURE_13,
@@ -378,15 +379,21 @@ static inline int cpu_mmu_index(CPUTriCoreState *env, bool ifetch)
#include "exec/cpu-all.h"
+FIELD(TB_FLAGS, PRIV, 0, 2)
+
void cpu_state_reset(CPUTriCoreState *s);
void tricore_tcg_init(void);
static inline void cpu_get_tb_cpu_state(CPUTriCoreState *env, target_ulong *pc,
target_ulong *cs_base, uint32_t *flags)
{
+ uint32_t new_flags = 0;
*pc = env->PC;
*cs_base = 0;
- *flags = 0;
+
+ new_flags |= FIELD_DP32(new_flags, TB_FLAGS, PRIV,
+ extract32(env->PSW, 10, 2));
+ *flags = new_flags;
}
#define TRICORE_CPU_TYPE_SUFFIX "-" TYPE_TRICORE_CPU
diff --git a/target/tricore/translate.c b/target/tricore/translate.c
index fb6f0caa24..6932a54663 100644
--- a/target/tricore/translate.c
+++ b/target/tricore/translate.c
@@ -76,7 +76,7 @@ typedef struct DisasContext {
uint32_t opcode;
/* Routine used to access memory */
int mem_idx;
- uint32_t hflags, saved_hflags;
+ int priv;
uint64_t features;
uint32_t icr_ie_mask, icr_ie_offset;
} DisasContext;
@@ -378,7 +378,7 @@ static inline void gen_mfcr(DisasContext *ctx, TCGv ret, int32_t offset)
static inline void gen_mtcr(DisasContext *ctx, TCGv r1,
int32_t offset)
{
- if ((ctx->hflags & TRICORE_HFLAG_KUU) == TRICORE_HFLAG_SM) {
+ if (ctx->priv == TRICORE_PRIV_SM) {
/* since we're caching PSW make this a special case */
if (offset == 0xfe04) {
gen_helper_psw_write(cpu_env, r1);
@@ -7920,7 +7920,7 @@ static void decode_sys_interrupts(DisasContext *ctx)
ctx->base.is_jmp = DISAS_EXIT;
break;
case OPC2_32_SYS_RFM:
- if ((ctx->hflags & TRICORE_HFLAG_KUU) == TRICORE_HFLAG_SM) {
+ if (ctx->priv == TRICORE_PRIV_SM) {
tmp = tcg_temp_new();
l1 = gen_new_label();
@@ -7942,8 +7942,7 @@ static void decode_sys_interrupts(DisasContext *ctx)
break;
case OPC2_32_SYS_RESTORE:
if (has_feature(ctx, TRICORE_FEATURE_16)) {
- if ((ctx->hflags & TRICORE_HFLAG_KUU) == TRICORE_HFLAG_SM ||
- (ctx->hflags & TRICORE_HFLAG_KUU) == TRICORE_HFLAG_UM1) {
+ if (ctx->priv == TRICORE_PRIV_SM || ctx->priv == TRICORE_PRIV_UM1) {
tcg_gen_deposit_tl(cpu_ICR, cpu_ICR, cpu_gpr_d[r1], 8, 1);
} /* else raise privilege trap */
} else {
@@ -8313,7 +8312,10 @@ static void tricore_tr_init_disas_context(DisasContextBase *dcbase,
DisasContext *ctx = container_of(dcbase, DisasContext, base);
CPUTriCoreState *env = cs->env_ptr;
ctx->mem_idx = cpu_mmu_index(env, false);
- ctx->hflags = (uint32_t)ctx->base.tb->flags;
+
+ uint32_t tb_flags = (uint32_t)ctx->base.tb->flags;
+ ctx->priv = FIELD_EX32(tb_flags, TB_FLAGS, PRIV);
+
ctx->features = env->features;
if (has_feature(ctx, TRICORE_FEATURE_161)) {
ctx->icr_ie_mask = R_ICR_IE_161_MASK;
--
2.40.1
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [PULL 18/20] target/tricore: Implement privilege level for all insns
2023-06-21 16:14 [PULL 00/20] tricore queue Bastian Koppelmann
` (16 preceding siblings ...)
