From patchwork Fri Nov 6 03:29:12 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Henderson X-Patchwork-Id: 320753 Delivered-To: patch@linaro.org Received: by 2002:a92:7b12:0:0:0:0:0 with SMTP id w18csp983676ilc; Thu, 5 Nov 2020 19:46:47 -0800 (PST) X-Google-Smtp-Source: ABdhPJwiu1qo3YsvNf9f6KRhy72uatcDer5fzQwenWE72J2HVnaYUqjcCf/44KfPaino72iSNVG6 X-Received: by 2002:a25:760c:: with SMTP id r12mr292929ybc.420.1604634407060; Thu, 05 Nov 2020 19:46:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1604634407; cv=none; d=google.com; s=arc-20160816; b=iUBHEy0Vf985I9UFVStF/W888w0GE0JeY+wZBDVK8yw8Sy7s3AeCBAYQaO5yk5SuUM RxXGjgWqCD0Qla3npvpQj/GqAxtykeq3iNoa51t7kiOoYkvdJfsJCPeMveYk0Su+vqWF cMzRL9j6fcn37DEa7tSKaabO71G/gaQPuMa717D3qpXza8u3Jsn39fkAOdwkZ00nPi0u a+2J0u94CNQyuZrZ2i0md/VLDC5fFp5K0cXIkKT+zFciaDzgcpgsGnV60dYlTm1qMfED yGa+0vR9PE++U8lTbmPNSaRGbYLxzuwKd1nUK0IGcxov6/WvGn7Fe5chGO6Qif2eKqE3 u2RA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:to:from :dkim-signature; bh=cOhvs0ghq8muGX3iEeRtFXrjJiLy3u5yfl5gf+ftseU=; b=KBjlTfQkX5u0JgReR0gMSgx3ByU6Oab9+wSepI/6+YYtQ+fA91uR54BiN3yH1QZhZf zwbjaP8GGqhY73daZNeRlT54RUkfVDIKdpRZptu1CF6EiNrYRKnfgQsvie6jDCN7Hj8y bbJLG6PAumUS8O8k+7dMXleYTY7ISFQAZ5IE9163VOQMsqFnqhd2S+xReQ1WSIl+QBki Inot0KTale1j+jqN5U1YuhN/WfpY3MCva8BOFUPDH3rHFwsvwmzou2+0xyr4BxIv5NTV 7Sm7vtZGRJGSULAJxE/yhu1D4f6jvRHzoz7oVsS1t8xcqtSOzCXUSQiMTATT+vtXU6gB seOQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=AvQTND5a; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id p186si3427536ybp.41.2020.11.05.19.46.47 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 05 Nov 2020 19:46:47 -0800 (PST) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=AvQTND5a; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:52198 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kasi6-0005BS-HY for patch@linaro.org; Thu, 05 Nov 2020 22:46:46 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:47322) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kasSE-0005f2-UU for qemu-devel@nongnu.org; Thu, 05 Nov 2020 22:30:22 -0500 Received: from mail-pl1-x643.google.com ([2607:f8b0:4864:20::643]:37255) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kasSC-0007D0-7f for qemu-devel@nongnu.org; Thu, 05 Nov 2020 22:30:22 -0500 Received: by mail-pl1-x643.google.com with SMTP id b12so27295plr.4 for ; Thu, 05 Nov 2020 19:30:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=cOhvs0ghq8muGX3iEeRtFXrjJiLy3u5yfl5gf+ftseU=; b=AvQTND5azXdlgOoPmrY31+7AmHD68NiGIyZQgKjqvWWgpHgP0f0RI7osvKzOW0CjsG f5zk+kp7LDbMDJHpVNVrHnCpBuatpRjAXgSG5V216x8NjAQAzlufKjYxwTYfnuffhZ3f AotgP2Miv0ARh8Y1WlbEw/FLrSamV2EIpnibq/9LfGFpaM1c/ZAWsgk6P2HRS36NO6Ba jmSi+obGeWixJ01EtAewe0jX/78znceIIRJx1aerclDlkczaJZXxBOYveU099H1JD/7j W9Ovk3N/aYUtu2sjF1aeTl6BwXC0SQ/aoA9+THxCDq4DPwsPnf7Zdqrux3HmQh6xESfK LtdA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=cOhvs0ghq8muGX3iEeRtFXrjJiLy3u5yfl5gf+ftseU=; b=E97VyvN/cGt/HRYFIfPANH2ZEgQ5m21YW7yP2ZQmbc505FGmZ44zyNVUm3VL6a/hPL WBQsbmJRzsEr78mef4LyoOOJuC9QqHLSg/r7XaYweJ2d02cBfZ2pKuH2Xy2x5L6P8cF4 96609QoE4K98vMePhlRs6ouB5UcDmDb1GQleoqM47QXEvq893MYiBAMsuYt5io1SkTZV jZ/nuRyy/bmDiNpXR6eZdqnbW+ElTHkhjGVpMie/k31Cy2vx5ZfjudnRFLc4bEwuOFi0 PEWWC/RNHCI6siuZs6v6MvvC5DhC3jD2jyoCuJZk+NuL7sVUO+R3+4ddTvOsOpp1kwS8 R6Lw== X-Gm-Message-State: AOAM531tCOBwzojXRsyr7USItiFeutxqd7pfdaHmwhlTo/IWU0sEyboq 0YdfdRNVR+ibdvSclc7CO1Pf5nOQvgn4JA== X-Received: by 2002:a17:902:ab89:b029:d5:b297:2cc1 with SMTP id f9-20020a170902ab89b02900d5b2972cc1mr121527plr.7.1604633408196; Thu, 05 Nov 2020 19:30:08 -0800 (PST) Received: from localhost.localdomain (76-14-210-194.or.wavecable.com. [76.14.210.194]) by smtp.gmail.com with ESMTPSA id i10sm40773pfd.60.2020.11.05.19.30.