From: Richard Henderson <richard.henderson@linaro.org>
Date: Fri, 3 Feb 2023 17:16:31 +0000 (+0000)
Subject: tcg/aarch64: Fix patching of LDR in tb_target_set_jmp_target
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=a2495ede07498ee36b18b03e7038ba30c9871bb2;p=qemu.git

tcg/aarch64: Fix patching of LDR in tb_target_set_jmp_target

'offset' should be bits [23:5] of LDR instruction, rather than [4:0].

Fixes: d59d83a1c388 ("tcg/aarch64: Reorg goto_tb implementation")
Reviewed-by: Zenghui Yu <yuzenghui@huawei.com>
Reported-by: Zenghui Yu <yuzenghui@huawei.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---

diff --git a/tcg/aarch64/tcg-target.c.inc b/tcg/aarch64/tcg-target.c.inc
index fde3b30ad1..a091326f84 100644
--- a/tcg/aarch64/tcg-target.c.inc
+++ b/tcg/aarch64/tcg-target.c.inc
@@ -1914,7 +1914,7 @@ void tb_target_set_jmp_target(const TranslationBlock *tb, int n,
         ptrdiff_t i_offset = i_addr - jmp_rx;
 
         /* Note that we asserted this in range in tcg_out_goto_tb. */
-        insn = deposit32(I3305_LDR | TCG_REG_TMP, 0, 5, i_offset >> 2);
+        insn = deposit32(I3305_LDR | TCG_REG_TMP, 5, 19, i_offset >> 2);
     }
     qatomic_set((uint32_t *)jmp_rw, insn);
     flush_idcache_range(jmp_rx, jmp_rw, 4);