From: Peter Maydell <peter.maydell@linaro.org>
To: "Alex Bennée" <alex.bennee@linaro.org>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Peter Crosthwaite" <crosthwaite.peter@gmail.com>,
"QEMU Developers" <qemu-devel@nongnu.org>,
"Richard Henderson" <rth@twiddle.net>
Subject: Re: [Qemu-devel] [PATCH v9 04/26] target: [tcg] Add generic translation framework
Date: Mon, 26 Jun 2017 19:21:45 +0100 [thread overview]
Message-ID: <CAFEAcA99y-RL4KtXHmuotsXSRuthWNsmVC-f8WZV2Zc2LJtfUg@mail.gmail.com> (raw)
In-Reply-To: <878tke9al6.fsf@frigg.lan>
On 26 June 2017 at 13:50, Lluís Vilanova <vilanova@ac.upc.edu> wrote:
> Not that I've seen (at the level of the translation loop). Now I wonder if QEMU
> w/ TCG has a bug that lets it successfully execute instructions that cross page
> boundaries, one of them with invalid permissions (haven't checked).
ARM takes care to get this right -- we stop the TB if the next
insn is going to span the page boundary (or in some corner cases
merely if we think it might span the boundary, because if we guess
wrong that way round the worst that happens is an unnecessarily
short TB). Then the next TB will get the prefetch abort in the right
place if the next page is inaccessible (we will longjump out
of the translate.c code when we attempt the arm_lduw_code for
the 2nd half of the insn). This was fixed in commit 541ebcd401ee4.
The key thing is:
* first insn in TB: read all its bytes (may result in longjump)
* subsequent insns in same TB: don't even try to read bytes
which aren't in pages already known to be safe because of
having dealt with the first insn (longjump will result in a
fault with the wrong address)
x86 definitely gets this totally wrong. I would be unsurprised
to find that other variable-length-insn targets do too.
> What I can say is that this check is a very weak one (but common to all
> targets), and that targets like i386 and arm need to refine it further in the
> target-specific code. In fact, now I suspect all targets will need to refine it,
> so it probably makes sense to simply drop this generic check and burden all
> targets with handling it.
For targets which can never have instructions that cross the
page boundary, the only requirement is that we do not attempt
to fetch an instruction from a page other than the one we
started on (otherwise we will cause a spurious instruction
fetch abort).
The simple test program I used to test Thumb
page-boundary crossing instructions is here:
http://people.linaro.org/~peter.maydell/thumb-over-page.c
The signal handler it installs prints the r0 and pc values
reported to the handler so you can check the correct insns
executed and the reported PC was right. Works in linux-user
mode and also system mode (you'll need to sort out your own
guest kernel and filesystem).
thanks
-- PMM
next prev parent reply other threads:[~2017-06-26 18:22 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-25 8:43 [Qemu-devel] [RFC PATCH v9 00/26] translate: [tcg] Generic translation framework Lluís Vilanova
2017-06-25 8:47 ` [Qemu-devel] [PATCH v9 01/26] Pass generic CPUState to gen_intermediate_code() Lluís Vilanova
2017-06-26 10:04 ` [Qemu-devel] [PATCH] fixup! " Alex Bennée
2017-06-26 12:37 ` Lluís Vilanova
2017-06-26 17:50 ` [Qemu-devel] [PATCH v9 01/26] " Emilio G. Cota
2017-06-25 8:51 ` [Qemu-devel] [PATCH v9 02/26] queue: Add macro for incremental traversal Lluís Vilanova
2017-06-25 8:55 ` [Qemu-devel] [PATCH v9 03/26] cpu-exec: Avoid global variables in icount-related functions Lluís Vilanova
2017-06-26 17:53 ` Emilio G. Cota
2017-06-25 8:59 ` [Qemu-devel] [PATCH v9 04/26] target: [tcg] Add generic translation framework Lluís Vilanova
