MIPS patches queue

Various fixes: - Potential integer overflow (CID 1452921) - Invalid emulation of nanoMIPS BPOSGE32 opcode - Missing exception when DINSV opcode used with DSP disabled - Do not abort but emit exception for invalid BRANCH opcodes - TCG temporary leaks Housekeeping: - Remove dead code / comments - Restrict few files to TCG, declarations to sysemu - Merge MSA32 and MSA64 decodetree definitions -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmDVoEwACgkQ4+MsLN6t wN5VSxAAy5yx/Fq8sdODuu5aV/JJKW2W8SZZrEI9jkzn8i85NoRTTTsQEHxuAV5f Luy6Dqfj8aIrr604G1yGjo9dpspPA37cJk7TkJFhhvw9FWMrM2tc1BMdRaxZcecx us4PWXiX9MMGIWztHjU84IcW7k1upjS4XO57vOuSL8LOzEiUg/N+beys5X8Mcwsd rGroRt6vaRR/d65M7yKyZsz2DDhfCst/zOmZ6Qc11bjxKx1aAX9eM2oszWOM9C8U tjo5h5CJHHPvUihflZwWsgN0emL390TNPnvKKrP014007Hr85l1Gr4LUwK838jbn MBIzu1hqlpc3thLs1QMrE5dBii9Ds5rNP5l/W2EbCIvXzXJ+fLAb3osnzEi+K/J8 sufjbzU5xN6R1dzEp2fp1rSTYIEGh8gT05takGdzuVYmSezJ5ahENBTtGNOJ4Ov6 SqMOXod1r5jacT5oRNQmYs4L3xcSP26AWMUCrJ2V5aYLOxcYkWAbhK0TLuH7jFxk ntGAdBuaXO4D0O6va/cGzLIrypvOXicoQXHhF1UxdepF4lwEKB+LE5EsqyCT+6Iw Why/hjk4VxQ3LzBXrVRHoXgS/6Gu3Wu4xmixyjuGmBg/t/uu+iWQBTpaZ5/qv/bv QgmT8H/7f1nWlgv7440RZ5D4xRsgxex9w/8SOEHCU7QaFjh/67k= =THJZ -----END PGP SIGNATURE----- Merge remote-tracking branch 'remotes/philmd/tags/mips-20210625' into staging MIPS patches queue Various fixes: - Potential integer overflow (CID 1452921) - Invalid emulation of nanoMIPS BPOSGE32 opcode - Missing exception when DINSV opcode used with DSP disabled - Do not abort but emit exception for invalid BRANCH opcodes - TCG temporary leaks Housekeeping: - Remove dead code / comments - Restrict few files to TCG, declarations to sysemu - Merge MSA32 and MSA64 decodetree definitions # gpg: Signature made Fri 25 Jun 2021 10:22:20 BST # gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE # gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full] # Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE * remotes/philmd/tags/mips-20210625: target/mips: Merge msa32/msa64 decodetree definitions target/mips: Remove pointless gen_msa() target/mips: Optimize regnames[] arrays target/mips: Constify host_to_mips_errno[] target/mips: fix emulation of nanoMIPS BPOSGE32 instruction target/mips: Remove microMIPS BPOSGE32 / BPOSGE64 unuseful cases target/mips: Remove SmartMIPS / MDMX unuseful comments target/mips: Restrict some system specific declarations to sysemu target/mips: Move translate.h to tcg/ sub directory target/mips: Move TCG trace events to tcg/ sub directory target/mips: Do not abort on invalid instruction target/mips: Raise exception when DINSV opcode used with DSP disabled target/mips: Fix more TCG temporary leaks in gen_pool32a5_nanomips_insn target/mips: Fix TCG temporary leaks in gen_pool32a5_nanomips_insn() target/mips: Fix potential integer overflow (CID 1452921) Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-06-28 09:44:41 +01:00 · 2021-06-28 09:44:41 +01:00 · 687f9f7834
commit 687f9f7834
parent 5d2d18ae39 f5c6ee0c6b
16 changed files with 42 additions and 71 deletions
--- a/meson.build
+++ b/meson.build
@ -1882,7 +1882,7 @@ if have_system or have_user
    'target/hppa',
    'target/i386',
    'target/i386/kvm',
-    'target/mips',
+    'target/mips/tcg',
    'target/ppc',
    'target/riscv',
    'target/s390x',
--- a/target/mips/cpu.c
+++ b/target/mips/cpu.c
@ -35,7 +35,7 @@
 #include "qapi/qapi-commands-machine-target.h"
 #include "fpu_helper.h"

