From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52109) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZbX2c-0002cR-1t for qemu-devel@nongnu.org; Mon, 14 Sep 2015 12:55:42 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZbX2Y-0006za-16 for qemu-devel@nongnu.org; Mon, 14 Sep 2015 12:55:41 -0400 Received: from mail-qk0-x236.google.com ([2607:f8b0:400d:c09::236]:36164) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZbX2X-0006zL-Tz for qemu-devel@nongnu.org; Mon, 14 Sep 2015 12:55:37 -0400 Received: by qkcf65 with SMTP id f65so60763022qkc.3 for ; Mon, 14 Sep 2015 09:55:37 -0700 (PDT) Sender: Richard Henderson References: <1442226894-1243-1-git-send-email-james.hogan@imgtec.com> From: Richard Henderson Message-ID: <55F6FC05.8020304@twiddle.net> Date: Mon, 14 Sep 2015 09:55:33 -0700 MIME-Version: 1.0 In-Reply-To: <1442226894-1243-1-git-send-email-james.hogan@imgtec.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH] tcg/mips: Fix clobbering of qemu_ld inputs List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: James Hogan , Aurelien Jarno Cc: qemu-devel@nongnu.org On 09/14/2015 03:34 AM, James Hogan wrote: > The MIPS TCG backend implements qemu_ld with 64-bit targets using the v0 > register (base) as a temporary to load the upper half of the QEMU TLB > comparator (see line 5 below), however this happens before the input > address is used (line 8 to mask off the low bits for the TLB > comparison, and line 12 to add the host-guest offset). If the input > address (addrl) also happens to have been placed in v0 (as in the second > column below), it gets clobbered before it is used. > > addrl in t2 addrl in v0 > > 1 srl a0,t2,0x7 srl a0,v0,0x7 > 2 andi a0,a0,0x1fe0 andi a0,a0,0x1fe0 > 3 addu a0,a0,s0 addu a0,a0,s0 > 4 lw at,9136(a0) lw at,9136(a0) set TCG_TMP0 (at) > 5 lw v0,9140(a0) lw v0,9140(a0) set base (v0) > 6 li t9,-4093 li t9,-4093 > 7 lw a0,9160(a0) lw a0,9160(a0) set addend (a0) > 8 and t9,t9,t2 and t9,t9,v0 use addrl > 9 bne at,t9,0x836d8c8 bne at,t9,0x836d838 use TCG_TMP0 > 10 nop nop > 11 bne v0,t8,0x836d8c8 bne v0,a1,0x836d838 use base > 12 addu v0,a0,t2 addu v0,a0,v0 use addrl, addend > 13 lw t0,0(v0) lw t0,0(v0) > > Fix by using TCG_TMP0 (at) as the temporary instead of v0 (base), > pushing the load on line 5 forward into the delay slot of the low > comparison (line 10). The early load of the addend on line 7 also needs > pushing even further for 64-bit targets, or it will clobber a0 before > we're done with it. The output for 32-bit targets is unaffected. > > srl a0,v0,0x7 > andi a0,a0,0x1fe0 > addu a0,a0,s0 > lw at,9136(a0) > -lw v0,9140(a0) load high comparator > li t9,-4093 > -lw a0,9160(a0) load addend > and t9,t9,v0 > bne at,t9,0x836d838 > - nop > + lw at,9140(a0) load high comparator > +lw a0,9160(a0) load addend > -bne v0,a1,0x836d838 > +bne at,a1,0x836d838 > addu v0,a0,v0 > lw t0,0(v0) > > Suggested-by: Richard Henderson > Signed-off-by: James Hogan > Cc: Aurelien Jarno Reviewed-by: Richard Henderson r~