Just a few minor bugfixes, but we might as well get them in

for rc0 tomorrow.

Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20200323' into staging (2020-03-23 15:38:30 +0000)

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20200323

for you to fetch changes up to 550a04893c2bd4442211b353680b9a6408d94dba:

target/arm: Move computation of index in handle_simd_dupe (2020-03-23 17:22:30 +0000)

* target/arm: avoid undefined behaviour shift in watchpoint code

* target/arm: avoid undefined behaviour shift in handle_simd_dupe()

* target/arm: add assert that immh != 0 in disas_simd_shift_imm()

* aspeed/smc: Fix DMA support for AST2600

* hw/arm/bcm283x: Correct the license text ('and' vs 'or')

Cédric Le Goater (1):

aspeed/smc: Fix DMA support for AST2600

Philippe Mathieu-Daudé (1):

hw/arm/bcm283x: Correct the license text

Richard Henderson (3):

target/arm: Rearrange disabled check for watchpoints

target/arm: Assert immh != 0 in disas_simd_shift_imm

target/arm: Move computation of index in handle_simd_dupe

include/hw/arm/bcm2835_peripherals.h | 3 ++-

include/hw/arm/bcm2836.h | 3 ++-

include/hw/char/bcm2835_aux.h | 3 ++-

include/hw/display/bcm2835_fb.h | 3 ++-

include/hw/dma/bcm2835_dma.h | 4 +++-

include/hw/intc/bcm2835_ic.h | 4 +++-

include/hw/intc/bcm2836_control.h | 3 ++-

include/hw/misc/bcm2835_mbox.h | 4 +++-

include/hw/misc/bcm2835_mbox_defs.h | 4 +++-

include/hw/misc/bcm2835_property.h | 4 +++-

hw/arm/aspeed_ast2600.c | 6 ++++++

hw/arm/bcm2835_peripherals.c | 3 ++-

hw/arm/bcm2836.c | 3 ++-

hw/arm/raspi.c | 3 ++-

hw/display/bcm2835_fb.c | 1 -

hw/dma/bcm2835_dma.c | 4 +++-

hw/intc/bcm2835_ic.c | 4 ++--

hw/intc/bcm2836_control.c | 4 +++-

hw/misc/bcm2835_mbox.c | 4 +++-

hw/misc/bcm2835_property.c | 4 +++-

hw/ssi/aspeed_smc.c | 15 +++++++++++++--

target/arm/helper.c | 11 ++++++-----

target/arm/translate-a64.c | 6 +++++-

hw/ssi/trace-events | 1 +

24 files changed, 76 insertions(+), 28 deletions(-)

From: Philippe Mathieu-Daudé <philmd@redhat.com>

The license is the 'GNU General Public License v2.0 or later',

not 'and':

This program is free software; you can redistribute it and/ori

modify it under the terms of the GNU General Public License as

published by the Free Software Foundation; either version 2 of

the License, or (at your option) any later version.

Fix the license comment.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>

Message-id: 20200312213455.15854-1-philmd@redhat.com

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---

include/hw/arm/bcm2835_peripherals.h | 3 ++-

include/hw/arm/bcm2836.h | 3 ++-

include/hw/char/bcm2835_aux.h | 3 ++-

include/hw/display/bcm2835_fb.h | 3 ++-

include/hw/dma/bcm2835_dma.h | 4 +++-

include/hw/intc/bcm2835_ic.h | 4 +++-

include/hw/intc/bcm2836_control.h | 3 ++-

include/hw/misc/bcm2835_mbox.h | 4 +++-

include/hw/misc/bcm2835_mbox_defs.h | 4 +++-

include/hw/misc/bcm2835_property.h | 4 +++-

hw/arm/bcm2835_peripherals.c | 3 ++-

hw/arm/bcm2836.c | 3 ++-

hw/arm/raspi.c | 3 ++-

hw/display/bcm2835_fb.c | 1 -

hw/dma/bcm2835_dma.c | 4 +++-

hw/intc/bcm2835_ic.c | 4 ++--

hw/intc/bcm2836_control.c | 4 +++-

hw/misc/bcm2835_mbox.c | 4 +++-

hw/misc/bcm2835_property.c | 4 +++-

19 files changed, 45 insertions(+), 20 deletions(-)

diff --git a/include/hw/arm/bcm2835_peripherals.h b/include/hw/arm/bcm2835_peripherals.h

index XXXXXXX..XXXXXXX 100644

--- a/include/hw/arm/bcm2835_peripherals.h

+++ b/include/hw/arm/bcm2835_peripherals.h

@@ -XXX,XX +XXX,XX @@

* Rasperry Pi 2 emulation and refactoring Copyright (c) 2015, Microsoft

* Written by Andrew Baumann

*

- * This code is licensed under the GNU GPLv2 and later.

