Re: [Qemu-devel] [PATCH v2] target-arm: check that LSB <= MSB in BFI ins

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v2] target-arm: check that LSB <= MSB in BFI ins

From:	Peter Maydell
Subject:	Re: [Qemu-devel] [PATCH v2] target-arm: check that LSB <= MSB in BFI instruction
Date:	Tue, 3 Feb 2015 11:47:37 +0000

On 30 January 2015 at 12:59, Kirill Batuzov <address@hidden> wrote:
> The documentation states that if LSB > MSB in BFI instruction behaviour
> is unpredictable. Currently QEMU crashes because of assertion failure in
> this case:
>
> tcg/tcg-op.h:2061: tcg_gen_deposit_i32: Assertion `len <= 32' failed.
>
> While assertion failure may meet the "unpredictable" definition this
> behaviour is undesirable because it allows an unprivileged guest program
> to crash the emulator with the OS and other programs.
>
> This patch addresses the issue by throwing illegal instruction exception
> if LSB > MSB. Only ARM decoder is affected because Thumb decoder already
> has this check in place.
>
> To reproduce issue run the following program
>
> int main(void) {
>     asm volatile (".long 0x07c00c12" :: );
>     return 0;
> }
>
> compiled with
>   gcc -marm -static badop_arm.c -o badop_arm
>
> Signed-off-by: Kirill Batuzov <address@hidden>



Applied to target-arm.next, thanks.

-- PMM

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] [PATCH v2] target-arm: check that LSB <= MSB in BFI instruction, Peter Maydell <=

Prev by Date: Re: [Qemu-devel] [PATCH 1/2] glusterfs: fix max_discard
Next by Date: Re: [Qemu-devel] [PATCH] hw/arm/virt: explain device-to-transport mapping in create_virtio_devices()
Previous by thread: Re: [Qemu-devel] [PATCH v2 00/11] target-arm: handle mmu_idx/translation regimes properly
Next by thread: Re: [Qemu-devel] [PATCH] hw/arm/virt: explain device-to-transport mapping in create_virtio_devices()
Index(es):
- Date
- Thread