[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 58/88] target-xtensa: add missing window check for e
From: |
Michael Roth |
Subject: |
[Qemu-devel] [PATCH 58/88] target-xtensa: add missing window check for entry |
Date: |
Thu, 8 Jan 2015 11:34:02 -0600 |
From: Max Filippov <address@hidden>
Entry opcode needs to check if moving to new register frame would cause
register window overflow. Entry used in function prologue never
overflows because preceding windowed call* opcode writes return address
to the target register window frame, causing overflow exceptions at the
point of call. But when a sequence of entry opcodes is used for register
window spilling there may not be a call or other opcode that would cause
window check between entries and they would not raise overflow exception
themselves resulting in data corruption.
Cc: address@hidden
Signed-off-by: Max Filippov <address@hidden>
(cherry picked from commit 1b3e71f8ee17ced609213d9b41758110f3c026e9)
Signed-off-by: Michael Roth <address@hidden>
---
target-xtensa/cpu.h | 6 ++++++
target-xtensa/op_helper.c | 6 ++++++
2 files changed, 12 insertions(+)
diff --git a/target-xtensa/cpu.h b/target-xtensa/cpu.h
index d797d26..6e4e2b2 100644
--- a/target-xtensa/cpu.h
+++ b/target-xtensa/cpu.h
@@ -471,6 +471,12 @@ static inline xtensa_tlb_entry
*xtensa_tlb_get_entry(CPUXtensaState *env,
env->itlb[wi] + ei;
}
+static inline uint32_t xtensa_replicate_windowstart(CPUXtensaState *env)
+{
+ return env->sregs[WINDOW_START] |
+ (env->sregs[WINDOW_START] << env->config->nareg / 4);
+}
+
/* MMU modes definitions */
#define MMU_MODE0_SUFFIX _ring0
#define MMU_MODE1_SUFFIX _ring1
diff --git a/target-xtensa/op_helper.c b/target-xtensa/op_helper.c
index dae1386..872e5a8 100644
--- a/target-xtensa/op_helper.c
+++ b/target-xtensa/op_helper.c
@@ -235,6 +235,12 @@ void HELPER(entry)(CPUXtensaState *env, uint32_t pc,
uint32_t s, uint32_t imm)
pc, env->sregs[PS]);
HELPER(exception_cause)(env, pc, ILLEGAL_INSTRUCTION_CAUSE);
} else {
+ uint32_t windowstart = xtensa_replicate_windowstart(env) >>
+ (env->sregs[WINDOW_BASE] + 1);
+
+ if (windowstart & ((1 << callinc) - 1)) {
+ HELPER(window_check)(env, pc, callinc);
+ }
env->regs[(callinc << 2) | (s & 3)] = env->regs[s] - (imm << 3);
rotate_window(env, callinc);
env->sregs[WINDOW_START] |=
--
1.9.1
- [Qemu-devel] [PATCH 45/88] vmware-vga: use vmsvga_verify_rect in vmsvga_copy_rect, (continued)
- [Qemu-devel] [PATCH 45/88] vmware-vga: use vmsvga_verify_rect in vmsvga_copy_rect, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 51/88] virtio-scsi: sense in virtio_scsi_command_complete, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 52/88] tcg/mips: fix store softmmu slow path, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 47/88] qcow2: Do not overflow when writing an L1 sector, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 49/88] Make qemu_shutdown_requested signal-safe, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 54/88] hw/xtensa/xtfpga: treat uImage load address as virtual, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 53/88] hw/core/loader: implement address translation in uimage loader, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 57/88] esp-pci: fixup deadlock with linux, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 19/88] virtio-balloon: fix integer overflow in memory stats feature, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 56/88] hw/ppc/spapr_pci.c: Avoid functions not in glib 2.12 (g_hash_table_iter_*), Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 58/88] target-xtensa: add missing window check for entry,
Michael Roth <=
- [Qemu-devel] [PATCH 21/88] ivshmem: Check ivshmem_read() size argument, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 23/88] ivshmem: Fix potential OOB r/w access, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 55/88] snapshot: add bdrv_drain_all() to bdrv_snapshot_delete() to avoid concurrency problem, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 61/88] libcacard: fix resource leak, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 59/88] kvm: Fix memory slot page alignment logic, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 62/88] l2tpv3: fix possible double free, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 60/88] virtio-scsi: work around bug in old BIOSes, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 64/88] hw/ide/core.c: Prevent SIGSEGV during migration, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 66/88] block: Make essential BlockDriver objects public, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 63/88] exec: Handle multipage ranges in invalidate_and_set_dirty(), Michael Roth, 2015/01/08