From nobody Sat Oct 25 13:08:05 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=gmail.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1521779601957780.3822593024792; Thu, 22 Mar 2018 21:33:21 -0700 (PDT) Received: from localhost ([::1]:35982 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ezEOG-0006Rr-JY for importer@patchew.org; Fri, 23 Mar 2018 00:33:20 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60148) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ezDr3-00067l-UL for qemu-devel@nongnu.org; Thu, 22 Mar 2018 23:59:02 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ezDr0-0003ky-Ti for qemu-devel@nongnu.org; Thu, 22 Mar 2018 23:59:02 -0400 Received: from mail-qt0-x241.google.com ([2607:f8b0:400d:c0d::241]:33256) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1ezDr0-0003kn-O1; Thu, 22 Mar 2018 23:58:58 -0400 Received: by mail-qt0-x241.google.com with SMTP id i8so11301701qtj.0; Thu, 22 Mar 2018 20:58:58 -0700 (PDT) Received: from dhcp-acadmin-128-197-176-145.bu.edu (proteus.bu.edu. [128.197.176.135]) by smtp.gmail.com with ESMTPSA id w18sm6202079qkw.35.2018.03.22.20.58.56 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 22 Mar 2018 20:58:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=lJUASgodcFn9OKFGmR6nIQiPT6Oj9UMk3rCbB4nR7bY=; b=ufqIDITcTiLDdcE5fyJISpXAMOwcg3NEJtlVZ6nZGY1dPk2tmQK0Qyh0InwksTShPz eDPI4QACADk+Vnd1i9VvYVOJsMp3DCMrCDESGf5adU0Hy+CNlG44Lk9IF2Txxw6Q+VbB 2D+IMDX8QkRPFYXAqU3a2cG1tqQ+XO0LDg3M4Wy75/02s+RajEcj4uLXQXagzG2bjILw CwMpojTce/Gi7pUlWQfxVVdecpqWu97qx58Vcmvb6HB5o4xTPKPBKvwWbilvz4U8qFWO 9WcuU0zUgjLwF4n8ylSrrG7YYvwOGotJ+uQbDJHkaKVD41OTm5VpQXOarCYeYfEgDZUV /zCA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=lJUASgodcFn9OKFGmR6nIQiPT6Oj9UMk3rCbB4nR7bY=; b=skwaDr0buLrGFT1kqm45rg/ZXdnUKvCmgzXAKY66YvSI+Ijyaf2L1/4u9oBdjwZiRN udDZ97C1qmFKbk6pkO+BZCyTBhAQfDx+iirx8pgZMewmRoenEetxkY5ZqC7v9sMpAYeg H8B60iZ05wMHJhb9ki4Rmecm9Y5AoyIxfWCkrniuKBKQp1DTzWSNMs69WsFG8l9kXe+t CRW4VTIczy82sati61onBCEwlsQfeO4tD+TDpssDkhSFINmolYi2oG//21QVSiJiU9pB op0sAlRLs3qtuIPL8f6Cpgk4NhuwWOl32erqaQYxQH1fYxsbvWUaOniZqN26zSGY9NTV QCPA== X-Gm-Message-State: AElRT7HGo5iYvcg7xx7IlEDCf52jWrA5GORzCUpo+xow+4fAvd7Lz6Tr Qh3tXNH3eY4ANBehTpYllxYPAq4Q X-Google-Smtp-Source: AG47ELuw373myOLn1nXOzJS5UrOgqO7VnyX/0fKR4i/rQA1n1y/315pv+8yvdbNyYPEyubhKnE3OGw== X-Received: by 10.237.47.227 with SMTP id m90mr40715800qtd.33.1521777537448; Thu, 22 Mar 2018 20:58:57 -0700 (PDT) From: Onur Sahin To: qemu-devel@nongnu.org Date: Thu, 22 Mar 2018 23:58:29 -0400 Message-Id: <1521777509-22896-1-git-send-email-onursahin08@gmail.com> X-Mailer: git-send-email 1.8.3.1 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:400d:c0d::241 X-Mailman-Approved-At: Fri, 23 Mar 2018 00:31:20 -0400 Subject: [Qemu-devel] [PATCH] target-arm: Check undefined opcodes for SWP in A32 decoder X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-arm@nongnu.org, Onur Sahin Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Hi all, I have noticed that the decoding part in ARM/A32 does not verify the opcodes for SWP instructions. The opcode field ([23:20]) for SWP instructions should be 0 or 4, and QEMU does not check against these values. Other opcode values less than 8 are Undefined within the encoding space of sychronization primitives (e.g., SWP, LDREX*). See section A5.2.10 of ARMv7-A manual for reference. Because of the missing opcode check, QEMU happily executes these Undefined cases as a SWP instruction. The following fix adds proper opcode checks before assuming a valid SWP. Best, Onur Signed-off-by: Onur Sahin --- target-arm/translate.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/target-arm/translate.c b/target-arm/translate.c index bd5d5cb..fb31c12 100644 --- a/target-arm/translate.c +++ b/target-arm/translate.c @@ -8831,7 +8831,7 @@ static void disas_arm_insn(DisasContext *s, unsigned = int insn) } } tcg_temp_free_i32(addr); - } else { + } else if (!(insn & 0x00B00000)) { /* SWP instruction */ rm =3D (insn) & 0xf; =20 @@ -8852,6 +8852,9 @@ static void disas_arm_insn(DisasContext *s, unsigned = int insn) tcg_temp_free_i32(addr); store_reg(s, rd, tmp2); } + else { + goto illegal_op; + } } } else { int address_offset; --=20 1.8.3.1