From nobody Mon Apr 29 04:52:27 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org ARC-Seal: i=1; a=rsa-sha256; t=1576621507; cv=none; d=zohomail.com; s=zohoarc; b=H0shpJcP9Dh/045seFZNXSlYoPh0TaToANdjoLj3FFvtWwCgat7sWwl8Ck/efzMnsGuTlGXAFaSOGVqU8ECsisP7kwpRqKtDuJ22Jsp2G5xUk45Q49UCGflbHdNOHscdRitX9tD9fxg4lOBd4EScZEGpbmkCab1yN+WVhMmJQ5s= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1576621507; h=Content-Type:Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=3eeTOY3HnODP/gt40gW8Ub45mpuxC4FNf0502vLQIyk=; b=JjjAudLd84gIDCR20hata5uvOalKqBLbhSa8CJCEbUG565ZS92Ue2PgIZygB/gA0ANd8JDeiiIbZKNcvylBbaio5LarlkPw8gdingxZk9ebGOHKqG1Sk68uQzhhk8swxVKFRHFG4MhJXHCe+uJkXlN4p+UEQcQOaatNCR1gHLsY= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1576621507911722.8961516687059; Tue, 17 Dec 2019 14:25:07 -0800 (PST) Received: from localhost ([::1]:46866 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ihLH8-0004BA-Db for importer@patchew.org; Tue, 17 Dec 2019 17:25:06 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:48541) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ihJzQ-0007JD-6L for qemu-devel@nongnu.org; Tue, 17 Dec 2019 16:02:45 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ihJzO-0006vs-RB for qemu-devel@nongnu.org; Tue, 17 Dec 2019 16:02:44 -0500 Received: from mail.dornerworks.com ([12.207.209.150]:48067 helo=webmail.dornerworks.com) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ihJzL-0006no-QA; Tue, 17 Dec 2019 16:02:40 -0500 From: Jeff Kubascik To: Peter Maydell , , Subject: [PATCH] target/arm: fix IL bit for data abort exceptions Date: Tue, 17 Dec 2019 16:02:30 -0500 Message-ID: <20191217210230.99559-1-jeff.kubascik@dornerworks.com> X-Mailer: git-send-email 2.17.1 MIME-Version: 1.0 X-Originating-IP: [172.27.13.171] X-ClientProxiedBy: Mcbain.dw.local (172.27.1.45) To Mcbain.dw.local (172.27.1.45) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 12.207.209.150 X-Mailman-Approved-At: Tue, 17 Dec 2019 17:23:30 -0500 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Stewart Hildebrand , Jarvis Roach Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The Instruction Length bit of the Exception Syndrome Register was fixed to 1 for data aborts. This bit is used by the Xen hypervisor to determine how to increment the program counter after a mmio handler is successful and returns control back to the guest virtual machine. With this value fixed to 1, the hypervisor would always increment the program counter by 0x4. This is a problem when the guest virtual machine is using Thumb instructions, as the instruction that caused the exception may be 16 bits. This adds a is_16bit flag to the disassembler context to keep track of the current instruction length. For load/store instructions, the instruction length bit is stored with the instruction syndrome data, to be later used if the data abort occurs. Signed-off-by: Jeff Kubascik --- Hello, I am using the ARMv8 version of QEMU to run the Xen hypervisor with a guest virtual machine compiled for AArch32/Thumb code. I have noticed that when the guest VM tries to write to an emulated PL011 register, the mmio handler always increments the program counter by 4, even if the store instruction that caused the exception was a 16-bit Thumb instruction. I have traced this back to the IL bit in the ESR_EL2 register. Xen uses the IL bit to determine how to increment the program counter. However, QEMU does not correctly emulate this bit, always setting it to 1 (32-bit instruction). The above patch works for my setup. However, I am not very familiar with the QEMU code base, so it may not be the best way to do it, or even be correct. Any feedback would be greatly appreciated. Sincerely, Jeff Kubascik --- target/arm/tlb_helper.c | 2 +- target/arm/translate-a64.c | 1 + target/arm/translate.c | 4 +++- target/arm/translate.h | 2 ++ 4 files changed, 7 insertions(+), 2 deletions(-) diff --git a/target/arm/tlb_helper.c b/target/arm/tlb_helper.c index 5feb312941..e63f8bda29 100644 --- a/target/arm/tlb_helper.c +++ b/target/arm/tlb_helper.c @@ -44,7 +44,7 @@ static inline uint32_t merge_syn_data_abort(uint32_t temp= late_syn, syn =3D syn_data_abort_with_iss(same_el, 0, 0, 0, 0, 0, ea, 0, s1ptw, is_write, fsc, - false); + true); /* Merge the runtime syndrome with the template syndrome. */ syn |=3D template_syn; } diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index d4bebbe629..a3c618fdd9 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -14045,6 +14045,7 @@ static void disas_a64_insn(CPUARMState *env, DisasC= ontext *s) s->pc_curr =3D s->base.pc_next; insn =3D arm_ldl_code(env, s->base.pc_next, s->sctlr_b); s->insn =3D insn; + s->is_16bit =3D false; s->base.pc_next +=3D 4; =20 s->fp_access_checked =3D false; diff --git a/target/arm/translate.c b/target/arm/translate.c index 2b6c1f91bf..300480f1b7 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -8555,7 +8555,7 @@ static ISSInfo make_issinfo(DisasContext *s, int rd, = bool p, bool w) =20 /* ISS not valid if writeback */ if (p && !w) { - ret =3D rd; + ret =3D rd | (s->is_16bit ? ISSIs16Bit : 0); } else { ret =3D ISSInvalid; } @@ -11057,6 +11057,7 @@ static void arm_tr_translate_insn(DisasContextBase = *dcbase, CPUState *cpu) dc->pc_curr =3D dc->base.pc_next; insn =3D arm_ldl_code(env, dc->base.pc_next, dc->sctlr_b); dc->insn =3D insn; + dc->is_16bit =3D false; dc->base.pc_next +=3D 4; disas_arm_insn(dc, insn); =20 @@ -11126,6 +11127,7 @@ static void thumb_tr_translate_insn(DisasContextBas= e *dcbase, CPUState *cpu) dc->pc_curr =3D dc->base.pc_next; insn =3D arm_lduw_code(env, dc->base.pc_next, dc->sctlr_b); is_16bit =3D thumb_insn_is_16bit(dc, dc->base.pc_next, insn); + dc->is_16bit =3D is_16bit; dc->base.pc_next +=3D 2; if (!is_16bit) { uint32_t insn2 =3D arm_lduw_code(env, dc->base.pc_next, dc->sctlr_= b); diff --git a/target/arm/translate.h b/target/arm/translate.h index b837b7fcbf..c16f434477 100644 --- a/target/arm/translate.h +++ b/target/arm/translate.h @@ -14,6 +14,8 @@ typedef struct DisasContext { target_ulong pc_curr; target_ulong page_start; uint32_t insn; + /* 16-bit instruction flag */ + bool is_16bit; /* Nonzero if this instruction has been conditionally skipped. */ int condjmp; /* The label that will be jumped to when the instruction is skipped. = */ --=20 2.17.1