[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v5 34/43] tcg/riscv: Fix branch range checks
From: |
Richard Henderson |
Subject: |
[PATCH v5 34/43] tcg/riscv: Fix branch range checks |
Date: |
Tue, 5 Jan 2021 07:19:41 -1000 |
The offset even checks were folded into the range check incorrectly.
By offsetting by 1, and not decrementing the width, we silently
allowed out of range branches.
Assert that the offset is always even instead. Move tcg_out_goto
down into the CONFIG_SOFTMMU block so that it is not unused.
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
tcg/riscv/tcg-target.c.inc | 28 +++++++++++++++-------------
1 file changed, 15 insertions(+), 13 deletions(-)
diff --git a/tcg/riscv/tcg-target.c.inc b/tcg/riscv/tcg-target.c.inc
index 0518595742..5b4c500a4b 100644
--- a/tcg/riscv/tcg-target.c.inc
+++ b/tcg/riscv/tcg-target.c.inc
@@ -429,7 +429,8 @@ static bool reloc_sbimm12(tcg_insn_unit *code_ptr,
tcg_insn_unit *target)
{
intptr_t offset = (intptr_t)target - (intptr_t)code_ptr;
- if (offset == sextreg(offset, 1, 12) << 1) {
+ tcg_debug_assert((offset & 1) == 0);
+ if (offset == sextreg(offset, 0, 12)) {
code_ptr[0] |= encode_sbimm12(offset);
return true;
}
@@ -441,7 +442,8 @@ static bool reloc_jimm20(tcg_insn_unit *code_ptr,
tcg_insn_unit *target)
{
intptr_t offset = (intptr_t)target - (intptr_t)code_ptr;
- if (offset == sextreg(offset, 1, 20) << 1) {
+ tcg_debug_assert((offset & 1) == 0);
+ if (offset == sextreg(offset, 0, 20)) {
code_ptr[0] |= encode_ujimm20(offset);
return true;
}
@@ -854,28 +856,21 @@ static void tcg_out_setcond2(TCGContext *s, TCGCond cond,
TCGReg ret,
g_assert_not_reached();
}
-static inline void tcg_out_goto(TCGContext *s, tcg_insn_unit *target)
-{
- ptrdiff_t offset = tcg_pcrel_diff(s, target);
- tcg_debug_assert(offset == sextreg(offset, 1, 20) << 1);
- tcg_out_opc_jump(s, OPC_JAL, TCG_REG_ZERO, offset);
-}
-
static void tcg_out_call_int(TCGContext *s, const tcg_insn_unit *arg, bool
tail)
{
TCGReg link = tail ? TCG_REG_ZERO : TCG_REG_RA;
ptrdiff_t offset = tcg_pcrel_diff(s, arg);
int ret;
- if (offset == sextreg(offset, 1, 20) << 1) {
+ tcg_debug_assert((offset & 1) == 0);
+ if (offset == sextreg(offset, 0, 20)) {
/* short jump: -2097150 to 2097152 */
tcg_out_opc_jump(s, OPC_JAL, link, offset);
- } else if (TCG_TARGET_REG_BITS == 32 ||
- offset == sextreg(offset, 1, 31) << 1) {
+ } else if (TCG_TARGET_REG_BITS == 32 || offset == (int32_t)offset) {
/* long jump: -2147483646 to 2147483648 */
tcg_out_opc_upper(s, OPC_AUIPC, TCG_REG_TMP0, 0);
tcg_out_opc_imm(s, OPC_JALR, link, TCG_REG_TMP0, 0);
- ret = reloc_call(s->code_ptr - 2, arg);\
+ ret = reloc_call(s->code_ptr - 2, arg);
tcg_debug_assert(ret == true);
} else if (TCG_TARGET_REG_BITS == 64) {
/* far jump: 64-bit */
@@ -962,6 +957,13 @@ QEMU_BUILD_BUG_ON(TCG_TARGET_REG_BITS < TARGET_LONG_BITS);
QEMU_BUILD_BUG_ON(TLB_MASK_TABLE_OFS(0) > 0);
QEMU_BUILD_BUG_ON(TLB_MASK_TABLE_OFS(0) < -(1 << 11));
+static void tcg_out_goto(TCGContext *s, tcg_insn_unit *target)
+{
+ tcg_out_opc_jump(s, OPC_JAL, TCG_REG_ZERO, 0);
+ bool ok = reloc_jimm20(s->code_ptr - 1, target);
+ tcg_debug_assert(ok);
+}
+
static void tcg_out_tlb_load(TCGContext *s, TCGReg addrl,
TCGReg addrh, TCGMemOpIdx oi,
tcg_insn_unit **label_ptr, bool is_load)
--
2.25.1
- [PATCH v5 25/43] tcg/tci: Push const down through bytecode reading, (continued)
- [PATCH v5 25/43] tcg/tci: Push const down through bytecode reading, Richard Henderson, 2021/01/05
- [PATCH v5 28/43] tcg/ppc: Use tcg_out_mem_long to reset TCG_REG_TB, Richard Henderson, 2021/01/05
- [PATCH v5 18/43] accel/tcg: Support split-wx for linux with memfd, Richard Henderson, 2021/01/05
- [PATCH v5 22/43] tcg/aarch64: Use B not BL for tcg_out_goto_long, Richard Henderson, 2021/01/05
- [PATCH v5 26/43] tcg: Introduce tcg_tbrel_diff, Richard Henderson, 2021/01/05
- [PATCH v5 27/43] tcg/ppc: Use tcg_tbrel_diff, Richard Henderson, 2021/01/05
- [PATCH v5 29/43] tcg/ppc: Support split-wx code generation, Richard Henderson, 2021/01/05
- [PATCH v5 30/43] tcg/sparc: Use tcg_tbrel_diff, Richard Henderson, 2021/01/05
- [PATCH v5 33/43] tcg/s390: Support split-wx code generation, Richard Henderson, 2021/01/05
- [PATCH v5 34/43] tcg/riscv: Fix branch range checks,
Richard Henderson <=
- [PATCH v5 37/43] accel/tcg: Add mips support to alloc_code_gen_buffer_splitwx_memfd, Richard Henderson, 2021/01/05
- [PATCH v5 35/43] tcg/riscv: Remove branch-over-branch fallback, Richard Henderson, 2021/01/05
- [PATCH v5 31/43] tcg/sparc: Support split-wx code generation, Richard Henderson, 2021/01/05
- [PATCH v5 32/43] tcg/s390: Use tcg_tbrel_diff, Richard Henderson, 2021/01/05
- [PATCH v5 36/43] tcg/riscv: Support split-wx code generation, Richard Henderson, 2021/01/05
- [PATCH v5 39/43] tcg/mips: Support split-wx code generation, Richard Henderson, 2021/01/05
- [PATCH v5 38/43] tcg/mips: Do not assert on relocation overflow, Richard Henderson, 2021/01/05
- [PATCH v5 43/43] tcg: Constify TCGLabelQemuLdst.raddr, Richard Henderson, 2021/01/05
- [PATCH v5 40/43] tcg/arm: Support split-wx code generation, Richard Henderson, 2021/01/05