+ * This work is licensed under the terms of the GNU GPL, version 2 or later.

+ * See the COPYING file in the top-level directory.

*/

#ifndef BCM2835_PERIPHERALS_H

diff --git a/include/hw/arm/bcm2836.h b/include/hw/arm/bcm2836.h

index XXXXXXX..XXXXXXX 100644

--- a/include/hw/arm/bcm2836.h

+++ b/include/hw/arm/bcm2836.h

@@ -XXX,XX +XXX,XX @@

* Rasperry Pi 2 emulation and refactoring Copyright (c) 2015, Microsoft

* Written by Andrew Baumann

*

- * This code is licensed under the GNU GPLv2 and later.

+ * This work is licensed under the terms of the GNU GPL, version 2 or later.

+ * See the COPYING file in the top-level directory.

*/

#ifndef BCM2836_H

diff --git a/include/hw/char/bcm2835_aux.h b/include/hw/char/bcm2835_aux.h

index XXXXXXX..XXXXXXX 100644

--- a/include/hw/char/bcm2835_aux.h

+++ b/include/hw/char/bcm2835_aux.h

@@ -XXX,XX +XXX,XX @@

* Rasperry Pi 2 emulation and refactoring Copyright (c) 2015, Microsoft

* Written by Andrew Baumann

*

- * This code is licensed under the GNU GPLv2 and later.

+ * This work is licensed under the terms of the GNU GPL, version 2 or later.

+ * See the COPYING file in the top-level directory.

*/

#ifndef BCM2835_AUX_H

diff --git a/include/hw/display/bcm2835_fb.h b/include/hw/display/bcm2835_fb.h

index XXXXXXX..XXXXXXX 100644

--- a/include/hw/display/bcm2835_fb.h

+++ b/include/hw/display/bcm2835_fb.h

@@ -XXX,XX +XXX,XX @@

* Rasperry Pi 2 emulation and refactoring Copyright (c) 2015, Microsoft

* Written by Andrew Baumann

*

- * This code is licensed under the GNU GPLv2 and later.

+ * This work is licensed under the terms of the GNU GPL, version 2 or later.

+ * See the COPYING file in the top-level directory.

*/

#ifndef BCM2835_FB_H

diff --git a/include/hw/dma/bcm2835_dma.h b/include/hw/dma/bcm2835_dma.h

index XXXXXXX..XXXXXXX 100644

--- a/include/hw/dma/bcm2835_dma.h

+++ b/include/hw/dma/bcm2835_dma.h

@@ -XXX,XX +XXX,XX @@

/*

* Raspberry Pi emulation (c) 2012 Gregory Estrade

- * This code is licensed under the GNU GPLv2 and later.

+ *

+ * This work is licensed under the terms of the GNU GPL, version 2 or later.

+ * See the COPYING file in the top-level directory.

*/

#ifndef BCM2835_DMA_H

diff --git a/include/hw/intc/bcm2835_ic.h b/include/hw/intc/bcm2835_ic.h

index XXXXXXX..XXXXXXX 100644

--- a/include/hw/intc/bcm2835_ic.h

+++ b/include/hw/intc/bcm2835_ic.h

@@ -XXX,XX +XXX,XX @@

/*

* Raspberry Pi emulation (c) 2012 Gregory Estrade

- * This code is licensed under the GNU GPLv2 and later.

+ *

+ * This work is licensed under the terms of the GNU GPL, version 2 or later.

+ * See the COPYING file in the top-level directory.

*/

#ifndef BCM2835_IC_H

diff --git a/include/hw/intc/bcm2836_control.h b/include/hw/intc/bcm2836_control.h

index XXXXXXX..XXXXXXX 100644

--- a/include/hw/intc/bcm2836_control.h

+++ b/include/hw/intc/bcm2836_control.h

@@ -XXX,XX +XXX,XX @@

* ARM Local Timer IRQ Copyright (c) 2019. Zoltán Baldaszti

* Added basic IRQ_TIMER interrupt support

*

- * This code is licensed under the GNU GPLv2 and later.

+ * This work is licensed under the terms of the GNU GPL, version 2 or later.

