[PATCH] target/riscv: rvzicbo: Fixup CBO extension register calculation

[PATCH] target/riscv: rvzicbo: Fixup CBO extension register calculation

[Alistair Francis]

When running the instruction

```
    cbo.flush 0(x0)
```

QEMU would segfault.

The issue was in cpu_gpr[a->rs1] as QEMU does not have cpu_gpr[0]
allocated.

In order to fix this let's use the existing get_address()
helper. This also has the benefit of performing pointer mask
calculations on the address specified in rs1.

The pointer masking specificiation specifically states:

"""
Cache Management Operations: All instructions in Zicbom, Zicbop and Zicboz
"""

So this is the correct behaviour and we previously have been incorrectly
not masking the address.

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reported-by: Fabian Thomas <fabian.thomas@cispa.de>
Fixes: e05da09b7cfd ("target/riscv: implement Zicbom extension")
---
 target/riscv/insn_trans/trans_rvzicbo.c.inc | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/target/riscv/insn_trans/trans_rvzicbo.c.inc b/target/riscv/insn_trans/trans_rvzicbo.c.inc
index d5d7095903..15711c3140 100644
--- a/target/riscv/insn_trans/trans_rvzicbo.c.inc
+++ b/target/riscv/insn_trans/trans_rvzicbo.c.inc
@@ -31,27 +31,35 @@
 static bool trans_cbo_clean(DisasContext *ctx, arg_cbo_clean *a)
 {
     REQUIRE_ZICBOM(ctx);
-    gen_helper_cbo_clean_flush(tcg_env, cpu_gpr[a->rs1]);
+    TCGv src = get_address(ctx, a->rs1, 0);
+
+    gen_helper_cbo_clean_flush(tcg_env, src);
     return true;
 }
 
 static bool trans_cbo_flush(DisasContext *ctx, arg_cbo_flush *a)
 {
     REQUIRE_ZICBOM(ctx);
-    gen_helper_cbo_clean_flush(tcg_env, cpu_gpr[a->rs1]);
+    TCGv src = get_address(ctx, a->rs1, 0);
+
+    gen_helper_cbo_clean_flush(tcg_env, src);
     return true;
 }
 
 static bool trans_cbo_inval(DisasContext *ctx, arg_cbo_inval *a)
 {
     REQUIRE_ZICBOM(ctx);
-    gen_helper_cbo_inval(tcg_env, cpu_gpr[a->rs1]);
+    TCGv src = get_address(ctx, a->rs1, 0);
+
+    gen_helper_cbo_inval(tcg_env, src);
     return true;
 }
 
 static bool trans_cbo_zero(DisasContext *ctx, arg_cbo_zero *a)
 {
     REQUIRE_ZICBOZ(ctx);
-    gen_helper_cbo_zero(tcg_env, cpu_gpr[a->rs1]);
+    TCGv src = get_address(ctx, a->rs1, 0);
+
+    gen_helper_cbo_zero(tcg_env, src);
     return true;
 }
-- 
2.45.0

Re: [PATCH] target/riscv: rvzicbo: Fixup CBO extension register calculation

[Richard Henderson]

On 5/14/24 04:39, Alistair Francis wrote:
> When running the instruction
> 
> ```
>      cbo.flush 0(x0)
> ```
> 
> QEMU would segfault.
> 
> The issue was in cpu_gpr[a->rs1] as QEMU does not have cpu_gpr[0]
> allocated.
> 
> In order to fix this let's use the existing get_address()
> helper. This also has the benefit of performing pointer mask
> calculations on the address specified in rs1.
> 
> The pointer masking specificiation specifically states:
> 
> """
> Cache Management Operations: All instructions in Zicbom, Zicbop and Zicboz
> """
> 
> So this is the correct behaviour and we previously have been incorrectly
> not masking the address.
> 
> Signed-off-by: Alistair Francis<alistair.francis@wdc.com>
> Reported-by: Fabian Thomas<fabian.thomas@cispa.de>
> Fixes: e05da09b7cfd ("target/riscv: implement Zicbom extension")
> ---
>   target/riscv/insn_trans/trans_rvzicbo.c.inc | 16 ++++++++++++----
>   1 file changed, 12 insertions(+), 4 deletions(-)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~