-const char regnames[32][4] = {
+const char regnames[32][3] = {
    "r0", "at", "v0", "v1", "a0", "a1", "a2", "a3",
    "t0", "t1", "t2", "t3", "t4", "t5", "t6", "t7",
    "s0", "s1", "s2", "s3", "s4", "s5", "s6", "s7",
--- a/target/mips/cpu.h
+++ b/target/mips/cpu.h
@ -1152,13 +1152,13 @@ struct CPUMIPSState {
    CPUMIPSMVPContext *mvp;
 #if !defined(CONFIG_USER_ONLY)
    CPUMIPSTLBContext *tlb;
+    void *irq[8];
+    struct MIPSITUState *itu;
+    MemoryRegion *itc_tag; /* ITC Configuration Tags */
 #endif

    const mips_def_t *cpu_model;
-    void *irq[8];
    QEMUTimer *timer; /* Internal timer */
-    struct MIPSITUState *itu;
-    MemoryRegion *itc_tag; /* ITC Configuration Tags */
    target_ulong exception_base; /* ExceptionBase input to the core */
    uint64_t cp0_count_ns; /* CP0_Count clock period (in nanoseconds) */
 };
@ -1316,12 +1316,16 @@ uint64_t cpu_mips_phys_to_kseg1(void *opaque, uint64_t addr);
 bool mips_um_ksegs_enabled(void);
 void mips_um_ksegs_enable(void);

+#if !defined(CONFIG_USER_ONLY)
+
 /* mips_int.c */
 void cpu_mips_soft_irq(CPUMIPSState *env, int irq, int level);

 /* mips_itu.c */
 void itc_reconfigure(struct MIPSITUState *tag);

+#endif /* !CONFIG_USER_ONLY */
+
 /* helper.c */
 target_ulong exception_resume_pc(CPUMIPSState *env);

--- a/target/mips/internal.h
+++ b/target/mips/internal.h
@ -74,7 +74,7 @@ struct mips_def_t {
    int32_t SAARP;
 };

-extern const char regnames[32][4];
+extern const char regnames[32][3];
 extern const char fregnames[32][4];

 extern const struct mips_def_t mips_defs[];
--- a/target/mips/tcg/meson.build
+++ b/target/mips/tcg/meson.build
@ -1,8 +1,7 @@
 gen = [
  decodetree.process('mips32r6.decode', extra_args: '--static-decode=decode_mips32r6'),
  decodetree.process('mips64r6.decode', extra_args: '--static-decode=decode_mips64r6'),
-  decodetree.process('msa32.decode', extra_args: '--static-decode=decode_msa32'),
-  decodetree.process('msa64.decode', extra_args: '--static-decode=decode_msa64'),
+  decodetree.process('msa.decode', extra_args: '--decode=decode_ase_msa'),
  decodetree.process('tx79.decode', extra_args: '--static-decode=decode_tx79'),
 ]

--- a/target/mips/tcg/msa32.decode
+++ b/target/mips/tcg/msa32.decode
@ -6,9 +6,10 @@
 #
 # Reference:
 #       MIPS Architecture for Programmers Volume IV-j
-#       The MIPS32 SIMD Architecture Module, Revision 1.12
-#       (Document Number: MD00866-2B-MSA32-AFP-01.12)
-#
+#       - The MIPS32 SIMD Architecture Module, Revision 1.12
+#         (Document Number: MD00866-2B-MSA32-AFP-01.12)
+#       - The MIPS64 SIMD Architecture Module, Revision 1.12
+#         (Document Number: MD00868-1D-MSA64-AFP-01.12)

 &rtype              rs rt rd sa

@ -19,6 +20,7 @@
@bz_df              ...... ... df:2 wt:5 s16:16             &msa_bz

 LSA                 000000 ..... ..... ..... 000 .. 000101  @lsa
+DLSA                000000 ..... ..... ..... 000 .. 010101  @lsa

 BZ_V                010001 01011  ..... ................    @bz
 BNZ_V               010001 01111  ..... ................    @bz
--- a/target/mips/tcg/msa64.decode
+++ b/target/mips/tcg/msa64.decode
@ -1,17 +0,0 @@
-# MIPS SIMD Architecture Module instruction set
-#
-# Copyright (C) 2020  Philippe Mathieu-Daudé
-#
-# SPDX-License-Identifier: LGPL-2.1-or-later
-#
-# Reference:
-#       MIPS Architecture for Programmers Volume IV-j
-#       The MIPS64 SIMD Architecture Module, Revision 1.12
-#       (Document Number: MD00868-1D-MSA64-AFP-01.12)
-#
-
-&rtype              rs rt rd sa !extern
-
-@lsa                ...... rs:5 rt:5 rd:5 ... sa:2 ......   &rtype
-
-DLSA                 000000 ..... ..... ..... 000 .. 010101 @lsa
--- a/target/mips/tcg/msa_translate.c
+++ b/target/mips/tcg/msa_translate.c
@ -18,8 +18,7 @@
 #include "internal.h"