+ * See the COPYING file in the top-level directory.

*/

#ifndef BCM2836_CONTROL_H

diff --git a/include/hw/misc/bcm2835_mbox.h b/include/hw/misc/bcm2835_mbox.h

index XXXXXXX..XXXXXXX 100644

--- a/include/hw/misc/bcm2835_mbox.h

+++ b/include/hw/misc/bcm2835_mbox.h

@@ -XXX,XX +XXX,XX @@

/*

* Raspberry Pi emulation (c) 2012 Gregory Estrade

- * This code is licensed under the GNU GPLv2 and later.

+ *

+ * This work is licensed under the terms of the GNU GPL, version 2 or later.

+ * See the COPYING file in the top-level directory.

*/

#ifndef BCM2835_MBOX_H

diff --git a/include/hw/misc/bcm2835_mbox_defs.h b/include/hw/misc/bcm2835_mbox_defs.h

index XXXXXXX..XXXXXXX 100644

--- a/include/hw/misc/bcm2835_mbox_defs.h

+++ b/include/hw/misc/bcm2835_mbox_defs.h

@@ -XXX,XX +XXX,XX @@

/*

* Raspberry Pi emulation (c) 2012 Gregory Estrade

- * This code is licensed under the GNU GPLv2 and later.

+ *

+ * This work is licensed under the terms of the GNU GPL, version 2 or later.

+ * See the COPYING file in the top-level directory.

*/

#ifndef BCM2835_MBOX_DEFS_H

diff --git a/include/hw/misc/bcm2835_property.h b/include/hw/misc/bcm2835_property.h

index XXXXXXX..XXXXXXX 100644

--- a/include/hw/misc/bcm2835_property.h

+++ b/include/hw/misc/bcm2835_property.h

@@ -XXX,XX +XXX,XX @@

/*

* Raspberry Pi emulation (c) 2012 Gregory Estrade

- * This code is licensed under the GNU GPLv2 and later.

+ *

+ * This work is licensed under the terms of the GNU GPL, version 2 or later.

+ * See the COPYING file in the top-level directory.

*/

#ifndef BCM2835_PROPERTY_H

diff --git a/hw/arm/bcm2835_peripherals.c b/hw/arm/bcm2835_peripherals.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/arm/bcm2835_peripherals.c

+++ b/hw/arm/bcm2835_peripherals.c

@@ -XXX,XX +XXX,XX @@

* Rasperry Pi 2 emulation and refactoring Copyright (c) 2015, Microsoft

* Written by Andrew Baumann

*

- * This code is licensed under the GNU GPLv2 and later.

+ * This work is licensed under the terms of the GNU GPL, version 2 or later.

+ * See the COPYING file in the top-level directory.

*/

#include "qemu/osdep.h"

diff --git a/hw/arm/bcm2836.c b/hw/arm/bcm2836.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/arm/bcm2836.c

+++ b/hw/arm/bcm2836.c

@@ -XXX,XX +XXX,XX @@

* Rasperry Pi 2 emulation and refactoring Copyright (c) 2015, Microsoft

* Written by Andrew Baumann

*

- * This code is licensed under the GNU GPLv2 and later.

+ * This work is licensed under the terms of the GNU GPL, version 2 or later.

+ * See the COPYING file in the top-level directory.

*/

#include "qemu/osdep.h"

diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/arm/raspi.c

+++ b/hw/arm/raspi.c

@@ -XXX,XX +XXX,XX @@

* Raspberry Pi 3 emulation Copyright (c) 2018 Zoltán Baldaszti

* Upstream code cleanup (c) 2018 Pekka Enberg

*

- * This code is licensed under the GNU GPLv2 and later.

+ * This work is licensed under the terms of the GNU GPL, version 2 or later.

+ * See the COPYING file in the top-level directory.

*/

#include "qemu/osdep.h"

diff --git a/hw/display/bcm2835_fb.c b/hw/display/bcm2835_fb.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/display/bcm2835_fb.c

+++ b/hw/display/bcm2835_fb.c

@@ -XXX,XX +XXX,XX @@

/*

* Raspberry Pi emulation (c) 2012 Gregory Estrade

* Refactoring for Pi2 Copyright (c) 2015, Microsoft. Written by Andrew Baumann.

- * This code is licensed under the GNU GPLv2 and later.