Re: [PATCH] target/riscv: rvzicbo: Fixup CBO extension register calculation

[Daniel Henrique Barboza]

On 5/13/24 23:39, Alistair Francis wrote:
> When running the instruction
> 
> ```
>      cbo.flush 0(x0)
> ```
> 
> QEMU would segfault.
> 
> The issue was in cpu_gpr[a->rs1] as QEMU does not have cpu_gpr[0]
> allocated.
> 
> In order to fix this let's use the existing get_address()
> helper. This also has the benefit of performing pointer mask
> calculations on the address specified in rs1.
> 
> The pointer masking specificiation specifically states:
> 
> """
> Cache Management Operations: All instructions in Zicbom, Zicbop and Zicboz
> """
> 
> So this is the correct behaviour and we previously have been incorrectly
> not masking the address.
> 
> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
> Reported-by: Fabian Thomas <fabian.thomas@cispa.de>
> Fixes: e05da09b7cfd ("target/riscv: implement Zicbom extension")
> ---

LGTM but I wonder if this is the same fix as this one sent by Phil a month
ago or so:

https://lore.kernel.org/qemu-riscv/20240419110514.69697-1-philmd@linaro.org/
("[PATCH] target/riscv: Use get_address() to get address with Zicbom extensions")


Thanks,

Daniel

>   target/riscv/insn_trans/trans_rvzicbo.c.inc | 16 ++++++++++++----
>   1 file changed, 12 insertions(+), 4 deletions(-)
> 
> diff --git a/target/riscv/insn_trans/trans_rvzicbo.c.inc b/target/riscv/insn_trans/trans_rvzicbo.c.inc
> index d5d7095903..15711c3140 100644
> --- a/target/riscv/insn_trans/trans_rvzicbo.c.inc
> +++ b/target/riscv/insn_trans/trans_rvzicbo.c.inc
> @@ -31,27 +31,35 @@
>   static bool trans_cbo_clean(DisasContext *ctx, arg_cbo_clean *a)
>   {
>       REQUIRE_ZICBOM(ctx);
> -    gen_helper_cbo_clean_flush(tcg_env, cpu_gpr[a->rs1]);
> +    TCGv src = get_address(ctx, a->rs1, 0);
> +
> +    gen_helper_cbo_clean_flush(tcg_env, src);
>       return true;
>   }
>   
>   static bool trans_cbo_flush(DisasContext *ctx, arg_cbo_flush *a)
>   {
>       REQUIRE_ZICBOM(ctx);
> -    gen_helper_cbo_clean_flush(tcg_env, cpu_gpr[a->rs1]);
> +    TCGv src = get_address(ctx, a->rs1, 0);
> +
> +    gen_helper_cbo_clean_flush(tcg_env, src);
>       return true;
>   }
>   
>   static bool trans_cbo_inval(DisasContext *ctx, arg_cbo_inval *a)
>   {
>       REQUIRE_ZICBOM(ctx);
> -    gen_helper_cbo_inval(tcg_env, cpu_gpr[a->rs1]);
> +    TCGv src = get_address(ctx, a->rs1, 0);
> +
> +    gen_helper_cbo_inval(tcg_env, src);
>       return true;
>   }
>   
>   static bool trans_cbo_zero(DisasContext *ctx, arg_cbo_zero *a)
>   {
>       REQUIRE_ZICBOZ(ctx);
> -    gen_helper_cbo_zero(tcg_env, cpu_gpr[a->rs1]);
> +    TCGv src = get_address(ctx, a->rs1, 0);
> +
> +    gen_helper_cbo_zero(tcg_env, src);
>       return true;
>   }

Re: [PATCH] target/riscv: rvzicbo: Fixup CBO extension register calculation

[Alistair Francis]