 /* Include the auto-generated decoder.  */
-#include "decode-msa32.c.inc"
-#include "decode-msa64.c.inc"
+#include "decode-msa.c.inc"

 #define OPC_MSA (0x1E << 26)

@ -255,7 +254,7 @@ enum {
    OPC_BINSRI_df   = (0x7 << 23) | OPC_MSA_BIT_09,
 };

-static const char * const msaregnames[] = {
+static const char msaregnames[][6] = {
    "w0.d0",  "w0.d1",  "w1.d0",  "w1.d1",
    "w2.d0",  "w2.d1",  "w3.d0",  "w3.d1",
    "w4.d0",  "w4.d1",  "w5.d0",  "w5.d1",
@ -2162,7 +2161,7 @@ static void gen_msa_vec(DisasContext *ctx)
    }
 }

-static void gen_msa(DisasContext *ctx)
+static bool trans_MSA(DisasContext *ctx, arg_MSA *a)
 {
    uint32_t opcode = ctx->opcode;

@ -2258,11 +2257,6 @@ static void gen_msa(DisasContext *ctx)
        gen_reserved_instruction(ctx);
        break;
    }
-}
-
-static bool trans_MSA(DisasContext *ctx, arg_MSA *a)
-{
-    gen_msa(ctx);

    return true;
 }
@ -2274,13 +2268,8 @@ static bool trans_LSA(DisasContext *ctx, arg_rtype *a)

 static bool trans_DLSA(DisasContext *ctx, arg_rtype *a)
 {
+    if (TARGET_LONG_BITS != 64) {
+        return false;
+    }
    return gen_dlsa(ctx, a->rd, a->rt, a->rs, a->sa);
 }
-
-bool decode_ase_msa(DisasContext *ctx, uint32_t insn)
-{
-    if (TARGET_LONG_BITS == 64 && decode_msa64(ctx, insn)) {
-        return true;
-    }
-    return decode_msa32(ctx, insn);
-}
--- a/target/mips/tcg/mxu_translate.c
+++ b/target/mips/tcg/mxu_translate.c
@ -447,9 +447,9 @@ enum {
 static TCGv mxu_gpr[NUMBER_OF_MXU_REGISTERS - 1];
 static TCGv mxu_CR;

-static const char * const mxuregnames[] = {
+static const char mxuregnames[][4] = {
    "XR1",  "XR2",  "XR3",  "XR4",  "XR5",  "XR6",  "XR7",  "XR8",
-    "XR9",  "XR10", "XR11", "XR12", "XR13", "XR14", "XR15", "MXU_CR",
+    "XR9",  "XR10", "XR11", "XR12", "XR13", "XR14", "XR15", "XCR",
 };

 void mxu_translate_init(void)
--- a/target/mips/tcg/sysemu/mips-semi.c
+++ b/target/mips/tcg/sysemu/mips-semi.c
@ -75,7 +75,7 @@ enum UHIOpenFlags {
 };

 /* Errno values taken from asm-mips/errno.h */
-static uint16_t host_to_mips_errno[] = {
+static const uint16_t host_to_mips_errno[] = {
    [ENAMETOOLONG] = 78,
 #ifdef EOVERFLOW
    [EOVERFLOW]    = 79,
--- a/target/mips/tcg/sysemu/tlb_helper.c
+++ b/target/mips/tcg/sysemu/tlb_helper.c
@ -17,6 +17,7 @@
 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
 */
 #include "qemu/osdep.h"
+#include "qemu/bitops.h"

 #include "cpu.h"
 #include "internal.h"
@ -659,7 +660,7 @@ static int walk_directory(CPUMIPSState *env, uint64_t *vaddr,
        w = directory_index - 1;
        if (directory_index & 0x1) {
            /* Generate adjacent page from same PTE for odd TLB page */
-            lsb = (1 << w) >> 6;
+            lsb = BIT_ULL(w) >> 6;
            *pw_entrylo0 = entry & ~lsb; /* even page */
            *pw_entrylo1 = entry | lsb; /* odd page */
        } else if (dph) {
--- a/target/mips/tcg/trace-events
+++ b/target/mips/tcg/trace-events
--- a/target/mips/tcg/trace.h
+++ b/target/mips/tcg/trace.h
@ -0,0 +1 @@
+#include "trace/trace-target_mips_tcg.h"
--- a/target/mips/tcg/translate.c
+++ b/target/mips/tcg/translate.c
@ -31,7 +31,7 @@
 #include "exec/helper-gen.h"
 #include "semihosting/semihost.h"

