[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 01/21] target/arm: Fix cpu_get_tb_cpu_state() for non
From: |
Peter Maydell |
Subject: |
[Qemu-devel] [PULL 01/21] target/arm: Fix cpu_get_tb_cpu_state() for non-SVE CPUs |
Date: |
Tue, 25 Sep 2018 14:41:24 +0100 |
From: Richard Henderson <address@hidden>
Not only are the sve-related tb_flags fields unused when SVE is
disabled, but not all of the cpu registers are initialized properly
for computing same. This can corrupt other fields by ORing in -1,
which might result in QEMU crashing.
This bug was not present in 3.0, but this patch is cc'd to
stable because adf92eab90e3f5f34c285 where the bug was
introduced was marked for stable.
Fixes: adf92eab90e3f5f34c285
Cc: address@hidden (3.0.1)
Signed-off-by: Richard Henderson <address@hidden>
Reviewed-by: Peter Maydell <address@hidden>
Signed-off-by: Peter Maydell <address@hidden>
---
target/arm/helper.c | 45 ++++++++++++++++++++++++---------------------
1 file changed, 24 insertions(+), 21 deletions(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 088f452716e..64b15645944 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -12587,36 +12587,39 @@ void cpu_get_tb_cpu_state(CPUARMState *env,
target_ulong *pc,
uint32_t flags;
if (is_a64(env)) {
- int sve_el = sve_exception_el(env);
- uint32_t zcr_len;
-
*pc = env->pc;
flags = ARM_TBFLAG_AARCH64_STATE_MASK;
/* Get control bits for tagged addresses */
flags |= (arm_regime_tbi0(env, mmu_idx) << ARM_TBFLAG_TBI0_SHIFT);
flags |= (arm_regime_tbi1(env, mmu_idx) << ARM_TBFLAG_TBI1_SHIFT);
- flags |= sve_el << ARM_TBFLAG_SVEEXC_EL_SHIFT;
- /* If SVE is disabled, but FP is enabled,
- then the effective len is 0. */
- if (sve_el != 0 && fp_el == 0) {
- zcr_len = 0;
- } else {
- int current_el = arm_current_el(env);
- ARMCPU *cpu = arm_env_get_cpu(env);
+ if (arm_feature(env, ARM_FEATURE_SVE)) {
+ int sve_el = sve_exception_el(env);
+ uint32_t zcr_len;
- zcr_len = cpu->sve_max_vq - 1;
- if (current_el <= 1) {
- zcr_len = MIN(zcr_len, 0xf & (uint32_t)env->vfp.zcr_el[1]);
- }
- if (current_el < 2 && arm_feature(env, ARM_FEATURE_EL2)) {
- zcr_len = MIN(zcr_len, 0xf & (uint32_t)env->vfp.zcr_el[2]);
- }
- if (current_el < 3 && arm_feature(env, ARM_FEATURE_EL3)) {
- zcr_len = MIN(zcr_len, 0xf & (uint32_t)env->vfp.zcr_el[3]);
+ /* If SVE is disabled, but FP is enabled,
+ * then the effective len is 0.
+ */
+ if (sve_el != 0 && fp_el == 0) {
+ zcr_len = 0;
+ } else {
+ int current_el = arm_current_el(env);
+ ARMCPU *cpu = arm_env_get_cpu(env);
+
+ zcr_len = cpu->sve_max_vq - 1;
+ if (current_el <= 1) {
+ zcr_len = MIN(zcr_len, 0xf & (uint32_t)env->vfp.zcr_el[1]);
+ }
+ if (current_el < 2 && arm_feature(env, ARM_FEATURE_EL2)) {
+ zcr_len = MIN(zcr_len, 0xf & (uint32_t)env->vfp.zcr_el[2]);
+ }
+ if (current_el < 3 && arm_feature(env, ARM_FEATURE_EL3)) {
+ zcr_len = MIN(zcr_len, 0xf & (uint32_t)env->vfp.zcr_el[3]);
+ }
}
+ flags |= sve_el << ARM_TBFLAG_SVEEXC_EL_SHIFT;
+ flags |= zcr_len << ARM_TBFLAG_ZCR_LEN_SHIFT;
}
- flags |= zcr_len << ARM_TBFLAG_ZCR_LEN_SHIFT;
} else {
*pc = env->regs[15];
flags = (env->thumb << ARM_TBFLAG_THUMB_SHIFT)
--
2.19.0
- [Qemu-devel] [PULL 00/21] target-arm queue, Peter Maydell, 2018/09/25
- [Qemu-devel] [PULL 03/21] hw/arm/virt-acpi-build: Add a check for memory-less NUMA nodes, Peter Maydell, 2018/09/25
- [Qemu-devel] [PULL 18/21] hw/arm/aspeed: change the FMC flash model of the AST2500 evb, Peter Maydell, 2018/09/25
- [Qemu-devel] [PULL 04/21] MAINTAINERS: Add NRF51 entry, Peter Maydell, 2018/09/25
- [Qemu-devel] [PULL 02/21] hw/arm/exynos4210: fix Exynos4210 UART support, Peter Maydell, 2018/09/25
- [Qemu-devel] [PULL 01/21] target/arm: Fix cpu_get_tb_cpu_state() for non-SVE CPUs,
Peter Maydell <=
- [Qemu-devel] [PULL 20/21] aspeed/smc: fix some alignment issues, Peter Maydell, 2018/09/25
- [Qemu-devel] [PULL 05/21] arm: Add Nordic Semiconductor nRF51 SoC, Peter Maydell, 2018/09/25
- [Qemu-devel] [PULL 19/21] hw/arm/aspeed: Add an Aspeed machine class, Peter Maydell, 2018/09/25
- [Qemu-devel] [PULL 06/21] arm: Add BBC micro:bit machine, Peter Maydell, 2018/09/25
- [Qemu-devel] [PULL 16/21] hw/timer/cmsdk-apb-dualtimer: Add missing 'break' statements, Peter Maydell, 2018/09/25
- [Qemu-devel] [PULL 08/21] aspeed/i2c: Handle receive command in separate function, Peter Maydell, 2018/09/25
- [Qemu-devel] [PULL 21/21] target/arm: Start AArch32 CPUs with EL2 but not EL3 in Hyp mode, Peter Maydell, 2018/09/25
- [Qemu-devel] [PULL 11/21] hw/arm/smmuv3: fix eventq recording and IRQ triggerring, Peter Maydell, 2018/09/25
- [Qemu-devel] [PULL 07/21] aspeed/i2c: interrupts should be cleared by software only, Peter Maydell, 2018/09/25
- [Qemu-devel] [PULL 13/21] hw/intc/arm_gic: Drop GIC_BASE_IRQ macro, Peter Maydell, 2018/09/25