qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 0/3] tareget-arm: Handle tagged addresses when l

From: Peter Maydell
Subject: Re: [Qemu-devel] [PATCH 0/3] tareget-arm: Handle tagged addresses when loading PC
Date: Fri, 30 Sep 2016 15:06:53 -0700 
On 30 September 2016 at 14:48, Tom Hanson <address@hidden> wrote:
> On 09/29/2016 07:37 PM, Peter Maydell wrote:
>>
>> On 16 September 2016 at 10:34, Thomas Hanson <address@hidden>
>> wrote:
>>>
>>>      If tagged addresses are enabled, then addresses being loaded into
>>> the
>>>      PC must be cleaned up by overwriting the tag bits with either all
>>> 0's
>>>      or all 1's as specified in the ARM ARM spec.  The decision process
>>> is
>>>      dependent on whether the code will be running in EL0/1 or in EL2/3
>>> and
>>>      is controlled by a combination of Top Byte Ignored (TBI) bits in the
>>>      TCR and the value of bit 55 in the address being loaded.
>>>
>>>      TBI values are extracted from the appropriate TCR and made available
>>>      to TCG code generation routines by inserting them into the TB flags
>>>      field and then transferring them to DisasContext structure in
>>>      gen_intermediate_code_a64().
>>>
>>>      New function gen_a64_set_pc_reg() encapsulates the logic required to
>>>      determine whether clean up of the tag byte is required and then
>>>      generating the code to correctly load the PC.
>>>
>>>      In addition to those instruction which can directly load a tagged
>>>      address into the PC, there are others which increment or add a value
>>> to
>>>      the PC.  If 56 bit addressing is used, these instructions can cause
>>> an
>>>      arithmetic roll-over into the tag bits.  The ARM ARM specification
>>> for
>>>      handling tagged addresses requires that these cases also be
>>> addressed
>>>      by cleaning up the tag field.  This work has been deferred because
>>>      there is currently no CPU model available for testing with 56 bit
>>>      addresses.
>>
>> These changes are OK (other than the comments I've made on the
>> patches), but do not cover all the cases where values can be
>> loaded into the PC and may need to be cleansed of their tags.
>>
>> In particular:
>>   * on exception entry to AArch64 we may need to clean a tag out of
>>     the vector table base address register VBAR_ELx
>>     (in QEMU this would be in arm_cpu_do_interrupt_aarch64())
>>   * on exception return to AArch64 we may need to clean a tag out of
>>     the return address we got from ELR_ELx
>>     (in QEMU, in the exception_return helper)
>>
>> Note that D4.1.1 of the ARM ARM describes a potential relaxation
>> of the requirement that tag bits not be propagated into the PC
>> in the case of an illegal exception return; I recommend not
>> taking advantage of that relaxation unless it really does fall
>> out of the implementation much more trivially that way.
>>
>> Watch out that you use the TBI bits for the destination EL in
>> each case, not the EL you start in...
>>
>> thanks
>> -- PMM
>
> Peter,
>
> As I read arm_cpu_do_interrupt_aarch64() it sets the return address in
> env->elr_el[new_el] to env->pc (for AArch64).
>
> Since the PC is alway clean, how can a tagged address get saved off? Am I
> missing something?

That's the code that saves the old PC into ELR_ELx. For exception
entry the bit that needs changing is where we put the new vector
entry point address (which is calculated from VBAR_ELx) into the PC.

thanks
-- PMM
reply via email to
[Prev in Thread] Current Thread [Next in Thread]