target/m68k: Perform writback before modifying SR

Writes to SR may change security state, which may involve a swap of %ssp with %usp as reflected in %a7. Finish the writeback of %sp@+ before swapping stack pointers. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1206 Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Message-Id: <20220913142818.7802-3-richard.henderson@linaro.org> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
author: Richard Henderson 2022-09-13 16:28:18 +0200
committer: Laurent Vivier 2022-09-21 15:02:28 +0200
commit: 214c6002d0263bce2225e23983e58d36740a6e1d (patch)
tree: 30ea6c3b1331d14a720628064ee574169d5c8907 /target/m68k
parent: target/m68k: Fix MACSR to CCR (diff)
download: qemu-214c6002d0263bce2225e23983e58d36740a6e1d.tar.gz
qemu-214c6002d0263bce2225e23983e58d36740a6e1d.tar.xz
qemu-214c6002d0263bce2225e23983e58d36740a6e1d.zip
1 files changed, 5 insertions, 3 deletions
diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index c9bb053803..4640eadf78 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -2285,9 +2285,9 @@ static void gen_set_sr_im(DisasContext *s, uint16_t val, int ccr_only)
         tcg_gen_movi_i32(QREG_CC_N, val & CCF_N ? -1 : 0);
         tcg_gen_movi_i32(QREG_CC_X, val & CCF_X ? 1 : 0);
     } else {
-        TCGv sr = tcg_const_i32(val);
-        gen_helper_set_sr(cpu_env, sr);
-        tcg_temp_free(sr);
+        /* Must writeback before changing security state. */
+        do_writebacks(s);
+        gen_helper_set_sr(cpu_env, tcg_constant_i32(val));
     }
     set_cc_op(s, CC_OP_FLAGS);
 }
@@ -2297,6 +2297,8 @@ static void gen_set_sr(DisasContext *s, TCGv val, int ccr_only)
     if (ccr_only) {
         gen_helper_set_ccr(cpu_env, val);
     } else {
+        /* Must writeback before changing security state. */
+        do_writebacks(s);
         gen_helper_set_sr(cpu_env, val);
     }
     set_cc_op(s, CC_OP_FLAGS);
author	Richard Henderson	2022-09-13 16:28:18 +0200
committer	Laurent Vivier	2022-09-21 15:02:28 +0200
commit	214c6002d0263bce2225e23983e58d36740a6e1d (patch)
tree	30ea6c3b1331d14a720628064ee574169d5c8907 /target/m68k
parent	target/m68k: Fix MACSR to CCR (diff)
download	qemu-214c6002d0263bce2225e23983e58d36740a6e1d.tar.gz qemu-214c6002d0263bce2225e23983e58d36740a6e1d.tar.xz qemu-214c6002d0263bce2225e23983e58d36740a6e1d.zip