From patchwork Fri Sep 6 06:53:32 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 825909 Delivered-To: patch@linaro.org Received: by 2002:adf:a345:0:b0:367:895a:4699 with SMTP id d5csp661708wrb; Thu, 5 Sep 2024 23:55:15 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVOQlFZadBz8tk+MVi103LD7rLEr8wEjWUalE4ABtNFuFaAOVp2PsTHTrNWluWlnAVic40M+g==@linaro.org X-Google-Smtp-Source: AGHT+IHvvt2F0PpRcGxlpwZyG1+Tqew9sIES+dslOOTN/xIuH2c+HEBfbaDLFXH17Ro/z9M5EtIj X-Received: by 2002:a05:622a:1896:b0:454:b115:f74 with SMTP id d75a77b69052e-4580c78e858mr23993181cf.49.1725605715242; Thu, 05 Sep 2024 23:55:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1725605715; cv=none; d=google.com; s=arc-20240605; b=iVbwcr81OIPy0IntX/6t+QuSfhqub4XGpAWdKGB0oB2BeeF/RfVrXWhYeWspgdjILw k5PZiGr5B7ZWlqdj0KHbCKkLvcFY8fdv7AaPurCO/xo5EgJoSvoH+1LaixDJuyYNYduj s2WhetmUMeK+W2p30zxfa+qgNwvt6za2ds9U8uwkQROkGN/zDimyys4e1O9e+tDNv3va AD35zjHOTA50cmvN2Tchq+ja+uaGXcDhxySxpxyV3ADMKGmmPednz5vWcerBTmM/rAGq iO9kdi0pencLIKrx5TvbCUIhpvmVa05Bj+zcPxAwHMJWKFFuj5mHNFa+d7jZYL/Qf43w Wa0A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=duDrgkBcYk6Vwi7K00VEjySNR3G0h1nog9wKYFtbUCc=; fh=taStO74W/EZXcDvsT3Zoyq1h58w93JzpEc66fmdrq4s=; b=PCj/87jlo8J2w0qtndn8UW+CMPf/4N+VvTiSHYCjaJi4p48KRvxxzxEZ2rTbyATL3A I8fw6WYABlsPQMWi1QYWVeJkEQbfs0AYGN05R2/57yWgH1Imack5hjXjuRmv1YnVM+v3 sKLm/N4cwZdofcU/UHFN2EFIH8DsGEJ27pk9TGFp9V14227sriXjlPhfrkHFntBb5egd lZMOsVCrTwoxenKlkWTITH1g30pHrAQ9GSWIJfuze6D+9Xs0yBGg59NWjJZQa9QIRmER Ge+FETQkaleP2F5A78Qmm0+ZLEgTvbu+tO0533Hu8nZvaEdg58M6QfUesyMOQQzoXHyi pGLQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id d75a77b69052e-45809c85966si24095251cf.262.2024.09.05.23.55.14 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 05 Sep 2024 23:55:15 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1smSrn-0004DM-KL; Fri, 06 Sep 2024 02:54:47 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smSrm-00049W-Ie; Fri, 06 Sep 2024 02:54:46 -0400 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smSrk-0002ys-OT; Fri, 06 Sep 2024 02:54:46 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id AC8778C237; Fri, 6 Sep 2024 09:53:11 +0300 (MSK) Received: from tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with SMTP id 747101333EF; Fri, 6 Sep 2024 09:54:29 +0300 (MSK) Received: (nullmailer pid 43311 invoked by uid 1000); Fri, 06 Sep 2024 06:54:29 -0000 From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Peter Maydell , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Richard Henderson , Michael Tokarev Subject: [Stable-8.2.7 02/53] target/arm: Fix handling of LDAPR/STLR with negative offset Date: Fri, 6 Sep 2024 09:53:32 +0300 Message-Id: <20240906065429.42415-2-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Peter Maydell When we converted the LDAPR/STLR instructions to decodetree we accidentally introduced a regression where the offset is negative. The 9-bit immediate field is signed, and the old hand decoder correctly used sextract32() to get it out of the insn word, but the ldapr_stlr_i pattern in the decode file used "imm:9" instead of "imm:s9", so it treated the field as unsigned. Fix the pattern to treat the field as a signed immediate. Cc: qemu-stable@nongnu.org Fixes: 2521b6073b7 ("target/arm: Convert LDAPR/STLR (imm) to decodetree") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2419 Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Richard Henderson Message-id: 20240709134504.3500007-2-peter.maydell@linaro.org (cherry picked from commit 5669d26ec614b3f4c56cf1489b9095ed327938b1) Signed-off-by: Michael Tokarev diff --git a/target/arm/tcg/a64.decode b/target/arm/tcg/a64.decode index 8a20dce3c8..6cc29a4bce 100644 --- a/target/arm/tcg/a64.decode +++ b/target/arm/tcg/a64.decode @@ -467,7 +467,7 @@ LDAPR sz:2 111 0 00 1 0 1 11111 1100 00 rn:5 rt:5 LDRA 11 111 0 00 m:1 . 1 ......... w:1 1 rn:5 rt:5 imm=%ldra_imm &ldapr_stlr_i rn rt imm sz sign ext -@ldapr_stlr_i .. ...... .. . imm:9 .. rn:5 rt:5 &ldapr_stlr_i +@ldapr_stlr_i .. ...... .. . imm:s9 .. rn:5 rt:5 &ldapr_stlr_i STLR_i sz:2 011001 00 0 ......... 00 ..... ..... @ldapr_stlr_i sign=0 ext=0 LDAPR_i sz:2 011001 01 0 ......... 00 ..... ..... @ldapr_stlr_i sign=0 ext=0 LDAPR_i 00 011001 10 0 ......... 00 ..... ..... @ldapr_stlr_i sign=1 ext=0 sz=0 From patchwork Fri Sep 6 06:53:33 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 825917 Delivered-To: patch@linaro.org Received: by 2002:adf:a345:0:b0:367:895a:4699 with SMTP id d5csp662392wrb; Thu, 5 Sep 2024 23:57:53 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUPGYWK605/pY+TqDrXDRt8fYr2OdqSR3Ppi1qYOJ6pZsgfQ2JA7JOEmIlYhxXxU+DvqU4vqw==@linaro.org X-Google-Smtp-Source: AGHT+IG/ZEB8y01bZJPrHDrM9M4DkEYJ3skxGJMOkeT0C5Hl7JdqLNlYdR0VyEeaImfyv5ccSFvO X-Received: by 2002:ac8:5803:0:b0:456:811c:4ecd with SMTP id d75a77b69052e-4580c675320mr17830241cf.4.1725605873649; Thu, 05 Sep 2024 23:57:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1725605873; cv=none; d=google.com; s=arc-20240605; b=dK6lL8BIlk+x1s+FdgWnkpfoOCJJJg3VoTl2zHX7UL5B20ritjna9KYcNc4iFWLz5k SamXN1jqNSjXfqpTnAi/WhOQCvFF8oc9WXpUGdeG0bPuAY8YPxIbcUP4fhiyhqjkEFGX VD6swgfK2Cma+pr/31n3Pwke9v+Ts/Zp5jRv6FBt8Yr/xS8fcNwFzeq3J1yLPZlbyHrG V/8Wq74/REV+kO9t4kgZ+yS1beYMYNMn9tIDZLUUbXgE2d9fD+d4fu9Zz5tHXQdQOMIe n+AuPGA2Vb/MozGDwWySv3OKwUAQxUtaAgLmh4oGH5GhgoAv3EJCjwI3ybTlmJJ9DLLX JHeg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=HfUXDUjhSlDWC/BsDi3/W+0CxfJE3H7SOIced/nj8cs=; fh=xJ1URYKcMN3TM0/XAv5v+aCN+5tIbzAdcfBx5UNgoLw=; b=jeejLxsewg69cS7syDY7yD5al8595RKoKYcpNN+cLJ1fDQtNwjo053Tkyh9nzuhoE8 CO7vdoUrIcH4vUVaOEjzZDuBq7umBWGFre3c69ZesBB7pw2JQxMmL1HgVzfK6Ot6dlwj iE+kFepAP/MqlAmR7Q27vg4h6nilOPQFaykkDLelpjEXgEQFm4EMebbcE3b0BOwpsDN2 KDrAEU51/0GUBysaecqfEivXR1aWOJoUYTIJVzCOzULWXVWvozvreD/AwaHrGhmz3uJ9 YxStZTC7Knue+Sw6uXfra9JW6F5nb3bq9CHkmvCmSzOFw8lDN8Uy4wElii1at9CBlS3Y h0xg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id d75a77b69052e-45809c8f588si21094251cf.467.2024.09.05.23.57.53 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 05 Sep 2024 23:57:53 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1smSro-0004JI-Vs; Fri, 06 Sep 2024 02:54:49 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smSrm-00049t-LQ; Fri, 