qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 1/2] Hexagon (target/hexagon) do probe_write in HELPER(commit_sto


From: Taylor Simpson
Subject: [PATCH 1/2] Hexagon (target/hexagon) do probe_write in HELPER(commit_store)
Date: Tue, 13 Jul 2021 14:46:28 -0500

Check that access is OK before doing put_user_*

Signed-off-by: Taylor Simpson <tsimpson@quicinc.com>
---
 target/hexagon/op_helper.c | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/target/hexagon/op_helper.c b/target/hexagon/op_helper.c
index 4595559..d7f53a2 100644
--- a/target/hexagon/op_helper.c
+++ b/target/hexagon/op_helper.c
@@ -140,22 +140,27 @@ void HELPER(debug_check_store_width)(CPUHexagonState 
*env, int slot, int check)
 
 void HELPER(commit_store)(CPUHexagonState *env, int slot_num)
 {
-    switch (env->mem_log_stores[slot_num].width) {
+    uint8_t width = env->mem_log_stores[slot_num].width;
+    target_ulong va = env->mem_log_stores[slot_num].va;
+
+#ifdef CONFIG_USER_ONLY
+    g_assert(width == 1 || width == 2 || width == 4 || width == 8);
+    /* We perform this check elsewhere in system mode */
+    probe_write(env, va, width, MMU_USER_IDX, 0);
+#endif
+
+    switch (width) {
     case 1:
-        put_user_u8(env->mem_log_stores[slot_num].data32,
-                    env->mem_log_stores[slot_num].va);
+        put_user_u8(env->mem_log_stores[slot_num].data32, va);
         break;
     case 2:
-        put_user_u16(env->mem_log_stores[slot_num].data32,
-                     env->mem_log_stores[slot_num].va);
+        put_user_u16(env->mem_log_stores[slot_num].data32, va);
         break;
     case 4:
-        put_user_u32(env->mem_log_stores[slot_num].data32,
-                     env->mem_log_stores[slot_num].va);
+        put_user_u32(env->mem_log_stores[slot_num].data32, va);
         break;
     case 8:
-        put_user_u64(env->mem_log_stores[slot_num].data64,
-                     env->mem_log_stores[slot_num].va);
+        put_user_u64(env->mem_log_stores[slot_num].data64, va);
         break;
     default:
         g_assert_not_reached();
-- 
2.7.4


reply via email to

[Prev in Thread] Current Thread [Next in Thread]