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 05 Nov 2020 19:30:07 -0800 (PST) From: Richard Henderson To: qemu-devel@nongnu.org Subject: [PATCH v3 32/41] tcg/riscv: Fix branch range checks Date: Thu, 5 Nov 2020 19:29:12 -0800 Message-Id: <20201106032921.600200-33-richard.henderson@linaro.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20201106032921.600200-1-richard.henderson@linaro.org> References: <20201106032921.600200-1-richard.henderson@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::643; envelope-from=richard.henderson@linaro.org; helo=mail-pl1-x643.google.com X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache. That's all we know. X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: j@getutm.app Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" The offset even checks were folded into the range check incorrectly. By offsetting by 1, and not decrementing the width, we silently allowed out of range branches. Assert that the offset is always even instead. Move tcg_out_goto down into the CONFIG_SOFTMMU block so that it is not unused. Signed-off-by: Richard Henderson --- tcg/riscv/tcg-target.c.inc | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) -- 2.25.1 diff --git a/tcg/riscv/tcg-target.c.inc b/tcg/riscv/tcg-target.c.inc index 025e3cd0bb..195c3eff03 100644 --- a/tcg/riscv/tcg-target.c.inc +++ b/tcg/riscv/tcg-target.c.inc @@ -429,7 +429,8 @@ static bool reloc_sbimm12(tcg_insn_unit *code_ptr, tcg_insn_unit *target) { intptr_t offset = (intptr_t)target - (intptr_t)code_ptr; - if (offset == sextreg(offset, 1, 12) << 1) { + tcg_debug_assert((offset & 1) == 0); + if (offset == sextreg(offset, 0, 12)) { code_ptr[0] |= encode_sbimm12(offset); return true; } @@ -441,7 +442,8 @@ static bool reloc_jimm20(tcg_insn_unit *code_ptr, tcg_insn_unit *target) { intptr_t offset = (intptr_t)target - (intptr_t)code_ptr; - if (offset == sextreg(offset, 1, 20) << 1) { + tcg_debug_assert((offset & 1) == 0); + if (offset == sextreg(offset, 0, 20)) { code_ptr[0] |= encode_ujimm20(offset); return true; } @@ -854,28 +856,21 @@ static void tcg_out_setcond2(TCGContext *s, TCGCond cond, TCGReg ret, g_assert_not_reached(); } -static inline void tcg_out_goto(TCGContext *s, tcg_insn_unit *target) -{ - ptrdiff_t offset = tcg_pcrel_diff(s, target); - tcg_debug_assert(offset == sextreg(offset, 1, 20) << 1); - tcg_out_opc_jump(s, OPC_JAL, TCG_REG_ZERO, offset); -} - static void tcg_out_call_int(TCGContext *s, const tcg_insn_unit *arg, bool tail) { TCGReg link = tail ? TCG_REG_ZERO : TCG_REG_RA; ptrdiff_t offset = tcg_pcrel_diff(s, arg); int ret; - if (offset == sextreg(offset, 1, 20) << 1) { + tcg_debug_assert((offset & 1) == 0); + if (offset == sextreg(offset, 0, 20)) { /* short jump: -2097150 to 2097152 */ tcg_out_opc_jump(s, OPC_JAL, link, offset); - } else if (TCG_TARGET_REG_BITS == 32 || - offset == sextreg(offset, 1, 31) << 1) { + } else if (TCG_TARGET_REG_BITS == 32 || offset == (int32_t)offset) { /* long jump: -2147483646 to 2147483648 */ tcg_out_opc_upper(s, OPC_AUIPC, TCG_REG_TMP0, 0); tcg_out_opc_imm(s, OPC_JALR, link, TCG_REG_TMP0, 0); - ret = reloc_call(s->code_ptr - 2, arg);\ + ret = reloc_call(s->code_ptr - 2, arg); tcg_debug_assert(ret == true); } else if (TCG_TARGET_REG_BITS == 64) { /* far jump: 64-bit */ @@ -962,6 +957,13 @@ QEMU_BUILD_BUG_ON(TCG_TARGET_REG_BITS < TARGET_LONG_BITS); QEMU_BUILD_BUG_ON(TLB_MASK_TABLE_OFS(0) > 0); QEMU_BUILD_BUG_ON(TLB_MASK_TABLE_OFS(0) < -(1 << 11)); +static void tcg_out_goto(TCGContext *s, tcg_insn_unit *target) +{ + tcg_out_opc_jump(s, OPC_JAL, TCG_REG_ZERO, 0); + bool ok = reloc_jimm20(s->code_ptr - 1, target); + tcg_debug_assert(ok); +} + static void tcg_out_tlb_load(TCGContext *s, TCGReg addrl, TCGReg addrh, TCGMemOpIdx oi, tcg_insn_unit **label_ptr, bool is_load)