From patchwork Tue Oct 2 16:35:44 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 147998 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp5372080lji; Tue, 2 Oct 2018 09:36:01 -0700 (PDT) X-Google-Smtp-Source: ACcGV624YYDNDEbiWXQ/9JiDsTLa7iOjqAwglcmee5vFw5m4XzYppiEhRfS5hhNmhy7V0XmfV1gg X-Received: by 2002:a2e:811:: with SMTP id 17-v6mr9857452lji.140.1538498161180; Tue, 02 Oct 2018 09:36:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538498161; cv=none; d=google.com; s=arc-20160816; b=a7pL+2I6IVdB5dXu7cqA6+OrEXu8r8zwVjSmtn1TLUeVuQN/8QMkxx4J9kwAhyvenK joSn2/OwKGzG9b7gHA2bp+FnQ2wNoAZGkHQlERirN9tc6cyICvtLxZk8jZCfmcopbUbk xGvlkz+GKdJwbIHf/o4undkr22yiHXMD0lCfIGN7jw27lK1V2dvt4u789M+AM0CiNXb8 ghm99QIJ6UNY/T+DADxqX8lyd4B3ZU2st+B22Kipm94Wuy8ynIXjsymmxD4HHdwCe1+t lAoeONQZJLdVsC+sGX4tlUFcXWbrbT7X6IErI+pZtzEyqhzny44zSvAPEdaOI1ufRaZs aImQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=DEQGVTk/8Ti1oWyRhSmiY+UveKpYFbIxwggl20VUS6c=; b=ZB4icPoOePIhjNyXQcm6wX97AEF7ai09sHfijyDKSDl7PqUIMOOIjl9awBnOoJAyFD CA1P257Emz7g60ukKlkWlKPAgXY0PD1HWKWrFAy9frmkczbVuh4lubH4bw56S1lggltR L2vSBSiSXg1JJWtZlogoRgNOzGAq/P7c/+sTcKfEtbpJyPOi6dArIAArVANkIBShyb0I Y8seQyp+YY3wST0lIpZhOv8mhvjNN2vX1BrYvFmwKuKDIRlmMDeOmjS+RuDg10km/th6 tfAs7wne1m5cYI+DTVSeiSgR8dzym1xSg180h3AftygUZSd2Ep7HJESropSJtfa1kFn/ W1Rg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by mx.google.com with ESMTPS id y10-v6si14673292lja.39.2018.10.02.09.36.00 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 02 Oct 2018 09:36:00 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) client-ip=2001:8b0:1d0::2; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1g7NeR-0007GU-W0; Tue, 02 Oct 2018 17:35:59 +0100 From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Cc: patches@linaro.org Subject: [PATCH 01/13] target/arm: Define new TBFLAG for v8M stack checking Date: Tue, 2 Oct 2018 17:35:44 +0100 Message-Id: <20181002163556.10279-2-peter.maydell@linaro.org> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20181002163556.10279-1-peter.maydell@linaro.org> References: <20181002163556.10279-1-peter.maydell@linaro.org> MIME-Version: 1.0 The Arm v8M architecture includes hardware stack limit checking. When certain instructions update the stack pointer, if the new value of SP is below the limit set in the associated limit register then an exception is taken. Add a TB flag that tracks whether the limit-checking code needs to be emitted. Signed-off-by: Peter Maydell --- target/arm/cpu.h | 7 +++++++ target/arm/translate.h | 1 + target/arm/helper.c | 10 ++++++++++ target/arm/translate.c | 1 + 4 files changed, 19 insertions(+) -- 2.19.0 Reviewed-by: Richard Henderson Reviewed-by: Philippe Mathieu-Daudé diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 65c0fa0a659..d2c1d005ed7 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -1336,8 +1336,10 @@ FIELD(V7M_CCR, UNALIGN_TRP, 3, 1) FIELD(V7M_CCR, DIV_0_TRP, 4, 1) FIELD(V7M_CCR, BFHFNMIGN, 8, 1) FIELD(V7M_CCR, STKALIGN, 9, 1) +FIELD(V7M_CCR, STKOFHFNMIGN, 10, 1) FIELD(V7M_CCR, DC, 16, 1) FIELD(V7M_CCR, IC, 17, 1) +FIELD(V7M_CCR, BP, 18, 1) /* V7M SCR bits */ FIELD(V7M_SCR, SLEEPONEXIT, 1, 1) @@ -2842,6 +2844,9 @@ static inline bool arm_cpu_data_is_big_endian(CPUARMState *env) /* For M profile only, Handler (ie not Thread) mode */ #define ARM_TBFLAG_HANDLER_SHIFT 21 #define ARM_TBFLAG_HANDLER_MASK (1 << ARM_TBFLAG_HANDLER_SHIFT) +/* For M profile only, whether we should generate stack-limit checks */ +#define ARM_TBFLAG_STACKCHECK_SHIFT 22 +#define ARM_TBFLAG_STACKCHECK_MASK (1 << ARM_TBFLAG_STACKCHECK_SHIFT) /* Bit usage when in AArch64 state */ #define ARM_TBFLAG_TBI0_SHIFT 0 /* TBI0 for EL0/1 or TBI for EL2/3 */ @@ -2884,6 +2889,8 @@ static inline bool arm_cpu_data_is_big_endian(CPUARMState *env) (((F) & ARM_TBFLAG_BE_DATA_MASK) >> ARM_TBFLAG_BE_DATA_SHIFT) #define ARM_TBFLAG_HANDLER(F) \ (((F) & ARM_TBFLAG_HANDLER_MASK) >> ARM_TBFLAG_HANDLER_SHIFT) +#define ARM_TBFLAG_STACKCHECK(F) \ + (((F) & ARM_TBFLAG_STACKCHECK_MASK) >> ARM_TBFLAG_STACKCHECK_SHIFT) #define ARM_TBFLAG_TBI0(F) \ (((F) & ARM_TBFLAG_TBI0_MASK) >> ARM_TBFLAG_TBI0_SHIFT) #define ARM_TBFLAG_TBI1(F) \ diff --git a/target/arm/translate.h b/target/arm/translate.h index 45f04244be8..c1b65f3efb0 100644 --- a/target/arm/translate.h +++ b/target/arm/translate.h @@ -38,6 +38,7 @@ typedef struct DisasContext { int vec_stride; bool v7m_handler_mode; bool v8m_secure; /* true if v8M and we're in Secure mode */ + bool v8m_stackcheck; /* true if we need to perform v8M stack limit checks */ /* Immediate value in AArch32 SVC insn; must be set if is_jmp == DISAS_SWI * so that top level loop can generate correct syndrome information. */ diff --git a/target/arm/helper.c b/target/arm/helper.c index 5e721a65272..6ed8631dbee 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -12667,6 +12667,16 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc, flags |= ARM_TBFLAG_HANDLER_MASK; } + /* v8M always applies stack limit checks unless CCR.STKOFHFNMIGN is + * suppressing them because the requested execution priority is less than 0. + */ + if (arm_feature(env, ARM_FEATURE_V8) && + arm_feature(env, ARM_FEATURE_M) && + !((mmu_idx & ARM_MMU_IDX_M_NEGPRI) && + (env->v7m.ccr[env->v7m.secure] & R_V7M_CCR_STKOFHFNMIGN_MASK))) { + flags |= ARM_TBFLAG_STACKCHECK_MASK; + } + *pflags = flags; *cs_base = 0; } diff --git a/target/arm/translate.c b/target/arm/translate.c index c6a5d2ac444..751d5811cee 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -12451,6 +12451,7 @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs) dc->v7m_handler_mode = ARM_TBFLAG_HANDLER(dc->base.tb->flags); dc->v8m_secure = arm_feature(env, ARM_FEATURE_M_SECURITY) && regime_is_secure(env, dc->mmu_idx); + dc->v8m_stackcheck = ARM_TBFLAG_STACKCHECK(dc->base.tb->flags); dc->cp_regs = cpu->cp_regs; dc->features = env->features; From patchwork Tue Oct 2 16:35:45 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 147999 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp5372085lji; Tue, 2 Oct 2018 09:36:01 -0700 (PDT) X-Google-Smtp-Source: ACcGV631a35xfFviy5gtmuJJLjm7uzmGG96v6aEKFs8LUcgdBgP9Q1vYFo0AkBxuqsPibkyHOHV5 X-Received: by 2002:a5d:4d4b:: with SMTP id a11-v6mr11805865wru.40.1538498161385; Tue, 02 Oct 2018 09:36:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538498161; cv=none; d=google.com; s=arc-20160816; b=oW/zNPnnHR/hb/Idg+9agSFP3/Dd6wGh5bvEFrO1tWCcwVj+5JS7eebZ2CDojvYt/k 2MNNplGsm6M9SbTT2K+veB8zfcY/CXeLRNdspU6mM4RYQhzQgAR/UDZEZlwXAb7Zn2XM mPM80CqC7RUYtp19gRGY0aW8E7Z1Eq6LLqkF43kuUy7o5XhK5gDMabNEbSjTUKdqcyjw w/y1bacTG/t2M7W19HDWD/3193nY5GFynfQx9MzY87kEjxGZRRuaoCAbJk49yMl7vlte QQtN46E7O/uGBuoNbGFRMO1kWjErCVB3K5FciVv73WwOjTuh+DOU17VC9AR8HUeRBsOU OUjA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=T4S0xeLRiuwbo6rPdWtjgnSVqlnJWrAcCr7jy1IhKfs=; b=0W3sE0cNn7O643gMbT1QXOlAo1A40lyoIWO1iHqhy0PPe/0FSXckrrZQUr5oKPSK09 Re22ZIlWrxWO6lGEXEsG2dHJPQEyiXUDOoCht7Ty1Quc0kwQ1mYxd9fodMSKNQ+5Qdkb BijpgABeV3cxakhs7b2I6yUz2N/xD62YEZjRcd7c3tRc/5GhFyW+htFZDMzsWSN85anr eU+nd+a2kFuEnnQWRLhkFfFWnaVUCEN5SLtDfNJXkqlqBOsqkh2Q8hgFh8wipAVw3I/6 a2AgQFT27iirKAXazBXriO2x2kK+EGGiVClR109+f3bLskdv4hmuS122eKNaqN/rLRaA 41vg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by mx.google.com with ESMTPS id q12-v6si2370836wrw.84.2018.10.02.09.36.01 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 02 Oct 2018 09:36:01 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) client-ip=2001:8b0:1d0::2; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1g7NeS-0007Gj-TY; Tue, 02 Oct 2018 17:36:00 +0100 From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Cc: patches@linaro.org Subject: [PATCH 