[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH v3 15/45] target/hppa: Avoid privilege level decreas
|
From: |
Richard Henderson |
|
Subject: |
[Qemu-devel] [PATCH v3 15/45] target/hppa: Avoid privilege level decrease during branches |
|
Date: |
Wed, 24 Jan 2018 15:25:55 -0800 |
These instructions force the destination privilege level
of the branch destination to be no higher than current.
Signed-off-by: Richard Henderson <address@hidden>
---
target/hppa/translate.c | 52 ++++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 47 insertions(+), 5 deletions(-)
diff --git a/target/hppa/translate.c b/target/hppa/translate.c
index 6be9e0c3ff..4a69f05a91 100644
--- a/target/hppa/translate.c
+++ b/target/hppa/translate.c
@@ -1862,6 +1862,40 @@ static DisasJumpType do_ibranch(DisasContext *ctx,
TCGv_reg dest,
return DISAS_NEXT;
}
+/* Implement
+ * if (IAOQ_Front{30..31} < GR[b]{30..31})
+ * IAOQ_Next{30..31} ← GR[b]{30..31};
+ * else
+ * IAOQ_Next{30..31} ← IAOQ_Front{30..31};
+ * which keeps the privilege level from being increased.
+ */
+static TCGv_reg do_ibranch_priv(DisasContext *ctx, TCGv_reg offset)
+{
+#ifdef CONFIG_USER_ONLY
+ return offset;
+#else
+ TCGv_reg dest;
+ switch (ctx->privilege) {
+ case 0:
+ /* Privilege 0 is maximum and is allowed to decrease. */
+ return offset;
+ case 3:
+ /* Privilege 3 is minimum and is never allowed increase. */
+ dest = get_temp(ctx);
+ tcg_gen_ori_reg(dest, offset, 3);
+ break;
+ default:
+ dest = tcg_temp_new();
+ tcg_gen_andi_reg(dest, offset, -4);
+ tcg_gen_ori_reg(dest, dest, ctx->privilege);
+ tcg_gen_movcond_reg(TCG_COND_GTU, dest, dest, offset, dest, offset);
+ tcg_temp_free(dest);
+ break;
+ }
+ return dest;
+#endif
+}
+
#ifdef CONFIG_USER_ONLY
/* On Linux, page zero is normally marked execute only + gateway.
Therefore normal read or write is supposed to fail, but specific
@@ -3441,6 +3475,7 @@ static DisasJumpType trans_be(DisasContext *ctx, uint32_t
insn, bool is_l)
unsigned n = extract32(insn, 1, 1);
unsigned b = extract32(insn, 21, 5);
target_sreg disp = assemble_17(insn);
+ TCGv_reg tmp;
/* unsigned s = low_uextract(insn, 13, 3); */
/* ??? It seems like there should be a good way of using
@@ -3449,16 +3484,19 @@ static DisasJumpType trans_be(DisasContext *ctx,
uint32_t insn, bool is_l)
manage along side branch delay slots. Therefore we handle
entry into the gateway page via absolute address. */
+#ifdef CONFIG_USER_ONLY
/* Since we don't implement spaces, just branch. Do notice the special
case of "be disp(*,r0)" using a direct branch to disp, so that we can
goto_tb to the TB containing the syscall. */
if (b == 0) {
return do_dbranch(ctx, disp, is_l ? 31 : 0, n);
- } else {
- TCGv_reg tmp = get_temp(ctx);
- tcg_gen_addi_reg(tmp, load_gpr(ctx, b), disp);
- return do_ibranch(ctx, tmp, is_l ? 31 : 0, n);
}
+#endif
+
+ tmp = get_temp(ctx);
+ tcg_gen_addi_reg(tmp, load_gpr(ctx, b), disp);
+ tmp = do_ibranch_priv(ctx, tmp);
+ return do_ibranch(ctx, tmp, is_l ? 31 : 0, n);
}
static DisasJumpType trans_bl(DisasContext *ctx, uint32_t insn,
@@ -3490,6 +3528,7 @@ static DisasJumpType trans_blr(DisasContext *ctx,
uint32_t insn,
