aarch64 tlb range invalidate is not accurate

Host environment

• Operating system: Ubuntu 20.04
• OS/kernel version: Linux 5.11.0-40-generic
• Architecture: x86_64
• QEMU flavor: qemu-system-aarch64
• QEMU version: 6.1.9.0 (v6.2.0-rc0)
• QEMU command line:

Emulated/Virtualized environment

• Operating system: N/A
• OS/kernel version: N/A
• Architecture: aarch64

Description of problem

In this (84940ed8) commit, tlb range invalidate support is added, and I think qemu's range calculation is wrong.

In tlbi_aa64_range_get_length function, num, scale, page_size_granule is caculated as below.

    num = extract64(value, 39, 4);
    scale = extract64(value, 44, 2);
    page_size_granule = extract64(value, 46, 2);

    page_shift = page_size_granule * 2 + 12;

As Arm documentation, NUM bits's length is 5, but the code above only extract 4bits.

And page_shift also should be calculated as (page_size_granule-1) <<1) + 12 rather than page_size_granule * 2 + 12.

Steps to reproduce

Additional information

I found this issue while debugging a phenomenon that kernel panic occurs randomly in my qemu fork.

I'm pretty sure this is one of the causes, but even if I roughly correct it, my problem has not been solved.

I think my problem is TLB invalidate related issue, so if I find any more problems, I'll comment here.