02/13] target/arm: Define new EXCP type for v8M stack overflows Date: Tue, 2 Oct 2018 17:35:45 +0100 Message-Id: <20181002163556.10279-3-peter.maydell@linaro.org> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20181002163556.10279-1-peter.maydell@linaro.org> References: <20181002163556.10279-1-peter.maydell@linaro.org> MIME-Version: 1.0 Define EXCP_STKOF, and arrange for it to cause us to take a UsageFault with CFSR.STKOF set. Signed-off-by: Peter Maydell --- target/arm/cpu.h | 2 ++ target/arm/helper.c | 5 +++++ 2 files changed, 7 insertions(+) -- 2.19.0 Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Richard Henderson diff --git a/target/arm/cpu.h b/target/arm/cpu.h index d2c1d005ed7..318792823b9 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -56,6 +56,7 @@ #define EXCP_SEMIHOST 16 /* semihosting call */ #define EXCP_NOCP 17 /* v7M NOCP UsageFault */ #define EXCP_INVSTATE 18 /* v7M INVSTATE UsageFault */ +#define EXCP_STKOF 19 /* v8M STKOF UsageFault */ /* NB: add new EXCP_ defines to the array in arm_log_exception() too */ #define ARMV7M_EXCP_RESET 1 @@ -1380,6 +1381,7 @@ FIELD(V7M_CFSR, UNDEFINSTR, 16 + 0, 1) FIELD(V7M_CFSR, INVSTATE, 16 + 1, 1) FIELD(V7M_CFSR, INVPC, 16 + 2, 1) FIELD(V7M_CFSR, NOCP, 16 + 3, 1) +FIELD(V7M_CFSR, STKOF, 16 + 4, 1) FIELD(V7M_CFSR, UNALIGNED, 16 + 8, 1) FIELD(V7M_CFSR, DIVBYZERO, 16 + 9, 1) diff --git a/target/arm/helper.c b/target/arm/helper.c index 6ed8631dbee..c303dc453f1 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -7511,6 +7511,7 @@ static void arm_log_exception(int idx) [EXCP_SEMIHOST] = "Semihosting call", [EXCP_NOCP] = "v7M NOCP UsageFault", [EXCP_INVSTATE] = "v7M INVSTATE UsageFault", + [EXCP_STKOF] = "v8M STKOF UsageFault", }; if (idx >= 0 && idx < ARRAY_SIZE(excnames)) { @@ -7666,6 +7667,10 @@ void arm_v7m_cpu_do_interrupt(CPUState *cs) armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, env->v7m.secure); env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVSTATE_MASK; break; + case EXCP_STKOF: + armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, env->v7m.secure); + env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_STKOF_MASK; + break; case EXCP_SWI: /* The PC already points to the next instruction. */ armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SVC, env->v7m.secure); From patchwork Tue Oct 2 16:35:46 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 148000 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp5372114lji; Tue, 2 Oct 2018 09:36:02 -0700 (PDT) X-Google-Smtp-Source: ACcGV60efaRC6XRk20YXf/vErm9u1Gb3ReYBIv2g2GL1veh/np5AZxHs4ScIxw4X4jOZmFThPOQt X-Received: by 2002:a1c:84cd:: with SMTP id g196-v6mr2327629wmd.38.1538498162318; Tue, 02 Oct 2018 09:36:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538498162; cv=none; d=google.com; s=arc-20160816; b=f4L3GIdUdqV6kLgrbyuf81nXCEXt8jraFWJEUTHB+DLmwuGXl2glbMLA4IzWbSy71i WAQPjf4d2otsciw92vHrYjoCiSAJT4ILTNxHABszQiJDZRye0JxwjTDVh3qM3svYjgvD dXt6F6PAWc/oqygO6nxaUVqB5xjT/csLqNC/b36mzm/L9sGd8Lfg1sURoOeLGlPLQUWl CZgF64h6IH/KKzyH03AF9B2HkJqF6YkyVjSD8sLXq/JVt5JVPHEgk3qC6m1r/l8LltKE FnxLhMLwlUKNh/7FGkTbsvvmisAIebtlUzShSLgWlIrl8kuIv5Qwyb0QRZA6F5QHmLD9 Qxuw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=Y/cK+PIlVdbSgahPwKirsSyZ0i4ZDzwJ/ZzfyA9jDMM=; b=q+EwldW2s7g9lkvHYlQ7iXzAx4hZnoQ65C8y76/u3360kzsKTInsjKicPhAzJ4ishX rRZEP7hiwwTpy9qPj+XmvAZ+7r10hvf/fAeBHQCPA5roWgpnAOpVah2gn9C3JeaF9jeO DJ3ww5tg7X82BX8e5LqJWkzBdn74miNWVP8fs3KxCKK0gRFf4rZww3GMn5HPvL3MD65B PY1hfcWQaiz8TRNy4Ssm42RingX3Qv3EMLRZ96oqzg+XduUusCaDHdZwZWO6AHjXOIQx bAsZj2epsM1zkK01ACsUat6wC2Tv+dahe6SWq1igrNR+aXg8eAM5PSTZoLgGoOdQONIi BUjw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by mx.google.com with ESMTPS id 92-v6si14101612wrq.437.2018.10.02.09.36.02 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 02 Oct 2018 09:36:02 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) client-ip=2001:8b0:1d0::2; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1g7NeT-0007Gz-Ra; Tue, 02 Oct 2018 17:36:01 +0100 From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Cc: patches@linaro.org Subject: [PATCH 03/13] target/arm: Move v7m_using_psp() to internals.h Date: Tue, 2 Oct 2018 17:35:46 +0100 Message-Id: <20181002163556.10279-4-peter.maydell@linaro.org> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20181002163556.10279-1-peter.maydell@linaro.org> References: <20181002163556.10279-1-peter.maydell@linaro.org> MIME-Version: 1.0 We're going to want v7m_using_psp() in op_helper.c in the next patch, so move it from helper.c to internals.h. Signed-off-by: Peter Maydell --- target/arm/internals.h | 15 +++++++++++++++ target/arm/helper.c | 12 ------------ 2 files changed, 15 insertions(+), 12 deletions(-) -- 2.19.0 Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Richard Henderson diff --git a/target/arm/internals.h b/target/arm/internals.h index dc9357766c9..bc4c01ccd92 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -796,4 +796,19 @@ static inline uint32_t arm_debug_exception_fsr(CPUARMState *env) } } +/** + * v7m_using_psp: Return true if using process stack pointer + * Return true if the CPU is currently using the process stack + * pointer, or false if it is using the main stack pointer. + */ +static inline bool v7m_using_psp(CPUARMState *env) +{ + /* Handler mode always uses the main stack; for thread mode + * the CONTROL.SPSEL bit determines the answer. + * Note that in v7M it is not possible to be in Handler mode with + * CONTROL.SPSEL non-zero, but in v8M it is, so we must check both. + */ + return !arm_v7m_is_handler_mode(env) && + env->v7m.control[env->v7m.secure] & R_V7M_CONTROL_SPSEL_MASK; +} #endif diff --git a/target/arm/helper.c b/target/arm/helper.c index c303dc453f1..ef8c244fb84 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -6554,18 +6554,6 @@ pend_fault: return false; } -/* Return true if we're using the process stack pointer (not the MSP) */ -static bool v7m_using_psp(CPUARMState *env) -{ - /* Handler mode always uses the main stack; for thread mode - * the CONTROL.SPSEL bit determines the answer. - * Note that in v7M it is not possible to be in Handler mode with - * CONTROL.SPSEL non-zero, but in v8M it is, so we must check both. - */ - return !arm_v7m_is_handler_mode(env) && - env->v7m.control[env->v7m.secure] & R_V7M_CONTROL_SPSEL_MASK; -} - /* Write to v7M CONTROL.SPSEL bit for the specified security bank. * This may change the current stack pointer between Main and Process * stack pointers if it is done for the CONTROL register for the current From patchwork Tue Oct 2 16:35:47 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 148001 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp5372137lji; Tue, 2 Oct 2018 09:36:03 -0700 (PDT) X-Google-Smtp-Source: ACcGV60gUQnfAVRu2hCg4lyVt3kM7bNxnyIDz8YoW4wVIidlodcIq1zuvyATAeH8+B1RLFSRt72C X-Received: by 2002:a1c:9ca:: with SMTP id 193-v6mr2558466wmj.86.1538498163341; Tue, 02 Oct 2018 09:36:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538498163; cv=none; d=google.com; s=arc-20160816; b=AOjud8bIHu03015QefX7chfIuMBV2LxkkQYZyukUISeoTGvcrvAzjjnhGG2ckJ4aSa hovsNwNoVU7Mf9wYowrxuJAsX7sCpiGe9bKUHxkqpqrhZHiYiaXgZcAraxxOA6tbraR+ i0OvhyMiXD/VuG4IktcI5d84C8MyU70WsiHYdk9FCQPGNIxlEl4Rqpp6jf69Rc1TlDtp WEybVWdbLNWnSei80ryxEgLdHT3T4Tk5JDlBRWXSbmPcJwziRFD/Qdoj8/FuRPnV/xOR 2IKmWw7mT/44XQCH1ByCUNgsfydhNpyZigA+Nx7YPyAQYQdWYeaGzJq7T+RNpdeCNIj2 hmqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=bK9kN07g9bCCmcAYVxo2Spx7XqWOSdOI4jVPunBxoCE=; b=vrRbBaLonl9JFXtXJEkonnZxZ467SEZ8JEMboshABehluRRA2MsJ1/wtpJ2EdjcOZ0 FbIuADuCFaIZ6UjfQuau6VJWR4bITBQNfuigHgl8yXCv2Nt0HsAGJleWEaT027WJwjqL