From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:57028)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <rth7680@gmail.com>) id 1ZhoLb-0000V0-N9
	for qemu-devel@nongnu.org; Thu, 01 Oct 2015 20:37:16 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <rth7680@gmail.com>) id 1ZhoLW-0003bp-O7
	for qemu-devel@nongnu.org; Thu, 01 Oct 2015 20:37:15 -0400
Received: from mail-pa0-x230.google.com ([2607:f8b0:400e:c03::230]:35963)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <rth7680@gmail.com>) id 1ZhoLW-0003bl-Ib
	for qemu-devel@nongnu.org; Thu, 01 Oct 2015 20:37:10 -0400
Received: by pablk4 with SMTP id lk4so89159818pab.3
	for <qemu-devel@nongnu.org>; Thu, 01 Oct 2015 17:37:10 -0700 (PDT)
Sender: Richard Henderson <rth7680@gmail.com>
References: <1443703035-4433-1-git-send-email-gang.chen.5i5j@gmail.com>
From: Richard Henderson <rth@twiddle.net>
Message-ID: <560DD1AB.7080808@twiddle.net>
Date: Fri, 2 Oct 2015 10:36:59 +1000
MIME-Version: 1.0
In-Reply-To: <1443703035-4433-1-git-send-email-gang.chen.5i5j@gmail.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH v3] target-tilegx: Support iret instruction
 and related special registers
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: gang.chen.5i5j@gmail.com, peter.maydell@linaro.org
Cc: cmetcalf@ezchip.com, qemu-devel@nongnu.org, xili_gchen_5257@hotmail.com

On 10/01/2015 10:37 PM, gang.chen.5i5j@gmail.com wrote:
>           {
>            mtspr INTERRUPT_CRITICAL_SECTION, r3
>            shli r2, r2, SPR_EX_CONTEXT_0_1__ICS_SHIFT
>           }
>
>           {
>            mtspr EX_CONTEXT_0_0, lr
>            ori r2, r2, RETURN_PL
>           }
>
>           {
>            or r0, r1, r0
>            mtspr EX_CONTEXT_0_1, r2
>           }
>
>           iret
>
>           jrp lr
>
> Until now, EX_CONTEXT_0_0 and EX_CONTEXT_0_1 are only used in mtspr, so
> just skip them, at present. "jrp lr" in __longjmp is for historical
> reasons, and might get removed in the future.

So, really, iret is supposed to branch to EX_CONTEXT_0_0, and (presumably) 
validate the privilege level in EX_CONTEXT_0_1 continues to be user-mode.

> +    case OE_RR_X1(IRET):
> +        if (srca) {
> +            return TILEGX_EXCP_OPCODE_UNIMPLEMENTED;
> +        }
> +        srca = TILEGX_R_LR;
> +        mnemonic = "iret";
> +        goto do_jr;

which means this is wrong, but just happens to work for __longjmp.

It appears that the entire point of this iret path is to atomically branch and 
set INTERRUPT_CRITICAL_SECTION at the same time.  So, this isn't complete.

What INTERRUPT_CRITICAL_SECTION is supposed to *do* at user mode, I don't know.


r~