2017-06-26 10:14 ` Alex Bennée
2017-06-26 12:50 ` Lluís Vilanova
2017-06-26 18:21 ` Peter Maydell [this message]
2017-06-27 3:22 ` Richard Henderson
2017-06-27 9:23 ` Peter Maydell
2017-06-27 2:47 ` Richard Henderson
2017-06-26 17:57 ` Emilio G. Cota
2017-06-26 18:12 ` Emilio G. Cota
2017-06-27 11:32 ` Lluís Vilanova
2017-06-27 2:39 ` Richard Henderson
2017-06-27 15:41 ` Lluís Vilanova
2017-06-25 9:03 ` [Qemu-devel] [PATCH v9 05/26] target: [tcg] Redefine DISAS_* onto the generic translation framework (DJ_*) Lluís Vilanova
2017-06-26 11:28 ` [Qemu-devel] [PATCH] maybe fixup! " Alex Bennée
2017-06-26 18:05 ` [Qemu-devel] [PATCH v9 05/26] " Emilio G. Cota
2017-06-25 9:07 ` [Qemu-devel] [PATCH v9 06/26] target: [tcg, i386] Port to DisasContextBase Lluís Vilanova
2017-06-26 18:14 ` Emilio G. Cota
2017-06-28 11:23 ` Lluís Vilanova
2017-06-29 21:50 ` Emilio G. Cota
2017-06-25 9:12 ` [Qemu-devel] [PATCH v9 07/26] target: [tcg, i386] Refactor init_disas_context Lluís Vilanova
2017-06-27 2:57 ` Richard Henderson
2017-06-27 6:07 ` Lluís Vilanova
2017-06-25 9:16 ` [Qemu-devel] [PATCH v9 08/26] target: [tcg, i386] Refactor init_globals Lluís Vilanova
2017-06-25 9:20 ` [Qemu-devel] [PATCH v9 09/26] target: [tcg, i386] Refactor insn_start Lluís Vilanova
2017-06-25 9:24 ` [Qemu-devel] [PATCH v9 10/26] target: [tcg, i386] Refactor breakpoint_check Lluís Vilanova
2017-06-25 9:28 ` [Qemu-devel] [PATCH v9 11/26] target: [tcg, i386] Refactor disas_insn Lluís Vilanova
2017-06-25 9:32 ` [Qemu-devel] [PATCH v9 12/26] target: [tcg,i386] Refactor tb_stop Lluís Vilanova
2017-06-25 9:36 ` [Qemu-devel] [PATCH v9 13/26] target: [tcg, i386] Refactor disas_flags Lluís Vilanova
2017-06-25 9:40 ` [Qemu-devel] [PATCH v9 14/26] target: [tcg, i386] Replace DISAS_* with DJ_* Lluís Vilanova
2017-06-25 9:48 ` [Qemu-devel] [PATCH v9 16/26] target: [tcg, arm] " Lluís Vilanova
2017-06-26 18:08 ` Emilio G. Cota
2017-06-25 9:52 ` [Qemu-devel] [PATCH v9 17/26] target: [tcg, arm] Port to DisasContextBase Lluís Vilanova
2017-06-25 9:56 ` [Qemu-devel] [PATCH v9 18/26] target: [tcg, arm] Port to init_disas_context Lluís Vilanova
2017-06-25 10:00 ` [Qemu-devel] [PATCH v9 19/26] target: [tcg, arm] Port to init_globals Lluís Vilanova
2017-06-25 10:04 ` [Qemu-devel] [PATCH v9 20/26] target: [tcg,arm] Port to tb_start Lluís Vilanova
2017-06-25 10:08 ` [Qemu-devel] [PATCH v9 21/26] target: [tcg, arm] Port to insn_start Lluís Vilanova
2017-06-26 11:31 ` Alex Bennée
2017-06-27 3:33 ` Richard Henderson
2017-06-28 11:48 ` Lluís Vilanova
2017-06-25 10:12 ` [Qemu-devel] [PATCH v9 22/26] target: [tcg, arm] Port to breakpoint_check Lluís Vilanova
2017-06-25 10:16 ` [Qemu-devel] [PATCH v9 23/26] target: [tcg, arm] Port to disas_insn Lluís Vilanova
2017-06-25 10:20 ` [Qemu-devel] [PATCH v9 24/26] target: [tcg,arm] Port to tb_stop Lluís Vilanova
2017-06-25 10:24 ` [Qemu-devel] [PATCH v9 25/26] target: [tcg, arm] Port to disas_flags Lluís Vilanova
2017-06-25 10:28 ` [Qemu-devel] [PATCH v9 26/26] target: [tcg, arm] Port to generic translation framework Lluís Vilanova
2017-06-27 3:47 ` Richard Henderson
2017-06-26 11:34 ` [Qemu-devel] [RFC PATCH v9 00/26] translate: [tcg] Generic " Alex Bennée
2017-06-26 13:02 ` Lluís Vilanova
2017-06-27 3:00 ` Eric Blake
2017-06-27 12:23 ` Lluís Vilanova
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFEAcA99y-RL4KtXHmuotsXSRuthWNsmVC-f8WZV2Zc2LJtfUg@mail.gmail.com \
--to=peter.maydell@linaro.org \
--cc=alex.bennee@linaro.org \
--cc=crosthwaite.peter@gmail.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=rth@twiddle.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).