b8dBI36QG3zEB0K+Q7eng2PKI6V49iwQy1m1YVJ241e6eeQPOulSCpDzXqaURs2jlUSJ FYaugdtvdNiHA3ZBKOixIpdxD3lF+EyziKC1Rqc4/uSDnQzwBBRMUxbBgPS554OJi/bV uhg2l2vsJwxN5fbOQ9ZlgPx7RCxt1pwkFqwLZyKFj3k+1mQY79p7C/EvYyR+ZzZIjRDC TQ4w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by mx.google.com with ESMTPS id m14si8019399wrx.128.2018.10.02.09.36.03 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 02 Oct 2018 09:36:03 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) client-ip=2001:8b0:1d0::2; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1g7NeU-0007HH-RJ; Tue, 02 Oct 2018 17:36:02 +0100 From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Cc: patches@linaro.org Subject: [PATCH 04/13] target/arm: Add v8M stack checks on ADD/SUB/MOV of SP Date: Tue, 2 Oct 2018 17:35:47 +0100 Message-Id: <20181002163556.10279-5-peter.maydell@linaro.org> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20181002163556.10279-1-peter.maydell@linaro.org> References: <20181002163556.10279-1-peter.maydell@linaro.org> MIME-Version: 1.0 Add code to insert calls to a helper function to do the stack limit checking when we handle these forms of instruction that write to SP: * ADD (SP plus immediate) * ADD (SP plus register) * SUB (SP minus immediate) * SUB (SP minus register) * MOV (register) Signed-off-by: Peter Maydell --- target/arm/helper.h | 2 ++ target/arm/internals.h | 14 ++++++++ target/arm/op_helper.c | 19 ++++++++++ target/arm/translate.c | 80 +++++++++++++++++++++++++++++++++++++----- 4 files changed, 106 insertions(+), 9 deletions(-) -- 2.19.0 Reviewed-by: Richard Henderson diff --git a/target/arm/helper.h b/target/arm/helper.h index 59e8c3bd1b9..8c9590091b0 100644 --- a/target/arm/helper.h +++ b/target/arm/helper.h @@ -69,6 +69,8 @@ DEF_HELPER_2(v7m_blxns, void, env, i32) DEF_HELPER_3(v7m_tt, i32, env, i32, i32) +DEF_HELPER_2(v8m_stackcheck, void, env, i32) + DEF_HELPER_4(access_check_cp_reg, void, env, ptr, i32, i32) DEF_HELPER_3(set_cp_reg, void, env, ptr, i32) DEF_HELPER_2(get_cp_reg, i32, env, ptr) diff --git a/target/arm/internals.h b/target/arm/internals.h index bc4c01ccd92..966a8131623 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -811,4 +811,18 @@ static inline bool v7m_using_psp(CPUARMState *env) return !arm_v7m_is_handler_mode(env) && env->v7m.control[env->v7m.secure] & R_V7M_CONTROL_SPSEL_MASK; } + +/** + * v7m_sp_limit: Return SP limit for current CPU state + * Return the SP limit value for the current CPU security state + * and stack pointer. + */ +static inline uint32_t v7m_sp_limit(CPUARMState *env) +{ + if (v7m_using_psp(env)) { + return env->v7m.psplim[env->v7m.secure]; + } else { + return env->v7m.msplim[env->v7m.secure]; + } +} #endif diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c index 952b8d122b7..38f885b290f 100644 --- a/target/arm/op_helper.c +++ b/target/arm/op_helper.c @@ -238,6 +238,25 @@ void arm_cpu_do_transaction_failed(CPUState *cs, hwaddr physaddr, #endif /* !defined(CONFIG_USER_ONLY) */ +void HELPER(v8m_stackcheck)(CPUARMState *env, uint32_t newvalue) +{ + /* + * Perform the v8M stack limit check for SP updates from translated code, + * raising an exception if the limit is breached. + */ + if (newvalue < v7m_sp_limit(env)) { + CPUState *cs = CPU(arm_env_get_cpu(env)); + + /* + * Stack limit exceptions are a rare case, so rather than syncing + * PC/condbits before the call, we use cpu_restore_state() to + * get them right before raising the exception. + */ + cpu_restore_state(cs, GETPC(), true); + raise_exception(env, EXCP_STKOF, 0, 1); + } +} + uint32_t HELPER(add_setq)(CPUARMState *env, uint32_t a, uint32_t b) { uint32_t res = a + b; diff --git a/target/arm/translate.c b/target/arm/translate.c index 751d5811cee..25a8fe672f5 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -239,6 +239,23 @@ static void store_reg(DisasContext *s, int reg, TCGv_i32 var) tcg_temp_free_i32(var); } +/* + * Variant of store_reg which applies v8M stack-limit checks before updating + * SP. If the check fails this will result in an exception being taken. + * We disable the stack checks for CONFIG_USER_ONLY because we have + * no idea what the stack limits should be in that case. + * If stack checking is not being done this just acts like store_reg(). + */ +static void store_sp_checked(DisasContext *s, TCGv_i32 var) +{ +#ifndef CONFIG_USER_ONLY + if (s->v8m_stackcheck) { + gen_helper_v8m_stackcheck(cpu_env, var); + } +#endif + store_reg(s, 13, var); +} + /* Value extensions. */ #define gen_uxtb(var) tcg_gen_ext8u_i32(var, var) #define gen_uxth(var) tcg_gen_ext16u_i32(var, var) @@ -10583,7 +10600,13 @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn) if (gen_thumb2_data_op(s, op, conds, 0, tmp, tmp2)) goto illegal_op; tcg_temp_free_i32(tmp2); - if (rd != 15) { + if (rd == 13 && + ((op == 2 && rn == 15) || + (op == 8 && rn == 13) || + (op == 13 && rn == 13))) { + /* MOV SP, ... or ADD SP, SP, ... or SUB SP, SP, ... */ + store_sp_checked(s, tmp); + } else if (rd != 15) { store_reg(s, rd, tmp); } else { tcg_temp_free_i32(tmp); @@ -11267,8 +11290,15 @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn) gen_jmp(s, s->pc + offset); } } else { - /* Data processing immediate. */ + /* + * 0b1111_0xxx_xxxx_0xxx_xxxx_xxxx + * - Data-processing (modified immediate, plain binary immediate) + */ if (insn & (1 << 25)) { + /* + * 0b1111_0x1x_xxxx_0xxx_xxxx_xxxx + * - Data-processing (plain binary immediate) + */ if (insn & (1 << 24)) { if (insn & (1 << 20)) goto illegal_op; @@ -11364,6 +11394,7 @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn) tmp = tcg_temp_new_i32(); tcg_gen_movi_i32(tmp, imm); } + store_reg(s, rd, tmp); } else { /* Add/sub 12-bit immediate. */ if (rn == 15) { @@ -11374,17 +11405,27 @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn) offset += imm; tmp = tcg_temp_new_i32(); tcg_gen_movi_i32(tmp, offset); + store_reg(s, rd, tmp); } else { tmp = load_reg(s, rn); if (insn & (1 << 23)) tcg_gen_subi_i32(tmp, tmp, imm); else tcg_gen_addi_i32(tmp, tmp, imm); + if (rn == 13 && rd == 13) { + /* ADD SP, SP, imm or SUB SP, SP, imm */ + store_sp_checked(s, tmp); + } else { + store_reg(s, rd, tmp); + } } } - store_reg(s, rd, tmp); } } else { + /* + * 0b1111_0x0x_xxxx_0xxx_xxxx_xxxx + * - Data-processing (modified immediate) + */ int shifter_out = 0; /* modified 12-bit immediate. */ shift = ((insn & 0x04000000) >> 23) | ((insn & 0x7000) >> 12); @@ -11426,7 +11467,11 @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn) goto illegal_op; tcg_temp_free_i32(tmp2); rd = (insn >> 8) & 0xf; - if (rd != 15) { + if (rd == 13 && rn == 13 + && (op == 8 || op == 13)) { + /* ADD(S) SP, SP, imm or SUB(S) SP, SP, imm */ + store_sp_checked(s, tmp); + } else if (rd != 15) { store_reg(s, rd, tmp); } else { tcg_temp_free_i32(tmp); @@ -11732,7 +11777,12 @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn) tmp2 = load_reg(s, rm); tcg_gen_add_i32(tmp, tmp, tmp2); tcg_temp_free_i32(tmp2); - store_reg(s, rd, tmp); + if (rd == 13) { + /* ADD SP, SP, reg */ + store_sp_checked(s, tmp); + } else { + store_reg(s, rd, tmp); + } break; case 1: /* cmp */ tmp = load_reg(s, rd); @@ -11743,7 +11793,12 @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn) break; case 2: /* mov/cpy */ tmp = load_reg(s, rm); - store_reg(s, rd, tmp); + if (rd == 13) { + /* MOV SP, reg */ + store_sp_checked(s, tmp); + } else { + store_reg(s, rd, tmp); + } break; case 3: { @@ -12071,7 +12126,10 @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn) break; case 10: - /* add to high reg */ + /* + * 0b1010_xxxx_xxxx_xxxx + * - Add PC/SP (immediate) + */ rd = (insn >> 8) & 7; if (insn & (1 << 11)) { /* SP */ @@ -12091,13 +12149,17 @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn) op = (insn >> 8) & 0xf; switch (op) { case 0: - /* adjust stack pointer */ + /* + * 0b1011_0000_xxxx_xxxx + * - ADD (SP plus immediate) + * - SUB (SP minus immediate) + */ tmp = load_reg(s, 13); val = (insn & 0x7f) * 4; if (insn & (1 << 7)) val = -(int32_t)val; tcg_gen_addi_i32(tmp, tmp, val); - store_reg(s, 13, tmp); + store_sp_checked(s, tmp); break; case 2: /* sign/zero extend. */ From patchwork Tue Oct 2 16:35:48 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 148002 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp5372174lji; Tue, 2 Oct 2018 09:36:05 -0700 (PDT) X-Google-Smtp-Source: ACcGV61AwWqf/IrfJLlXkhXbcu0bN4/xllLzCr6vi9M0stUyE0LRO92mQg/+mDeSbDiT9E1vPZ+/ X-Received: by 2002:adf:e681:: with SMTP id r1-v6mr11552371wrm.294.1538498165061; Tue, 02 Oct 2018 09:36:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538498165; cv=none; d=google.com; s=arc-20160816; b=g0oDU3Wf5MQWWTLGGrTlOJ3oIxrcWSa4CMUQanbIU6q8/dTBgiNbrkzxl5ghqVXB9t i0Oxpcw0F/SDUNhFA3LrmAMeGxajZ/LmrmY34HDTwngJ4uRoxv+hNTqaqRzAU7XixIv2 Rd3s6lmbCbnaN6LgoM50n54rLJPmXxSWWrRup1q2WpmBAOhwD6KV0jy2SR0vP0iG9eCi 5ldQ6isTuElFMiQ3ocN6qXNiML3+t/IRsq4WvWQGLy9dPHqEoWkjEykSqA4jH6LiRPsD Oj9z9IZxGGy7plAFSgHEXuoasLoOpWVzhj4TfKsVT1g7JqYL+cTup3k6KpGDkHW6wvCX cyKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=KCDU3/ohzWCYsOb4tRry/i55uImP2+JAdClztFl2B9w=; b=Y9pRzMrjAIKLXs8BMhx8SYdAUB+fmaogIzbtmikvznG3GMm3zeFJdne7jYvaRA62B3 sQhObJPHwkCHnuPlJRcqvnIIzli4ivCPkqYBjEWrXpEhSoX9hAiZK1mHmfseoN3XAEZi 3CpJd6ZvJvVMUgfDSwPYmPu5UEeIOFr64P7wxY5/+jYW3alW0cFrOfOVs4+AUtSLipYv NulPGFFxa63d7EkNmZ/aABA1jsezihKJcjW2Mj2iSCrTSWR6Ci2ZKXQakL7QauBTBSTk l696gzu2gJdzTxxDjs/p1OsRld32gE/2TiYzTGtEZvljPzfOVpHnjLakvx4oCqmVQSW0 Cqsw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by mx.google.com with ESMTPS id 35-v6si14675158wra.136.2018.10.02.09.36.04 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 02 Oct 2018 09:36:05 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) client-ip=2001:8b0:1d0::2; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1g7NeW-0007Hc-JH; Tue, 02 Oct 2018 17:36:04 +0100 From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Cc: patches@linaro.org Subject: [PATCH 05/13] target/arm: Add some comments in Thumb decode Date: Tue, 2 Oct 2018 17:35:48 +0100 Message-Id: <20181002163556.10279-6-peter.maydell@linaro.org> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20181002163556.10279-1-peter.maydell@linaro.org> References: <20181002163556.10279-1-peter.maydell@linaro.org> MIME-Version: 1.0 Add some comments to the Thumb decoder indicating what bits of the instruction have been decoded at various points in the code. This is not an exhaustive set of comments; we're gradually adding comments as we work with particular bits of the code. Signed-off-by: Peter Maydell --- Specifically, I figured these out as I was going through looking for the insns which write SP. These comments turn out not to be relevant to those instructions, but I don't want to throw them away. --- target/arm/translate.c | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) -- 2.19.0 Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Richard Henderson diff --git a/target/arm/translate.c b/target/arm/translate.c index 25a8fe672f5..fcb33b8a503 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -10623,6 +10623,10 @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn) tmp2 = load_reg(s, rm); if ((insn & 0x70) != 0) goto illegal_op; + /* + * 0b1111_1010_0xxx_xxxx_1111_xxxx_0000_xxxx: + * - MOV, MOVS (register-shifted register), flagsetting + */ op = (insn >> 21) & 3; logic_cc = (insn & (1 << 20)) != 0; gen_arm_shift_reg(tmp, op, tmp2, logic_cc); @@ -11674,7 +11678,11 @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn) rd = insn & 7; op = (insn >> 11) & 3; if (op == 3) { - /* add/subtract */ + /* + * 0b0001_1xxx_xxxx_xxxx + * - Add, subtract (three low registers) + * - Add, subtract (two low registers and immediate) + */ rn = (insn >> 3) & 7; tmp = load_reg(s, rn); if (insn & (1 << 10)) { @@ -11711,7 +11719,10 @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn) } break; case 2: case 3: - /* arithmetic large immediate */ + /* + * 0b001x_xxxx_xxxx_xxxx + * - Add, subtract, compare, move (one low register and immediate) + */ op = (insn >> 11) & 3; rd = (insn >> 8) & 0x7; if (op == 0) { /* mov */ @@ -11848,7 +11859,10 @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn) break; } - /* data processing register */ + /* + * 0b0100_00xx_xxxx_xxxx + * - Data-processing (two low registers) + */ rd = insn & 7; rm = (insn >> 3) & 7; op = (insn >> 6) & 0xf; From patchwork Tue Oct 2 16:35:49 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 148003 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp5372219lji; Tue, 2 Oct 2018 09:36:06 -0700 (PDT) X-Google-Smtp-Source: ACcGV61SJiiELbykH44GXsLuiQYM8m63eoejGoi/kZdhE1mr8rA1rkqdZzr8RhREZwws2TlPPMeq X-Received: by 2002:adf:cd8c:: with SMTP id q12-v6mr7741924wrj.171.1538498166858; Tue, 02 Oct 2018 09:36:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538498166; cv=none; d=google.com; s=arc-20160816; b=fFxlmtcZrGZotRO5CRon1niOXG6wk3brUiQjojMU2PAOEKlgIU0t54Yigc/u19NAkz WbuEZUMiA4Js/HQ6xqcJO2RN9rjRF29zlqLav6M1XFfXgkzyZIEkymQzFpIi93qI2cY8 rzwsuL7kwi6P0fRvLsVyg3OKvZ0fYsE0awq0iHHfgLHWDRp9XUiEXQnqZ9VIn5Q5A1as FJAO5UPBFeKW82jkOC41r6hqSJrDzii/xWmnNzwGjzwO+dMdq/nN3iGfpZr0lMURT0kD F9U8m4d3446pgxvwGaf8lMEDfGhrHs10XNLSI/KORZFbvfXZ0g/zZhBr+fqT5+DHEPcl lAPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=O91EmS/KQug+8B2QivklTKp4WvXfc/uIybgpQC6pHlA=; b=no7wJ3O1L3ufIDPcenf9gvZGCqpGO5v41jz0U4BbHhuNxSGRacz3L9H5MY2QkPcwq5 Mc5jy4yJbUgfBYdKmrTA8Jrw3zc+Tfegk9aziS1DrUQ+/uNQwQY0q52Dk/avlvJR1fn6 /D1RkpG6CySMxUR1LtQp4RIDp8mJCnB66xm1cGbTcNwb1PGBssyZBaQ9bqlN6ZsjMoaU BOZHZYqyf/rRiwH2BbU0ALTitGsQ30Y7fEdGro8KvwY4T0/kbFy6qfqunIALO6q7/xwS A2lf6PIHSi+R/JkUdlrxBHXnV1OkJ2/SssiLX65ey+vj1XDwFbs+mHXYK/EJzG85zGM8 ttVA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by mx.google.com with ESMTPS id a12-v6si13152446wri.399.2018.10.02.09.36.06 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 02 Oct 2018 09:36:06 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) client-ip=2001:8b0:1d0::2; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1g7NeY-0007Hr-9O; Tue, 02 Oct 2018 17:36:06 +0100 From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Cc: patches@linaro.org Subject: [PATCH 06/13] target/arm: Add v8M stack checks on exception entry Date: Tue, 2 Oct 2018 17:35:49 +0100 Message-Id: <20181002163556.10279-7-peter.maydell@linaro.org> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20181002163556.10279-1-peter.maydell@linaro.org> References: <20181002163556.10279-1-peter.maydell@linaro.org> MIME-Version: 1.0 Add checks for breaches of the v8M stack limit when the stack pointer is decremented to push the exception frame for exception entry. Note that the exception-entry case is unique in that the stack pointer is updated to be the limit value if the limit is hit (per rule R_ZLZG). Signed-off-by: Peter Maydell --- target/arm/helper.c | 54 ++++++++++++++++++++++++++++++++++++++------- 1 file changed, 46 insertions(+), 8 deletions(-) -- 2.19.0 Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Richard Henderson diff --git a/target/arm/helper.c b/target/arm/helper.c index ef8c244fb84..a10dff01a90 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -6839,6 +6839,8 @@ static bool v7m_push_callee_stack(ARMCPU *cpu, uint32_t lr, bool dotailchain, uint32_t frameptr; ARMMMUIdx mmu_idx; bool stacked_ok; + uint32_t limit; + bool want_psp; if (dotailchain) { bool mode = lr & R_V7M_EXCRET_MODE_MASK; @@ -6848,12 +6850,34 @@ static bool v7m_push_callee_stack(ARMCPU *cpu, uint32_t lr, bool dotailchain, mmu_idx = arm_v7m_mmu_idx_for_secstate_and_priv(env, M_REG_S, priv); frame_sp_p = get_v7m_sp_ptr(env, M_REG_S, mode, lr & R_V7M_EXCRET_SPSEL_MASK); + want_psp = mode && (lr & R_V7M_EXCRET_SPSEL_MASK); + if (want_psp) { + limit = env->v7m.psplim[M_REG_S]; + } else { + limit = env->v7m.msplim[M_REG_S]; + } } else { mmu_idx = core_to_arm_mmu_idx(env, cpu_mmu_index(env, false)); frame_sp_p = &env->regs[13]; + limit = v7m_sp_limit(env); } frameptr = *frame_sp_p - 0x28; + if (frameptr < limit) { + /* + * Stack limit failure: set SP to the limit value, and generate + * STKOF UsageFault. Stack pushes below the limit must not be + * performed. It is IMPDEF whether pushes above the limit are + * performed; we choose not to. + */ + qemu_log_mask(CPU_LOG_INT, + "...STKOF during callee-saves register stacking\n"); + env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_STKOF_MASK; + armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, + env->v7m.secure); + *frame_sp_p = limit; + return true; + } /* Write as much of the stack frame as we can. A write failure may * cause us to pend a derived exception. @@ -6877,10 +6901,7 @@ static bool v7m_push_callee_stack(ARMCPU *cpu, uint32_t lr, bool dotailchain, v7m_stack_write(cpu, frameptr + 0x24, env->regs[11], mmu_idx, ignore_faults); - /* Update SP regardless of whether any of the stack accesses failed. - * When we implement v8M stack limit checking then this attempt to - * update SP might also fail and result in a derived exception. - */ + /* Update SP regardless of whether any of the stack accesses failed. */ *frame_sp_p = frameptr; return !stacked_ok; @@ -7028,6 +7049,26 @@ static bool v7m_push_stack(ARMCPU *cpu) frameptr -= 0x20; + if (arm_feature(env, ARM_FEATURE_V8)) { + uint32_t limit = v7m_sp_limit(env); + + if (frameptr < limit) { + /* + * Stack limit failure: set SP to the limit value, and generate + * STKOF UsageFault. Stack pushes below the limit must not be + * performed. It is IMPDEF whether pushes above the limit are + * performed; we choose not to. + */ + qemu_log_mask(CPU_LOG_INT, + "...STKOF during stacking\n"); + env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_STKOF_MASK; + armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, + env->v7m.secure); + env->regs[13] = limit; + return true; + } + } + /* Write as much of the stack frame as we can. If we fail a stack * write this will result in a derived exception being pended * (which may be taken in preference to the one we started with @@ -7043,10 +7084,7 @@ static bool v7m_push_stack(ARMCPU *cpu) v7m_stack_write(cpu, frameptr + 24, env->regs[15], mmu_idx, false) && v7m_stack_write(cpu, frameptr + 28, xpsr, mmu_idx, false); - /* Update SP regardless of whether any of the stack accesses failed. - * When we implement v8M stack limit checking then this attempt to - * update SP might also fail and result in a derived exception. - */ + /* Update SP regardless of whether any of the stack accesses failed. */ env->regs[13] = frameptr; return !stacked_ok; From patchwork Tue Oct 2 16:35:50 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 148004 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp5372226lji; Tue, 2 Oct 2018 09:36:07 -0700 (PDT) X-Google-Smtp-Source: ACcGV60ZO93Mzdl2PM3b2QqqQZ+oLFydkJ2AxOURSGiYLY5ujB9VJNOVWr3ygNOszgZ9UUdTaF44 X-Received: by 2002:a5d:5148:: with SMTP id u8-v6mr11271778wrt.299.1538498167668; Tue, 02 Oct 2018 09:36:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538498167; cv=none; d=google.com; s=arc-20160816; b=V2X+rOkgBsYDV10Qwdg40S3Pll4SaPPaElR2/4+HeijOWtA9agIPM1K9TMdRVZLgQO YgObnP7UBkghQCBFpht+ksEYMReiqwxUXyk6TccNcT1y6fqCmLR2t69Z5QVnsAbuixEC dy0dAXDusUqFwZh8MAMIrlae6rJNwNubuSBNW/OpFRJyA+L1N8W0sDaDnGc+QPKs6BCq m9h1YWE6AOwEEEYNzGz3LRKEGP0huTyjbJZvN9p1VKfahXNl0WzyUszGir4zXRnZNaHw GqNJfVHSGWMtX81/cjxz8nrbOSL67u5ow6mbCdtvT6QxVoY96SE5rGW4HuKiTgaq7V+U 3Tuw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=zk3r9A0PCCkCYyoTknI1Wyv6k6uoizq8d9JFvlhqK9I=; b=zId5jdSYfx0SjcJAQ/+8QNWu3HrzV2H5jhc2ZqnhwNa8GPsGW4zS6h3n6g5p8QnAbm BRnUoTFSURm5eVVro0/dQVdK83lNYEC42ashqheXWrHATLgi8tkYMGriTc8Y0lXTl1yK DhXKA08J5EPT4qpfYGNsPb8TG21WHL4mArVF8l+URo2tgVJ/4RVhjIQX42IsVupAIvVc LuoECFGfRKTLlhvAgv+fqLL5ujbkyBO3/nBAPgsyLYg8U0wNXijMHnhhzgde6D7T87IS Xc+p7LnS1F71HZXWfnJvCg+gs91qvuOBLX0e/wxGjqZGt9Hzcc1QSBHTumoHb8BAYRms C7Fw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by mx.google.com with ESMTPS id j18-v6si14095191wrr.295.2018.10.02.09.36.07 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 02 Oct 2018 09:36:07 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) client-ip=2001:8b0:1d0::2; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1g7NeZ-0007I8-6o; Tue, 02 Oct 2018 17:36:07 +0100 From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Cc: patches@linaro.org Subject: [PATCH 07/13] target/arm: Add v8M stack limit checks on NS function calls Date: Tue, 2 Oct 2018 17:35:50 +0100 Message-Id: <20181002163556.10279-8-peter.maydell@linaro.org> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20181002163556.10279-1-peter.maydell@linaro.org> References: <20181002163556.10279-1-peter.maydell@linaro.org> MIME-Version: 1.0 Check the v8M stack limits when pushing the frame for a non-secure function call via BLXNS. In order to be able to generate the exception we need to promote raise_exception() from being local to op_helper.c so we can call it from helper.c. Signed-off-by: Peter Maydell --- target/arm/internals.h | 9 +++++++++ target/arm/helper.c | 4 ++++ target/arm/op_helper.c | 4 ++-- 3 files changed, 15 insertions(+), 2 deletions(-) -- 2.19.0 Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Richard Henderson diff --git a/target/arm/internals.h b/target/arm/internals.h index 966a8131623..aa124a06a9d 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -94,6 +94,15 @@ FIELD(V7M_EXCRET, RES1, 7, 25) /* including the must-be-1 prefix */ #define M_FAKE_FSR_NSC_EXEC 0xf /* NS executing in S&NSC memory */ #define M_FAKE_FSR_SFAULT 0xe /* SecureFault INVTRAN, INVEP or AUVIOL */ +/** + * raise_exception: Raise the specified exception. + * Raise a guest exception with the specified value, syndrome register + * and target exception level. This should be called from helper functions, + * and never returns because we will longjump back up to the CPU main loop. + */ +void QEMU_NORETURN raise_exception(CPUARMState *env, uint32_t excp, + uint32_t syndrome, uint32_t target_el); + /* * For AArch64, map a given EL to an index in the banked_spsr array. * Note that this mapping and the AArch32 mapping defined in bank_number() diff --git a/target/arm/helper.c b/target/arm/helper.c index a10dff01a90..074f7616272 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -6710,6 +6710,10 @@ void HELPER(v7m_blxns)(CPUARMState *env, uint32_t dest) "BLXNS with misaligned SP is UNPREDICTABLE\n"); } + if (sp < v7m_sp_limit(env)) { + raise_exception(env, EXCP_STKOF, 0, 1); + } + saved_psr = env->v7m.exception; if (env->v7m.control[M_REG_S] & R_V7M_CONTROL_SFPA_MASK) { saved_psr |= XPSR_SFPA; diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c index 38f885b290f..de0d3984ea4 100644 --- a/target/arm/op_helper.c +++ b/target/arm/op_helper.c @@ -28,8 +28,8 @@ #define SIGNBIT (uint32_t)0x80000000 #define SIGNBIT64 ((uint64_t)1 << 63) -static void raise_exception(CPUARMState *env, uint32_t excp, - uint32_t syndrome, uint32_t target_el) +void raise_exception(CPUARMState *env, uint32_t excp, + uint32_t syndrome, uint32_t target_el) { CPUState *cs = CPU(arm_env_get_cpu(env)); From patchwork