From nobody Mon Apr 29 04:43:10 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as
 permitted sender) client-ip=208.118.235.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted
 sender)  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by
 mx.zohomail.com
	with SMTPS id 1500477781527641.417581240897;
 Wed, 19 Jul 2017 08:23:01 -0700 (PDT)
Received: from localhost ([::1]:33858 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1dXqoT-0006WO-N8
	for importer@patchew.org; Wed, 19 Jul 2017 11:22:57 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:40291)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <James.Hogan@imgtec.com>) id 1dXqna-0006Fb-MD
	for qemu-devel@nongnu.org; Wed, 19 Jul 2017 11:22:03 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <James.Hogan@imgtec.com>) id 1dXqnX-0006sb-I8
	for qemu-devel@nongnu.org; Wed, 19 Jul 2017 11:22:02 -0400
Received: from mailapp01.imgtec.com ([195.59.15.196]:6526)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <James.Hogan@imgtec.com>) id 1dXqnX-0006sP-Bd
	for qemu-devel@nongnu.org; Wed, 19 Jul 2017 11:21:59 -0400
Received: from HHMAIL01.hh.imgtec.org (unknown [10.100.10.19])
	by Forcepoint Email with ESMTPS id AAFFEA372ACA8;
	Wed, 19 Jul 2017 16:21:53 +0100 (IST)
Received: from jhogan-linux.le.imgtec.org (192.168.154.110) by
	HHMAIL01.hh.imgtec.org (10.100.10.21) with Microsoft SMTP Server (TLS)
	id 14.3.294.0; Wed, 19 Jul 2017 16:21:57 +0100
From: James Hogan <james.hogan@imgtec.com>
To: Yongbok Kim <yongbok.kim@imgtec.com>
Date: Wed, 19 Jul 2017 16:21:42 +0100
Message-ID: 
 <4053c89eefa69e2b4aa3e1072a6ae975b8d87734.1500477656.git-series.james.hogan@imgtec.com>
X-Mailer: git-send-email 2.13.2
MIME-Version: 1.0
X-Originating-IP: [192.168.154.110]
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [fuzzy]
X-Received-From: 195.59.15.196
Subject: [Qemu-devel] [PATCH] target/mips: Fix microMIPS jumps in 128MB block
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: Nathan Froyd <froydnj@codesourcery.com>,
	James Hogan <james.hogan@imgtec.com>, qemu-devel@nongnu.org,
	Aurelien Jarno <aurelien@aurel32.net>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Three microMIPS jump instruction encodings (namely J32, JAL32, JALS32)
shift their 26-bit immediate field by 1 instead of 2, allowing a jump
only within the 128MB aligned block rather than the more common 256MB
aligned block.

This wasn't being taken into account when masking the address of the
delay slot in gen_compute_branch(), resulting in bit 27 of the PC being
cleared. This meant that any such jump in an odd 128MB block incorrectly
jumped to the even 128MB block before it.

For example this jals jumped to 0x17000010:
1f00000a:	7780 0008 	jals	1f000010 <.L11>

And this jal jumped to 0x17000022:
1f00001a:	f780 0011 	jal	1f000022 <.L12>

And this j jumped to 0x17000030:
1f00002a:	d780 0018 	j	1f000030 <.L13>

All three encodings pass OPC_J or OPC_JAL to gen_compute_branch(), so
allow the mask applied to the delay slot address to be changed from
0xF0000000 to 0xF8000000 for these opcodes, but only when microMIPS is
in use.

Fixes: 3c824109da07 ("target-mips: microMIPS ASE support")
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Yongbok Kim <yongbok.kim@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Cc: Nathan Froyd <froydnj@codesourcery.com>
---
 target/mips/translate.c |  9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/target/mips/translate.c b/target/mips/translate.c
index 3022f349cb2a..7071b124344a 100644
--- a/target/mips/translate.c
+++ b/target/mips/translate.c
@@ -4248,6 +4248,7 @@ static void gen_compute_branch (DisasContext *ctx, ui=
nt32_t opc,
     int bcond_compute =3D 0;
     TCGv t0 =3D tcg_temp_new();
     TCGv t1 =3D tcg_temp_new();
+    int32_t seg_mask =3D 0xF0000000;      /* 256 MB-aligned region */
=20
     if (ctx->hflags & MIPS_HFLAG_BMASK) {
 #ifdef MIPS_DEBUG_DISAS
@@ -4303,9 +4304,15 @@ static void gen_compute_branch (DisasContext *ctx, u=
int32_t opc,
         break;
     case OPC_J:
     case OPC_JAL:
+        /* microMIPS J32, JAL32 & JALS32 offsets are in 128 MB region not =
256 */
+        if ((ctx->hflags & MIPS_HFLAG_M16) &&
+            (ctx->insn_flags & ASE_MICROMIPS)) {
+            seg_mask =3D 0xF8000000;      /* 128 MB-aligned region */
+        }
+        /* fall through */
     case OPC_JALX:
         /* Jump to immediate */
-        btgt =3D ((ctx->pc + insn_bytes) & (int32_t)0xF0000000) | (uint32_=
t)offset;
+        btgt =3D ((ctx->pc + insn_bytes) & seg_mask) | (uint32_t)offset;
         break;
     case OPC_JR:
     case OPC_JALR:
--=20
git-series 0.8.10