Message ID | 20180809034033.10579-7-richard.henderson@linaro.org |
---|---|
State | Superseded |
Headers | show |
Series | target/arm: sve linux-user patches | expand |
On Thu, Aug 9, 2018 at 5:40 AM, Richard Henderson <richard.henderson@linaro.org> wrote: > The expression (int) imm + (uint32_t) len_align turns into uint32_t > and thus with negative imm produces a memory operation at the wrong > offset. None of the numbers involved are particularly large, so > change everything to use int. > > Cc: qemu-stable@nongnu.org (3.0.1) > Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com> > Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Laurent Desnogues <laurent.desnogues@gmail.com> Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com> Laurent > --- > target/arm/translate-sve.c | 18 ++++++++---------- > 1 file changed, 8 insertions(+), 10 deletions(-) > > diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c > index 89efc80ee7..9e63b5f8e5 100644 > --- a/target/arm/translate-sve.c > +++ b/target/arm/translate-sve.c > @@ -4372,12 +4372,11 @@ static bool trans_UCVTF_dd(DisasContext *s, arg_rpr_esz *a, uint32_t insn) > * The load should begin at the address Rn + IMM. > */ > > -static void do_ldr(DisasContext *s, uint32_t vofs, uint32_t len, > - int rn, int imm) > +static void do_ldr(DisasContext *s, uint32_t vofs, int len, int rn, int imm) > { > - uint32_t len_align = QEMU_ALIGN_DOWN(len, 8); > - uint32_t len_remain = len % 8; > - uint32_t nparts = len / 8 + ctpop8(len_remain); > + int len_align = QEMU_ALIGN_DOWN(len, 8); > + int len_remain = len % 8; > + int nparts = len / 8 + ctpop8(len_remain); > int midx = get_mem_index(s); > TCGv_i64 addr, t0, t1; > > @@ -4458,12 +4457,11 @@ static void do_ldr(DisasContext *s, uint32_t vofs, uint32_t len, > } > > /* Similarly for stores. */ > -static void do_str(DisasContext *s, uint32_t vofs, uint32_t len, > - int rn, int imm) > +static void do_str(DisasContext *s, uint32_t vofs, int len, int rn, int imm) > { > - uint32_t len_align = QEMU_ALIGN_DOWN(len, 8); > - uint32_t len_remain = len % 8; > - uint32_t nparts = len / 8 + ctpop8(len_remain); > + int len_align = QEMU_ALIGN_DOWN(len, 8); > + int len_remain = len % 8; > + int nparts = len / 8 + ctpop8(len_remain); > int midx = get_mem_index(s); > TCGv_i64 addr, t0; > > -- > 2.17.1 >
Richard Henderson <richard.henderson@linaro.org> writes: > The expression (int) imm + (uint32_t) len_align turns into uint32_t > and thus with negative imm produces a memory operation at the wrong > offset. None of the numbers involved are particularly large, so > change everything to use int. > > Cc: qemu-stable@nongnu.org (3.0.1) > Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com> > Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> > --- > target/arm/translate-sve.c | 18 ++++++++---------- > 1 file changed, 8 insertions(+), 10 deletions(-) > > diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c > index 89efc80ee7..9e63b5f8e5 100644 > --- a/target/arm/translate-sve.c > +++ b/target/arm/translate-sve.c > @@ -4372,12 +4372,11 @@ static bool trans_UCVTF_dd(DisasContext *s, arg_rpr_esz *a, uint32_t insn) > * The load should begin at the address Rn + IMM. > */ > > -static void do_ldr(DisasContext *s, uint32_t vofs, uint32_t len, > - int rn, int imm) > +static void do_ldr(DisasContext *s, uint32_t vofs, int len, int rn, int imm) > { > - uint32_t len_align = QEMU_ALIGN_DOWN(len, 8); > - uint32_t len_remain = len % 8; > - uint32_t nparts = len / 8 + ctpop8(len_remain); > + int len_align = QEMU_ALIGN_DOWN(len, 8); > + int len_remain = len % 8; > + int nparts = len / 8 + ctpop8(len_remain); > int midx = get_mem_index(s); > TCGv_i64 addr, t0, t1; > > @@ -4458,12 +4457,11 @@ static void do_ldr(DisasContext *s, uint32_t vofs, uint32_t len, > } > > /* Similarly for stores. */ > -static void do_str(DisasContext *s, uint32_t vofs, uint32_t len, > - int rn, int imm) > +static void do_str(DisasContext *s, uint32_t vofs, int len, int rn, int imm) > { > - uint32_t len_align = QEMU_ALIGN_DOWN(len, 8); > - uint32_t len_remain = len % 8; > - uint32_t nparts = len / 8 + ctpop8(len_remain); > + int len_align = QEMU_ALIGN_DOWN(len, 8); > + int len_remain = len % 8; > + int nparts = len / 8 + ctpop8(len_remain); > int midx = get_mem_index(s); > TCGv_i64 addr, t0; -- Alex Bennée
diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c index 89efc80ee7..9e63b5f8e5 100644 --- a/target/arm/translate-sve.c +++ b/target/arm/translate-sve.c @@ -4372,12 +4372,11 @@ static bool trans_UCVTF_dd(DisasContext *s, arg_rpr_esz *a, uint32_t insn) * The load should begin at the address Rn + IMM. */ -static void do_ldr(DisasContext *s, uint32_t vofs, uint32_t len, - int rn, int imm) +static void do_ldr(DisasContext *s, uint32_t vofs, int len, int rn, int imm) { - uint32_t len_align = QEMU_ALIGN_DOWN(len, 8); - uint32_t len_remain = len % 8; - uint32_t nparts = len / 8 + ctpop8(len_remain); + int len_align = QEMU_ALIGN_DOWN(len, 8); + int len_remain = len % 8; + int nparts = len / 8 + ctpop8(len_remain); int midx = get_mem_index(s); TCGv_i64 addr, t0, t1; @@ -4458,12 +4457,11 @@ static void do_ldr(DisasContext *s, uint32_t vofs, uint32_t len, } /* Similarly for stores. */ -static void do_str(DisasContext *s, uint32_t vofs, uint32_t len, - int rn, int imm) +static void do_str(DisasContext *s, uint32_t vofs, int len, int rn, int imm) { - uint32_t len_align = QEMU_ALIGN_DOWN(len, 8); - uint32_t len_remain = len % 8; - uint32_t nparts = len / 8 + ctpop8(len_remain); + int len_align = QEMU_ALIGN_DOWN(len, 8); + int len_remain = len % 8; + int nparts = len / 8 + ctpop8(len_remain); int midx = get_mem_index(s); TCGv_i64 addr, t0;
The expression (int) imm + (uint32_t) len_align turns into uint32_t and thus with negative imm produces a memory operation at the wrong offset. None of the numbers involved are particularly large, so change everything to use int. Cc: qemu-stable@nongnu.org (3.0.1) Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> --- target/arm/translate-sve.c | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) -- 2.17.1