| Message ID | 20250504205714.3432096-4-richard.henderson@linaro.org |
|---|---|
| State | New |
| Headers | show |
| Series | accel/tcg: Fix cross-page pointer wrapping issue | expand |
On 4/5/25 22:57, Richard Henderson wrote: > M68K, MicroBlaze, OpenRISC, RX, TriCore and Xtensa are > all 32-bit targets. AVR is more complicated, but using > a 32-bit wrap preserves current behaviour. > > Cc: Michael Rolnik <mrolnik@gmail.com> > Cc: Laurent Vivier <laurent@vivier.eu> > Cc: Edgar E. Iglesias <edgar.iglesias@gmail.com> > Cc: Stafford Horne <shorne@gmail.com> > Cc: Yoshinori Sato <ysato@users.sourceforge.jp> > Cc: Bastian Koppelmann <kbastian@mail.uni-paderborn.de> > Cc: Max Filippov <jcmvbkbc@gmail.com> > Signed-off-by: Richard Henderson <richard.henderson@linaro.org> > --- > include/accel/tcg/cpu-ops.h | 1 + > accel/tcg/cputlb.c | 6 ++++++ > target/avr/cpu.c | 6 ++++++ > target/m68k/cpu.c | 1 + > target/microblaze/cpu.c | 1 + > target/openrisc/cpu.c | 1 + > target/rx/cpu.c | 1 + > target/tricore/cpu.c | 1 + > target/xtensa/cpu.c | 1 + > 9 files changed, 19 insertions(+) Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
On Sun, May 04, 2025 at 01:57:04PM -0700, Richard Henderson wrote: > M68K, MicroBlaze, OpenRISC, RX, TriCore and Xtensa are > all 32-bit targets. AVR is more complicated, but using > a 32-bit wrap preserves current behaviour. > > Cc: Michael Rolnik <mrolnik@gmail.com> > Cc: Laurent Vivier <laurent@vivier.eu> > Cc: Edgar E. Iglesias <edgar.iglesias@gmail.com> > Cc: Stafford Horne <shorne@gmail.com> > Cc: Yoshinori Sato <ysato@users.sourceforge.jp> > Cc: Bastian Koppelmann <kbastian@mail.uni-paderborn.de> > Cc: Max Filippov <jcmvbkbc@gmail.com> > Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com> > --- > include/accel/tcg/cpu-ops.h | 1 + > accel/tcg/cputlb.c | 6 ++++++ > target/avr/cpu.c | 6 ++++++ > target/m68k/cpu.c | 1 + > target/microblaze/cpu.c | 1 + > target/openrisc/cpu.c | 1 + > target/rx/cpu.c | 1 + > target/tricore/cpu.c | 1 + > target/xtensa/cpu.c | 1 + > 9 files changed, 19 insertions(+) > > diff --git a/include/accel/tcg/cpu-ops.h b/include/accel/tcg/cpu-ops.h > index 4f3b4fd3bc..dd8ea30016 100644 > --- a/include/accel/tcg/cpu-ops.h > +++ b/include/accel/tcg/cpu-ops.h > @@ -326,6 +326,7 @@ int cpu_watchpoint_address_matches(CPUState *cpu, vaddr addr, vaddr len); > * Common pointer_wrap implementations. > */ > vaddr cpu_pointer_wrap_notreached(CPUState *, int, vaddr, vaddr); > +vaddr cpu_pointer_wrap_uint32(CPUState *, int, vaddr, vaddr); > > #endif > > diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c > index 75cd875948..022d555f48 100644 > --- a/accel/tcg/cputlb.c > +++ b/accel/tcg/cputlb.c > @@ -2945,3 +2945,9 @@ vaddr cpu_pointer_wrap_notreached(CPUState *cs, int idx, vaddr res, vaddr base) > { > g_assert_not_reached(); > } > + > +/* To