[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 44/97] target/arm: Fix cpu_get_tb_cpu_state() for no
From: |
Michael Roth |
Subject: |
[Qemu-devel] [PATCH 44/97] target/arm: Fix cpu_get_tb_cpu_state() for non-SVE CPUs |
Date: |
Mon, 1 Apr 2019 15:59:18 -0500 |
From: Richard Henderson <address@hidden>
Not only are the sve-related tb_flags fields unused when SVE is
disabled, but not all of the cpu registers are initialized properly
for computing same. This can corrupt other fields by ORing in -1,
which might result in QEMU crashing.
This bug was not present in 3.0, but this patch is cc'd to
stable because adf92eab90e3f5f34c285 where the bug was
introduced was marked for stable.
Fixes: adf92eab90e3f5f34c285
Cc: address@hidden (3.0.1)
Signed-off-by: Richard Henderson <address@hidden>
Reviewed-by: Peter Maydell <address@hidden>
Signed-off-by: Peter Maydell <address@hidden>
(cherry picked from commit e79b445d896deb61909be52b61b87c98a9ed96f7)
Signed-off-by: Michael Roth <address@hidden>
---
target/arm/helper.c | 45 ++++++++++++++++++++++++---------------------
1 file changed, 24 insertions(+), 21 deletions(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 991b077e8f..7ee614c04f 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -12401,36 +12401,39 @@ void cpu_get_tb_cpu_state(CPUARMState *env,
target_ulong *pc,
uint32_t flags;
if (is_a64(env)) {
- int sve_el = sve_exception_el(env);
- uint32_t zcr_len;
-
*pc = env->pc;
flags = ARM_TBFLAG_AARCH64_STATE_MASK;
/* Get control bits for tagged addresses */
flags |= (arm_regime_tbi0(env, mmu_idx) << ARM_TBFLAG_TBI0_SHIFT);
flags |= (arm_regime_tbi1(env, mmu_idx) << ARM_TBFLAG_TBI1_SHIFT);
- flags |= sve_el << ARM_TBFLAG_SVEEXC_EL_SHIFT;
- /* If SVE is disabled, but FP is enabled,
- then the effective len is 0. */
- if (sve_el != 0 && fp_el == 0) {
- zcr_len = 0;
- } else {
- int current_el = arm_current_el(env);
- ARMCPU *cpu = arm_env_get_cpu(env);
+ if (arm_feature(env, ARM_FEATURE_SVE)) {
+ int sve_el = sve_exception_el(env);
+ uint32_t zcr_len;
- zcr_len = cpu->sve_max_vq - 1;
- if (current_el <= 1) {
- zcr_len = MIN(zcr_len, 0xf & (uint32_t)env->vfp.zcr_el[1]);
- }
- if (current_el < 2 && arm_feature(env, ARM_FEATURE_EL2)) {
- zcr_len = MIN(zcr_len, 0xf & (uint32_t)env->vfp.zcr_el[2]);
- }
- if (current_el < 3 && arm_feature(env, ARM_FEATURE_EL3)) {
- zcr_len = MIN(zcr_len, 0xf & (uint32_t)env->vfp.zcr_el[3]);
+ /* If SVE is disabled, but FP is enabled,
+ * then the effective len is 0.
+ */
+ if (sve_el != 0 && fp_el == 0) {
+ zcr_len = 0;
+ } else {
+ int current_el = arm_current_el(env);
+ ARMCPU *cpu = arm_env_get_cpu(env);
+
+ zcr_len = cpu->sve_max_vq - 1;
+ if (current_el <= 1) {
+ zcr_len = MIN(zcr_len, 0xf & (uint32_t)env->vfp.zcr_el[1]);
+ }
+ if (current_el < 2 && arm_feature(env, ARM_FEATURE_EL2)) {
+ zcr_len = MIN(zcr_len, 0xf & (uint32_t)env->vfp.zcr_el[2]);
+ }
+ if (current_el < 3 && arm_feature(env, ARM_FEATURE_EL3)) {
+ zcr_len = MIN(zcr_len, 0xf & (uint32_t)env->vfp.zcr_el[3]);
+ }
}
+ flags |= sve_el << ARM_TBFLAG_SVEEXC_EL_SHIFT;
+ flags |= zcr_len << ARM_TBFLAG_ZCR_LEN_SHIFT;
}
- flags |= zcr_len << ARM_TBFLAG_ZCR_LEN_SHIFT;
} else {
*pc = env->regs[15];
flags = (env->thumb << ARM_TBFLAG_THUMB_SHIFT)
--
2.17.1
- [Qemu-devel] [PATCH 59/97] target/xtensa: drop num_[core_]regs from dc232b/dc233c configs, (continued)
- [Qemu-devel] [PATCH 32/97] vhost: fix invalid downcast, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 69/97] nbd/server: Advertise all contexts in response to bare LIST, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 71/97] nbd/client: Send NBD_CMD_DISC if open fails after connect, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 76/97] pcie: set link state inactive/active after hot unplug/plug, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 75/97] Changes requirement for "vsubsbs" instruction, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 22/97] aio: Do aio_notify_accept only during blocking aio_poll, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 44/97] target/arm: Fix cpu_get_tb_cpu_state() for non-SVE CPUs,
Michael Roth <=
- [Qemu-devel] [PATCH 93/97] qga: update docs with systemd suspend support info, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 74/97] iotests: make 235 work on s390 (and others), Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 79/97] linux-user: write(fd, NULL, 0) parity with linux's treatment of same, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 29/97] target/xtensa: fix FPU2000 bugs, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 64/97] qemu-img: Fix leak, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 81/97] s390x: Return specification exception for unimplemented diag 308 subcodes, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 02/97] target/arm: Fix typo in do_sat_addsub_64, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 86/97] tpm: Make sure the locality received from backend is valid, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 01/97] target/arm: Fix sign of sve_cmpeq_ppzw/sve_cmpne_ppzw, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 63/97] qemu-img: Fix typo, Michael Roth, 2019/04/01