2023-06-21 16:14 ` [PULL 17/20] target/tricore: Introduce priv tb flag Bastian Koppelmann
@ 2023-06-21 16:14 ` Bastian Koppelmann
2023-06-21 16:14 ` [PULL 19/20] target/tricore: Honour privilege changes on PSW write Bastian Koppelmann
` (2 subsequent siblings)
20 siblings, 0 replies; 28+ messages in thread
From: Bastian Koppelmann @ 2023-06-21 16:14 UTC (permalink / raw)
To: qemu-devel; +Cc: kbastian, Richard Henderson
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230621142302.1648383-7-kbastian@mail.uni-paderborn.de>
---
target/tricore/translate.c | 43 +++++++++++++++++++++++++++++---------
1 file changed, 33 insertions(+), 10 deletions(-)
diff --git a/target/tricore/translate.c b/target/tricore/translate.c
index 6932a54663..82b61e912e 100644
--- a/target/tricore/translate.c
+++ b/target/tricore/translate.c
@@ -388,7 +388,7 @@ static inline void gen_mtcr(DisasContext *ctx, TCGv r1,
}
}
} else {
- /* generate privilege trap */
+ generate_trap(ctx, TRAPC_PROT, TIN1_PRIV);
}
}
@@ -3375,7 +3375,11 @@ static void decode_sc_opc(DisasContext *ctx, int op1)
tcg_gen_andi_tl(cpu_gpr_d[15], cpu_gpr_d[15], const16);
break;
case OPC1_16_SC_BISR:
- gen_helper_1arg(bisr, const16 & 0xff);
+ if (ctx->priv == TRICORE_PRIV_SM) {
+ gen_helper_1arg(bisr, const16 & 0xff);
+ } else {
+ generate_trap(ctx, TRAPC_PROT, TIN1_PRIV);
+ }
break;
case OPC1_16_SC_LD_A:
gen_offset_ld(ctx, cpu_gpr_a[15], cpu_gpr_a[10], const16 * 4, MO_LESL);
@@ -5236,7 +5240,11 @@ static void decode_rc_serviceroutine(DisasContext *ctx)
switch (op2) {
case OPC2_32_RC_BISR:
- gen_helper_1arg(bisr, const9);
+ if (ctx->priv == TRICORE_PRIV_SM) {
+ gen_helper_1arg(bisr, const9);
+ } else {
+ generate_trap(ctx, TRAPC_PROT, TIN1_PRIV);
+ }
break;
case OPC2_32_RC_SYSCALL:
generate_trap(ctx, TRAPC_SYSCALL, const9 & 0xff);
@@ -7890,20 +7898,33 @@ static void decode_sys_interrupts(DisasContext *ctx)
/* raise EXCP_DEBUG */
break;
case OPC2_32_SYS_DISABLE:
- tcg_gen_andi_tl(cpu_ICR, cpu_ICR, ~ctx->icr_ie_mask);
+ if (ctx->priv == TRICORE_PRIV_SM || ctx->priv == TRICORE_PRIV_UM1) {
+ tcg_gen_andi_tl(cpu_ICR, cpu_ICR, ~ctx->icr_ie_mask);
+ } else {
+ generate_trap(ctx, TRAPC_PROT, TIN1_PRIV);
+ }
break;
case OPC2_32_SYS_DISABLE_D:
if (has_feature(ctx, TRICORE_FEATURE_16)) {
- tcg_gen_extract_tl(cpu_gpr_d[r1], cpu_ICR, ctx->icr_ie_offset, 1);
- tcg_gen_andi_tl(cpu_ICR, cpu_ICR, ~ctx->icr_ie_mask);
+ if (ctx->priv == TRICORE_PRIV_SM || ctx->priv == TRICORE_PRIV_UM1) {
+ tcg_gen_extract_tl(cpu_gpr_d[r1], cpu_ICR,
+ ctx->icr_ie_offset, 1);
+ tcg_gen_andi_tl(cpu_ICR, cpu_ICR, ~ctx->icr_ie_mask);
+ } else {
+ generate_trap(ctx, TRAPC_PROT, TIN1_PRIV);
+ }
} else {
generate_trap(ctx, TRAPC_INSN_ERR, TIN2_IOPC);
}
case OPC2_32_SYS_DSYNC:
break;
case OPC2_32_SYS_ENABLE:
- tcg_gen_ori_tl(cpu_ICR, cpu_ICR, ctx->icr_ie_mask);
- ctx->base.is_jmp = DISAS_EXIT_UPDATE;
+ if (ctx->priv == TRICORE_PRIV_SM || ctx->priv == TRICORE_PRIV_UM1) {
+ tcg_gen_ori_tl(cpu_ICR, cpu_ICR, ctx->icr_ie_mask);