*

* Heavily based on milkymist-vgafb.c, copyright terms below:

* QEMU model of the Milkymist VGA framebuffer.

diff --git a/hw/dma/bcm2835_dma.c b/hw/dma/bcm2835_dma.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/dma/bcm2835_dma.c

+++ b/hw/dma/bcm2835_dma.c

@@ -XXX,XX +XXX,XX @@

/*

* Raspberry Pi emulation (c) 2012 Gregory Estrade

- * This code is licensed under the GNU GPLv2 and later.

+ *

+ * This work is licensed under the terms of the GNU GPL, version 2 or later.

+ * See the COPYING file in the top-level directory.

*/

#include "qemu/osdep.h"

diff --git a/hw/intc/bcm2835_ic.c b/hw/intc/bcm2835_ic.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/intc/bcm2835_ic.c

+++ b/hw/intc/bcm2835_ic.c

@@ -XXX,XX +XXX,XX @@

/*

* Raspberry Pi emulation (c) 2012 Gregory Estrade

* Refactoring for Pi2 Copyright (c) 2015, Microsoft. Written by Andrew Baumann.

- * This code is licensed under the GNU GPLv2 and later.

* Heavily based on pl190.c, copyright terms below:

*

* Arm PrimeCell PL190 Vector Interrupt Controller

@@ -XXX,XX +XXX,XX @@

* Copyright (c) 2006 CodeSourcery.

* Written by Paul Brook

*

- * This code is licensed under the GPL.

+ * This work is licensed under the terms of the GNU GPL, version 2 or later.

+ * See the COPYING file in the top-level directory.

*/

#include "qemu/osdep.h"

diff --git a/hw/intc/bcm2836_control.c b/hw/intc/bcm2836_control.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/intc/bcm2836_control.c

+++ b/hw/intc/bcm2836_control.c

@@ -XXX,XX +XXX,XX @@

* Written by Andrew Baumann

*

* Based on bcm2835_ic.c (Raspberry Pi emulation) (c) 2012 Gregory Estrade

- * This code is licensed under the GNU GPLv2 and later.

*

* At present, only implements interrupt routing, and mailboxes (i.e.,

* not PMU interrupt, or AXI counters).

@@ -XXX,XX +XXX,XX @@

*

* Ref:

* https://www.raspberrypi.org/documentation/hardware/raspberrypi/bcm2836/QA7_rev3.4.pdf

+ *

+ * This work is licensed under the terms of the GNU GPL, version 2 or later.

+ * See the COPYING file in the top-level directory.

*/

#include "qemu/osdep.h"

diff --git a/hw/misc/bcm2835_mbox.c b/hw/misc/bcm2835_mbox.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/misc/bcm2835_mbox.c

+++ b/hw/misc/bcm2835_mbox.c

@@ -XXX,XX +XXX,XX @@

/*

* Raspberry Pi emulation (c) 2012 Gregory Estrade

- * This code is licensed under the GNU GPLv2 and later.

*

* This file models the system mailboxes, which are used for

* communication with low-bandwidth GPU peripherals. Refs:

* https://github.com/raspberrypi/firmware/wiki/Mailboxes

* https://github.com/raspberrypi/firmware/wiki/Accessing-mailboxes

+ *

+ * This work is licensed under the terms of the GNU GPL, version 2 or later.

+ * See the COPYING file in the top-level directory.

*/

#include "qemu/osdep.h"

diff --git a/hw/misc/bcm2835_property.c b/hw/misc/bcm2835_property.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/misc/bcm2835_property.c

+++ b/hw/misc/bcm2835_property.c

@@ -XXX,XX +XXX,XX @@

/*

* Raspberry Pi emulation (c) 2012 Gregory Estrade

- * This code is licensed under the GNU GPLv2 and later.

+ *

+ * This work is licensed under the terms of the GNU GPL, version 2 or later.

+ * See the COPYING file in the top-level directory.

*/

#include "qemu/osdep.h"

--

2.20.1

From: Cédric Le Goater <clg@kaod.org>

Recent firmwares uses SPI DMA transfers in U-Boot to load the

different images (kernel, initrd, dtb) in the SoC DRAM. The AST2600

FMC model is missing the masks to be applied on the DMA registers

which resulted in incorrect values. Fix that and wire the SPI

controllers which have DMA support on the AST2600.

