From 1212c9b73cb96995dd77d60ac24f1bb90993f62a Mon Sep 17 00:00:00 2001
From: Stefano Stabellini <sstabellini@kernel.org>
Date: Mon, 5 Mar 2018 11:21:40 -0500
Subject: [PATCH] fix WFI/WFE length in syndrome register

WFI/E are often, but not always, 4 bytes long. When they are, we need to
set ARM_EL_IL_SHIFT in the syndrome register.

Pass the instruction length to HELPER(wfi), use it to decrement pc
appropriately and to pass an is_16bit flag to syn_wfx, which sets
ARM_EL_IL_SHIFT if needed.

Set dc->insn in both arm_tr_translate_insn and thumb_tr_translate_insn.

Backports commit 58803318e5a546b2eb0efd7a053ed36b6c29ae6f from qemu
---
 qemu/target/arm/helper.h        |  2 +-
 qemu/target/arm/internals.h     |  3 ++-
 qemu/target/arm/op_helper.c     |  7 ++++---
 qemu/target/arm/psci.c          |  2 +-
 qemu/target/arm/translate-a64.c |  7 ++++++-
 qemu/target/arm/translate.c     | 10 +++++++++-
 6 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/qemu/target/arm/helper.h b/qemu/target/arm/helper.h
index 5887cd70..26146d99 100644
--- a/qemu/target/arm/helper.h
+++ b/qemu/target/arm/helper.h
@@ -50,7 +50,7 @@ DEF_HELPER_FLAGS_3(sel_flags, TCG_CALL_NO_RWG_SE,
 DEF_HELPER_2(exception_internal, void, env, i32)
 DEF_HELPER_4(exception_with_syndrome, void, env, i32, i32, i32)
 DEF_HELPER_1(setend, void, env)
-DEF_HELPER_1(wfi, void, env)
+DEF_HELPER_2(wfi, void, env, i32)
 DEF_HELPER_1(wfe, void, env)
 DEF_HELPER_1(yield, void, env)
 DEF_HELPER_1(pre_hvc, void, env)
diff --git a/qemu/target/arm/internals.h b/qemu/target/arm/internals.h
index 527b9236..b112021e 100644
--- a/qemu/target/arm/internals.h
+++ b/qemu/target/arm/internals.h
@@ -430,9 +430,10 @@ static inline uint32_t syn_breakpoint(int same_el)
         | ARM_EL_IL | 0x22;
 }
 
-static inline uint32_t syn_wfx(int cv, int cond, int ti)
+static inline uint32_t syn_wfx(int cv, int cond, int ti, bool is_16bit)
 {
     return (EC_WFX_TRAP << ARM_EL_EC_SHIFT) |
+           (is_16bit ? 0 : (1 << ARM_EL_IL_SHIFT)) |
            (cv << 24) | (cond << 20) | ti;
 }
 
diff --git a/qemu/target/arm/op_helper.c b/qemu/target/arm/op_helper.c
index dfa66d20..1f7f3269 100644
--- a/qemu/target/arm/op_helper.c
+++ b/qemu/target/arm/op_helper.c
@@ -462,7 +462,7 @@ static inline int check_wfx_trap(CPUARMState *env, bool is_wfe)
     return 0;
 }
 
-void HELPER(wfi)(CPUARMState *env)
+void HELPER(wfi)(CPUARMState *env, uint32_t insn_len)
 {
     CPUState *cs = CPU(arm_env_get_cpu(env));
     int target_el = check_wfx_trap(env, false);
@@ -475,8 +475,9 @@ void HELPER(wfi)(CPUARMState *env)
     }
 
     if (target_el) {
-        env->pc -= 4;
-        raise_exception(env, EXCP_UDEF, syn_wfx(1, 0xe, 0), target_el);
+        env->pc -= insn_len;
+        raise_exception(env, EXCP_UDEF, syn_wfx(1, 0xe, 0, insn_len == 2),
+                        target_el);
     }
 
     cs->exception_index = EXCP_HLT;
diff --git a/qemu/target/arm/psci.c b/qemu/target/arm/psci.c
index cff08d27..b6783888 100644
--- a/qemu/target/arm/psci.c
+++ b/qemu/target/arm/psci.c
@@ -189,7 +189,7 @@ void arm_handle_psci_call(ARMCPU *cpu)
         } else {
             env->regs[0] = 0;
         }
-        helper_wfi(env);
+        helper_wfi(env, 4);
         break;
     case QEMU_PSCI_0_1_FN_MIGRATE:
     case QEMU_PSCI_0_2_FN_MIGRATE:
diff --git a/qemu/target/arm/translate-a64.c b/qemu/target/arm/translate-a64.c
index 0304289d..1878cf9e 100644
--- a/qemu/target/arm/translate-a64.c
+++ b/qemu/target/arm/translate-a64.c
@@ -11630,17 +11630,22 @@ static void aarch64_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
             gen_helper_yield(tcg_ctx, tcg_ctx->cpu_env);
             break;
         case DISAS_WFI:
+        {
             /* This is a special case because we don't want to just halt the CPU
              * if trying to debug across a WFI.
              */
+            TCGv_i32 tmp = tcg_const_i32(tcg_ctx, 4);
+
             gen_a64_set_pc_im(dc, dc->pc);
-            gen_helper_wfi(tcg_ctx, tcg_ctx->cpu_env);
+            gen_helper_wfi(tcg_ctx, tcg_ctx->cpu_env, tmp);
+            tcg_temp_free_i32(tcg_ctx, tmp);
             /* The helper doesn't necessarily throw an exception, but we
              * must go back to the main loop to check for interrupts anyway.
              */
             tcg_gen_exit_tb(tcg_ctx, 0);
             break;
         }
+        }
     }
 
     /* Functions above can change dc->pc, so re-align db->pc_next */
diff --git a/qemu/target/arm/translate.c b/qemu/target/arm/translate.c
index 46c60c59..6e49602b 100644
--- a/qemu/target/arm/translate.c
+++ b/qemu/target/arm/translate.c
@@ -12390,6 +12390,7 @@ static void arm_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
     }
 
     insn = arm_ldl_code(env, dc->pc, dc->sctlr_b);
+    dc->insn = insn;
     dc->pc += 4;
     disas_arm_insn(dc, insn);
 
@@ -12420,6 +12421,7 @@ static void thumb_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
         insn = insn << 16 | insn2;
         dc->pc += 2;
     }
+    dc->insn = insn;
 
     if (dc->condexec_mask && !thumb_insn_is_unconditional(dc, insn)) {
         uint32_t cond = dc->condexec_cond;
@@ -12547,12 +12549,18 @@ static void arm_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
             /* nothing more to generate */
             break;
         case DISAS_WFI:
-            gen_helper_wfi(tcg_ctx, tcg_ctx->cpu_env);
+        {
+            TCGv_i32 tmp = tcg_const_i32(tcg_ctx, (dc->thumb &&
+                                          !(dc->insn & (1U << 31))) ? 2 : 4);
+            gen_helper_wfi(tcg_ctx, tcg_ctx->cpu_env, tmp);
+            tcg_temp_free_i32(tcg_ctx, tmp);
+
             /* The helper doesn't necessarily throw an exception, but we
              * must go back to the main loop to check for interrupts anyway.
              */
             tcg_gen_exit_tb(tcg_ctx, 0);
             break;
+        }
         case DISAS_WFE:
             gen_helper_wfe(tcg_ctx, tcg_ctx->cpu_env);
             break;