[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 38/47] tcg/riscv: Fix branch range checks
From: |
Richard Henderson |
Subject: |
[PULL 38/47] tcg/riscv: Fix branch range checks |
Date: |
Thu, 7 Jan 2021 10:14:39 -1000 |
The offset even checks were folded into the range check incorrectly.
By offsetting by 1, and not decrementing the width, we silently
allowed out of range branches.
Assert that the offset is always even instead. Move tcg_out_goto
down into the CONFIG_SOFTMMU block so that it is not unused.
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
tcg/riscv/tcg-target.c.inc | 28 +++++++++++++++-------------
1 file changed, 15 insertions(+), 13 deletions(-)
diff --git a/tcg/riscv/tcg-target.c.inc b/tcg/riscv/tcg-target.c.inc
index 0518595742..5b4c500a4b 100644
--- a/tcg/riscv/tcg-target.c.inc
+++ b/tcg/riscv/tcg-target.c.inc
@@ -429,7 +429,8 @@ static bool reloc_sbimm12(tcg_insn_unit *code_ptr,
tcg_insn_unit *target)
{
intptr_t offset = (intptr_t)target - (intptr_t)code_ptr;
- if (offset == sextreg(offset, 1, 12) << 1) {
+ tcg_debug_assert((offset & 1) == 0);
+ if (offset == sextreg(offset, 0, 12)) {
code_ptr[0] |= encode_sbimm12(offset);
return true;
}
@@ -441,7 +442,8 @@ static bool reloc_jimm20(tcg_insn_unit *code_ptr,
tcg_insn_unit *target)
{
intptr_t offset = (intptr_t)target - (intptr_t)code_ptr;
- if (offset == sextreg(offset, 1, 20) << 1) {
+ tcg_debug_assert((offset & 1) == 0);
+ if (offset == sextreg(offset, 0, 20)) {
code_ptr[0] |= encode_ujimm20(offset);
return true;
}
@@ -854,28 +856,21 @@ static void tcg_out_setcond2(TCGContext *s, TCGCond cond,
TCGReg ret,
g_assert_not_reached();
}
-static inline void tcg_out_goto(TCGContext *s, tcg_insn_unit *target)
-{
- ptrdiff_t offset = tcg_pcrel_diff(s, target);
- tcg_debug_assert(offset == sextreg(offset, 1, 20) << 1);
- tcg_out_opc_jump(s, OPC_JAL, TCG_REG_ZERO, offset);
-}
-
static void tcg_out_call_int(TCGContext *s, const tcg_insn_unit *arg, bool
tail)
{
TCGReg link = tail ? TCG_REG_ZERO : TCG_REG_RA;
ptrdiff_t offset = tcg_pcrel_diff(s, arg);
int ret;
- if (offset == sextreg(offset, 1, 20) << 1) {
+ tcg_debug_assert((offset & 1) == 0);
+ if (offset == sextreg(offset, 0, 20)) {
/* short jump: -2097150 to 2097152 */
tcg_out_opc_jump(s, OPC_JAL, link, offset);
- } else if (TCG_TARGET_REG_BITS == 32 ||
- offset == sextreg(offset, 1, 31) << 1) {
+ } else if (TCG_TARGET_REG_BITS == 32 || offset == (int32_t)offset) {
/* long jump: -2147483646 to 2147483648 */
tcg_out_opc_upper(s, OPC_AUIPC, TCG_REG_TMP0, 0);
tcg_out_opc_imm(s, OPC_JALR, link, TCG_REG_TMP0, 0);
- ret = reloc_call(s->code_ptr - 2, arg);\
+ ret = reloc_call(s->code_ptr - 2, arg);
tcg_debug_assert(ret == true);
} else if (TCG_TARGET_REG_BITS == 64) {
/* far jump: 64-bit */
@@ -962,6 +957,13 @@ QEMU_BUILD_BUG_ON(TCG_TARGET_REG_BITS < TARGET_LONG_BITS);
QEMU_BUILD_BUG_ON(TLB_MASK_TABLE_OFS(0) > 0);
QEMU_BUILD_BUG_ON(TLB_MASK_TABLE_OFS(0) < -(1 << 11));
+static void tcg_out_goto(TCGContext *s, tcg_insn_unit *target)
+{
+ tcg_out_opc_jump(s, OPC_JAL, TCG_REG_ZERO, 0);
+ bool ok = reloc_jimm20(s->code_ptr - 1, target);
+ tcg_debug_assert(ok);
+}
+
static void tcg_out_tlb_load(TCGContext *s, TCGReg addrl,
TCGReg addrh, TCGMemOpIdx oi,
tcg_insn_unit **label_ptr, bool is_load)
--
2.25.1
- [PULL 24/47] tcg: Return the TB pointer from the rx region from exit_tb, (continued)
- [PULL 24/47] tcg: Return the TB pointer from the rx region from exit_tb, Richard Henderson, 2021/01/07
- [PULL 21/47] tcg: Add --accel tcg,split-wx property, Richard Henderson, 2021/01/07
- [PULL 22/47] accel/tcg: Support split-wx for linux with memfd, Richard Henderson, 2021/01/07
- [PULL 27/47] tcg/aarch64: Support split-wx code generation, Richard Henderson, 2021/01/07
- [PULL 29/47] tcg/tci: Push const down through bytecode reading, Richard Henderson, 2021/01/07
- [PULL 32/47] tcg/ppc: Use tcg_out_mem_long to reset TCG_REG_TB, Richard Henderson, 2021/01/07
- [PULL 36/47] tcg/s390: Use tcg_tbrel_diff, Richard Henderson, 2021/01/07
- [PULL 20/47] tcg: Use Error with alloc_code_gen_buffer, Richard Henderson, 2021/01/07
- [PULL 33/47] tcg/ppc: Support split-wx code generation, Richard Henderson, 2021/01/07
- [PULL 37/47] tcg/s390: Support split-wx code generation, Richard Henderson, 2021/01/07
- [PULL 38/47] tcg/riscv: Fix branch range checks,
Richard Henderson <=
- [PULL 34/47] tcg/sparc: Use tcg_tbrel_diff, Richard Henderson, 2021/01/07
- [PULL 45/47] tcg: Remove TCG_TARGET_SUPPORT_MIRROR, Richard Henderson, 2021/01/07
- [PULL 26/47] tcg/aarch64: Use B not BL for tcg_out_goto_long, Richard Henderson, 2021/01/07
- [PULL 41/47] accel/tcg: Add mips support to alloc_code_gen_buffer_splitwx_memfd, Richard Henderson, 2021/01/07
- [PULL 30/47] tcg: Introduce tcg_tbrel_diff, Richard Henderson, 2021/01/07
- [PULL 28/47] disas: Push const down through host disassembly, Richard Henderson, 2021/01/07
- [PULL 31/47] tcg/ppc: Use tcg_tbrel_diff, Richard Henderson, 2021/01/07
- [PULL 35/47] tcg/sparc: Support split-wx code generation, Richard Henderson, 2021/01/07
- [PULL 42/47] tcg/mips: Do not assert on relocation overflow, Richard Henderson, 2021/01/07
- [PULL 39/47] tcg/riscv: Remove branch-over-branch fallback, Richard Henderson, 2021/01/07