From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PATCH 37/45] target/hppa: Implement PSW_B
Date: Wed, 24 Apr 2024 17:00:15 -0700 [thread overview]
Message-ID: <20240425000023.1002026-38-richard.henderson@linaro.org> (raw)
In-Reply-To: <20240425000023.1002026-1-richard.henderson@linaro.org>
PSW_B causes B,GATE to trap as an illegal instruction, removing
the sequential execution test that was merely an approximation.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/hppa/translate.c | 25 ++++++-------------------
1 file changed, 6 insertions(+), 19 deletions(-)
diff --git a/target/hppa/translate.c b/target/hppa/translate.c
index a49cf09518..a4200742bd 100644
--- a/target/hppa/translate.c
+++ b/target/hppa/translate.c
@@ -2060,11 +2060,8 @@ static void do_page_zero(DisasContext *ctx)
g_assert_not_reached();
}
- /* Check that we didn't arrive here via some means that allowed
- non-sequential instruction execution. Normally the PSW[B] bit
- detects this by disallowing the B,GATE instruction to execute
- under such conditions. */
- if (iaqe_variable(&ctx->iaq_b) || ctx->iaq_b.disp != 4) {
+ /* If PSW[B] is set, the B,GATE insn would trap. */
+ if (ctx->psw_xb & PSW_B) {
goto do_sigill;
}
@@ -3963,23 +3960,13 @@ static bool trans_b_gate(DisasContext *ctx, arg_b_gate *a)
{
int64_t disp = a->disp;
- nullify_over(ctx);
-
- /* Make sure the caller hasn't done something weird with the queue.
- * ??? This is not quite the same as the PSW[B] bit, which would be
- * expensive to track. Real hardware will trap for
- * b gateway
- * b gateway+4 (in delay slot of first branch)
- * However, checking for a non-sequential instruction queue *will*
- * diagnose the security hole
- * b gateway
- * b evil
- * in which instructions at evil would run with increased privs.
- */
- if (iaqe_variable(&ctx->iaq_b) || ctx->iaq_b.disp != ctx->iaq_f.disp + 4) {
+ /* Trap if PSW[B] is set. */
+ if (ctx->psw_xb & PSW_B) {
return gen_illegal(ctx);
}
+ nullify_over(ctx);
+
#ifndef CONFIG_USER_ONLY
if (ctx->tb_flags & PSW_C) {
int type = hppa_artype_for_page(cpu_env(ctx->cs), ctx->base.pc_next);
--
2.34.1
next prev parent reply other threads:[~2024-04-25 0:08 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-24 23:59 [PATCH 00/45] target/hppa: Misc improvements Richard Henderson
2024-04-24 23:59 ` [PATCH 01/45] target/hppa: Move cpu_get_tb_cpu_state out of line Richard Henderson
2024-04-24 23:59 ` [PATCH 02/45] target/hppa: Use hppa_form_gva_psw in hppa_cpu_get_pc Richard Henderson
2024-04-24 23:59 ` [PATCH 03/45] target/hppa: Move constant destination check into use_goto_tb Richard Henderson
2024-04-24 23:59 ` [PATCH 04/45] target/hppa: Pass displacement to do_dbranch Richard Henderson
2024-05-13 11:41 ` Philippe Mathieu-Daudé
2024-04-24 23:59 ` [PATCH 05/45] target/hppa: Allow prior nullification in do_ibranch Richard Henderson
2024-04-24 23:59 ` [PATCH 06/45] target/hppa: Use CF_BP_PAGE instead of cpu_breakpoint_test Richard Henderson
2024-04-24 23:59 ` [PATCH 07/45] target/hppa: Add install_iaq_entries Richard Henderson
2024-04-24 23:59 ` [PATCH 08/45] target/hppa: Add install_link Richard Henderson
2024-04-24 23:59 ` [PATCH 09/45] target/hppa: Delay computation of IAQ_Next Richard Henderson
2024-04-24 23:59 ` [PATCH 10/45] target/hppa: Skip nullified insns in unconditional dbranch path Richard Henderson
2024-04-24 23:59 ` [PATCH 11/45] target/hppa: Simplify TB end Richard Henderson
2024-04-24 23:59 ` [PATCH 12/45] target/hppa: Add IASQ entries to DisasContext Richard Henderson