+ ctx->base.is_jmp = DISAS_EXIT_UPDATE;
+ } else {
+ generate_trap(ctx, TRAPC_PROT, TIN1_PRIV);
+ }
break;
case OPC2_32_SYS_ISYNC:
break;
@@ -7931,7 +7952,7 @@ static void decode_sys_interrupts(DisasContext *ctx)
gen_set_label(l1);
ctx->base.is_jmp = DISAS_EXIT;
} else {
- /* generate privilege trap */
+ generate_trap(ctx, TRAPC_PROT, TIN1_PRIV);
}
break;
case OPC2_32_SYS_RSLCX:
@@ -7944,7 +7965,9 @@ static void decode_sys_interrupts(DisasContext *ctx)
if (has_feature(ctx, TRICORE_FEATURE_16)) {
if (ctx->priv == TRICORE_PRIV_SM || ctx->priv == TRICORE_PRIV_UM1) {
tcg_gen_deposit_tl(cpu_ICR, cpu_ICR, cpu_gpr_d[r1], 8, 1);
- } /* else raise privilege trap */
+ } else {
+ generate_trap(ctx, TRAPC_PROT, TIN1_PRIV);
+ }
} else {
generate_trap(ctx, TRAPC_INSN_ERR, TIN2_IOPC);
}
--
2.40.1
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [PULL 19/20] target/tricore: Honour privilege changes on PSW write
2023-06-21 16:14 [PULL 00/20] tricore queue Bastian Koppelmann
` (17 preceding siblings ...)
2023-06-21 16:14 ` [PULL 18/20] target/tricore: Implement privilege level for all insns Bastian Koppelmann
@ 2023-06-21 16:14 ` Bastian Koppelmann
2023-06-21 16:14 ` [PULL 20/20] target/tricore: Fix ICR.IE offset in RESTORE insn Bastian Koppelmann
2023-06-21 20:43 ` [PULL 00/20] tricore queue Richard Henderson
20 siblings, 0 replies; 28+ messages in thread
From: Bastian Koppelmann @ 2023-06-21 16:14 UTC (permalink / raw)
To: qemu-devel; +Cc: kbastian, Richard Henderson
the CPU can change the privilege level by writing the corresponding bits
in PSW. If this happens all instructions after this 'mtcr' in the TB are
translated with the wrong privilege level. So we have to exit to the
cpu_loop() and start translating again with the new privilege level.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230621142302.1648383-8-kbastian@mail.uni-paderborn.de>
---
target/tricore/translate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/tricore/translate.c b/target/tricore/translate.c
index 82b61e912e..9e408f44ec 100644
--- a/target/tricore/translate.c
+++ b/target/tricore/translate.c
@@ -334,7 +334,6 @@ static void gen_swapmsk(DisasContext *ctx, int reg, TCGv ea)
tcg_gen_mov_tl(cpu_gpr_d[reg], temp);
}
-
/* We generate loads and store to core special function register (csfr) through
the function gen_mfcr and gen_mtcr. To handle access permissions, we use 3
makros R, A and E, which allow read-only, all and endinit protected access.
@@ -382,6 +381,7 @@ static inline void gen_mtcr(DisasContext *ctx, TCGv r1,
/* since we're caching PSW make this a special case */
if (offset == 0xfe04) {
gen_helper_psw_write(cpu_env, r1);
+ ctx->base.is_jmp = DISAS_EXIT_UPDATE;
} else {
switch (offset) {
#include "csfr.h.inc"
--
2.40.1
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [PULL 20/20] target/tricore: Fix ICR.IE offset in RESTORE insn
2023-06-21 16:14 [PULL 00/20] tricore queue Bastian Koppelmann
` (18 preceding siblings ...)
