From nobody Wed May 7 15:56:27 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as
permitted sender) client-ip=208.118.235.17;
envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
helo=lists.gnu.org;
Authentication-Results: mx.zohomail.com;
spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted
sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
dmarc=fail(p=none dis=none) header.from=linaro.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by
mx.zohomail.com
with SMTPS id 1537883479477193.88508239381736;
Tue, 25 Sep 2018 06:51:19 -0700 (PDT)
Received: from localhost ([::1]:53194 helo=lists.gnu.org)
by lists.gnu.org with esmtp (Exim 4.71)
(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
id 1g4nkE-0004u7-4h
for importer@patchew.org; Tue, 25 Sep 2018 09:51:18 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:39971)
by lists.gnu.org with esmtp (Exim 4.71)
(envelope-from <pm215@archaic.org.uk>) id 1g4nge-0001Mg-Bj
for qemu-devel@nongnu.org; Tue, 25 Sep 2018 09:47:37 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
(envelope-from <pm215@archaic.org.uk>) id 1g4ncA-0006EB-NJ
for qemu-devel@nongnu.org; Tue, 25 Sep 2018 09:42:59 -0400
Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:48608)
by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
(Exim 4.71) (envelope-from <pm215@archaic.org.uk>)
id 1g4ncA-0003RA-Ek
for qemu-devel@nongnu.org; Tue, 25 Sep 2018 09:42:58 -0400
Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89)
(envelope-from <pm215@archaic.org.uk>) id 1g4nb3-00016j-31
for qemu-devel@nongnu.org; Tue, 25 Sep 2018 14:41:49 +0100
From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Date: Tue, 25 Sep 2018 14:41:24 +0100
Message-Id: <20180925134144.21741-2-peter.maydell@linaro.org>
X-Mailer: git-send-email 2.19.0
In-Reply-To: <20180925134144.21741-1-peter.maydell@linaro.org>
References: <20180925134144.21741-1-peter.maydell@linaro.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
recognized.
X-Received-From: 2001:8b0:1d0::2
Subject: [Qemu-devel] [PULL 01/21] target/arm: Fix cpu_get_tb_cpu_state()
for non-SVE CPUs
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail: RDMRC_1 RSF_0 Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"
From: Richard Henderson <richard.henderson@linaro.org>
Not only are the sve-related tb_flags fields unused when SVE is
disabled, but not all of the cpu registers are initialized properly
for computing same. This can corrupt other fields by ORing in -1,
which might result in QEMU crashing.
This bug was not present in 3.0, but this patch is cc'd to
stable because adf92eab90e3f5f34c285 where the bug was
introduced was marked for stable.
Fixes: adf92eab90e3f5f34c285
Cc: qemu-stable@nongnu.org (3.0.1)
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/helper.c | 45 ++++++++++++++++++++++++---------------------
1 file changed, 24 insertions(+), 21 deletions(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 088f452716e..64b15645944 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -12587,36 +12587,39 @@ void cpu_get_tb_cpu_state(CPUARMState *env, targe=
t_ulong *pc,
uint32_t flags;
=20
if (is_a64(env)) {
- int sve_el =3D sve_exception_el(env);
- uint32_t zcr_len;
-
*pc =3D env->pc;
flags =3D ARM_TBFLAG_AARCH64_STATE_MASK;
/* Get control bits for tagged addresses */
flags |=3D (arm_regime_tbi0(env, mmu_idx) << ARM_TBFLAG_TBI0_SHIFT=
);
flags |=3D (arm_regime_tbi1(env, mmu_idx) << ARM_TBFLAG_TBI1_SHIFT=
);
- flags |=3D sve_el << ARM_TBFLAG_SVEEXC_EL_SHIFT;
=20
- /* If SVE is disabled, but FP is enabled,
- then the effective len is 0. */
- if (sve_el !=3D 0 && fp_el =3D=3D 0) {
- zcr_len =3D 0;
- } else {
- int current_el =3D arm_current_el(env);
- ARMCPU *cpu =3D arm_env_get_cpu(env);
+ if (arm_feature(env, ARM_FEATURE_SVE)) {
+ int sve_el =3D sve_exception_el(env);
+ uint32_t zcr_len;
=20
- zcr_len =3D cpu->sve_max_vq - 1;
- if (current_el <=3D 1) {
- zcr_len =3D MIN(zcr_len, 0xf & (uint32_t)env->vfp.zcr_el[1=
]);
- }
- if (current_el < 2 && arm_feature(env, ARM_FEATURE_EL2)) {
- zcr_len =3D MIN(zcr_len, 0xf & (uint32_t)env->vfp.zcr_el[2=
]);
- }
- if (current_el < 3 && arm_feature(env, ARM_FEATURE_EL3)) {
- zcr_len =3D MIN(zcr_len, 0xf & (uint32_t)env->vfp.zcr_el[3=
]);
+ /* If SVE is disabled, but FP is enabled,
+ * then the effective len is 0.
+ */
+ if (sve_el !=3D 0 && fp_el =3D=3D 0) {
+ zcr_len =3D 0;
+ } else {
+ int current_el =3D arm_current_el(env);
+ ARMCPU *cpu =3D arm_env_get_cpu(env);
+
+ zcr_len =3D cpu->sve_max_vq - 1;
+ if (current_el <=3D 1) {
+ zcr_len =3D MIN(zcr_len, 0xf & (uint32_t)env->vfp.zcr_=
el[1]);
+ }
+ if (current_el < 2 && arm_feature(env, ARM_FEATURE_EL2)) {
+ zcr_len =3D MIN(zcr_len, 0xf & (uint32_t)env->vfp.zcr_=
el[2]);
+ }
+ if (current_el < 3 && arm_feature(env, ARM_FEATURE_EL3)) {
+ zcr_len =3D MIN(zcr_len, 0xf & (uint32_t)env->vfp.zcr_=
el[3]);
+ }
}
+ flags |=3D sve_el << ARM_TBFLAG_SVEEXC_EL_SHIFT;
+ flags |=3D zcr_len << ARM_TBFLAG_ZCR_LEN_SHIFT;
}
- flags |=3D zcr_len << ARM_TBFLAG_ZCR_LEN_SHIFT;
} else {
*pc =3D env->regs[15];
flags =3D (env->thumb << ARM_TBFLAG_THUMB_SHIFT)
--=20
2.19.0