[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v9 04/26] target: [tcg] Add generic translation
|
From: |
Peter Maydell |
|
Subject: |
Re: [Qemu-devel] [PATCH v9 04/26] target: [tcg] Add generic translation framework |
|
Date: |
Mon, 26 Jun 2017 19:21:45 +0100 |
On 26 June 2017 at 13:50, Lluís Vilanova <address@hidden> wrote:
> Not that I've seen (at the level of the translation loop). Now I wonder if
> QEMU
> w/ TCG has a bug that lets it successfully execute instructions that cross
> page
> boundaries, one of them with invalid permissions (haven't checked).
ARM takes care to get this right -- we stop the TB if the next
insn is going to span the page boundary (or in some corner cases
merely if we think it might span the boundary, because if we guess
wrong that way round the worst that happens is an unnecessarily
short TB). Then the next TB will get the prefetch abort in the right
place if the next page is inaccessible (we will longjump out
of the translate.c code when we attempt the arm_lduw_code for
the 2nd half of the insn). This was fixed in commit 541ebcd401ee4.
The key thing is:
* first insn in TB: read all its bytes (may result in longjump)
* subsequent insns in same TB: don't even try to read bytes
which aren't in pages already known to be safe because of
having dealt with the first insn (longjump will result in a
fault with the wrong address)
x86 definitely gets this totally wrong. I would be unsurprised
to find that other variable-length-insn targets do too.
> What I can say is that this check is a very weak one (but common to all
> targets), and that targets like i386 and arm need to refine it further in the
> target-specific code. In fact, now I suspect all targets will need to refine
> it,
> so it probably makes sense to simply drop this generic check and burden all
> targets with handling it.
For targets which can never have instructions that cross the
page boundary, the only requirement is that we do not attempt
to fetch an instruction from a page other than the one we
started on (otherwise we will cause a spurious instruction
fetch abort).
The simple test program I used to test Thumb
page-boundary crossing instructions is here:
http://people.linaro.org/~peter.maydell/thumb-over-page.c
The signal handler it installs prints the r0 and pc values
reported to the handler so you can check the correct insns
executed and the reported PC was right. Works in linux-user
mode and also system mode (you'll need to sort out your own
guest kernel and filesystem).
thanks
-- PMM
Re: [Qemu-devel] [PATCH v9 04/26] target: [tcg] Add generic translation framework, Emilio G. Cota, 2017/06/26
Re: [Qemu-devel] [PATCH v9 04/26] target: [tcg] Add generic translation framework, Emilio G. Cota, 2017/06/26
Re: [Qemu-devel] [PATCH v9 04/26] target: [tcg] Add generic translation framework, Richard Henderson, 2017/06/26
[Qemu-devel] [PATCH v9 05/26] target: [tcg] Redefine DISAS_* onto the generic translation framework (DJ_*), Lluís Vilanova, 2017/06/25