2023-06-21 16:14 ` [PULL 19/20] target/tricore: Honour privilege changes on PSW write Bastian Koppelmann
@ 2023-06-21 16:14 ` Bastian Koppelmann
2023-06-21 20:43 ` [PULL 00/20] tricore queue Richard Henderson
20 siblings, 0 replies; 28+ messages in thread
From: Bastian Koppelmann @ 2023-06-21 16:14 UTC (permalink / raw)
To: qemu-devel; +Cc: kbastian, Richard Henderson
from ISA v1.6.1 onwards the bit position of ICR.IE changed.
ctx->icr_ie_offset contains the correct value for the ISA version used
by the vCPU. We also need to exit this tb here, as we might have enabled
interrupts.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230621142302.1648383-9-kbastian@mail.uni-paderborn.de>
---
target/tricore/translate.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/target/tricore/translate.c b/target/tricore/translate.c
index 9e408f44ec..2f32463d4d 100644
--- a/target/tricore/translate.c
+++ b/target/tricore/translate.c
@@ -7964,7 +7964,9 @@ static void decode_sys_interrupts(DisasContext *ctx)
case OPC2_32_SYS_RESTORE:
if (has_feature(ctx, TRICORE_FEATURE_16)) {
if (ctx->priv == TRICORE_PRIV_SM || ctx->priv == TRICORE_PRIV_UM1) {
- tcg_gen_deposit_tl(cpu_ICR, cpu_ICR, cpu_gpr_d[r1], 8, 1);
+ tcg_gen_deposit_tl(cpu_ICR, cpu_ICR, cpu_gpr_d[r1],
+ ctx->icr_ie_offset, 1);
+ ctx->base.is_jmp = DISAS_EXIT_UPDATE;
} else {
generate_trap(ctx, TRAPC_PROT, TIN1_PRIV);
}
--
2.40.1
^ permalink raw reply related [flat|nested] 28+ messages in thread
* Re: [PULL 00/20] tricore queue
2023-06-21 16:14 [PULL 00/20] tricore queue Bastian Koppelmann
` (19 preceding siblings ...)
2023-06-21 16:14 ` [PULL 20/20] target/tricore: Fix ICR.IE offset in RESTORE insn Bastian Koppelmann
@ 2023-06-21 20:43 ` Richard Henderson
20 siblings, 0 replies; 28+ messages in thread
From: Richard Henderson @ 2023-06-21 20:43 UTC (permalink / raw)
To: Bastian Koppelmann, qemu-devel
On 6/21/23 18:14, Bastian Koppelmann wrote:
> The following changes since commit c5ffd16ba4c8fd3601742cc9d2b3cff03995dd5d:
>
> Revert "cputlb: Restrict SavedIOTLB to system emulation" (2023-06-21 07:19:46 +0200)
>
> are available in the Git repository at:
>
> https://github.com/bkoppelmann/qemu.git tags/pull-tricore-20230621-1
>
> for you to fetch changes up to a9c37abdff65a07d0191123a21d318c4d8cc7f33:
>
> target/tricore: Fix ICR.IE offset in RESTORE insn (2023-06-21 18:09:54 +0200)
>
> ----------------------------------------------------------------
> - Implement privilege levels for TriCore
> - Fix missing REG_PAIR() for insns using two 32 regs
> - Fix erroneously saving PSW.CDC on CALL insns
> - Added some missing v1.6.2 insns
Applied, thanks. Please update https://wiki.qemu.org/ChangeLog/8.1 as appropriate.
r~
^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [PULL 09/20] target/tricore: Fix out-of-bounds index in imask instruction
2023-06-21 16:14 ` [PULL 09/20] target/tricore: Fix out-of-bounds index in imask instruction Bastian Koppelmann
@ 2023-06-22 7:43 ` Michael Tokarev
2023-06-22 14:51 ` Bastian Koppelmann
0 siblings, 1 reply; 28+ messages in thread
From: Michael Tokarev @ 2023-06-22 7:43 UTC (permalink / raw)
To: Bastian Koppelmann, qemu-devel; +Cc: Siqi Chen
21.06.2023 19:14, Bastian Koppelmann wrote:
> From: Siqi Chen <coc.cyqh@gmail.com>
>
> When translating "imask" instruction of Tricore architecture, QEMU did not check whether the register index was out of bounds, resulting in a global-buffer-overflow.
