target/arm: Define and use new load_cpu_field_low32()
In several places in the 32-bit Arm translate.c, we try to use load_cpu_field() to load from a CPUARMState field into a TCGv_i32 where the field is actually 64-bit. This works on little-endian hosts, but gives the wrong half of the register on big-endian. Add a new load_cpu_field_low32() which loads the low 32 bits of a 64-bit field into a TCGv_i32. The new macro includes a compile-time check against accidentally using it on a field of the wrong size. Use it to fix the two places in the code where we were using load_cpu_field() on a 64-bit field. This fixes a bug where on big-endian hosts the guest would crash after executing an ERET instruction, and a more corner case one where some UNDEFs for attempted accesses to MSR banked registers from Secure EL1 might go to the wrong EL. Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230424153909.1419369-2-peter.maydell@linaro.org
This commit is contained in:
parent
2c5fa0778c
commit
7f3a3d3dc4
@ -2816,7 +2816,7 @@ static bool msr_banked_access_decode(DisasContext *s, int r, int sysm, int rn,
|
||||
if (arm_dc_feature(s, ARM_FEATURE_AARCH64) &&
|
||||
dc_isar_feature(aa64_sel2, s)) {
|
||||
/* Target EL is EL<3 minus SCR_EL3.EEL2> */
|
||||
tcg_el = load_cpu_field(cp15.scr_el3);
|
||||
tcg_el = load_cpu_field_low32(cp15.scr_el3);
|
||||
tcg_gen_sextract_i32(tcg_el, tcg_el, ctz32(SCR_EEL2), 1);
|
||||
tcg_gen_addi_i32(tcg_el, tcg_el, 3);
|
||||
} else {
|
||||
@ -6396,7 +6396,7 @@ static bool trans_ERET(DisasContext *s, arg_ERET *a)
|
||||
}
|
||||
if (s->current_el == 2) {
|
||||
/* ERET from Hyp uses ELR_Hyp, not LR */
|
||||
tmp = load_cpu_field(elr_el[2]);
|
||||
tmp = load_cpu_field_low32(elr_el[2]);
|
||||
} else {
|
||||
tmp = load_reg(s, 14);
|
||||
}
|
||||
|
@ -61,6 +61,13 @@ static inline TCGv_i32 load_cpu_offset(int offset)
|
||||
|
||||
#define load_cpu_field(name) load_cpu_offset(offsetof(CPUARMState, name))
|
||||
|
||||
/* Load from the low half of a 64-bit field to a TCGv_i32 */
|
||||
#define load_cpu_field_low32(name) \
|
||||
({ \
|
||||
QEMU_BUILD_BUG_ON(sizeof_field(CPUARMState, name) != 8); \
|
||||
load_cpu_offset(offsetoflow32(CPUARMState, name)); \
|
||||
})
|
||||
|
||||
void store_cpu_offset(TCGv_i32 var, int offset, int size);
|
||||
|
||||
#define store_cpu_field(var, name) \
|
||||
|
Loading…
Reference in New Issue
Block a user