06 Sep 2024 02:54:46 -0400 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smSrk-0002z0-Ui; Fri, 06 Sep 2024 02:54:46 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id BB8E08C238; Fri, 6 Sep 2024 09:53:11 +0300 (MSK) Received: from tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with SMTP id 849F01333F0; Fri, 6 Sep 2024 09:54:29 +0300 (MSK) Received: (nullmailer pid 43321 invoked by uid 1000); Fri, 06 Sep 2024 06:54:29 -0000 From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Peter Maydell , Richard Henderson , Michael Tokarev Subject: [Stable-8.2.7 03/53] target/arm: LDAPR should honour SCTLR_ELx.nAA Date: Fri, 6 Sep 2024 09:53:33 +0300 Message-Id: <20240906065429.42415-3-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Peter Maydell In commit c1a1f80518d360b when we added the FEAT_LSE2 relaxations to the alignment requirements for atomic and ordered loads and stores, we didn't quite get it right for LDAPR/LDAPRH/LDAPRB with no immediate offset. These instructions were handled in the old decoder as part of disas_ldst_atomic(), but unlike all the other insns that function decoded (LDADD, LDCLR, etc) these insns are "ordered", not "atomic", so they should be using check_ordered_align() rather than check_atomic_align(). Commit c1a1f80518d360b used check_atomic_align() regardless for everything in disas_ldst_atomic(). We then carried that incorrect check over in the decodetree conversion, where LDAPR/LDAPRH/LDAPRB are now handled by trans_LDAPR(). The effect is that when FEAT_LSE2 is implemented, these instructions don't honour the SCTLR_ELx.nAA bit and will generate alignment faults when they should not. (The LDAPR insns with an immediate offset were in disas_ldst_ldapr_stlr() and then in trans_LDAPR_i() and trans_STLR_i(), and have always used the correct check_ordered_align().) Use check_ordered_align() in trans_LDAPR(). Cc: qemu-stable@nongnu.org Fixes: c1a1f80518d360b ("target/arm: Relax ordered/atomic alignment checks for LSE2") Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20240709134504.3500007-3-peter.maydell@linaro.org (cherry picked from commit 25489b521b61b874c4c6583956db0012a3674e3a) Signed-off-by: Michael Tokarev diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c index f2d05c589c..2fccd836b7 100644 --- a/target/arm/tcg/translate-a64.c +++ b/target/arm/tcg/translate-a64.c @@ -3306,7 +3306,7 @@ static bool trans_LDAPR(DisasContext *s, arg_LDAPR *a) if (a->rn == 31) { gen_check_sp_alignment(s); } - mop = check_atomic_align(s, a->rn, a->sz); + mop = check_ordered_align(s, a->rn, 0, false, a->sz); clean_addr = gen_mte_check1(s, cpu_reg_sp(s, a->rn), false, a->rn != 31, mop); /* From patchwork Fri Sep 6 06:53:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 825912 Delivered-To: patch@linaro.org Received: by 2002:adf:a345:0:b0:367:895a:4699 with SMTP id d5csp662074wrb; Thu, 5 Sep 2024 23:56:47 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCV3jwAmYJSjYmypFt7/7LJgsG4dNdNCl/1y262bqXvc9aDKUUfN4dARG0lpTg8UokYsOci3NA==@linaro.org X-Google-Smtp-Source: AGHT+IHyy7hsvee1o6O7PaaOuObHkV2n3DiZJxLUqfUTm+nkmBSgx9jlTZMaRdO1tqFh9oBVuHTW X-Received: by 2002:a05:620a:4608:b0:7a5:1ca:d010 with SMTP id af79cd13be357-7a988886e4emr1482346385a.12.1725605807140; Thu, 05 Sep 2024 23:56:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1725605807; cv=none; d=google.com; s=arc-20240605; b=EMvFV+9/KNZ/CGqGYlitt3DWXdZTtOxYcjn189qMqus+wc/qT5qTDvJw5hS1bxHWek TonQCwNdDMC7ydeHUQ34Mx1xgvFOHxIF4xDZInY0VLDM2n4f/B2KyJRcKRaP2wxSeN9n sj0nyt9GC7fuznA0QXHeLm7Ha5ZqKPUiURzmU7t+i0wvjmbk502tID8LXOoTfYZxcoMx bfVkg4aySfA7axEXr/FlpfF1l09Eoh2D4czY8BO8iLIP6NHVxtAKWmZnEOn/h04pXEC8 TxY+mF70wpVoOynfzVGvBnkfXWnX+VyPLK697hIQAmmeuUSUEkCuEwouludfi3puI/d8 ObRg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=2v/itSbhrsvC+OQ9czB9xUrt9HijAS9HoAxkePOeUAI=; fh=xcz4BIk6UKjOo0wG05W3ZY0KrLZqRuYba2k7grc93iY=; b=KyAMtzsqbxWn6q/JsHhlpArN08wsg3FjqPkvyvfw9Oti3nwXcCf+CfoFVydaGC05Zf YO3vxMiqHconR5nPrWLW+SLhpqPSiPy5cr2/KIGxGpG9gWZo8dch/XfL0Ja7J/LMTew8 7x4T1rR8RoIkwLBwpSx/8w0ERdO6TEjM1Nv6rcWE1sbXFFEy7j6kogLYNFi4kyFh5Q8a qKJbCEOhU31j/nYtcVdbpMhE18gLD5l00tBYNw5tmKchimJh0ANles+IqP8055yFjbZh hxSRcPeF1SW9U64D/1DWyiFJ4xdAjkKTXWVygUO00d9o/QJz7EWQnYBfUqQ9TMrBp+Lb suaw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id af79cd13be357-7a9956beb34si209474285a.227.2024.09.05.23.56.46 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 05 Sep 2024 23:56:47 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1smSrt-0004d3-Jo; Fri, 06 Sep 2024 02:54:53 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smSrq-0004RK-NO; Fri, 06 Sep 2024 02:54:50 -0400 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smSro-000307-UY; Fri, 06 Sep 2024 02:54:50 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id E028B8C23A; Fri, 6 Sep 2024 09:53:11 +0300 (MSK) Received: from tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with SMTP id A6BD91333F2; Fri, 6 Sep 2024 09:54:29 +0300 (MSK) Received: (nullmailer pid 43335 invoked by uid 1000); Fri, 06 Sep 2024 06:54:29 -0000 From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Richard Henderson , Daniyal Khan , =?utf-8?q?Alex_Benn=C3=A9e?= , Peter Maydell , Michael Tokarev Subject: [Stable-8.2.7 05/53] target/arm: Use FPST_F16 for SME FMOPA (widening) Date: Fri, 6 Sep 2024 09:53:35 +0300 Message-Id: <20240906065429.42415-5-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Richard Henderson This operation has float16 inputs and thus must use the FZ16 control not the FZ control. Cc: qemu-stable@nongnu.org Fixes: 3916841ac75 ("target/arm: Implement FMOPA, FMOPS (widening)") Reported-by: Daniyal Khan Signed-off-by: Richard Henderson Reviewed-by: Alex Bennée Message-id: 20240717060149.204788-3-richard.henderson@linaro.