unicorn/qemu
James Hogan dba4828444
tcg/mips: Fix clobbering of qemu_ld inputs
The MIPS TCG backend implements qemu_ld with 64-bit targets using the v0
register (base) as a temporary to load the upper half of the QEMU TLB
comparator (see line 5 below), however this happens before the input
address is used (line 8 to mask off the low bits for the TLB
comparison, and line 12 to add the host-guest offset). If the input
address (addrl) also happens to have been placed in v0 (as in the second
column below), it gets clobbered before it is used.

addrl in t2 addrl in v0

1 srl a0,t2,0x7 srl a0,v0,0x7
2 andi a0,a0,0x1fe0 andi a0,a0,0x1fe0
3 addu a0,a0,s0 addu a0,a0,s0
4 lw at,9136(a0) lw at,9136(a0) set TCG_TMP0 (at)
5 lw v0,9140(a0) lw v0,9140(a0) set base (v0)
6 li t9,-4093 li t9,-4093
7 lw a0,9160(a0) lw a0,9160(a0) set addend (a0)
8 and t9,t9,t2 and t9,t9,v0 use addrl
9 bne at,t9,0x836d8c8 bne at,t9,0x836d838 use TCG_TMP0
10 nop nop
11 bne v0,t8,0x836d8c8 bne v0,a1,0x836d838 use base
12 addu v0,a0,t2 addu v0,a0,v0 use addrl, addend
13 lw t0,0(v0) lw t0,0(v0)

Fix by using TCG_TMP0 (at) as the temporary instead of v0 (base),
pushing the load on line 5 forward into the delay slot of the low
comparison (line 10). The early load of the addend on line 7 also needs
pushing even further for 64-bit targets, or it will clobber a0 before
we're done with it. The output for 32-bit targets is unaffected.

srl a0,v0,0x7
andi a0,a0,0x1fe0
addu a0,a0,s0
lw at,9136(a0)
-lw v0,9140(a0) load high comparator
li t9,-4093
-lw a0,9160(a0) load addend
and t9,t9,v0
bne at,t9,0x836d838
- nop
+ lw at,9140(a0) load high comparator
+lw a0,9160(a0) load addend
-bne v0,a1,0x836d838
+bne at,a1,0x836d838
addu v0,a0,v0
lw t0,0(v0)

