[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2] target-arm: check that LSB <= MSB in BFI ins
From: |
Peter Maydell |
Subject: |
Re: [Qemu-devel] [PATCH v2] target-arm: check that LSB <= MSB in BFI instruction |
Date: |
Tue, 3 Feb 2015 11:47:37 +0000 |
On 30 January 2015 at 12:59, Kirill Batuzov <address@hidden> wrote:
> The documentation states that if LSB > MSB in BFI instruction behaviour
> is unpredictable. Currently QEMU crashes because of assertion failure in
> this case:
>
> tcg/tcg-op.h:2061: tcg_gen_deposit_i32: Assertion `len <= 32' failed.
>
> While assertion failure may meet the "unpredictable" definition this
> behaviour is undesirable because it allows an unprivileged guest program
> to crash the emulator with the OS and other programs.
>
> This patch addresses the issue by throwing illegal instruction exception
> if LSB > MSB. Only ARM decoder is affected because Thumb decoder already
> has this check in place.
>
> To reproduce issue run the following program
>
> int main(void) {
> asm volatile (".long 0x07c00c12" :: );
> return 0;
> }
>
> compiled with
> gcc -marm -static badop_arm.c -o badop_arm
>
> Signed-off-by: Kirill Batuzov <address@hidden>
Applied to target-arm.next, thanks.
-- PMM
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [Qemu-devel] [PATCH v2] target-arm: check that LSB <= MSB in BFI instruction,
Peter Maydell <=