Fixes: bcaa8ddd081c ("aspeed/smc: Add AST2600 support")

Signed-off-by: Cédric Le Goater <clg@kaod.org>

Reviewed-by: Joel Stanley <joel@jms.id.au>

Message-id: 20200320053923.20565-1-clg@kaod.org

hw/arm/aspeed_ast2600.c | 6 ++++++

hw/ssi/aspeed_smc.c | 15 +++++++++++++--

hw/ssi/trace-events | 1 +

3 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/hw/arm/aspeed_ast2600.c b/hw/arm/aspeed_ast2600.c

--- a/hw/arm/aspeed_ast2600.c

+++ b/hw/arm/aspeed_ast2600.c

@@ -XXX,XX +XXX,XX @@ static void aspeed_soc_ast2600_realize(DeviceState *dev, Error **errp)

/* SPI */

for (i = 0; i < sc->spis_num; i++) {

+ object_property_set_link(OBJECT(&s->spi[i]), OBJECT(s->dram_mr),

+ "dram", &err);

+ if (err) {

+ error_propagate(errp, err);

+ return;

+ }

object_property_set_int(OBJECT(&s->spi[i]), 1, "num-cs", &err);

object_property_set_bool(OBJECT(&s->spi[i]), true, "realized",

&local_err);

diff --git a/hw/ssi/aspeed_smc.c b/hw/ssi/aspeed_smc.c

--- a/hw/ssi/aspeed_smc.c

+++ b/hw/ssi/aspeed_smc.c

@@ -XXX,XX +XXX,XX @@ static const AspeedSMCController controllers[] = {

.flash_window_base = ASPEED26_SOC_FMC_FLASH_BASE,

.flash_window_size = 0x10000000,

.has_dma = true,

+ .dma_flash_mask = 0x0FFFFFFC,

+ .dma_dram_mask = 0x3FFFFFFC,

.nregs = ASPEED_SMC_R_MAX,

.segment_to_reg = aspeed_2600_smc_segment_to_reg,

.reg_to_segment = aspeed_2600_smc_reg_to_segment,

@@ -XXX,XX +XXX,XX @@ static const AspeedSMCController controllers[] = {

.segments = aspeed_segments_ast2600_spi1,

.flash_window_base = ASPEED26_SOC_SPI_FLASH_BASE,

.flash_window_size = 0x10000000,

- .has_dma = false,

+ .has_dma = true,

+ .dma_flash_mask = 0x0FFFFFFC,

+ .dma_dram_mask = 0x3FFFFFFC,

.nregs = ASPEED_SMC_R_MAX,

.segment_to_reg = aspeed_2600_smc_segment_to_reg,

.reg_to_segment = aspeed_2600_smc_reg_to_segment,

@@ -XXX,XX +XXX,XX @@ static const AspeedSMCController controllers[] = {

.segments = aspeed_segments_ast2600_spi2,

.flash_window_base = ASPEED26_SOC_SPI2_FLASH_BASE,

.flash_window_size = 0x10000000,

- .has_dma = false,

+ .has_dma = true,

+ .dma_flash_mask = 0x0FFFFFFC,

+ .dma_dram_mask = 0x3FFFFFFC,

.nregs = ASPEED_SMC_R_MAX,

.segment_to_reg = aspeed_2600_smc_segment_to_reg,

.reg_to_segment = aspeed_2600_smc_reg_to_segment,

@@ -XXX,XX +XXX,XX @@ static void aspeed_smc_dma_rw(AspeedSMCState *s)

MemTxResult result;

uint32_t data;

+ trace_aspeed_smc_dma_rw(s->regs[R_DMA_CTRL] & DMA_CTRL_WRITE ?

+ "write" : "read",

+ s->regs[R_DMA_FLASH_ADDR],

+ s->regs[R_DMA_DRAM_ADDR],

+ s->regs[R_DMA_LEN]);

while (s->regs[R_DMA_LEN]) {

if (s->regs[R_DMA_CTRL] & DMA_CTRL_WRITE) {

data = address_space_ldl_le(&s->dram_as, s->regs[R_DMA_DRAM_ADDR],

diff --git a/hw/ssi/trace-events b/hw/ssi/trace-events

index XXXXXXX..XXXXXXX 100644

--- a/hw/ssi/trace-events

+++ b/hw/ssi/trace-events

@@ -XXX,XX +XXX,XX @@ aspeed_smc_do_snoop(int cs, int index, int dummies, int data) "CS%d index:0x%x d

aspeed_smc_flash_write(int cs, uint64_t addr, uint32_t size, uint64_t data, int mode) "CS%d @0x%" PRIx64 " size %u: 0x%" PRIx64" mode:%d"

aspeed_smc_read(uint64_t addr, uint32_t size, uint64_t data) "@0x%" PRIx64 " size %u: 0x%" PRIx64

aspeed_smc_dma_checksum(uint32_t addr, uint32_t data) "0x%08x: 0x%08x"

