From nobody Wed Dec 17 21:51:51 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1490014792641905.6533123565846; Mon, 20 Mar 2017 05:59:52 -0700 (PDT) Received: from localhost ([::1]:32824 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cpwud-0002lG-Ep for importer@patchew.org; Mon, 20 Mar 2017 08:59:51 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:44085) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cpwpp-0007h1-8D for qemu-devel@nongnu.org; Mon, 20 Mar 2017 08:54:54 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cpwpj-0003ox-Ft for qemu-devel@nongnu.org; Mon, 20 Mar 2017 08:54:53 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:48876) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1cpwpj-0003lz-8j for qemu-devel@nongnu.org; Mon, 20 Mar 2017 08:54:47 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.84_2) (envelope-from ) id 1cpwpb-0007U3-07 for qemu-devel@nongnu.org; Mon, 20 Mar 2017 12:54:39 +0000 From: Peter Maydell To: qemu-devel@nongnu.org Date: Mon, 20 Mar 2017 12:54:35 +0000 Message-Id: <1490014476-25672-4-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1490014476-25672-1-git-send-email-peter.maydell@linaro.org> References: <1490014476-25672-1-git-send-email-peter.maydell@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PULL 3/4] arm: Enforce should-be-1 bits in MRS decoding X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 The MRS instruction requires that bits [19..16] are all 1s, and for A/R profile also that bits [7..0] are all 0s. At this point in the decode tree we have checked all of the rest of the instruction but were allowing these to be any value. If these bits are not set then the result is architecturally UNPREDICTABLE, but choosing to UNDEF is more helpful to the user and avoids unexpected odd behaviour if the encodings are used for some purpose in future architecture versions. Signed-off-by: Peter Maydell Reviewed-by: Alex Benn=C3=A9e Message-id: 1487616072-9226-4-git-send-email-peter.maydell@linaro.org --- target/arm/translate.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/target/arm/translate.c b/target/arm/translate.c index a5f5a28..c4acff5 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -10510,6 +10510,14 @@ static int disas_thumb2_insn(CPUARMState *env, Dis= asContext *s, uint16_t insn_hw break; } =20 + if (extract32(insn, 16, 4) !=3D 0xf) { + goto illegal_op; + } + if (!arm_dc_feature(s, ARM_FEATURE_M) && + extract32(insn, 0, 8) !=3D 0) { + goto illegal_op; + } + /* mrs cpsr */ tmp =3D tcg_temp_new_i32(); if (arm_dc_feature(s, ARM_FEATURE_M)) { @@ -10537,6 +10545,12 @@ static int disas_thumb2_insn(CPUARMState *env, Dis= asContext *s, uint16_t insn_hw if (IS_USER(s) || arm_dc_feature(s, ARM_FEATURE_M)= ) { goto illegal_op; } + + if (extract32(insn, 16, 4) !=3D 0xf || + extract32(insn, 0, 8) !=3D 0) { + goto illegal_op; + } + tmp =3D load_cpu_field(spsr); store_reg(s, rd, tmp); break; --=20 2.7.4