-#include "target/mips/trace.h"
+#include "trace.h"
 #include "trace-tcg.h"
 #include "exec/translator.h"
 #include "exec/log.h"
@ -1280,11 +1280,11 @@ TCGv_i64 fpu_f64[32];
 #define DISAS_STOP       DISAS_TARGET_0
 #define DISAS_EXIT       DISAS_TARGET_1

-static const char * const regnames_HI[] = {
+static const char regnames_HI[][4] = {
    "HI0", "HI1", "HI2", "HI3",
 };

-static const char * const regnames_LO[] = {
+static const char regnames_LO[][4] = {
    "LO0", "LO1", "LO2", "LO3",
 };

@ -12151,8 +12151,8 @@ static void gen_branch(DisasContext *ctx, int insn_bytes)
            tcg_gen_lookup_and_goto_ptr();
            break;
        default:
-            fprintf(stderr, "unknown branch 0x%x\n", proc_hflags);
-            abort();
+            LOG_DISAS("unknown branch 0x%x\n", proc_hflags);
+            gen_reserved_instruction(ctx);
        }
    }
 }
@ -14076,8 +14076,6 @@ enum {
    BGEZALS = 0x13,
    BC2F = 0x14,
    BC2T = 0x15,
-    BPOSGE64 = 0x1a,
-    BPOSGE32 = 0x1b,
    /* These overlap and are distinguished by bit16 of the instruction */
    BC1F = 0x1c,
    BC1T = 0x1d,
@ -16121,10 +16119,6 @@ static void decode_micromips32_opc(CPUMIPSState *env, DisasContext *ctx)
                generate_exception_err(ctx, EXCP_CpU, 1);
            }
            break;
-        case BPOSGE64:
-        case BPOSGE32:
-            /* MIPS DSP: not implemented */
-            /* Fall through */
        default:
            MIPS_INVAL("pool32i");
            gen_reserved_instruction(ctx);
@ -20182,6 +20176,8 @@ static void gen_pool32a5_nanomips_insn(DisasContext *ctx, int opc,
            tcg_gen_movi_tl(tv0, rd >> 3);
            tcg_gen_movi_tl(tv1, imm);
            gen_helper_shilo(tv0, tv1, cpu_env);
+            tcg_temp_free(tv1);
+            tcg_temp_free(tv0);
        }
        break;
    case NM_MULEQ_S_W_PHL:
@ -20296,6 +20292,10 @@ static void gen_pool32a5_nanomips_insn(DisasContext *ctx, int opc,
        gen_reserved_instruction(ctx);
        break;
    }
+
+    tcg_temp_free(v2_t);
+    tcg_temp_free(v1_t);
+    tcg_temp_free(t0);
 }

 static int decode_nanomips_32_48_opc(CPUMIPSState *env, DisasContext *ctx)
@ -21137,7 +21137,7 @@ static int decode_nanomips_32_48_opc(CPUMIPSState *env, DisasContext *ctx)
                                      extract32(ctx->opcode, 0, 1) << 13;

                        gen_compute_branch_nm(ctx, OPC_BPOSGE32, 4, -1, -2,
-                                              imm);
+                                              imm << 1);
                    }
                    break;
                default:
@ -21572,14 +21572,6 @@ static int decode_nanomips_opc(CPUMIPSState *env, DisasContext *ctx)
 }


-/* SmartMIPS extension to MIPS32 */
-
-#if defined(TARGET_MIPS64)
-
-/* MDMX extension to MIPS64 */
-
-#endif
-
 /* MIPSDSP functions. */
 static void gen_mipsdsp_ld(DisasContext *ctx, uint32_t opc,
                           int rd, int base, int offset)
@ -24373,10 +24365,11 @@ static void decode_opc_special3_legacy(CPUMIPSState *env, DisasContext *ctx)
        {
            TCGv t0, t1;

+            check_dsp(ctx);
+
            if (rt == 0) {
                break;
            }
-            check_dsp(ctx);

            t0 = tcg_temp_new();
            t1 = tcg_temp_new();
--- a/target/mips/tcg/translate.h
+++ b/target/mips/tcg/translate.h
--- a/target/mips/trace.h
+++ b/target/mips/trace.h
@ -1 +0,0 @@
-#include "trace/trace-target_mips.h"