On Tue, May 14, 2024 at 7:11 PM Daniel Henrique Barboza
<dbarboza@ventanamicro.com> wrote:
>
>
>
> On 5/13/24 23:39, Alistair Francis wrote:
> > When running the instruction
> >
> > ```
> >      cbo.flush 0(x0)
> > ```
> >
> > QEMU would segfault.
> >
> > The issue was in cpu_gpr[a->rs1] as QEMU does not have cpu_gpr[0]
> > allocated.
> >
> > In order to fix this let's use the existing get_address()
> > helper. This also has the benefit of performing pointer mask
> > calculations on the address specified in rs1.
> >
> > The pointer masking specificiation specifically states:
> >
> > """
> > Cache Management Operations: All instructions in Zicbom, Zicbop and Zicboz
> > """
> >
> > So this is the correct behaviour and we previously have been incorrectly
> > not masking the address.
> >
> > Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
> > Reported-by: Fabian Thomas <fabian.thomas@cispa.de>
> > Fixes: e05da09b7cfd ("target/riscv: implement Zicbom extension")
> > ---
>
> LGTM but I wonder if this is the same fix as this one sent by Phil a month
> ago or so:
>
> https://lore.kernel.org/qemu-riscv/20240419110514.69697-1-philmd@linaro.org/
> ("[PATCH] target/riscv: Use get_address() to get address with Zicbom extensions")

It is the same fix!

I somehow missed that patch at the time. Sorry Philippe!

I'm going to merge this one as it includes the details about pointer
masking, which I think is useful as that's why we are using
get_address() instead of get_gpr()

Alistair

>
>
> Thanks,
>
> Daniel
>
> >   target/riscv/insn_trans/trans_rvzicbo.c.inc | 16 ++++++++++++----
> >   1 file changed, 12 insertions(+), 4 deletions(-)
> >
> > diff --git a/target/riscv/insn_trans/trans_rvzicbo.c.inc b/target/riscv/insn_trans/trans_rvzicbo.c.inc
> > index d5d7095903..15711c3140 100644
> > --- a/target/riscv/insn_trans/trans_rvzicbo.c.inc
> > +++ b/target/riscv/insn_trans/trans_rvzicbo.c.inc
> > @@ -31,27 +31,35 @@
> >   static bool trans_cbo_clean(DisasContext *ctx, arg_cbo_clean *a)
> >   {
> >       REQUIRE_ZICBOM(ctx);
> > -    gen_helper_cbo_clean_flush(tcg_env, cpu_gpr[a->rs1]);
> > +    TCGv src = get_address(ctx, a->rs1, 0);
> > +
> > +    gen_helper_cbo_clean_flush(tcg_env, src);
> >       return true;
> >   }
> >
> >   static bool trans_cbo_flush(DisasContext *ctx, arg_cbo_flush *a)
> >   {
> >       REQUIRE_ZICBOM(ctx);
> > -    gen_helper_cbo_clean_flush(tcg_env, cpu_gpr[a->rs1]);
> > +    TCGv src = get_address(ctx, a->rs1, 0);
> > +
> > +    gen_helper_cbo_clean_flush(tcg_env, src);
> >       return true;
> >   }
> >
> >   static bool trans_cbo_inval(DisasContext *ctx, arg_cbo_inval *a)
> >   {
> >       REQUIRE_ZICBOM(ctx);
> > -    gen_helper_cbo_inval(tcg_env, cpu_gpr[a->rs1]);
> > +    TCGv src = get_address(ctx, a->rs1, 0);
> > +
> > +    gen_helper_cbo_inval(tcg_env, src);
> >       return true;
> >   }
> >
> >   static bool trans_cbo_zero(DisasContext *ctx, arg_cbo_zero *a)
> >   {
> >       REQUIRE_ZICBOZ(ctx);
> > -    gen_helper_cbo_zero(tcg_env, cpu_gpr[a->rs1]);
> > +    TCGv src = get_address(ctx, a->rs1, 0);
> > +
> > +    gen_helper_cbo_zero(tcg_env, src);
> >       return true;
> >   }

Re: [PATCH] target/riscv: rvzicbo: Fixup CBO extension register calculation

[Philippe Mathieu-Daudé]

On 16/5/24 07:09, Alistair Francis wrote:
> On Tue, May 14, 2024 at 7:11 PM Daniel Henrique Barboza
> <dbarboza@ventanamicro.com> wrote:
>>
>>
>>
>> On 5/13/24 23:39, Alistair Francis wrote:
>>> When running the instruction
>>>
>>> ```
>>>       cbo.flush 0(x0)
>>> ```
>>>
>>> QEMU would segfault.
>>>
>>> The issue was in cpu_gpr[a->rs1] as QEMU does not have cpu_gpr[0]
>>> allocated.
>>>
>>> In order to fix this let's use the existing get_address()
>>> helper. This also has the benefit of performing pointer mask
>>> calculations on the address specified in rs1.
>>>
>>> The pointer masking specificiation specifically states:
>>>
>>> """
>>> Cache Management Operations: All instructions in Zicbom, Zicbop and Zicboz
>>> """
>>>
>>> So this is the correct behaviour and we previously have been incorrectly
>>> not masking the address.
>>>
>>> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
>>> Reported-by: Fabian Thomas <fabian.thomas@cispa.de>
>>> Fixes: e05da09b7cfd ("target/riscv: implement Zicbom extension")

