diff mbox series

target/hppa: Generate illegal instruction exception for 64-bit instructions

Message ID Yy+BHMfYE3fYVq6k@p100 (mailing list archive)
State New, archived
Headers show
Series target/hppa: Generate illegal instruction exception for 64-bit instructions | expand

Commit Message

Helge Deller Sept. 24, 2022, 10:13 p.m. UTC
Qemu currently emulates a 32-bit CPU only, and crashes with this error
when it faces a 64-bit load (e.g.  "ldd 0(r26),r0") or 64-bit store
(e.g. "std r26,0(r26)") instruction in the guest:

ERROR:../qemu/tcg/tcg-op.c:2822:tcg_canonicalize_memop: code should not be reached

Fix this by adding checks for 64-bit sizes and generate an illegal
instruction exception if necessary.

Signed-off-by: Helge Deller <deller@gmx.de>

Comments

Richard Henderson Sept. 28, 2022, 3:55 p.m. UTC | #1
On 9/24/22 15:13, Helge Deller wrote:
> Qemu currently emulates a 32-bit CPU only, and crashes with this error
> when it faces a 64-bit load (e.g.  "ldd 0(r26),r0") or 64-bit store
> (e.g. "std r26,0(r26)") instruction in the guest:
> 
> ERROR:../qemu/tcg/tcg-op.c:2822:tcg_canonicalize_memop: code should not be reached
> 
> Fix this by adding checks for 64-bit sizes and generate an illegal
> instruction exception if necessary.
> 
> Signed-off-by: Helge Deller <deller@gmx.de>
> 
> diff --git a/target/hppa/translate.c b/target/hppa/translate.c
> index b8dbfee5e9..287cc410cd 100644
> --- a/target/hppa/translate.c
> +++ b/target/hppa/translate.c
> @@ -1568,7 +1568,12 @@ static bool do_load(DisasContext *ctx, unsigned rt, unsigned rb,
>           /* Make sure if RT == RB, we see the result of the load.  */
>           dest = get_temp(ctx);
>       }
> -    do_load_reg(ctx, dest, rb, rx, scale, disp, sp, modify, mop);
> +    if (unlikely(TARGET_REGISTER_BITS == 32 && (mop & MO_SIZE) > MO_32)) {
> +        gen_illegal(ctx);
> +        dest = tcg_constant_reg(0);
> +    } else {
> +        do_load_reg(ctx, dest, rb, rx, scale, disp, sp, modify, mop);
> +    }

This should be done in trans_ld,

> @@ -1631,7 +1636,11 @@ static bool do_store(DisasContext *ctx, unsigned rt, unsigned rb,
>                        int modify, MemOp mop)
>   {
>       nullify_over(ctx);
> -    do_store_reg(ctx, load_gpr(ctx, rt), rb, 0, 0, disp, sp, modify, mop);
> +    if (unlikely(TARGET_REGISTER_BITS == 32 && (mop & MO_SIZE) > MO_32)) {
> +        gen_illegal(ctx);
> +    } else {
> +        do_store_reg(ctx, load_gpr(ctx, rt), rb, 0, 0, disp, sp, modify, mop);
> +    }

and this in trans_st.


r~
Helge Deller Sept. 28, 2022, 4:44 p.m. UTC | #2
On 9/28/22 17:55, Richard Henderson wrote:
> On 9/24/22 15:13, Helge Deller wrote:
>> Qemu currently emulates a 32-bit CPU only, and crashes with this error
>> when it faces a 64-bit load (e.g.  "ldd 0(r26),r0") or 64-bit store
>> (e.g. "std r26,0(r26)") instruction in the guest:
>>
>> ERROR:../qemu/tcg/tcg-op.c:2822:tcg_canonicalize_memop: code should not be reached
>>
>> Fix this by adding checks for 64-bit sizes and generate an illegal
>> instruction exception if necessary.
>>
>> Signed-off-by: Helge Deller <deller@gmx.de>
>>
>> diff --git a/target/hppa/translate.c b/target/hppa/translate.c
>> index b8dbfee5e9..287cc410cd 100644
>> --- a/target/hppa/translate.c
>> +++ b/target/hppa/translate.c
>> @@ -1568,7 +1568,12 @@ static bool do_load(DisasContext *ctx, unsigned rt, unsigned rb,
>>           /* Make sure if RT == RB, we see the result of the load.  */
>>           dest = get_temp(ctx);
>>       }
>> -    do_load_reg(ctx, dest, rb, rx, scale, disp, sp, modify, mop);
>> +    if (unlikely(TARGET_REGISTER_BITS == 32 && (mop & MO_SIZE) > MO_32)) {
>> +        gen_illegal(ctx);
>> +        dest = tcg_constant_reg(0);
>> +    } else {
>> +        do_load_reg(ctx, dest, rb, rx, scale, disp, sp, modify, mop);
>> +    }
>
> This should be done in trans_ld,
>
>> @@ -1631,7 +1636,11 @@ static bool do_store(DisasContext *ctx, unsigned rt, unsigned rb,
>>                        int modify, MemOp mop)
>>   {
>>       nullify_over(ctx);
>> -    do_store_reg(ctx, load_gpr(ctx, rt), rb, 0, 0, disp, sp, modify, mop);
>> +    if (unlikely(TARGET_REGISTER_BITS == 32 && (mop & MO_SIZE) > MO_32)) {
>> +        gen_illegal(ctx);
>> +    } else {
>> +        do_store_reg(ctx, load_gpr(ctx, rt), rb, 0, 0, disp, sp, modify, mop);
>> +    }
>
> and this in trans_st.

Yes, you're right.
Will resend fixed patch.

Helge
diff mbox series

Patch

diff --git a/target/hppa/translate.c b/target/hppa/translate.c
index b8dbfee5e9..287cc410cd 100644
--- a/target/hppa/translate.c
+++ b/target/hppa/translate.c
@@ -1568,7 +1568,12 @@  static bool do_load(DisasContext *ctx, unsigned rt, unsigned rb,
         /* Make sure if RT == RB, we see the result of the load.  */
         dest = get_temp(ctx);
     }
-    do_load_reg(ctx, dest, rb, rx, scale, disp, sp, modify, mop);
+    if (unlikely(TARGET_REGISTER_BITS == 32 && (mop & MO_SIZE) > MO_32)) {
+        gen_illegal(ctx);
+        dest = tcg_constant_reg(0);
+    } else {
+        do_load_reg(ctx, dest, rb, rx, scale, disp, sp, modify, mop);
+    }
     save_gpr(ctx, rt, dest);

     return nullify_end(ctx);
@@ -1631,7 +1636,11 @@  static bool do_store(DisasContext *ctx, unsigned rt, unsigned rb,
                      int modify, MemOp mop)
 {
     nullify_over(ctx);
-    do_store_reg(ctx, load_gpr(ctx, rt), rb, 0, 0, disp, sp, modify, mop);
+    if (unlikely(TARGET_REGISTER_BITS == 32 && (mop & MO_SIZE) > MO_32)) {
+        gen_illegal(ctx);
+    } else {
+        do_store_reg(ctx, load_gpr(ctx, rt), rb, 0, 0, disp, sp, modify, mop);
+    }
     return nullify_end(ctx);
 }