target/arm: Add sve_access_check to ADDVL, ADDPL, RDVL

[Qemu-devel] [PATCH for-4.0] target/arm: Add sve_access_check to ADDVL, ADDPL, RDVL

Richard Henderson posted 1 patch 5 years, 1 month ago

Download mbox

Test asan passed

Test docker-clang@ubuntu passed

Test docker-mingw@fedora passed

Test checkpatch passed

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20190314163127.2980-1-richard.henderson@linaro.org

Maintainers: Peter Maydell <peter.maydell@linaro.org>

target/arm/translate-sve.c | 22 ++++++++++++++--------
1 file changed, 14 insertions(+), 8 deletions(-)

Expand all Fold all

[Qemu-devel] [PATCH for-4.0] target/arm: Add sve_access_check to ADDVL, ADDPL, RDVL

Posted by Richard Henderson 5 years, 1 month ago

This failed to trap when required, which allowed an EL0 guest
to execute with inconsistent data loaded into ZCR_EL1.

Reported-by: Amir Charif <amir.charif@cea.fr>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/translate-sve.c | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
index 3a2eb51566..245cd82621 100644
--- a/target/arm/translate-sve.c
+++ b/target/arm/translate-sve.c
@@ -943,24 +943,30 @@ static bool trans_INDEX_rr(DisasContext *s, arg_INDEX_rr *a)
 
 static bool trans_ADDVL(DisasContext *s, arg_ADDVL *a)
 {
-    TCGv_i64 rd = cpu_reg_sp(s, a->rd);
-    TCGv_i64 rn = cpu_reg_sp(s, a->rn);
-    tcg_gen_addi_i64(rd, rn, a->imm * vec_full_reg_size(s));
+    if (sve_access_check(s)) {
+        TCGv_i64 rd = cpu_reg_sp(s, a->rd);
+        TCGv_i64 rn = cpu_reg_sp(s, a->rn);
+        tcg_gen_addi_i64(rd, rn, a->imm * vec_full_reg_size(s));
+    }
     return true;
 }
 
 static bool trans_ADDPL(DisasContext *s, arg_ADDPL *a)
 {
-    TCGv_i64 rd = cpu_reg_sp(s, a->rd);
-    TCGv_i64 rn = cpu_reg_sp(s, a->rn);
-    tcg_gen_addi_i64(rd, rn, a->imm * pred_full_reg_size(s));
+    if (sve_access_check(s)) {
+        TCGv_i64 rd = cpu_reg_sp(s, a->rd);
+        TCGv_i64 rn = cpu_reg_sp(s, a->rn);
+        tcg_gen_addi_i64(rd, rn, a->imm * pred_full_reg_size(s));
+    }
     return true;
 }
 
 static bool trans_RDVL(DisasContext *s, arg_RDVL *a)
 {
-    TCGv_i64 reg = cpu_reg(s, a->rd);
-    tcg_gen_movi_i64(reg, a->imm * vec_full_reg_size(s));
+    if (sve_access_check(s)) {
+        TCGv_i64 reg = cpu_reg(s, a->rd);
+        tcg_gen_movi_i64(reg, a->imm * vec_full_reg_size(s));
+    }
     return true;
 }
 
-- 
2.17.2

Re: [Qemu-devel] [PATCH for-4.0] target/arm: Add sve_access_check to ADDVL, ADDPL, RDVL

Posted by Alex Bennée 5 years, 1 month ago

Richard Henderson <richard.henderson@linaro.org> writes:

> This failed to trap when required, which allowed an EL0 guest
> to execute with inconsistent data loaded into ZCR_EL1.
>
> Reported-by: Amir Charif <amir.charif@cea.fr>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>

--
Alex Bennée