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2374 Signed-off-by: Richard Henderson Reviewed-by: Alex Bennée Signed-off-by: Peter Maydell (cherry picked from commit 207d30b5fdb5b45a36f26eefcf52fe2c1714dd4f) Signed-off-by: Michael Tokarev diff --git a/target/arm/tcg/translate-sme.c b/target/arm/tcg/translate-sme.c index 46c7fce8b4..185a8a917b 100644 --- a/target/arm/tcg/translate-sme.c +++ b/target/arm/tcg/translate-sme.c @@ -304,6 +304,7 @@ static bool do_outprod(DisasContext *s, arg_op *a, MemOp esz, } static bool do_outprod_fpst(DisasContext *s, arg_op *a, MemOp esz, + ARMFPStatusFlavour e_fpst, gen_helper_gvec_5_ptr *fn) { int svl = streaming_vec_reg_size(s); @@ -319,15 +320,18 @@ static bool do_outprod_fpst(DisasContext *s, arg_op *a, MemOp esz, zm = vec_full_reg_ptr(s, a->zm); pn = pred_full_reg_ptr(s, a->pn); pm = pred_full_reg_ptr(s, a->pm); - fpst = fpstatus_ptr(FPST_FPCR); + fpst = fpstatus_ptr(e_fpst); fn(za, zn, zm, pn, pm, fpst, tcg_constant_i32(desc)); return true; } -TRANS_FEAT(FMOPA_h, aa64_sme, do_outprod_fpst, a, MO_32, gen_helper_sme_fmopa_h) -TRANS_FEAT(FMOPA_s, aa64_sme, do_outprod_fpst, a, MO_32, gen_helper_sme_fmopa_s) -TRANS_FEAT(FMOPA_d, aa64_sme_f64f64, do_outprod_fpst, a, MO_64, gen_helper_sme_fmopa_d) +TRANS_FEAT(FMOPA_h, aa64_sme, do_outprod_fpst, a, + MO_32, FPST_FPCR_F16, gen_helper_sme_fmopa_h) +TRANS_FEAT(FMOPA_s, aa64_sme, do_outprod_fpst, a, + MO_32, FPST_FPCR, gen_helper_sme_fmopa_s) +TRANS_FEAT(FMOPA_d, aa64_sme_f64f64, do_outprod_fpst, a, + MO_64, FPST_FPCR, gen_helper_sme_fmopa_d) /* TODO: FEAT_EBF16 */ TRANS_FEAT(BFMOPA, aa64_sme, do_outprod, a, MO_32, gen_helper_sme_bfmopa) From patchwork Fri Sep 6 06:53:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 825918 Delivered-To: patch@linaro.org Received: by 2002:adf:a345:0:b0:367:895a:4699 with SMTP id d5csp662515wrb; Thu, 5 Sep 2024 23:58:27 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCX/gKjXnVWmN+VUsPt0cAbtJv/j6m7tQ2KgrUqgPlRsnnF8Rjz8U1uX/L2KwxYRvSyh3n/ElQ==@linaro.org X-Google-Smtp-Source: AGHT+IGmz0h6omXfZeICTQRPcI73IkR1u+uRCdIn1TVEgaP3t6vU+w5QWeRzP/8h3t/jh9AJIazC X-Received: by 2002:a05:6122:3123:b0:4fc:e4f5:7f83 with SMTP id 71dfb90a1353d-5021423527dmr1901267e0c.9.1725605907089; Thu, 05 Sep 2024 23:58:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1725605907; cv=none; d=google.com; s=arc-20240605; b=eDOOrHaTI3yczDzip4ooJT4pVP9/TIZgvzI5xcycwBnblQ8BI5IHX8dxheTLh/ZG0M titgKfM2sVp7qG8/arvJKBbQeiYCzTJqAqwYqaHclCw/C4oQaOTS1719VIGiXA8XO5he XHFvOZEK5aA52/tcd5sudJu3imJdYuVw0MuRsxxMwP/x4Y9afZOWpSt5KNjRsT+aiP+f IJBdZAe0NlUwekE7vQhNsP03F+Tbz84OWdw1f4RYdkRZlD/loiJ5ScoeH8JWO7DvWbF2 HXw8xElYhioqBv7MHSQvI4NuzI5e3K9P3hEfwZmZYELq5gewXovwv3AuPIF0dRGXE0Cz A2Iw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=0PvWPte6xHA6YPYYFit4TR/XAaMZss2qq3Fs4A/QlBA=; fh=OJ0ls6GFiMU4hHpJ98tlecWoPYidhilmxQvB4+9yVtk=; b=PWTNLIeqiW7pdtZTK90pP+iiPr9cXuwBGFnTbng0skiXJHJHiELClkHIhlAeAINlB7 6YZgnls+vxinPGtuYl/feNIVIpVAWgKBIFeY+zT3awkFsUxPbSmjYxilpek2X7/StC9D WYnKdz7PZQkGrw5eHJSFKIRLUeFnssK5tNbH9P7ET3JOhj3j6/RCFQKxpCXlwoZtrxA8 pLapdNYYncmeBjMJzubNyFZ1EmfcqhS4c9Id3xwz7/zIcITz0XKUkXsHBq/KrKNlC3Xd dOKP6ZgUU7PMdpNeGJ3E2WC8kEA6X2aZXz7ELW119+OL27i+KJXLQLFk4hgDxu2uVWjc AS0w==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id d75a77b69052e-45809c96fe0si20255701cf.553.2024.09.05.23.58.26 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 05 Sep 2024 23:58:27 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1smSss-0000M8-QY; Fri, 06 Sep 