Reported-by: Zhiwei Jiang (姜智伟) <jiangzw@tecorigin.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

>>> ---
>>
>> LGTM but I wonder if this is the same fix as this one sent by Phil a month
>> ago or so:
>>
>> https://lore.kernel.org/qemu-riscv/20240419110514.69697-1-philmd@linaro.org/
>> ("[PATCH] target/riscv: Use get_address() to get address with Zicbom extensions")
> 
> It is the same fix!
> 
> I somehow missed that patch at the time. Sorry Philippe!
> 
> I'm going to merge this one as it includes the details about pointer
> masking, which I think is useful as that's why we are using
> get_address() instead of get_gpr()

Fine by me :)

> Alistair
> 
>>
>>
>> Thanks,
>>
>> Daniel
>>
>>>    target/riscv/insn_trans/trans_rvzicbo.c.inc | 16 ++++++++++++----
>>>    1 file changed, 12 insertions(+), 4 deletions(-)

Re: [PATCH] target/riscv: rvzicbo: Fixup CBO extension register calculation

[Philippe Mathieu-Daudé]

On 4/6/24 10:32, Philippe Mathieu-Daudé wrote:
> On 16/5/24 07:09, Alistair Francis wrote:
>> On Tue, May 14, 2024 at 7:11 PM Daniel Henrique Barboza
>> <dbarboza@ventanamicro.com> wrote:
>>>
>>>
>>>
>>> On 5/13/24 23:39, Alistair Francis wrote:
>>>> When running the instruction
>>>>
>>>> ```
>>>>       cbo.flush 0(x0)
>>>> ```
>>>>
>>>> QEMU would segfault.
>>>>
>>>> The issue was in cpu_gpr[a->rs1] as QEMU does not have cpu_gpr[0]
>>>> allocated.
>>>>
>>>> In order to fix this let's use the existing get_address()
>>>> helper. This also has the benefit of performing pointer mask
>>>> calculations on the address specified in rs1.
>>>>
>>>> The pointer masking specificiation specifically states:
>>>>
>>>> """
>>>> Cache Management Operations: All instructions in Zicbom, Zicbop and 
>>>> Zicboz
>>>> """
>>>>
>>>> So this is the correct behaviour and we previously have been 
>>>> incorrectly
>>>> not masking the address.
>>>>
>>>> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
>>>> Reported-by: Fabian Thomas <fabian.thomas@cispa.de>
>>>> Fixes: e05da09b7cfd ("target/riscv: implement Zicbom extension")
> 
> Reported-by: Zhiwei Jiang (姜智伟) <jiangzw@tecorigin.com>
> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

Too late since merged as commit c5eb8d6336 ("target/riscv: rvzicbo:
Fixup CBO extension register calculation") but Cc Zhiwei Jiang to
notify it is now fixed.

>>>> ---
>>>
>>> LGTM but I wonder if this is the same fix as this one sent by Phil a 
>>> month
>>> ago or so:
>>>
>>> https://lore.kernel.org/qemu-riscv/20240419110514.69697-1-philmd@linaro.org/
>>> ("[PATCH] target/riscv: Use get_address() to get address with Zicbom 
>>> extensions")
>>
>> It is the same fix!
>>
>> I somehow missed that patch at the time. Sorry Philippe!
>>
>> I'm going to merge this one as it includes the details about pointer
>> masking, which I think is useful as that's why we are using
>> get_address() instead of get_gpr()
> 
> Fine by me :)
> 
>> Alistair
>>
>>>
>>>
>>> Thanks,
>>>
>>> Daniel
>>>
>>>>    target/riscv/insn_trans/trans_rvzicbo.c.inc | 16 ++++++++++++----
>>>>    1 file changed, 12 insertions(+), 4 deletions(-)
>