Backports commit 33fca8589cf2aa7bf91564e6a8f26b3ba0910541 from qemu
2018-02-17 15:23:24 -05:00
..
crypto crypto: move built-in AES implementation into crypto/ 2018-02-17 15:23:17 -05:00
default-configs arm64eb: add support for ARM64 big endian. 2017-04-24 23:30:01 +08:00
docs docs: clarify memory region lifecycle 2018-02-12 15:11:21 -05:00
fpu softfloat: expand out STATUS macro 2018-02-12 13:43:13 -05:00
hw qerror: Clean up QERR_ macros to expand into a single string 2018-02-17 15:23:09 -05:00
include cpu: Add wrapper for the set_pc() hook 2018-02-17 15:23:19 -05:00
qapi qerror: Clean up QERR_ macros to expand into a single string 2018-02-17 15:23:09 -05:00
qobject qerror: Finally unused, clean up 2018-02-17 15:23:10 -05:00
qom qom: Fix invalid error check in property_get_str() 2018-02-17 15:23:24 -05:00
scripts Save copies of generated qapi files. 2017-01-21 00:30:50 +11:00
target-arm target-arm: Fix broken SCTLR_EL3 reset 2018-02-17 15:23:19 -05:00
target-i386 target-i386/FPU: a misprint in helper_fistll_ST0 2018-02-17 15:23:22 -05:00
target-m68k cpu-exec: Purge all uses of ENV_GET_CPU() 2018-02-17 15:23:18 -05:00
target-mips target-mips: fix semihosting for microMIPS R6 2018-02-17 15:23:24 -05:00
target-sparc cpu-exec: Purge all uses of ENV_GET_CPU() 2018-02-17 15:23:18 -05:00
tcg tcg/mips: Fix clobbering of qemu_ld inputs 2018-02-17 15:23:24 -05:00
util crypto: move built-in AES implementation into crypto/ 2018-02-17 15:23:17 -05:00
aarch64.h crypto: introduce new module for computing hash digests 2018-02-17 15:23:17 -05:00
aarch64eb.h crypto: introduce new module for computing hash digests 2018-02-17 15:23:17 -05:00
accel.c Automated leading tab to spaces conversion. 2017-01-21 12:28:22 +11:00
arm.h crypto: introduce new module for computing hash digests 2018-02-17 15:23:17 -05:00
armeb.h crypto: introduce new module for computing hash digests 2018-02-17 15:23:17 -05:00
CODING_STYLE import 2015-08-21 15:04:50 +08:00
configure tcg: Drop ia64 host support 2018-02-04 18:33:02 -05:00
COPYING import 2015-08-21 15:04:50 +08:00
COPYING.LIB import 2015-08-21 15:04:50 +08:00
cpu-exec.c cpu-exec: Purge all uses of ENV_GET_CPU() 2018-02-17 15:23:18 -05:00
cpus.c cpu-exec: Purge all uses of ENV_GET_CPU() 2018-02-17 15:23:18 -05:00
cputlb.c memory: replace cpu_physical_memory_reset_dirty() with test-and-clear 2018-02-13 11:25:45 -05:00
exec.c cpu: Change cpu_exec_init() arg to cpu, not env 2018-02-17 15:23:18 -05:00
gen_all_header.sh arm64eb: add support for ARM64 big endian. 2017-04-24 23:30:01 +08:00
glib_compat.c crypto: introduce new module for computing hash digests 2018-02-17 15:23:17 -05:00
HACKING import 2015-08-21 15:04:50 +08:00
header_gen.py crypto: introduce new module for computing hash digests 2018-02-17 15:23:17 -05:00
ioport.c memory: Define API for MemoryRegionOps to take attrs and return status 2018-02-12 17:17:27 -05:00
LICENSE import 2015-08-21 15:04:50 +08:00
m68k.h crypto: introduce new module for computing hash digests 2018-02-17 15:23:17 -05:00
Makefile cleanup qemu/default-configs/ 2017-01-19 14:52:30 +08:00
Makefile.objs crypto: introduce new module for computing hash digests 2018-02-17 15:23:17 -05:00
Makefile.target tcg: Move some opcode generation functions out of line 2018-02-09 08:10:00 -05:00
memory.c memory: Add global-locking property to memory regions 2018-02-17 15:23:16 -05:00
memory_mapping.c memory_mapping: Rework cpu related includes 2018-02-17 15:23:15 -05:00
mips.h crypto: introduce new module for computing hash digests 2018-02-17 15:23:17 -05:00
mips64.h crypto: introduce new module for computing hash digests 2018-02-17 15:23:17 -05:00
mips64el.h crypto: introduce new module for computing hash digests 2018-02-17 15:23:17 -05:00
mipsel.h crypto: introduce new module for computing hash digests 2018-02-17 15:23:17 -05:00
powerpc.h crypto: introduce new module for computing hash digests 2018-02-17 15:23:17 -05:00
qapi-schema.json import 2015-08-21 15:04:50 +08:00
qemu-log.c import 2015-08-21 15:04:50 +08:00
qemu-timer.c timer is redundant 2017-01-20 16:46:58 +08:00
rules.mak import 2015-08-21 15:04:50 +08:00
softmmu_template.h Add MemTxAttrs to the IOTLB 2018-02-12 18:38:38 -05:00
sparc.h crypto: introduce new module for computing hash digests 2018-02-17 15:23:17 -05:00
sparc64.h crypto: introduce new module for computing hash digests 2018-02-17 15:23:17 -05:00
tcg-runtime.c platform.h move #3 2017-01-21 00:13:21 +11:00
translate-all.c translate-all: Change tb_flush() env argument to cpu 2018-02-17 15:23:18 -05:00
translate-all.h translate-all: remove unnecessary argument to tb_invalidate_phys_range 2018-02-13 09:04:51 -05:00
unicorn_common.h This code should now build the x86_x64-softmmu part 2. 2017-01-19 22:50:28 +11:00
VERSION import 2015-08-21 15:04:50 +08:00
vl.c crypto: introduce new module for computing hash digests 2018-02-17 15:23:17 -05:00
vl.h import 2015-08-21 15:04:50 +08:00
x86_64.h crypto: introduce new module for computing hash digests 2018-02-17 15:23:17 -05:00