>
> Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1698
> Reported-by: Siqi Chen <coc.cyqh@gmail.com>
> Signed-off-by: Siqi Chen <coc.cyqh@gmail.com>
> Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
> Message-Id: <20230612065633.149152-1-coc.cyqh@gmail.com>
> Message-Id: <20230612113245.56667-2-kbastian@mail.uni-paderborn.de>
> ---
> target/tricore/translate.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/target/tricore/translate.c b/target/tricore/translate.c
> index 6712d98f6e..74faad4794 100644
> --- a/target/tricore/translate.c
> +++ b/target/tricore/translate.c
> @@ -5339,6 +5339,7 @@ static void decode_rcrw_insert(DisasContext *ctx)
>
> switch (op2) {
> case OPC2_32_RCRW_IMASK:
> + CHECK_REG_PAIR(r4);
> tcg_gen_andi_tl(temp, cpu_gpr_d[r3], 0x1f);
> tcg_gen_movi_tl(temp2, (1 << width) - 1);
> tcg_gen_shl_tl(cpu_gpr_d[r4 + 1], temp2, temp);
Is it a -stable material?
Thanks,
/mjt
^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [PULL 09/20] target/tricore: Fix out-of-bounds index in imask instruction
2023-06-22 7:43 ` Michael Tokarev
@ 2023-06-22 14:51 ` Bastian Koppelmann
2023-06-23 6:54 ` Michael Tokarev
0 siblings, 1 reply; 28+ messages in thread
From: Bastian Koppelmann @ 2023-06-22 14:51 UTC (permalink / raw)
To: Michael Tokarev; +Cc: qemu-devel, Siqi Chen
On Thu, Jun 22, 2023 at 10:43:16AM +0300, Michael Tokarev wrote:
> 21.06.2023 19:14, Bastian Koppelmann wrote:
> > From: Siqi Chen <coc.cyqh@gmail.com>
> >
> > When translating "imask" instruction of Tricore architecture, QEMU did not check whether the register index was out of bounds, resulting in a global-buffer-overflow.
> >
> > Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
> > Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1698
> > Reported-by: Siqi Chen <coc.cyqh@gmail.com>
> > Signed-off-by: Siqi Chen <coc.cyqh@gmail.com>
> > Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
> > Message-Id: <20230612065633.149152-1-coc.cyqh@gmail.com>
> > Message-Id: <20230612113245.56667-2-kbastian@mail.uni-paderborn.de>
> > ---
> > target/tricore/translate.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/target/tricore/translate.c b/target/tricore/translate.c
> > index 6712d98f6e..74faad4794 100644
> > --- a/target/tricore/translate.c
> > +++ b/target/tricore/translate.c
> > @@ -5339,6 +5339,7 @@ static void decode_rcrw_insert(DisasContext *ctx)
> > switch (op2) {
> > case OPC2_32_RCRW_IMASK:
> > + CHECK_REG_PAIR(r4);
> > tcg_gen_andi_tl(temp, cpu_gpr_d[r3], 0x1f);
> > tcg_gen_movi_tl(temp2, (1 << width) - 1);
> > tcg_gen_shl_tl(cpu_gpr_d[r4 + 1], temp2, temp);
>
> Is it a -stable material?
Yes. If you pick this up, make sure you also pick up https://lore.kernel.org/qemu-devel/20230621161422.1652151-1-kbastian@mail.uni-paderborn.de/T/#md18391dd165c4fc2e60ddefb886f3522e715f487
which applies the same fix to other instructions.
Cheers,
Bastian
^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [PULL 09/20] target/tricore: Fix out-of-bounds index in imask instruction
2023-06-22 14:51 ` Bastian Koppelmann
@ 2023-06-23 6:54 ` Michael Tokarev
2023-06-23 9:51 ` Bastian Koppelmann
0 siblings, 1 reply; 28+ messages in thread
From: Michael Tokarev @ 2023-06-23 6:54 UTC (permalink / raw)
To: Bastian Koppelmann; +Cc: qemu-devel, Siqi Chen
22.06.2023 17:51, Bastian Koppelmann wrote:
..
>> Is it a -stable material?
>
> Yes. If you pick this up, make sure you also pick up https://lore.kernel.org/qemu-devel/20230621161422.1652151-1-kbastian@mail.uni-paderborn.de/T/#md18391dd165c4fc2e60ddefb886f3522e715f487
> which applies the same fix to other instructions.
