qemu-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] 5eb4f6: tcg/mips: Fix clobbering of qemu_ld i


From: GitHub
Subject: [Qemu-commits] [qemu/qemu] 5eb4f6: tcg/mips: Fix clobbering of qemu_ld inputs
Date: Mon, 21 Sep 2015 14:30:04 -0700

  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: 5eb4f645eba8a79ea643b228c74a79183d436c97
      
https://github.com/qemu/qemu/commit/5eb4f645eba8a79ea643b228c74a79183d436c97
  Author: James Hogan <address@hidden>
  Date:   2015-09-19 (Sat, 19 Sep 2015)

  Changed paths:
    M tcg/mips/tcg-target.c

  Log Message:
  -----------
  tcg/mips: Fix clobbering of qemu_ld inputs

The MIPS TCG backend implements qemu_ld with 64-bit targets using the v0
register (base) as a temporary to load the upper half of the QEMU TLB
comparator (see line 5 below), however this happens before the input
address is used (line 8 to mask off the low bits for the TLB
comparison, and line 12 to add the host-guest offset). If the input
address (addrl) also happens to have been placed in v0 (as in the second
column below), it gets clobbered before it is used.

     addrl in t2              addrl in v0

 1 srl     a0,t2,0x7        srl     a0,v0,0x7
 2 andi    a0,a0,0x1fe0     andi    a0,a0,0x1fe0
 3 addu    a0,a0,s0         addu    a0,a0,s0
 4 lw      at,9136(a0)      lw      at,9136(a0)      set TCG_TMP0 (at)
 5 lw      v0,9140(a0)      lw      v0,9140(a0)      set base (v0)
 6 li      t9,-4093         li      t9,-4093
 7 lw      a0,9160(a0)      lw      a0,9160(a0)      set addend (a0)
 8 and     t9,t9,t2         and     t9,t9,v0         use addrl
 9 bne     at,t9,0x836d8c8  bne     at,t9,0x836d838  use TCG_TMP0
10  nop                      nop
11 bne     v0,t8,0x836d8c8  bne     v0,a1,0x836d838  use base
12  addu   v0,a0,t2          addu   v0,a0,v0         use addrl, addend
13 lw      t0,0(v0)         lw      t0,0(v0)

Fix by using TCG_TMP0 (at) as the temporary instead of v0 (base),
pushing the load on line 5 forward into the delay slot of the low
comparison (line 10). The early load of the addend on line 7 also needs
pushing even further for 64-bit targets, or it will clobber a0 before
we're done with it. The output for 32-bit targets is unaffected.

 srl     a0,v0,0x7
 andi    a0,a0,0x1fe0
 addu    a0,a0,s0
 lw      at,9136(a0)
-lw      v0,9140(a0)      load high comparator
 li      t9,-4093
-lw      a0,9160(a0)      load addend
 and     t9,t9,v0
 bne     at,t9,0x836d838
- nop
+ lw     at,9140(a0)      load high comparator
+lw      a0,9160(a0)      load addend
-bne     v0,a1,0x836d838
+bne     at,a1,0x836d838
  addu   v0,a0,v0
 lw      t0,0(v0)

Cc: address@hidden
Reviewed-by: Richard Henderson <address@hidden>
Reviewed-by: Aurelien Jarno <address@hidden>
Signed-off-by: James Hogan <address@hidden>
Signed-off-by: Aurelien Jarno <address@hidden>


  Commit: d9f26847f1429bdb8ccaa4e7bd5f8b57a9da0e8d
      
https://github.com/qemu/qemu/commit/d9f26847f1429bdb8ccaa4e7bd5f8b57a9da0e8d
  Author: Aurelien Jarno <address@hidden>
  Date:   2015-09-19 (Sat, 19 Sep 2015)

  Changed paths:
    M tcg/mips/tcg-target.c

  Log Message:
  -----------
  tcg/mips: move tcg_out_addsub2

Somehow the tcg_out_addsub2 function ended-up in the middle of the
qemu_ld/st related functions. Move it with other arithmetics related
functions.

Reviewed-by: Richard Henderson <address@hidden>
Signed-off-by: Aurelien Jarno <address@hidden>


  Commit: 81dfaf1a8f7f95259801da9732472f879023ef77
      
https://github.com/qemu/qemu/commit/81dfaf1a8f7f95259801da9732472f879023ef77
  Author: Aurelien Jarno <address@hidden>
  Date:   2015-09-19 (Sat, 19 Sep 2015)

  Changed paths:
    M tcg/mips/tcg-target.c

  Log Message:
  -----------
  tcg/mips: pass oi to tcg_out_tlb_load

Instead of computing mem_index and s_bits in both tcg_out_qemu_ld and
tcg_out_qemu_st function and passing them to tcg_out_tlb_load, directly
pass oi to the tcg_out_tlb_load function and compute mem_index and
s_bits there.

Reviewed-by: Richard Henderson <address@hidden>
Signed-off-by: Aurelien Jarno <address@hidden>


  Commit: 75ebcd7f080fa30893272f6fe07354e4ffa11b46
      
https://github.com/qemu/qemu/commit/75ebcd7f080fa30893272f6fe07354e4ffa11b46
  Author: Peter Maydell <address@hidden>
  Date:   2015-09-21 (Mon, 21 Sep 2015)

  Changed paths:
    M tcg/mips/tcg-target.c

  Log Message:
  -----------
  Merge remote-tracking branch 'remotes/aurel/tags/pull-tcg-mips-20150921' into 
staging

TCG MIPS queue

- Fixes for 64-bit guests
- Small cleanups

# gpg: Signature made Sun 20 Sep 2015 23:33:15 BST using RSA key ID 1DDD8C9B
# gpg: Good signature from "Aurelien Jarno <address@hidden>"
# gpg:                 aka "Aurelien Jarno <address@hidden>"
# gpg:                 aka "Aurelien Jarno <address@hidden>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 7746 2642 A9EF 94FD 0F77  196D BA9C 7806 1DDD 8C9B

* remotes/aurel/tags/pull-tcg-mips-20150921:
  tcg/mips: pass oi to tcg_out_tlb_load
  tcg/mips: move tcg_out_addsub2
  tcg/mips: Fix clobbering of qemu_ld inputs

Signed-off-by: Peter Maydell <address@hidden>


Compare: https://github.com/qemu/qemu/compare/d345e0d7b755...75ebcd7f080f

reply via email to

[Prev in Thread] Current Thread [Next in Thread]