2024-04-24 23:59 ` [PATCH 13/45] target/hppa: Add space arguments to install_iaq_entries Richard Henderson
2024-04-24 23:59 ` [PATCH 14/45] target/hppa: Add space argument to do_ibranch Richard Henderson
2024-04-24 23:59 ` [PATCH 15/45] target/hppa: Use umax in do_ibranch_priv Richard Henderson
2024-04-24 23:59 ` [PATCH 16/45] target/hppa: Always make a copy " Richard Henderson
2024-04-24 23:59 ` [PATCH 17/45] target/hppa: Introduce and use DisasIAQE for branch management Richard Henderson
2024-04-24 23:59 ` [PATCH 18/45] target/hppa: Use displacements in DisasIAQE Richard Henderson
2024-04-24 23:59 ` [PATCH 19/45] target/hppa: Rename cond_make_* helpers Richard Henderson
2024-04-24 23:59 ` [PATCH 20/45] target/hppa: Use TCG_COND_TST* in do_cond Richard Henderson
2024-04-24 23:59 ` [PATCH 21/45] target/hppa: Use TCG_COND_TST* in do_log_cond Richard Henderson
2024-04-25 0:00 ` [PATCH 22/45] target/hppa: Use TCG_COND_TST* in do_unit_zero_cond Richard Henderson
2024-04-25 0:00 ` [PATCH 23/45] target/hppa: Use TCG_COND_TST* in do_unit_addsub Richard Henderson
2024-04-25 0:00 ` [PATCH 24/45] target/hppa: Use TCG_COND_TST* in trans_bb_imm Richard Henderson
2024-04-25 0:00 ` [PATCH 25/45] target/hppa: Use registerfields.h for FPSR Richard Henderson
2024-04-25 0:00 ` [PATCH 26/45] target/hppa: Use TCG_COND_TST* in trans_ftest Richard Henderson
2024-04-25 0:00 ` [PATCH 27/45] target/hppa: Remove cond_free Richard Henderson
2024-04-25 0:00 ` [PATCH 28/45] target/hppa: Introduce DisasDelayException Richard Henderson
2024-04-25 0:00 ` [PATCH 29/45] target/hppa: Use delay_excp for conditional traps Richard Henderson
2024-04-25 0:00 ` [PATCH 30/45] target/hppa: Use delay_excp for conditional trap on overflow Richard Henderson
2024-04-25 0:00 ` [PATCH 31/45] linux-user/hppa: Force all code addresses to PRIV_USER Richard Henderson
2024-04-25 0:00 ` [PATCH 32/45] target/hppa: Store full iaoq_f and page bits of iaoq_d in TB Richard Henderson
2024-04-25 0:00 ` [PATCH 33/45] target/hppa: Do not mask in copy_iaoq_entry Richard Henderson
2024-04-25 0:00 ` [PATCH 34/45] target/hppa: Improve hppa_cpu_dump_state Richard Henderson
2024-04-25 0:00 ` [PATCH 35/45] target/hppa: Split PSW X and B into their own field Richard Henderson
2024-04-25 0:00 ` [PATCH 36/45] target/hppa: Manage PSW_X and PSW_B in translator Richard Henderson
2024-04-25 0:00 ` Richard Henderson [this message]
2024-04-25 0:00 ` [PATCH 38/45] target/hppa: Implement PSW_X Richard Henderson
2024-04-25 0:00 ` [PATCH 39/45] target/hppa: Drop tlb_entry return from hppa_get_physical_address Richard Henderson
2024-04-25 0:00 ` [PATCH 40/45] target/hppa: Adjust priv for B,GATE at runtime Richard Henderson
2024-04-25 0:00 ` [PATCH 41/45] target/hppa: Implement CF_PCREL Richard Henderson
2024-04-25 0:00 ` [PATCH 42/45] target/hppa: Implement PSW_T Richard Henderson
2024-04-25 0:00 ` [PATCH 43/45] target/hppa: Implement PSW_H, PSW_L Richard Henderson
2024-04-25 0:00 ` [PATCH 44/45] target/hppa: Log cpu state at interrupt Richard Henderson
2024-04-25 0:00 ` [PATCH 45/45] target/hppa: Log cpu state on return-from-interrupt Richard Henderson
2024-05-10 14:48 ` [PATCH 00/45] target/hppa: Misc improvements Philippe Mathieu-Daudé
2024-05-12 16:08 ` Sven Schnelle
2024-05-13 6:11 ` Helge Deller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240425000023.1002026-38-richard.henderson@linaro.org \
--to=richard.henderson@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).