[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 23/26] linux-user/arm/nwfpe: Check coprocessor number
From: |
Peter Maydell |
Subject: |
[Qemu-devel] [PULL 23/26] linux-user/arm/nwfpe: Check coprocessor number for FPA emulation |
Date: |
Thu, 11 Jan 2018 13:38:19 +0000 |
Our copy of the nwfpe code for emulating of the old FPA11 floating
point unit doesn't check the coprocessor number in the instruction
when it emulates it. This means that we might treat some
instructions which should really UNDEF as being FPA11 instructions by
accident.
The kernel's copy of the nwfpe code doesn't make this error; I suspect
the bug was noticed and fixed as part of the process of mainlining
the nwfpe code more than a decade ago.
Add a check that the coprocessor number (which is always in bits
[11:8] of the instruction) is either 1 or 2, which is where the
FPA11 lives.
Reported-by: Richard Henderson <address@hidden>
Signed-off-by: Peter Maydell <address@hidden>
---
linux-user/arm/nwfpe/fpa11.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/linux-user/arm/nwfpe/fpa11.c b/linux-user/arm/nwfpe/fpa11.c
index 441e3b1..f6f8163 100644
--- a/linux-user/arm/nwfpe/fpa11.c
+++ b/linux-user/arm/nwfpe/fpa11.c
@@ -137,8 +137,17 @@ unsigned int EmulateAll(unsigned int opcode, FPA11* qfpa,
CPUARMState* qregs)
unsigned int nRc = 0;
// unsigned long flags;
FPA11 *fpa11;
+ unsigned int cp;
// save_flags(flags); sti();
+ /* Check that this is really an FPA11 instruction: the coprocessor
+ * field in bits [11:8] must be 1 or 2.
+ */
+ cp = (opcode >> 8) & 0xf;
+ if (cp != 1 && cp != 2) {
+ return 0;
+ }
+
qemufpa=qfpa;
user_registers=qregs;
--
2.7.4
- [Qemu-devel] [PULL 16/26] imx_fec: Emulate SHIFT16 in ENETx_RACC, (continued)
- [Qemu-devel] [PULL 16/26] imx_fec: Emulate SHIFT16 in ENETx_RACC, Peter Maydell, 2018/01/11
- [Qemu-devel] [PULL 07/26] linux-user: Activate armeb handler registration, Peter Maydell, 2018/01/11
- [Qemu-devel] [PULL 06/26] linux-user: Separate binfmt arm CPU families, Peter Maydell, 2018/01/11
- [Qemu-devel] [PULL 21/26] hw/timer/pxa2xx_timer: replace hw_error() -> qemu_log_mask(), Peter Maydell, 2018/01/11
- [Qemu-devel] [PULL 24/26] target/arm: Make disas_thumb2_insn() generate its own UNDEF exceptions, Peter Maydell, 2018/01/11
- [Qemu-devel] [PULL 20/26] imx_fec: Reserve full FSL_IMX25_FEC_SIZE page for the register file, Peter Maydell, 2018/01/11
- [Qemu-devel] [PULL 26/26] hw/intc/arm_gic: reserved register addresses are RAZ/WI, Peter Maydell, 2018/01/11
- [Qemu-devel] [PULL 25/26] hw/intc/arm_gicv3: Make reserved register addresses RAZ/WI, Peter Maydell, 2018/01/11
- [Qemu-devel] [PULL 17/26] imx_fec: Add support for multiple Tx DMA rings, Peter Maydell, 2018/01/11
- [Qemu-devel] [PULL 02/26] linux-user: Add separate aarch64_be uname, Peter Maydell, 2018/01/11
- [Qemu-devel] [PULL 23/26] linux-user/arm/nwfpe: Check coprocessor number for FPA emulation,
Peter Maydell <=
- [Qemu-devel] [PULL 22/26] hw/sd/pxa2xx_mmci: add read/write() trace events, Peter Maydell, 2018/01/11
- Re: [Qemu-devel] [PULL 00/26] target-arm queue, no-reply, 2018/01/11
- Re: [Qemu-devel] [PULL 00/26] target-arm queue, Peter Maydell, 2018/01/11