2024 02:55:54 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smSsn-0008FM-Hn; Fri, 06 Sep 2024 02:55:50 -0400 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smSsl-0003Hk-1D; Fri, 06 Sep 2024 02:55:48 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 8E57F8C244; Fri, 6 Sep 2024 09:53:12 +0300 (MSK) Received: from tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with SMTP id 569901333FC; Fri, 6 Sep 2024 09:54:30 +0300 (MSK) Received: (nullmailer pid 43414 invoked by uid 1000); Fri, 06 Sep 2024 06:54:29 -0000 From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Peter Maydell , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Stefan Hajnoczi , Michael Tokarev Subject: [Stable-8.2.7 15/53] util/async.c: Forbid negative min/max in aio_context_set_thread_pool_params() Date: Fri, 6 Sep 2024 09:53:45 +0300 Message-Id: <20240906065429.42415-15-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Peter Maydell aio_context_set_thread_pool_params() takes two int64_t arguments to set the minimum and maximum number of threads in the pool. We do some bounds checking on these, but we don't catch the case where the inputs are negative. This means that later in the function when we assign these inputs to the AioContext::thread_pool_min and ::thread_pool_max fields, which are of type int, the values might overflow the smaller type. A negative number of threads is meaningless, so make aio_context_set_thread_pool_params() return an error if either min or max are negative. Resolves: Coverity CID 1547605 Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Message-id: 20240723150927.1396456-1-peter.maydell@linaro.org Signed-off-by: Stefan Hajnoczi (cherry picked from commit 851495571d14fe2226c52b9d423f88a4f5460836) Signed-off-by: Michael Tokarev diff --git a/util/async.c b/util/async.c index 8f90ddc304..86d2910481 100644 --- a/util/async.c +++ b/util/async.c @@ -758,7 +758,7 @@ void aio_context_set_thread_pool_params(AioContext *ctx, int64_t min, int64_t max, Error **errp) { - if (min > max || !max || min > INT_MAX || max > INT_MAX) { + if (min > max || max <= 0 || min < 0 || min > INT_MAX || max > INT_MAX) { error_setg(errp, "bad thread-pool-min/thread-pool-max values"); return; } From patchwork Fri Sep 6 06:53:47 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 825915 Delivered-To: patch@linaro.org Received: by 2002:adf:a345:0:b0:367:895a:4699 with SMTP id d5csp662304wrb; Thu, 5 Sep 2024 23:57:34 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXjDK7sJ+IsjCy6ror8E2gpFg3/HxlZb9sXq9qhfAlD/yNoZ62RhES5Cp14l7n1vI3UWlTvKQ==@linaro.org X-Google-Smtp-Source: AGHT+IGvElV2G3t5rjVHIDg1eUwTDMjAgBjFj+AlzYqq9J/ZFjhgdLNKTTFqXgeTdFZex6ReYzMv X-Received: by 2002:a05:620a:2993:b0:79b:a8df:7829 with SMTP id af79cd13be357-7a98888e505mr1427405785a.14.1725605854266; Thu, 05 Sep 2024 23:57:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1725605854; cv=none; d=google.com; s=arc-20240605; b=Fzvw0dDj0HtTOQqoLbHkoiJ9oHKa+t5nASDhDq/OHY3U6NOHHIggUMEp/uJ2hO3A1a 5tsztntJ9Qp/xkSsoagVc1/4a1W+v5FF/tjKEOmz4pa08J4QxN7jM5gh2F/VhKRC1EEk 