Tue Oct 2 16:35:51 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 148005 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp5372253lji; Tue, 2 Oct 2018 09:36:08 -0700 (PDT) X-Google-Smtp-Source: ACcGV63nBbYTDrOd6uwjeaezdW5va9YBL+SPxuH8zc+BwDth619EmI/HefUOQckifRjcBrFDkvdC X-Received: by 2002:a1c:2dc5:: with SMTP id t188-v6mr2305835wmt.94.1538498168608; Tue, 02 Oct 2018 09:36:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538498168; cv=none; d=google.com; s=arc-20160816; b=YvP3UAF/ITB7wzst/20u5wHeYTvXuZFhK0PcGf2E9GkXgO1fEOyqjnZgykEo1X2eAy pMp/FB7JE+NcBa7AsrC2TZLOMWcFi9tIZ88hZAwaFjoAfqw7QO7hofppwt66Z2AXT5MJ N4FPtWf0gGCXtNzx/p0H2WhnrP5knoUlbHHUShz0IUcVMPnAMhX0JMzLJr21A4HGXWYO 3wnybwo1Xqb2LJhWDUUpRDJbPBlX9iaoaFW8TKu+ViSgTmqwRDfhH1KpOQRVRiVaFSvd /CxNdW1wR8XbUtaETXCPWbEbXD3l1RKEBGTAMJcdeNkYXeEXO3AW0ZCb8eiy79kblxaE NRNQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=+BBRoBKd1PzIfqZ6OzyMndwspOUn42qv//t383wrQvw=; b=pgdoGa2MQMs1cPpOImUlIWVqjE3t8cKLCfvHeRmkHvbK31UhlKy7lqNg76vTVjPZHS +cxpJD+d87jsojfFrBRAbHGHJsZpZg8vcJzoXHgwXSC/PhWKsXkePCwTQn5Kb+GcFyF4 DTHc9emrfiz+3Q/xCyXeG3jc+VLhXbXNFhQ4eeiw/VvmEAfsq97qe9KHdECs7fN/MxS9 N3daizZfdUK3NjPL/ebJnXnwSzwLqmCynjir8pK1HiumDltH5YicuF7zJm7R8/WemBEh YzMm2hEOE25wn6HDfCw+hMyT/VmMkWAkXPSIluREMKCssefqP/cYaJ7UgIW0pcLO431u fo1Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by mx.google.com with ESMTPS id k5-v6si13604731wrr.49.2018.10.02.09.36.08 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 02 Oct 2018 09:36:08 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) client-ip=2001:8b0:1d0::2; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1g7Nea-0007IO-4Y; Tue, 02 Oct 2018 17:36:08 +0100 From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Cc: patches@linaro.org Subject: [PATCH 08/13] target/arm: Add v8M stack checks for LDRD/STRD (imm) Date: Tue, 2 Oct 2018 17:35:51 +0100 Message-Id: <20181002163556.10279-9-peter.maydell@linaro.org> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20181002163556.10279-1-peter.maydell@linaro.org> References: <20181002163556.10279-1-peter.maydell@linaro.org> MIME-Version: 1.0 Add the v8M stack checks for: * LDRD (immediate) * STRD (immediate) Loads and stores are more complicated than ADD/SUB/MOV, because we must ensure that memory accesses below the stack limit are not performed, so we can't simply do the check when we actually update SP. For these instructions, if the stack limit check triggers we must not: * perform any memory access below the SP limit * update PC, SP or the load/store base register but it is IMPDEF whether we: * perform any accesses above or equal to the SP limit * update destination registers for loads For QEMU we choose to always check the limit before doing any other part of the load or store, so we won't update any registers or perform any memory accesses. It is UNKNOWN whether the limit check triggers for a load or store where the initial SP value is below the limit and one of the stores would be below the limit, but the writeback moves SP to above the limit. For QEMU we choose to trigger the check in this situation. Note that limit checks happen only for loads and stores which update SP via writeback; they do not happen for loads and stores which simply use SP as a base register. Signed-off-by: Peter Maydell --- target/arm/translate.c | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) -- 2.19.0 Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Richard Henderson diff --git a/target/arm/translate.c b/target/arm/translate.c index fcb33b8a503..c16d6075d94 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -10278,6 +10278,8 @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn) * 0b1111_1001_x11x_xxxx_xxxx_xxxx_xxxx_xxxx * - load/store dual (pre-indexed) */ + bool wback = extract32(insn, 21, 1); + if (rn == 15) { if (insn & (1 << 21)) { /* UNPREDICTABLE */ @@ -10289,8 +10291,29 @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn) addr = load_reg(s, rn); } offset = (insn & 0xff) * 4; - if ((insn & (1 << 23)) == 0) + if ((insn & (1 << 23)) == 0) { offset = -offset; + } + + if (s->v8m_stackcheck && rn == 13 && wback) { + /* + * Here 'addr' is the current SP; if offset is +ve we're + * moving SP up, else down. It is UNKNOWN whether the limit + * check triggers when SP starts below the limit and ends + * up above it; check whichever of the current and final + * SP is lower, so QEMU will trigger in that situation. + */ + if ((int32_t)offset < 0) { + TCGv_i32 newsp = tcg_temp_new_i32(); + + tcg_gen_addi_i32(newsp, addr, offset); + gen_helper_v8m_stackcheck(cpu_env, newsp); + tcg_temp_free_i32(newsp); + } else { + gen_helper_v8m_stackcheck(cpu_env, addr); + } + } + if (insn & (1 << 24)) { tcg_gen_addi_i32(addr, addr, offset); offset = 0; @@ -10314,7 +10337,7 @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn) gen_aa32_st32(s, tmp, addr, get_mem_index(s)); tcg_temp_free_i32(tmp); } - if (insn & (1 << 21)) { + if (wback) { /* Base writeback. */ tcg_gen_addi_i32(addr, addr, offset - 4); store_reg(s, rn, addr); From patchwork Tue Oct 2 16:35:52 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 148006 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp5372288lji; Tue, 2 Oct 2018 09:36:09 -0700 (PDT) X-Google-Smtp-Source: ACcGV62NpBegAd+zAx77b6LJ2ls3CHF4DKxJCRr30TOyWGIXvZAIG9w7vbiSDCpjOThzLy8AR+8K X-Received: by 2002:adf:c650:: with SMTP id u16-v6mr12284317wrg.177.1538498169830; Tue, 02 Oct 2018 09:36:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538498169; cv=none; d=google.com; s=arc-20160816; b=vHMpumuZRZZIo3WotbEUB6+5//oDZCyh7T5EsX4e28sF5Z6W+sHxWuslUN/p8fj1II J86g2D+unKej4G/tVwUIXNSqm9OZ05y8v5tC/aIju4mFhR2ADyGo5PzU4JNlbycMrH5m /ckrgd1Z2O48nB7aLqdoKV8cJa1BAPgJhY/vWd8i2j+H+Lq0Jxi4iFMBBdTLB4qPgD4r ZQl2l5GgqSZ+i7CyIsmuVFrS9zbLHBrHUZAyG6mPhOH5zcdfNd/TqWFvsl2fRQ3PshMn Ql4PQ1/zXacaNEUW7KmKs75VCl/7R2SEydncnradVakg0jJmZrtakcYLrOAUTJrCKZCc js/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=03HX9uqEH9ZbwlTK0nJ6SlQU2yDzfnQzGPlIGdcAUWA=; b=VlMKOfwm4gsrXp8V6vLWjNstQkxfXFsWbjW8cCvHfdSUzoendwWSFBk2i9V7J0ijFk 3UcvPg4Gq5+dcN8pkniK+8L8lqqsCZfURzkrBW+U6RtMW0L6jxBmd2/6kzujeZWH5/zS 5p0ub0JfhfIWoSWvC1lfq8oOfzL0faiBOeOfPeIO1OC9kCY8RyFMwzQYtO1A5Votu1/i fEN+9zKl8/ZrI+ikUZG+0h6qEuwoCE2HU7g9SjqUfSL0YeSoc+vjZrtyQrI3cYZwUCHU TM4dizENfIyv07uz1Qoy2sIv+WNoMYVkEbFKcgru5S6D51g6mh0byXUpSjz3jN+VrxD0 jVGA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by mx.google.com with ESMTPS id z74-v6si10213361wmc.51.2018.10.02.09.36.09 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 02 Oct 2018 09:36:09 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) client-ip=2001:8b0:1d0::2; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1g7Neb-0007Ie-1r; Tue, 02 Oct 2018 17:36:09 +0100 From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Cc: patches@linaro.org Subject: [PATCH 09/13] target/arm: Add v8M stack checks for Thumb2 LDM/STM Date: Tue, 2 Oct 2018 17:35:52 +0100 Message-Id: <20181002163556.10279-10-peter.maydell@linaro.org> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20181002163556.10279-1-peter.maydell@linaro.org> References: <20181002163556.10279-1-peter.maydell@linaro.org> MIME-Version: 1.0 Add the v8M stack checks for: * LDM (T2 encoding) * STM (T2 encoding) This includes the 32-bit encodings of the instructions listed in v8M ARM ARM rule R_YVWT as * LDM, LDMIA, LDMFD * LDMDB, LDMEA * POP (multiple registers) * PUSH (muliple registers) * STM, STMIA, STMEA * STMDB, STMFD We perform the stack limit before doing any other part of the load or store. Signed-off-by: Peter Maydell --- target/arm/translate.