s390x/tcg: XC: Fault-safe handling

We can process a maximum of 256 bytes, crossing two pages. While at it,
increment the length once.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Hildenbrand <david@redhat.com>
This commit is contained in:
David Hildenbrand 2019-09-04 16:48:29 +02:00
parent 8c4a732076
commit a8821dd56e
1 changed files with 12 additions and 6 deletions

View File

@ -355,14 +355,19 @@ static uint32_t do_helper_xc(CPUS390XState *env, uint32_t l, uint64_t dest,
uint64_t src, uintptr_t ra) uint64_t src, uintptr_t ra)
{ {
const int mmu_idx = cpu_mmu_index(env, false); const int mmu_idx = cpu_mmu_index(env, false);
S390Access desta; S390Access srca1, srca2, desta;
uint32_t i; uint32_t i;
uint8_t c = 0; uint8_t c = 0;
HELPER_LOG("%s l %d dest %" PRIx64 " src %" PRIx64 "\n", HELPER_LOG("%s l %d dest %" PRIx64 " src %" PRIx64 "\n",
__func__, l, dest, src); __func__, l, dest, src);
desta = access_prepare(env, dest, l + 1, MMU_DATA_STORE, mmu_idx, ra); /* XC always processes one more byte than specified - maximum is 256 */
l++;
srca1 = access_prepare(env, src, l, MMU_DATA_LOAD, mmu_idx, ra);
srca2 = access_prepare(env, dest, l, MMU_DATA_LOAD, mmu_idx, ra);
desta = access_prepare(env, dest, l, MMU_DATA_STORE, mmu_idx, ra);
/* xor with itself is the same as memset(0) */ /* xor with itself is the same as memset(0) */
if (src == dest) { if (src == dest) {
@ -370,11 +375,12 @@ static uint32_t do_helper_xc(CPUS390XState *env, uint32_t l, uint64_t dest,
return 0; return 0;
} }
for (i = 0; i <= l; i++) { for (i = 0; i < l; i++) {
uint8_t x = cpu_ldub_data_ra(env, src + i, ra); const uint8_t x = access_get_byte(env, &srca1, i, ra) ^
x ^= cpu_ldub_data_ra(env, dest + i, ra); access_get_byte(env, &srca2, i, ra);
c |= x; c |= x;
cpu_stb_data_ra(env, dest + i, x, ra); access_set_byte(env, &desta, i, x, ra);
} }
return c != 0; return c != 0;
} }