+aspeed_smc_dma_rw(const char *dir, uint32_t flash_addr, uint32_t dram_addr, uint32_t size) "%s flash:@0x%08x dram:@0x%08x size:0x%08x"

aspeed_smc_write(uint64_t addr, uint32_t size, uint64_t data) "@0x%" PRIx64 " size %u: 0x%" PRIx64

aspeed_smc_flash_select(int cs, const char *prefix) "CS%d %sselect"

From: Richard Henderson <richard.henderson@linaro.org>

Coverity rightly notes that ctz32(bas) on 0 will return 32,

which makes the len calculation a BAD_SHIFT.

A value of 0 in DBGWCR<n>_EL1.BAS is reserved. Simply move

the existing check we have for this case.

Reported-by: Coverity (CID 1421964)

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>

Message-id: 20200320160622.8040-2-richard.henderson@linaro.org

target/arm/helper.c | 11 ++++++-----

1 file changed, 6 insertions(+), 5 deletions(-)

@@ -XXX,XX +XXX,XX @@ void hw_watchpoint_update(ARMCPU *cpu, int n)

int bas = extract64(wcr, 5, 8);

int basstart;

- if (bas == 0) {

- /* This must act as if the watchpoint is disabled */

- return;

- }

-

if (extract64(wvr, 2, 1)) {

/* Deprecated case of an only 4-aligned address. BAS[7:4] are

* ignored, and BAS[3:0] define which bytes to watch.

*/

bas &= 0xf;

}

+ if (bas == 0) {

+ /* This must act as if the watchpoint is disabled */

+ return;

+ }

/* The BAS bits are supposed to be programmed to indicate a contiguous

* range of bytes. Otherwise it is CONSTRAINED UNPREDICTABLE whether

* we fire for each byte in the word/doubleword addressed by the WVR.

From: Richard Henderson <richard.henderson@linaro.org>

Coverity raised a shed-load of errors cascading from inferring

that clz32(immh) might yield 32, from immh might be 0.

While immh cannot be 0 from encoding, it is not obvious even to

a human how we've checked that: via the filtering provided by

data_proc_simd[].

Reported-by: Coverity (CID 1421923, and more)

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>

Message-id: 20200320160622.8040-3-richard.henderson@linaro.org

target/arm/translate-a64.c | 3 +++

1 file changed, 3 insertions(+)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c

--- a/target/arm/translate-a64.c

+++ b/target/arm/translate-a64.c

@@ -XXX,XX +XXX,XX @@ static void disas_simd_shift_imm(DisasContext *s, uint32_t insn)

bool is_u = extract32(insn, 29, 1);

bool is_q = extract32(insn, 30, 1);

+ /* data_proc_simd[] has sent immh == 0 to disas_simd_mod_imm. */

+ assert(immh != 0);

+

switch (opcode) {

case 0x08: /* SRI */

if (!is_u) {

From: Richard Henderson <richard.henderson@linaro.org>

Coverity reports a BAD_SHIFT with ctz32(imm5), with imm5 == 0.

This is an invalid encoding, but we diagnose that just below

by rejecting size > 3. Avoid the warning by sinking the

computation of index below the check.

Reported-by: Coverity (CID 1421965)

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>

Message-id: 20200320160622.8040-4-richard.henderson@linaro.org

target/arm/translate-a64.c | 3 ++-

1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c

--- a/target/arm/translate-a64.c

+++ b/target/arm/translate-a64.c

@@ -XXX,XX +XXX,XX @@ static void handle_simd_dupe(DisasContext *s, int is_q, int rd, int rn,

int imm5)

{

int size = ctz32(imm5);

- int index = imm5 >> (size + 1);

+ int index;

if (size > 3 || (size == 3 && !is_q)) {

unallocated_encoding(s);

@@ -XXX,XX +XXX,XX @@ static void handle_simd_dupe(DisasContext *s, int is_q, int rd, int rn,

return;

+ index = imm5 >> (size + 1);

tcg_gen_gvec_dup_mem(size, vec_full_reg_offset(s, rd),

vec_reg_offset(s, rn, index, size),

is_q ? 16 : 8, vec_full_reg_size(s));