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) -- 2.19.0 Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Richard Henderson diff --git a/target/arm/translate.c b/target/arm/translate.c index c16d6075d94..3fb378a492d 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -10524,6 +10524,7 @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn) } else { int i, loaded_base = 0; TCGv_i32 loaded_var; + bool wback = extract32(insn, 21, 1); /* Load/store multiple. */ addr = load_reg(s, rn); offset = 0; @@ -10531,10 +10532,26 @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn) if (insn & (1 << i)) offset += 4; } + if (insn & (1 << 24)) { tcg_gen_addi_i32(addr, addr, -offset); } + if (s->v8m_stackcheck && rn == 13 && wback) { + /* + * If the writeback is incrementing SP rather than + * decrementing it, and the initial SP is below the + * stack limit but the final written-back SP would + * be above, then then we must not perform any memory + * accesses, but it is IMPDEF whether we generate + * an exception. We choose to do so in this case. + * At this point 'addr' is the lowest address, so + * either the original SP (if incrementing) or our + * final SP (if decrementing), so that's what we check. + */ + gen_helper_v8m_stackcheck(cpu_env, addr); + } + loaded_var = NULL; for (i = 0; i < 16; i++) { if ((insn & (1 << i)) == 0) @@ -10562,7 +10579,7 @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn) if (loaded_base) { store_reg(s, rn, loaded_var); } - if (insn & (1 << 21)) { + if (wback) { /* Base register writeback. */ if (insn & (1 << 24)) { tcg_gen_addi_i32(addr, addr, -offset); From patchwork Tue Oct 2 16:35:53 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 148007 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp5372305lji; Tue, 2 Oct 2018 09:36:10 -0700 (PDT) X-Google-Smtp-Source: ACcGV62g7TVR0qtU6hbTBHUaNedoKCNLzHmckTYZQ+oI/uKif4pAqMQwP70wXy5twkBo8Do/gote X-Received: by 2002:adf:d082:: with SMTP id y2-v6mr10891400wrh.314.1538498170554; Tue, 02 Oct 2018 09:36:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538498170; cv=none; d=google.com; s=arc-20160816; b=pd3FiSyds1nt18iUSQ9hcoGTNdjtAQjAQF1x4tg5WhqyC/XR4rRR2lhX7sHKmtP55W iPHg+RxabJ7ylWXi4XfwX4hsPJt7ZN4BSqmXj7jcw1jTqcHgwTd3MU869wF93TJDAO1J s2fIpwYjegOFPUyePZEcMn5G1df7HE8CrzzLJeo9hfo423Tx3UYcEB1yOygLeSST9dad tCWSqi30Xz9S3VXNx7n4FfbF4+dziBDW6s8iymGJ6gBVO5637N1HXOftvJxdbo2hSZZA JHpcB4uKwiFGThEYzQ7NDVNxDy/z04Ie3i3KbSkVtGeIUyybrlDiSqZwRKS4U5ve+AFr C0JQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=zaH7tS8Xp5YBtUjSSjfZRfRCMQsH7Jl5qQ10znR4+Gs=; b=lgYpGjdjE6pGGNI9CnzQ1Q6QP9FHT50zAlq5pRdnkb7JsgQ/32fMW9fW4OfTdlbM8/ 7LQUHRbRzMGK7B40e8xdiS2ge0I/7j+T4oWdi+Y0Ztw9342l6dV2HZfVvs2SvmrC5fhJ 2wKiqAQKnnXm9q2gu9zXu08PFrsBulMY2YgEmKYZF0tExQAGuTXGIpVefAILTLNjqsCZ 8J3nYUvKGJ+BDYwEvtKKmg3Rld8LsdHdy4oFAISJl2HG6S49a1Nnb9dE5XoSE7XAemMh Kd+PN5hzCUgADTx8wENQ7D74gpqy5nnCmm21US9VOla205IQYdtkt7F8fYgAAVMpp3I5 LXhw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by mx.google.com with ESMTPS id w7-v6si10373198wma.196.2018.10.02.09.36.10 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 02 Oct 2018 09:36:10 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) client-ip=2001:8b0:1d0::2; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1g7Nec-0007It-22; Tue, 02 Oct 2018 17:36:10 +0100 From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Cc: patches@linaro.org Subject: [PATCH 10/13] target/arm: Add v8M stack checks for T32 load/store single Date: Tue, 2 Oct 2018 17:35:53 +0100 Message-Id: <20181002163556.10279-11-peter.maydell@linaro.org> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20181002163556.10279-1-peter.maydell@linaro.org> References: <20181002163556.10279-1-peter.maydell@linaro.org> MIME-Version: 1.0 Add v8M stack checks for the instructions in the T32 "load/store single" encoding class: these are the "immediate pre-indexed" and "immediate, post-indexed" LDR and STR instructions. Signed-off-by: Peter Maydell --- target/arm/translate.c | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) -- 2.19.0 Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Richard Henderson diff --git a/target/arm/translate.c b/target/arm/translate.c index 3fb378a492d..65df8d6975c 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -11624,7 +11624,6 @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn) imm = -imm; /* Fall through. */ case 0xf: /* Pre-increment. */ - tcg_gen_addi_i32(addr, addr, imm); writeback = 1; break; default: @@ -11636,6 +11635,28 @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn) issinfo = writeback ? ISSInvalid : rs; + if (s->v8m_stackcheck && rn == 13 && writeback) { + /* + * Stackcheck. Here we know 'addr' is the current SP; + * if imm is +ve we're moving SP up, else down. It is + * UNKNOWN whether the limit check triggers when SP starts + * below the limit and ends up above it; we chose to do so. + */ + if ((int32_t)imm < 0) { + TCGv_i32 newsp = tcg_temp_new_i32(); + + tcg_gen_addi_i32(newsp, addr, imm); + gen_helper_v8m_stackcheck(cpu_env, newsp); + tcg_temp_free_i32(newsp); + } else { + gen_helper_v8m_stackcheck(cpu_env, addr); + } + } + + if (writeback && !postinc) { + tcg_gen_addi_i32(addr, addr, imm); + } + if (insn & (1 << 20)) { /* Load. */ tmp = tcg_temp_new_i32(); From patchwork Tue Oct 2 16:35:54 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 148008 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp5372320lji; Tue, 2 Oct 2018 09:36:11 -0700 (PDT) X-Google-Smtp-Source: ACcGV61796Sdbe/VBVfKbPzKshmv1afYQ4MVDAZqjCZu5MCKAHGjqyJTeQF34EbDXDwWH6ShCsMq X-Received: by 2002:a1c:e08a:: with SMTP id x132-v6mr2541678wmg.60.1538498171455; Tue, 02 Oct 2018 09:36:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538498171; cv=none; d=google.com; s=arc-20160816; b=hd3DdXAQQzAJL2O3IZlp++hecM/+Z05eQeHF6Xb3RH2oiEt5NeZ3mMP5idoPYkCyWY eA6I5GX1i5IRs4+XGAbQJ1wUYAJaugAdgPStjPBWxHrjqgMwE8ZmBB7clkOJR/K4VJvN oAho+gHohKHtNh0UU7+JCEFTI+oFBvnQGK9I6nn+miHpNtkE9HqWDbRgtwVmkgFz6Uao 4tXKebK6/n/Ia2LpKq1XwBr/OkpU/nbZt1mR6wMXSLdZYF0s9clFCJTbyH/whdnCQWuI ZsVviXukLmqqv8ZNdIsClk9BiZVZmysutqTikmeSeK2bM+1GjO9NLOB1HXGHRiuOwSN6 UBbg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=iLKh8aEwd8VWwHLeOK3E+Gx19VM0Ibscz1/I9o7+Kns=; b=rrF+A3YFn5YmaRXg/kr1qEmTrpX/hj7LhkDS0SZSXRj19trxbGtGUPV2VOTEAkgOYR vhSjPs6Zx0H/PPPUHMRDMdtJ62ejyH/hszPCjTr8vBABwB18gRosY5QY/OtuRbaWP+S0 2UIH6Em4u5YuK0ZJ7S6uBelJajxhsKv8lHNyHAFqqUiYn+9vnmANJHTUOv6R6g3EgZNo K4gwpa44ihA1LwlTjQjhu+fjCrTH/ulPskHAKF51OzfORQH8I9fuwKC7Wvt0/ezquBPg zyMxx/vrZl2/mZyttaswMtJ33o30e7froqPak+5pouyJyScqXGBY+JFeqB7YBlWa69PF HrxQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by mx.google.com with ESMTPS id p3-v6si10250609wrd.147.2018.10.02.09.36.11 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 02 Oct 2018 09:36:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) client-ip=2001:8b0:1d0::2; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1g7Nec-0007JB-Vn; Tue, 02 Oct 2018 17:36:10 +0100 From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Cc: patches@linaro.org Subject: [PATCH 11/13] target/arm: Add v8M stack checks for Thumb push/pop Date: Tue, 2 Oct 2018 17:35:54 +0100 Message-Id: <20181002163556.10279-12-peter.maydell@linaro.org> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20181002163556.10279-1-peter.maydell@linaro.org> References: <20181002163556.10279-1-peter.maydell@linaro.org> MIME-Version: 1.0 Add v8M stack checks for the 16-bit Thumb push/pop encodings: STMDB, STMFD, LDM, LDMIA, LDMFD. Signed-off-by: Peter Maydell --- target/arm/translate.