Our LDRD and STRD implementations have a couple of bugs:
* if the LDRD address is 4-aligned and the load crosses a page boundary
and the second load faults and the first load was to the base register
(as in cases like "ldrd r2, r3, [r2]", then we must not update the base
register before taking the fault. Our current implementation does
a sequence of "32 bit load; write to Rt; 32-bit load; write to Rt2"
so it mishandles this kind of insn.
* if the address is 8-aligned the access must be a 64-bit
single-copy atomic access, not two 32-bit accesses.
This patchseries fixes both of these bugs, and then cleans up an
argument to some utility functions that we no longer need after
the first two changes.
Note for reviewers: please check that I got the MemOp right:
I believe that MO_64 | MO_ALIGN_4 | MO_ATOM_SUBALIGN expresses
"8-aligned addresses should be 64-bit atomic, 4-aligned addresses
should be 32-bit atomic, less-aligned addresses fault" but I'm
not sure if I've correctly understood MO_ATOM_SUBALIGN.
Thanks to Stu Grossman for reporting the page-boundary-crossing
fault bug, which prompted me to look a bit closer at the code and
notice that we weren't doing the atomicity right either.
thanks
-- PMM
Peter Maydell (3):
target/arm: Correct LDRD atomicity and fault behaviour
target/arm: Correct STRD atomicity
target/arm: Drop unused address_offset from op_addr_{rr,ri}_post()
target/arm/tcg/translate.c | 137 +++++++++++++++++++++++--------------
1 file changed, 84 insertions(+), 53 deletions(-)
--
2.43.0