Aha. "Add CHECK_REG_PAIR() for insn accessing 64 bit regs".
This subject suggests the patch's adding this macro, instead
of using it. If it were worded like "Use CHECK.. for.." instead, I'd
notice this one too.
Picked up both, thank you!
Is there anything else in this series worth picking up for stable, eg:
Fix helper_ret() not correctly restoring PSW
Fix RR_JLI clobbering reg A[11]
or maybe others?
Please, in the future, add Cc: qemu-stable@nongnu.org for patches
worth to have in -stable.
Thanks!
/mjt
^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [PULL 09/20] target/tricore: Fix out-of-bounds index in imask instruction
2023-06-23 6:54 ` Michael Tokarev
@ 2023-06-23 9:51 ` Bastian Koppelmann
2023-06-23 10:29 ` Michael Tokarev
0 siblings, 1 reply; 28+ messages in thread
From: Bastian Koppelmann @ 2023-06-23 9:51 UTC (permalink / raw)
To: Michael Tokarev; +Cc: qemu-devel, Siqi Chen
Hi Michael,
On Fri, Jun 23, 2023 at 09:54:54AM +0300, Michael Tokarev wrote:
> 22.06.2023 17:51, Bastian Koppelmann wrote:
> ..
> > > Is it a -stable material?
> >
> > Yes. If you pick this up, make sure you also pick up https://lore.kernel.org/qemu-devel/20230621161422.1652151-1-kbastian@mail.uni-paderborn.de/T/#md18391dd165c4fc2e60ddefb886f3522e715f487
> > which applies the same fix to other instructions.
>
> Aha. "Add CHECK_REG_PAIR() for insn accessing 64 bit regs".
> This subject suggests the patch's adding this macro, instead
> of using it. If it were worded like "Use CHECK.. for.." instead, I'd
> notice this one too.
>
> Picked up both, thank you!
>
> Is there anything else in this series worth picking up for stable, eg:
>
> Fix helper_ret() not correctly restoring PSW
> Fix RR_JLI clobbering reg A[11]
These are rare cases where the guest does something wrong. It will not lead to a
crash of QEMU.
>
> or maybe others?
>
> Please, in the future, add Cc: qemu-stable@nongnu.org for patches
> worth to have in -stable.
I will do that. I'm not sure what is worth while to pick up for stable. My
initial thought was fixes for bugs that can lead to a crash in QEMU. Any pointer
would make it easier for me to decide what to CC: qemu-stable@nongnu.org for.
Thanks,
Bastian
^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [PULL 09/20] target/tricore: Fix out-of-bounds index in imask instruction
2023-06-23 9:51 ` Bastian Koppelmann
@ 2023-06-23 10:29 ` Michael Tokarev
2023-06-23 11:09 ` Bastian Koppelmann
0 siblings, 1 reply; 28+ messages in thread
From: Michael Tokarev @ 2023-06-23 10:29 UTC (permalink / raw)
To: Bastian Koppelmann; +Cc: qemu-devel, Siqi Chen
23.06.2023 12:51, Bastian Koppelmann wrote:
>> Is there anything else in this series worth picking up for stable, eg:
>>
>> Fix helper_ret() not correctly restoring PSW
>> Fix RR_JLI clobbering reg A[11]
>
> These are rare cases where the guest does something wrong. It will not lead to a
> crash of QEMU.
Ok, makes sense.
>> Please, in the future, add Cc: qemu-stable@nongnu.org for patches
>> worth to have in -stable.
>
> I will do that. I'm not sure what is worth while to pick up for stable. My
> initial thought was fixes for bugs that can lead to a crash in QEMU. Any pointer
> would make it easier for me to decide what to CC: qemu-stable@nongnu.org for.
Here we go:
https://www.qemu.org/docs/master/devel/stable-process.html
Basically, any bugfix you, as a subsystem maintainer, think is good for stable,
is good for stable :) Usual tradeoff applies: more complex stuff with potential
to break something vs seriousness of an issue.
Thank you!