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) -- 2.19.0 Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Richard Henderson diff --git a/target/arm/translate.c b/target/arm/translate.c index 65df8d6975c..ef64d2559de 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -12251,7 +12251,10 @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn) store_reg(s, rd, tmp); break; case 4: case 5: case 0xc: case 0xd: - /* push/pop */ + /* + * 0b1011_x10x_xxxx_xxxx + * - push/pop + */ addr = load_reg(s, 13); if (insn & (1 << 8)) offset = 4; @@ -12264,6 +12267,17 @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn) if ((insn & (1 << 11)) == 0) { tcg_gen_addi_i32(addr, addr, -offset); } + + if (s->v8m_stackcheck) { + /* + * Here 'addr' is the lower of "old SP" and "new SP"; + * if this is a pop that starts below the limit and ends + * above it, it is UNKNOWN whether the limit check triggers; + * we choose to trigger. + */ + gen_helper_v8m_stackcheck(cpu_env, addr); + } + for (i = 0; i < 8; i++) { if (insn & (1 << i)) { if (insn & (1 << 11)) { From patchwork Tue Oct 2 16:35:55 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 148009 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp5372342lji; Tue, 2 Oct 2018 09:36:12 -0700 (PDT) X-Google-Smtp-Source: ACcGV61JbpIj1q8Fpr84uUoAIyy2JlM8LI0FyYwXj9xemWI/aY5vPVKtsBVOUU/Mw8zS/n8DsTdG X-Received: by 2002:a1c:8085:: with SMTP id b127-v6mr2414814wmd.146.1538498172433; Tue, 02 Oct 2018 09:36:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538498172; cv=none; d=google.com; s=arc-20160816; b=O/NnFvS9ycZPzUWR5aKJn5qJS0K9cckN7EqdOdb6UWSKL7bH9DG96AVwn5Rtt0X/2y 1SPurVWABCOhsqCtbIDA52hCKJKnJF5gaG/YS2s7XxUT8oRf5ZYCgfUrePtYOfh6OXZz pGCZYyasFkfn9cZ+C2Nwi7B7JvIHud4Jkj5dVoKfjgI6vOMJ9HYM874IgOlJIQ0EWQQZ ksAIXm5GBoVMnCqvP5U6Dqs/hrvZsmrx1NTeCNdVVjZC9JjYg9JFasl9a4RzkITOqJ9N Jzc2HJatIhjm5FIndjD1NNUP/v/Tjb15wwra0zRMTA75VB9KGeEpPdRK2PA0/uLZ3/Vr FK3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=KBngiDfIMsZ9Ol6euspQm3ma/ei8mZ/+DGO48+2qMWU=; b=Hj69CaiSMXsRsgl0rykvO+f9hPF1pRdEkylAYwVG70iLvZ0Nnqajre8pPqCTXcMKzV 6FSvnePjFCN5gXek7FvkCF6RHJmn5VvhRDv+GgcLe+R1JTcqmf89oLoA2uQnqyuf9Cbw QRQUSL400lES74uRW7s3VCXt992aeMc2omvXxDe/CoXy1guQW7JgDZgnoc0zz8ybF8Yr rqajzVbdbufJdImavkBdERHKJCuW72RI0/szHgoChO0Pt8wThUetuZcTh2TkEwMVKd4y BwSJ3afMAqF+vfDb/WiaBa4R3O9Ra38uBJ65fwf2lgIWZ0DB59FuhFKrk/UhwzlAB72S U+dA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by mx.google.com with ESMTPS id a3-v6si3389257wrn.326.2018.10.02.09.36.12 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 02 Oct 2018 09:36:12 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) client-ip=2001:8b0:1d0::2; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1g7Ned-0007JT-Vp; Tue, 02 Oct 2018 17:36:11 +0100 From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Cc: patches@linaro.org Subject: [PATCH 12/13] target/arm: Add v8M stack checks for VLDM/VSTM Date: Tue, 2 Oct 2018 17:35:55 +0100 Message-Id: <20181002163556.10279-13-peter.maydell@linaro.org> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20181002163556.10279-1-peter.maydell@linaro.org> References: <20181002163556.10279-1-peter.maydell@linaro.org> MIME-Version: 1.0 Add the v8M stack checks for the VLDM/VSTM (aka VPUSH/VPOP) instructions. This code is currently unreachable because we haven't yet implemented M profile floating point support, but since the change is simple, we add it now because otherwise we're likely to forget to do it later. Signed-off-by: Peter Maydell --- target/arm/translate.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) -- 2.19.0 Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Richard Henderson Reviewed-by: Richard Henderson diff --git a/target/arm/translate.c b/target/arm/translate.c index ef64d2559de..2d3a1be518b 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -4229,6 +4229,18 @@ static int disas_vfp_insn(DisasContext *s, uint32_t insn) if (insn & (1 << 24)) /* pre-decrement */ tcg_gen_addi_i32(addr, addr, -((insn & 0xff) << 2)); + if (rn == 13 && w && s->v8m_stackcheck) { + /* + * Here 'addr' is the lowest address we will store to, + * and is either the old SP (if post-increment) or + * the new SP (if pre-decrement). For post-increment + * where the old value is below the limit and the new + * value is above, it is UNKNOWN whether the limit check + * triggers; we choose to trigger. + */ + gen_helper_v8m_stackcheck(cpu_env, addr); + } + if (dp) offset = 8; else From patchwork Tue Oct 2 16:35:56 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 148010 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp5372361lji; Tue, 2 Oct 2018 09:36:13 -0700 (PDT) X-Google-Smtp-Source: ACcGV61XBXHLufsHvTd3dNS32EdQmYuql4KYn94HuTLGkZ/wcEdy+pDVKxa769TsV1Bt30dQHIOA X-Received: by 2002:a1c:7508:: with SMTP id o8-v6mr397594wmc.76.1538498173322; Tue, 02 Oct 2018 09:36:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538498173; cv=none; d=google.com; s=arc-20160816; b=H/plmwykFG6QPwg0u+gkXZkmgSGeEEQs/m/KYPC+AG/wRHRp3YYPA0SNVDdPeEckiI bbzdQYQN5uPnBacfMaqwNHhHePsWErTQzamvShR+Lile86wbJQUXjMxwg6qfplGsam3p A3iTOfCQs5JPIfLSTn+DbDXJQ8wrdwT9WVpUn5UJQ5bMSVhxK7nAUE52LtluJ59Y7mlo U+ekElPylPpJnmLF7wHyJOD5y2+u5aGCO+9cKfooM8CI+74K2dZKdKGQp3gJwA0Se8x2 kOlTPhpBkgcNKraP4+8Ni1zkBEmjeO/uQQMp4rgHmUNhiHAGfke4XF5cHWPmndCOCW59 7xiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=4XDAVnbGORLRKu1DnC/E64YHEl3Ij68pMuA+OozA6pg=; b=V9zM1bC9Ud6HkgbUVm60S1h6P8n+hXOENz2+2TRQbCglJDfcKJoWabY/q3UQoK5vul uyJmteiS8ZrcXs3CVx4NmEq0K4gS68g12rYg7B1nph+IlCn1GoSN0PYaD8Z4+m4JLxdI QqPY4Ukr7ArjVgzttTgwmaJwRnPb864ZL3CAnh0jcduEhB5G1BBGhpWZ4ZJgVUeYPSJi O7teC+E2W2Qzau9OC1Fj+/NWwP8DoKoMOm3ujNsrECMn9GnBszKlz+tbmoEkfrYuB3gG CxInDDLohcsWUEV7gD9e+Q4XMf8R/kgT4cl2oTVUa1blAI6d+MF65OZoUxCJvBKeY/HE pX9A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by mx.google.com with ESMTPS id q8-v6si10483974wrv.36.2018.10.02.09.36.13 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 02 Oct 2018 09:36:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) client-ip=2001:8b0:1d0::2; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1g7Nee-0007Jk-Sl; Tue, 02 Oct 2018 17:36:12 +0100 From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Cc: patches@linaro.org Subject: [PATCH 13/13] target/arm: Add v8M stack checks for MSR to SP_NS Date: Tue, 2 Oct 2018 17:35:56 +0100 Message-Id: <20181002163556.10279-14-peter.maydell@linaro.org> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20181002163556.10279-1-peter.maydell@linaro.org> References: <20181002163556.10279-1-peter.maydell@linaro.org> MIME-Version: 1.0 Updating the NS stack pointer via MSR to SP_NS should include a check whether the new SP value is below the stack limit. No other kinds of update to the various stack pointer and limit registers via MSR should perform a check. Signed-off-by: Peter Maydell --- target/arm/helper.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) -- 2.19.0 Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Richard Henderson diff --git a/target/arm/helper.c b/target/arm/helper.c index 074f7616272..712828674fa 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -10963,11 +10963,23 @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val) * currently in handler mode or not, using the NS CONTROL.SPSEL. */ bool spsel = env->v7m.control[M_REG_NS] & R_V7M_CONTROL_SPSEL_MASK; + bool is_psp = !arm_v7m_is_handler_mode(env) && spsel; + uint32_t limit; if (!env->v7m.secure) { return; } - if (!arm_v7m_is_handler_mode(env) && spsel) { + + limit = is_psp ? env->v7m.psplim[false] : env->v7m.msplim[false]; + + if (val < limit) { + CPUState *cs = CPU(arm_env_get_cpu(env)); + + cpu_restore_state(cs, GETPC(), true); + raise_exception(env, EXCP_STKOF, 0, 1); + } + + if (is_psp) { env->v7m.other_ss_psp = val; } else { env->v7m.other_ss_msp = val;