| Message ID | Yy+BHMfYE3fYVq6k@p100 (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | target/hppa: Generate illegal instruction exception for 64-bit instructions | expand |
On 9/24/22 15:13, Helge Deller wrote: > Qemu currently emulates a 32-bit CPU only, and crashes with this error > when it faces a 64-bit load (e.g. "ldd 0(r26),r0") or 64-bit store > (e.g. "std r26,0(r26)") instruction in the guest: > > ERROR:../qemu/tcg/tcg-op.c:2822:tcg_canonicalize_memop: code should not be reached > > Fix this by adding checks for 64-bit sizes and generate an illegal > instruction exception if necessary. > > Signed-off-by: Helge Deller <deller@gmx.de> > > diff --git a/target/hppa/translate.c b/target/hppa/translate.c > index b8dbfee5e9..287cc410cd 100644 > --- a/target/hppa/translate.c > +++ b/target/hppa/translate.c > @@ -1568,7 +1568,12 @@ static bool do_load(DisasContext *ctx, unsigned rt, unsigned rb, > /* Make sure if RT == RB, we see the result of the load. */ > dest = get_temp(ctx); > } > - do_load_reg(ctx, dest, rb, rx, scale, disp, sp, modify, mop); > + if (unlikely(TARGET_REGISTER_BITS == 32 && (mop & MO_SIZE) > MO_32)) { > + gen_illegal(ctx); > + dest = tcg_constant_reg(0); > + } else { > + do_load_reg(ctx, dest, rb, rx, scale, disp, sp, modify, mop); > + } This should be done in trans_ld, > @@ -1631,7 +1636,11 @@ static bool do_store(DisasContext *ctx, unsigned rt, unsigned rb, > int modify, MemOp mop) > { > nullify_over(ctx); > - do_store_reg(ctx, load_gpr(ctx, rt), rb, 0, 0, disp, sp, modify, mop); > + if (unlikely(TARGET_REGISTER_BITS == 32 && (mop & MO_SIZE) > MO_32)) { > + gen_illegal(ctx); > + } else { > + do_store_reg(ctx, load_gpr(ctx, rt), rb, 0, 0, disp, sp, modify, mop); > + } and this in trans_st. r~
On 9/28/22 17:55, Richard Henderson wrote: > On 9/24/22 15:13, Helge Deller wrote: >> Qemu currently emulates a 32-bit CPU only, and crashes with this error >> when it faces a 64-bit load (e.g. "ldd 0(r26),r0") or 64-bit store >> (e.g. "std r26,0(r26)") instruction in the guest: >> >> ERROR:../qemu/tcg/tcg-op.c:2822:tcg_canonicalize_memop: code should not be reached >> >> Fix this by adding checks for 64-bit sizes and generate an illegal >> instruction exception if necessary. >> >> Signed-off-by: Helge Deller <deller@gmx.de> >> >> diff --git a/target/hppa/translate.c b/target/hppa/translate.c >> index b8dbfee5e9..287cc410cd 100644 >> --- a/target/hppa/translate.c >> +++ b/target/hppa/translate.c >> @@ -1568,7 +1568,12 @@ static bool do_load(DisasContext *ctx, unsigned rt, unsigned rb, >> /* Make sure if RT == RB, we see the result of the load. */ >> dest = get_temp(ctx); >> } >> - do_load_reg(ctx, dest, rb, rx, scale, disp, sp, modify, mop); >> + if (unlikely(TARGET_REGISTER_BITS == 32 && (mop & MO_SIZE) > MO_32)) { >> + gen_illegal(ctx); >> + dest = tcg_constant_reg(0); >> + } else { >> + do_load_reg(ctx, dest, rb, rx, scale, disp, sp, modify, mop); >> + } > > This should be done in trans_ld, > >> @@ -1631,7 +1636,11 @@ static bool do_store(DisasContext *ctx, unsigned rt, unsigned rb, >> int modify, MemOp mop) >> { >> nullify_over(ctx); >> - do_store_reg(ctx, load_gpr(ctx, rt), rb, 0, 0, disp, sp, modify, mop); >> + if (unlikely(TARGET_REGISTER_BITS == 32 && (mop & MO_SIZE) > MO_32)) { >> + gen_illegal(ctx); >> + } else { >> + do_store_reg(ctx, load_gpr(ctx, rt), rb, 0, 0, disp, sp, modify, mop); >> + } > > and this in trans_st. Yes, you're right. Will resend fixed patch. Helge
diff --git a/target/hppa/translate.c b/target/hppa/translate.c index b8dbfee5e9..287cc410cd 100644 --- a/target/hppa/translate.c +++ b/target/hppa/translate.c @@ -1568,7 +1568,12 @@ static bool do_load(DisasContext *ctx, unsigned rt, unsigned rb, /* Make sure if RT == RB, we see the result of the load. */ dest = get_temp(ctx); } - do_load_reg(ctx, dest, rb, rx, scale, disp, sp, modify, mop); + if (unlikely(TARGET_REGISTER_BITS == 32 && (mop & MO_SIZE) > MO_32)) { + gen_illegal(ctx); + dest = tcg_constant_reg(0); + } else { + do_load_reg(ctx, dest, rb, rx, scale, disp, sp, modify, mop); + } save_gpr(ctx, rt, dest); return nullify_end(ctx); @@ -1631,7 +1636,11 @@ static bool do_store(DisasContext *ctx, unsigned rt, unsigned rb, int modify, MemOp mop) { nullify_over(ctx); - do_store_reg(ctx, load_gpr(ctx, rt), rb, 0, 0, disp, sp, modify, mop); + if (unlikely(TARGET_REGISTER_BITS == 32 && (mop & MO_SIZE) > MO_32)) { + gen_illegal(ctx); + } else { + do_store_reg(ctx, load_gpr(ctx, rt), rb, 0, 0, disp, sp, modify, mop); + } return nullify_end(ctx); }
Qemu currently emulates a 32-bit CPU only, and crashes with this error when it faces a 64-bit load (e.g. "ldd 0(r26),r0") or 64-bit store (e.g. "std r26,0(r26)") instruction in the guest: ERROR:../qemu/tcg/tcg-op.c:2822:tcg_canonicalize_memop: code should not be reached Fix this by adding checks for 64-bit sizes and generate an illegal instruction exception if necessary. Signed-off-by: Helge Deller <deller@gmx.de>