/mjt
^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [PULL 09/20] target/tricore: Fix out-of-bounds index in imask instruction
2023-06-23 10:29 ` Michael Tokarev
@ 2023-06-23 11:09 ` Bastian Koppelmann
0 siblings, 0 replies; 28+ messages in thread
From: Bastian Koppelmann @ 2023-06-23 11:09 UTC (permalink / raw)
To: Michael Tokarev; +Cc: qemu-devel, Siqi Chen
On Fri, Jun 23, 2023 at 01:29:23PM +0300, Michael Tokarev wrote:
> 23.06.2023 12:51, Bastian Koppelmann wrote:
>
> Here we go:
> https://www.qemu.org/docs/master/devel/stable-process.html
>
> Basically, any bugfix you, as a subsystem maintainer, think is good for stable,
> is good for stable :) Usual tradeoff applies: more complex stuff with potential
> to break something vs seriousness of an issue.
That helps a lot!
Thanks,
Bastian
^ permalink raw reply [flat|nested] 28+ messages in thread
end of thread, other threads:[~2023-06-23 11:10 UTC | newest]
Thread overview: 28+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-06-21 16:14 [PULL 00/20] tricore queue Bastian Koppelmann
2023-06-21 16:14 ` [PULL 01/20] target/tricore: Introduce ISA 1.6.2 feature Bastian Koppelmann
2023-06-21 16:14 ` [PULL 02/20] target/tricore: Add popcnt.w insn Bastian Koppelmann
2023-06-21 16:14 ` [PULL 03/20] target/tricore: Add LHA insn Bastian Koppelmann
2023-06-21 16:14 ` [PULL 04/20] target/tricore: Add crc32l.w insn Bastian Koppelmann
2023-06-21 16:14 ` [PULL 05/20] target/tricore: Add crc32.b insn Bastian Koppelmann
2023-06-21 16:14 ` [PULL 06/20] target/tricore: Add shuffle insn Bastian Koppelmann
2023-06-21 16:14 ` [PULL 07/20] target/tricore: Implement SYCSCALL insn Bastian Koppelmann
2023-06-21 16:14 ` [PULL 08/20] target/tricore: Add DISABLE insn variant Bastian Koppelmann
2023-06-21 16:14 ` [PULL 09/20] target/tricore: Fix out-of-bounds index in imask instruction Bastian Koppelmann
2023-06-22 7:43 ` Michael Tokarev
2023-06-22 14:51 ` Bastian Koppelmann
2023-06-23 6:54 ` Michael Tokarev
2023-06-23 9:51 ` Bastian Koppelmann
2023-06-23 10:29 ` Michael Tokarev
2023-06-23 11:09 ` Bastian Koppelmann
2023-06-21 16:14 ` [PULL 10/20] target/tricore: Correctly fix saving PSW.CDE to CSA on call Bastian Koppelmann
2023-06-21 16:14 ` [PULL 11/20] target/tricore: Add CHECK_REG_PAIR() for insn accessing 64 bit regs Bastian Koppelmann
2023-06-21 16:14 ` [PULL 12/20] target/tricore: Fix helper_ret() not correctly restoring PSW Bastian Koppelmann
2023-06-21 16:14 ` [PULL 13/20] target/tricore: Fix RR_JLI clobbering reg A[11] Bastian Koppelmann
2023-06-21 16:14 ` [PULL 14/20] target/tricore: Introduce DISAS_TARGET_EXIT Bastian Koppelmann
2023-06-21 16:14 ` [PULL 15/20] target/tricore: ENABLE exit to main-loop Bastian Koppelmann
2023-06-21 16:14 ` [PULL 16/20] target/tricore: Indirect jump insns use tcg_gen_lookup_and_goto_ptr() Bastian Koppelmann
2023-06-21 16:14 ` [PULL 17/20] target/tricore: Introduce priv tb flag Bastian Koppelmann
2023-06-21 16:14 ` [PULL 18/20] target/tricore: Implement privilege level for all insns Bastian Koppelmann
2023-06-21 16:14 ` [PULL 19/20] target/tricore: Honour privilege changes on PSW write Bastian Koppelmann
2023-06-21 16:14 ` [PULL 20/20] target/tricore: Fix ICR.IE offset in RESTORE insn Bastian Koppelmann
2023-06-21 20:43 ` [PULL 00/20] tricore queue Richard Henderson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).