tcg_gen_shli_reg(tmp, load_gpr(ctx, rx), 3);
tcg_gen_addi_reg(tmp, tmp, ctx->iaoq_f + 8);
+ /* The computation here never changes privilege level. */
return do_ibranch(ctx, tmp, link, n);
}
@@ -3508,6 +3547,7 @@ static DisasJumpType trans_bv(DisasContext *ctx, uint32_t
insn,
tcg_gen_shli_reg(dest, load_gpr(ctx, rx), 3);
tcg_gen_add_reg(dest, dest, load_gpr(ctx, rb));
}
+ dest = do_ibranch_priv(ctx, dest);
return do_ibranch(ctx, dest, 0, n);
}
@@ -3517,8 +3557,10 @@ static DisasJumpType trans_bve(DisasContext *ctx,
uint32_t insn,
unsigned n = extract32(insn, 1, 1);
unsigned rb = extract32(insn, 21, 5);
unsigned link = extract32(insn, 13, 1) ? 2 : 0;
+ TCGv_reg dest;
- return do_ibranch(ctx, load_gpr(ctx, rb), link, n);
+ dest = do_ibranch_priv(ctx, load_gpr(ctx, rb));
+ return do_ibranch(ctx, dest, link, n);
}
static const DisasInsn table_branch[] = {
--
2.14.3
- [Qemu-devel] [PATCH v3 04/45] target/hppa: Define hardware exception types, (continued)
- [Qemu-devel] [PATCH v3 04/45] target/hppa: Define hardware exception types, Richard Henderson, 2018/01/24
- [Qemu-devel] [PATCH v3 06/45] target/hppa: Implement mmu_idx from IA privilege level, Richard Henderson, 2018/01/24
- [Qemu-devel] [PATCH v3 07/45] target/hppa: Implement the system mask instructions, Richard Henderson, 2018/01/24
- [Qemu-devel] [PATCH v3 08/45] target/hppa: Add space registers, Richard Henderson, 2018/01/24
- [Qemu-devel] [PATCH v3 10/45] target/hppa: Adjust insn mask for mfctl, w, Richard Henderson, 2018/01/24
- [Qemu-devel] [PATCH v3 09/45] target/hppa: Add control registers, Richard Henderson, 2018/01/24
- [Qemu-devel] [PATCH v3 11/45] target/hppa: Implement rfi, Richard Henderson, 2018/01/24
- [Qemu-devel] [PATCH v3 13/45] target/hppa: Implement unaligned access trap, Richard Henderson, 2018/01/24
- [Qemu-devel] [PATCH v3 12/45] target/hppa: Fill in hppa_cpu_do_interrupt/hppa_cpu_exec_interrupt, Richard Henderson, 2018/01/24
- [Qemu-devel] [PATCH v3 05/45] target/hppa: Split address size from register size, Richard Henderson, 2018/01/24
- [Qemu-devel] [PATCH v3 15/45] target/hppa: Avoid privilege level decrease during branches,
Richard Henderson <=
- [Qemu-devel] [PATCH v3 17/45] target/hppa: Implement tlb_fill, Richard Henderson, 2018/01/24
- [Qemu-devel] [PATCH v3 16/45] target/hppa: Implement IASQ, Richard Henderson, 2018/01/24
- [Qemu-devel] [PATCH v3 18/45] target/hppa: Implement external interrupts, Richard Henderson, 2018/01/24
- [Qemu-devel] [PATCH v3 14/45] target/hppa: Use space registers in data operations, Richard Henderson, 2018/01/24
- [Qemu-devel] [PATCH v3 19/45] target/hppa: Implement the interval timer, Richard Henderson, 2018/01/24
- [Qemu-devel] [PATCH v3 20/45] target/hppa: Log unimplemented instructions, Richard Henderson, 2018/01/24
- [Qemu-devel] [PATCH v3 21/45] target/hppa: Implement I*TLBA and I*TLBP insns, Richard Henderson, 2018/01/24
- [Qemu-devel] [PATCH v3 23/45] target/hppa: Implement LDWA, Richard Henderson, 2018/01/24
- [Qemu-devel] [PATCH v3 25/45] target/hppa: Implement LCI, Richard Henderson, 2018/01/24
- [Qemu-devel] [PATCH v3 26/45] target/hppa: Implement SYNCDMA insn, Richard Henderson, 2018/01/24