be used for strict 32-bit targets. */ > +vaddr cpu_pointer_wrap_uint32(CPUState *cs, int idx, vaddr res, vaddr base) > +{ > + return (uint32_t)res; > +} > diff --git a/target/avr/cpu.c b/target/avr/cpu.c > index 250241541b..6995de6a12 100644 > --- a/target/avr/cpu.c > +++ b/target/avr/cpu.c > @@ -250,6 +250,12 @@ static const TCGCPUOps avr_tcg_ops = { > .cpu_exec_reset = cpu_reset, > .tlb_fill = avr_cpu_tlb_fill, > .do_interrupt = avr_cpu_do_interrupt, > + /* > + * TODO: code and data wrapping are different, but for the most part > + * AVR only references bytes or aligned code fetches. But we use > + * non-aligned MO_16 accesses for stack push/pop. > + */ > + .pointer_wrap = cpu_pointer_wrap_uint32, > }; > > static void avr_cpu_class_init(ObjectClass *oc, const void *data) > diff --git a/target/m68k/cpu.c b/target/m68k/cpu.c > index c5196a612e..6a09db3a6f 100644 > --- a/target/m68k/cpu.c > +++ b/target/m68k/cpu.c > @@ -619,6 +619,7 @@ static const TCGCPUOps m68k_tcg_ops = { > > #ifndef CONFIG_USER_ONLY > .tlb_fill = m68k_cpu_tlb_fill, > + .pointer_wrap = cpu_pointer_wrap_uint32, > .cpu_exec_interrupt = m68k_cpu_exec_interrupt, > .cpu_exec_halt = m68k_cpu_has_work, > .cpu_exec_reset = cpu_reset, > diff --git a/target/microblaze/cpu.c b/target/microblaze/cpu.c > index d069e40e70..5eff1610c2 100644 > --- a/target/microblaze/cpu.c > +++ b/target/microblaze/cpu.c > @@ -449,6 +449,7 @@ static const TCGCPUOps mb_tcg_ops = { > > #ifndef CONFIG_USER_ONLY > .tlb_fill = mb_cpu_tlb_fill, > + .pointer_wrap = cpu_pointer_wrap_uint32, > .cpu_exec_interrupt = mb_cpu_exec_interrupt, > .cpu_exec_halt = mb_cpu_has_work, > .cpu_exec_reset = cpu_reset, > diff --git a/target/openrisc/cpu.c b/target/openrisc/cpu.c > index 054ad33360..dfbb2df643 100644 > --- a/target/openrisc/cpu.c > +++ b/target/openrisc/cpu.c > @@ -265,6 +265,7 @@ static const TCGCPUOps openrisc_tcg_ops = { > > #ifndef CONFIG_USER_ONLY > .tlb_fill = openrisc_cpu_tlb_fill, > + .pointer_wrap = cpu_pointer_wrap_uint32, > .cpu_exec_interrupt = openrisc_cpu_exec_interrupt, > .cpu_exec_halt = openrisc_cpu_has_work, > .cpu_exec_reset = cpu_reset, > diff --git a/target/rx/cpu.c b/target/rx/cpu.c > index 36eba75545..c6dd5d6f83 100644 > --- a/target/rx/cpu.c > +++ b/target/rx/cpu.c > @@ -225,6 +225,7 @@ static const TCGCPUOps rx_tcg_ops = { > .restore_state_to_opc = rx_restore_state_to_opc, > .mmu_index = rx_cpu_mmu_index, > .tlb_fill = rx_cpu_tlb_fill, > + .pointer_wrap = cpu_pointer_wrap_uint32, > > .cpu_exec_interrupt = rx_cpu_exec_interrupt, > .cpu_exec_halt = rx_cpu_has_work, > diff --git a/target/tricore/cpu.c b/target/tricore/cpu.c > index e56f90fde9..4f035b6f76 100644 > --- a/target/tricore/cpu.c > +++ b/target/tricore/cpu.c > @@ -190,6 +190,7 @@ static const TCGCPUOps tricore_tcg_ops = { > .restore_state_to_opc = tricore_restore_state_to_opc, > .mmu_index = tricore_cpu_mmu_index, > .tlb_fill = tricore_cpu_tlb_fill, > + .pointer_wrap = cpu_pointer_wrap_uint32, > .cpu_exec_interrupt = tricore_cpu_exec_interrupt, > .cpu_exec_halt = tricore_cpu_has_work, > .cpu_exec_reset = cpu_reset, > diff --git a/target/xtensa/cpu.c b/target/xtensa/cpu.c > index 91b71b6caa..ea9b6df3aa 100644 > --- a/target/xtensa/cpu.c > +++ b/target/xtensa/cpu.c > @@ -318,6 +318,7 @@ static const TCGCPUOps xtensa_tcg_ops = { > > #ifndef CONFIG_USER_ONLY > .tlb_fill = xtensa_cpu_tlb_fill, > + .pointer_wrap = cpu_pointer_wrap_uint32, > .cpu_exec_interrupt = xtensa_cpu_exec_interrupt, > .cpu_exec_halt = xtensa_cpu_has_work, > .cpu_exec_reset = cpu_reset, > -- > 2.43.0 >
diff --git a/include/accel/tcg/cpu-ops.h b/include/accel/tcg/cpu-ops.h index 4f3b4fd3bc..dd8ea30016 100644 --- a/include/accel/tcg/cpu-ops.h +++ b/include/accel/tcg/cpu-ops.h @@ -326,6 +326,7 @@ int cpu_watchpoint_address_matches(CPUState *cpu, vaddr addr, vaddr len); * Common pointer_wrap implementations. */ vaddr cpu_pointer_wrap_notreached(CPUState *, int, vaddr, vaddr); +vaddr cpu_pointer_wrap_uint32(CPUState *, int, vaddr, vaddr); #endif diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c index 75cd875948..022d555f48 100644 --- a/accel/tcg/cputlb.c +++ b/accel/tcg/cputlb.c @@ -2945,3 +2945,9 @@ vaddr cpu_pointer_wrap_notreached(CPUState *cs, int idx, vaddr res, vaddr base) { g_assert_not_reached(); } + +/* To be used for strict 32-bit targets. */ +vaddr cpu_pointer_wrap_uint32(CPUState *cs, int idx, vaddr res, vaddr base) +{ + return (uint32_t)res; +} diff --git a/target/avr/cpu.c b/target/avr/cpu.c index 250241541b..6995de6a12 100644 --- a/target/avr/cpu.c +++ b/target/avr/cpu.c @@ -250,6 +250,12 @@ static const TCGCPUOps avr_tcg_ops = { .cpu_exec_reset = cpu_reset, .tlb_fill = avr_cpu_tlb_fill, .do_interrupt = avr_cpu_do_interrupt, + /* + * TODO: code and data wrapping are different, but for the most part + * AVR only references bytes or aligned code fetches. But we use + * non-aligned MO_16 accesses for stack push/pop. + */ + .pointer_wrap = cpu_pointer_wrap_uint32, }; static void avr_cpu_class_init(ObjectClass *oc, const void *data) diff --git a/target/m68k/cpu.c b/target/m68k/cpu.c index c5196a612e..6a09db3a6f 100644 --- a/target/m68k/cpu.c +++ b/target/m68k/cpu.c @@ -619,6 +619,7 @@ static const TCGCPUOps m68k_tcg_ops = { #ifndef CONFIG_USER_ONLY .tlb_fill = m68k_cpu_tlb_fill, + .pointer_wrap = cpu_pointer_wrap_uint32, .cpu_exec_interrupt = m68k_cpu_exec_interrupt, .cpu_exec_halt = m68k_cpu_has_work, .cpu_exec_reset = cpu_reset, diff --git a/target/microblaze/cpu.c b/target/microblaze/cpu.c index d069e40e70..5eff1610c2 100644 --- a/target/microblaze/cpu.c +++ b/target/microblaze/cpu.c @@ -449,6 +449,7 @@ static const TCGCPUOps mb_tcg_ops = { #ifndef CONFIG_USER_ONLY .tlb_fill = mb_cpu_tlb_fill, + .pointer_wrap = cpu_pointer_wrap_uint32, .cpu_exec_interrupt = mb_cpu_exec_interrupt, .cpu_exec_halt = mb_cpu_has_work, .cpu_exec_reset = cpu_reset, diff --git a/target/openrisc/cpu.c b/target/openrisc/cpu.c index 054ad33360..dfbb2df643 100644 --- a/target/openrisc/cpu.c +++ b/target/openrisc/cpu.c @@ -265,6 +265,7 @@ static const TCGCPUOps openrisc_tcg_ops = { #ifndef CONFIG_USER_ONLY .tlb_fill = openrisc_cpu_tlb_fill, + .pointer_wrap = cpu_pointer_wrap_uint32, .cpu_exec_interrupt = openrisc_cpu_exec_interrupt, .cpu_exec_halt = openrisc_cpu_has_work, .cpu_exec_reset = cpu_reset, diff --git a/target/rx/cpu.c b/target/rx/cpu.c index 36eba75545..c6dd5d6f83 100644 --- a/target/rx/cpu.c +++ b/target/rx/cpu.c @@ -225,6 +225,7 @@ static const TCGCPUOps rx_tcg_ops = { .restore_state_to_opc = rx_restore_state_to_opc, .mmu_index = rx_cpu_mmu_index, .tlb_fill = rx_cpu_tlb_fill, + .pointer_wrap = cpu_pointer_wrap_uint32, .cpu_exec_interrupt = rx_cpu_exec_interrupt, .cpu_exec_halt = rx_cpu_has_work, diff --git a/target/tricore/cpu.c b/target/tricore/cpu.c index e56f90fde9..4f035b6f76 100644 --- a/target/tricore/cpu.c +++ b/target/tricore/cpu.c @@ -190,6 +190,7 @@ static const TCGCPUOps tricore_tcg_ops = { .restore_state_to_opc = tricore_restore_state_to_opc, .mmu_index = tricore_cpu_mmu_index, .tlb_fill = tricore_cpu_tlb_fill, + .pointer_wrap = cpu_pointer_wrap_uint32, .cpu_exec_interrupt = tricore_cpu_exec_interrupt, .cpu_exec_halt = tricore_cpu_has_work, .cpu_exec_reset = cpu_reset, diff --git a/target/xtensa/cpu.c b/target/xtensa/cpu.c index 91b71b6caa..ea9b6df3aa 100644 --- a/target/xtensa/cpu.c +++ b/target/xtensa/cpu.c @@ -318,6 +318,7 @@ static const TCGCPUOps xtensa_tcg_ops = { #ifndef CONFIG_USER_ONLY .tlb_fill = xtensa_cpu_tlb_fill, + .pointer_wrap = cpu_pointer_wrap_uint32, .cpu_exec_interrupt = xtensa_cpu_exec_interrupt, .cpu_exec_halt = xtensa_cpu_has_work, .cpu_exec_reset = cpu_reset,
M68K, MicroBlaze, OpenRISC, RX, TriCore and Xtensa are all 32-bit targets. AVR is more complicated, but using a 32-bit wrap preserves current behaviour. Cc: Michael Rolnik <mrolnik@gmail.com> Cc: Laurent Vivier <laurent@vivier.eu> Cc: Edgar E. Iglesias <edgar.iglesias@gmail.com> Cc: Stafford Horne <shorne@gmail.com> Cc: Yoshinori Sato <ysato@users.sourceforge.jp> Cc: Bastian Koppelmann <kbastian@mail.uni-paderborn.de> Cc: Max Filippov <jcmvbkbc@gmail.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> --- include/accel/tcg/cpu-ops.h | 1 + accel/tcg/cputlb.c | 6 ++++++ target/avr/cpu.c | 6 ++++++ target/m68k/cpu.c | 1 + target/microblaze/cpu.c | 1 + target/openrisc/cpu.c | 1 + target/rx/cpu.c | 1 + target/tricore/cpu.c | 1 + target/xtensa/cpu.c | 1 + 9 files changed, 19 insertions(+)