From nobody Sun Nov 9 23:25:26 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 155290478039658.54721294985666; Mon, 18 Mar 2019 03:26:20 -0700 (PDT) Received: from localhost ([127.0.0.1]:39090 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h5pTC-00010a-Cj for importer@patchew.org; Mon, 18 Mar 2019 06:26:14 -0400 Received: from eggs.gnu.org ([209.51.188.92]:52061) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h5pRn-0008SE-N2 for qemu-devel@nongnu.org; Mon, 18 Mar 2019 06:24:48 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h5pNU-000400-Rb for qemu-devel@nongnu.org; Mon, 18 Mar 2019 06:20:21 -0400 Received: from [80.12.27.243] (port=32780 helo=amir-VirtualBox) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1h5pNT-0003wl-1l; Mon, 18 Mar 2019 06:20:19 -0400 Received: from amir-VirtualBox (localhost [127.0.0.1]) by amir-VirtualBox (8.15.2/8.15.2/Debian-3) with ESMTP id x2DCPnPX002202; Wed, 13 Mar 2019 13:25:49 +0100 Received: (from amir@localhost) by amir-VirtualBox (8.15.2/8.15.2/Submit) id x2DCPnJe002197; Wed, 13 Mar 2019 13:25:49 +0100 From: Amir Charif To: qemu-devel@nongnu.org Date: Wed, 13 Mar 2019 13:24:46 +0100 Message-Id: <1552479886-2154-1-git-send-email-amir.charif@cea.fr> X-Mailer: git-send-email 2.7.4 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 80.12.27.243 Subject: [Qemu-devel] [PATCH] Re-evaluate SVE vector length everytime ADDVL/RDVL is called X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Amir Charif , qemu-arm@nongnu.org Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" In system emulation mode, the kernel may internally use 16-byte vectors. If this size is saved in the DisasContext before entering a userspace app that uses higher SVE sizes, the wrong size may be allocated on the stack resulting in corruption (segfaults in user space). This fix evaluates the vector size at runtime (as opposed to translation ti= me) to always allocate the correct size on the stack (when ADDVL is used). Signed-off-by: Amir Charif --- target/arm/translate-a64.c | 17 +++++++++++++++++ target/arm/translate-a64.h | 1 + target/arm/translate-sve.c | 7 +++++-- 3 files changed, 23 insertions(+), 2 deletions(-) diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index 1959046..ef3db4a 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -45,6 +45,9 @@ static TCGv_i64 cpu_pc; /* Load/store exclusive handling */ static TCGv_i64 cpu_exclusive_high; =20 +/* Current value of the zcr_el[1] register */ +static TCGv_i64 cpu_zcr_el1; + static const char *regnames[] =3D { "x0", "x1", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", @@ -103,6 +106,9 @@ void a64_translate_init(void) =20 cpu_exclusive_high =3D tcg_global_mem_new_i64(cpu_env, offsetof(CPUARMState, exclusive_high), "exclusive_high"); + =20 + cpu_zcr_el1 =3D tcg_global_mem_new_i64(cpu_env, + offsetof(CPUARMState, vfp.zcr_el[1]), "zcr_el1"); } =20 static inline int get_a64_user_mem_index(DisasContext *s) @@ -578,6 +584,17 @@ TCGv_i64 read_cpu_reg_sp(DisasContext *s, int reg, int= sf) return v; } =20 +/* Get a temporary register containing the current vector length + */ +TCGv_i64 get_cpu_vec_len(DisasContext *s) { + TCGv_i64 v =3D new_tmp_a64(s); + tcg_gen_mov_i64(v, cpu_zcr_el1); + tcg_gen_andi_i64(v, v, 0xf); + tcg_gen_addi_i64(v, v, 1); + tcg_gen_muli_i64(v, v, 16); + return v; +} + /* Return the offset into CPUARMState of a slice (from * the least significant end) of FP register Qn (ie * Dn, Sn, Hn or Bn). diff --git a/target/arm/translate-a64.h b/target/arm/translate-a64.h index 63d958c..fcfbc90 100644 --- a/target/arm/translate-a64.h +++ b/target/arm/translate-a64.h @@ -35,6 +35,7 @@ TCGv_i64 cpu_reg(DisasContext *s, int reg); TCGv_i64 cpu_reg_sp(DisasContext *s, int reg); TCGv_i64 read_cpu_reg(DisasContext *s, int reg, int sf); TCGv_i64 read_cpu_reg_sp(DisasContext *s, int reg, int sf); +TCGv_i64 get_cpu_vec_len(DisasContext *s); void write_fp_dreg(DisasContext *s, int reg, TCGv_i64 v); TCGv_ptr get_fpstatus_ptr(bool); bool logic_imm_decode_wmask(uint64_t *result, unsigned int immn, diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c index 3a2eb51..d5ad88b 100644 --- a/target/arm/translate-sve.c +++ b/target/arm/translate-sve.c @@ -945,7 +945,9 @@ static bool trans_ADDVL(DisasContext *s, arg_ADDVL *a) { TCGv_i64 rd =3D cpu_reg_sp(s, a->rd); TCGv_i64 rn =3D cpu_reg_sp(s, a->rn); - tcg_gen_addi_i64(rd, rn, a->imm * vec_full_reg_size(s)); + TCGv_i64 ln =3D get_cpu_vec_len(s); + tcg_gen_muli_i64(ln, ln, a->imm); + tcg_gen_add_i64(rd, rn, ln); return true; } =20 @@ -960,7 +962,8 @@ static bool trans_ADDPL(DisasContext *s, arg_ADDPL *a) static bool trans_RDVL(DisasContext *s, arg_RDVL *a) { TCGv_i64 reg =3D cpu_reg(s, a->rd); - tcg_gen_movi_i64(reg, a->imm * vec_full_reg_size(s)); + TCGv_i64 ln =3D get_cpu_vec_len(s); + tcg_gen_muli_i64(reg, ln, a->imm); return true; } =20 --=20 2.7.4