| Message ID | 20250504205714.3432096-10-richard.henderson@linaro.org |
|---|---|
| State | New |
| Headers | show |
| Series | accel/tcg: Fix cross-page pointer wrapping issue | expand |
On 4/5/25 22:57, Richard Henderson wrote: > Check 32 vs 64-bit and pointer masking state. > > Cc: qemu-riscv@nongnu.org > Signed-off-by: Richard Henderson <richard.henderson@linaro.org> > --- > target/riscv/tcg/tcg-cpu.c | 26 ++++++++++++++++++++++++++ > 1 file changed, 26 insertions(+) > > diff --git a/target/riscv/tcg/tcg-cpu.c b/target/riscv/tcg/tcg-cpu.c > index 55e00972b7..267186e5e3 100644 > --- a/target/riscv/tcg/tcg-cpu.c > +++ b/target/riscv/tcg/tcg-cpu.c > @@ -237,6 +237,31 @@ static void riscv_restore_state_to_opc(CPUState *cs, > env->excp_uw2 = data[2]; > } > > +#ifndef CONFIG_USER_ONLY > +static vaddr riscv_pointer_wrap(CPUState *cs, int mmu_idx, > + vaddr result, vaddr base) > +{ > + CPURISCVState *env = cpu_env(cs); > + uint32_t pm_len; > + bool pm_signext; > + > + if (cpu_address_xl(env) == MXL_RV32) { > + return (uint32_t)result; > + } > + > + pm_len = riscv_pm_get_pmlen(riscv_pm_get_pmm(env)); > + if (pm_len == 0) { > + return result; > + } > + > + pm_signext = riscv_cpu_virt_mem_enabled(env); > + if (pm_signext) { > + return sextract64(result, 0, 64 - pm_len); > + } > + return extract64(result, 0, 64 - pm_len); Is this safe for MXL_RV128? > +} > +#endif > + > const TCGCPUOps riscv_tcg_ops = { > .mttcg_supported = true, > .guest_default_memory_order = 0, > @@ -250,6 +275,7 @@ const TCGCPUOps riscv_tcg_ops = { > > #ifndef CONFIG_USER_ONLY > .tlb_fill = riscv_cpu_tlb_fill, > + .pointer_wrap = riscv_pointer_wrap, > .cpu_exec_interrupt = riscv_cpu_exec_interrupt, > .cpu_exec_halt = riscv_cpu_has_work, > .cpu_exec_reset = cpu_reset,
On 5/5/25 09:47, Philippe Mathieu-Daudé wrote: > On 4/5/25 22:57, Richard Henderson wrote: >> Check 32 vs 64-bit and pointer masking state. >> >> Cc: qemu-riscv@nongnu.org >> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> >> --- >> target/riscv/tcg/tcg-cpu.c | 26 ++++++++++++++++++++++++++ >> 1 file changed, 26 insertions(+) >> >> diff --git a/target/riscv/tcg/tcg-cpu.c b/target/riscv/tcg/tcg-cpu.c >> index 55e00972b7..267186e5e3 100644 >> --- a/target/riscv/tcg/tcg-cpu.c >> +++ b/target/riscv/tcg/tcg-cpu.c >> @@ -237,6 +237,31 @@ static void riscv_restore_state_to_opc(CPUState *cs, >> env->excp_uw2 = data[2]; >> } >> +#ifndef CONFIG_USER_ONLY >> +static vaddr riscv_pointer_wrap(CPUState *cs, int mmu_idx, >> + vaddr result, vaddr base) >> +{ >> + CPURISCVState *env = cpu_env(cs); >> + uint32_t pm_len; >> + bool pm_signext; >> + >> + if (cpu_address_xl(env) == MXL_RV32) { >> + return (uint32_t)result; >> + } >> + >> + pm_len = riscv_pm_get_pmlen(riscv_pm_get_pmm(env)); >> + if (pm_len == 0) { >> + return result; >> + } >> + >> + pm_signext = riscv_cpu_virt_mem_enabled(env); >> + if (pm_signext) { >> + return sextract64(result, 0, 64 - pm_len); >> + } >> + return extract64(result, 0, 64 - pm_len); > > Is this safe for MXL_RV128? The RV128 implementation only uses 64-bit pointers, so, yes. r~
diff --git a/target/riscv/tcg/tcg-cpu.c b/target/riscv/tcg/tcg-cpu.c index 55e00972b7..267186e5e3 100644 --- a/target/riscv/tcg/tcg-cpu.c +++ b/target/riscv/tcg/tcg-cpu.c @@ -237,6 +237,31 @@ static void riscv_restore_state_to_opc(CPUState *cs, env->excp_uw2 = data[2]; } +#ifndef CONFIG_USER_ONLY +static vaddr riscv_pointer_wrap(CPUState *cs, int mmu_idx, + vaddr result, vaddr base) +{ + CPURISCVState *env = cpu_env(cs); + uint32_t pm_len; + bool pm_signext; + + if (cpu_address_xl(env) == MXL_RV32) { + return (uint32_t)result; + } + + pm_len = riscv_pm_get_pmlen(riscv_pm_get_pmm(env)); + if (pm_len == 0) { + return result; + } + + pm_signext = riscv_cpu_virt_mem_enabled(env); + if (pm_signext) { + return sextract64(result, 0, 64 - pm_len); + } + return extract64(result, 0, 64 - pm_len); +} +#endif + const TCGCPUOps riscv_tcg_ops = { .mttcg_supported = true, .guest_default_memory_order = 0, @@ -250,6 +275,7 @@ const TCGCPUOps riscv_tcg_ops = { #ifndef CONFIG_USER_ONLY .tlb_fill = riscv_cpu_tlb_fill, + .pointer_wrap = riscv_pointer_wrap, .cpu_exec_interrupt = riscv_cpu_exec_interrupt, .cpu_exec_halt = riscv_cpu_has_work, .cpu_exec_reset = cpu_reset,
Check 32 vs 64-bit and pointer masking state. Cc: qemu-riscv@nongnu.org Signed-off-by: Richard Henderson <richard.henderson@linaro.org> --- target/riscv/tcg/tcg-cpu.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+)