3x3hvJbF2D8/xwMUIEZqV6Gar/ARJHM5p8CH6JEi1qUDWkkq0/LwRbYbJg1IZUyseMzI tDMKwxqLyuxOMTgnjYIybxcSfTLucLWipjk2+rN70rf3WaH9t+sUrxe3Y9SOfhZkmfl0 hG+ozhozeU8YzRz8v+wq59OdI7Jcv4vUyo7582MBNi+6SGAlsgjlSO/KtcWy+q3wbbma 4SOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=b5aKLoBK4FNzWNKKuQnugRO4B0eckcn2pTlDDQCBgGA=; fh=o/5N7/kxpeWjynMRXgRTkeR2GWte7sLJ7m091+z4hMo=; b=XL4WKqyMjEz8Y2Es4c67NvIchQ8dexdxh8B6Q7FdVh5kBomRDuHJUnNFmJbNSK9OiH n01xXzI7PPfvLd1iMgaubRcM8A1Q7yNcUSBEGuO/woP3aTwuQFRMW0J6Nn22u8CnX7DT 2iZM4zw20YLNWR8bDPjcstTgb71iLw4nYEamVceEGulxanq1mJ6e0oNRc2c069XwU9Eb guUWV0ZNxk5j/qbLGsCLUscYSBpxHy7kq93ZFCxydviyK0LPEvuU1YdZk3RQrtSEqvwr aD7CPNOYjZvZYoffW2Ol3TEeWGtPRQ1y5HhQUZQn4zaLD4irdWn5n41TIHgNxPRlH+0L SNbQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id af79cd13be357-7a98ef3bd68si417857285a.163.2024.09.05.23.57.34 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 05 Sep 2024 23:57:34 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1smSsw-0000fs-Hx; Fri, 06 Sep 2024 02:55:58 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smSsr-0000Fo-QO; Fri, 06 Sep 2024 02:55:53 -0400 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smSsp-0003KQ-Vi; Fri, 06 Sep 2024 02:55:53 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id B8B978C246; Fri, 6 Sep 2024 09:53:12 +0300 (MSK) Received: from tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with SMTP id 822731333FE; Fri, 6 Sep 2024 09:54:30 +0300 (MSK) Received: (nullmailer pid 43432 invoked by uid 1000); Fri, 06 Sep 2024 06:54:29 -0000 From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Richard Henderson , Thomas Huth , Michael Tokarev Subject: [Stable-8.2.7 17/53] target/rx: Use target_ulong for address in LI Date: Fri, 6 Sep 2024 09:53:47 +0300 Message-Id: <20240906065429.42415-17-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Richard Henderson Using int32_t meant that the address was sign-extended to uint64_t when passing to translator_ld*, triggering an assert. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2453 Signed-off-by: Richard Henderson Tested-by: Thomas Huth (cherry picked from commit 83340193b991e7a974f117baa86a04db1fd835a9) Signed-off-by: Michael Tokarev diff --git a/target/rx/translate.c b/target/rx/translate.c index c6ce717a95..d33003f3c1 100644 --- a/target/rx/translate.c +++ b/target/rx/translate.c @@ -86,7 +86,8 @@ static uint32_t decode_load_bytes(DisasContext *ctx, uint32_t insn, static uint32_t li(DisasContext *ctx, int sz) { - int32_t tmp, addr; + target_ulong addr; + uint32_t tmp; CPURXState *env = ctx->env; addr = ctx->base.pc_next; From patchwork Fri Sep 6 06:53:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 825910 Delivered-To: patch@linaro.org Received: by 2002:adf:a345:0:b0:367:895a:4699 with SMTP id d5csp662047wrb; Thu, 5 Sep 2024 23:56:40 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUdwV2kYP/8adkYVyBYjK/gwm6j732bQ0vJtJ7k8lSyFtrfJ1yygcltTvc6zdbwONgUHW8uPQ==@linaro.org X-Google-Smtp-Source: AGHT+IHq3ikP9TNh36YybqzFcjTuibkkD2o7Yca7GaZhdoMfjlFRK2fPSF1HGqtBLvXQD/DTfxek X-Received: by 2002:a05:6214:45a1:b0:6c5:1457:72ad with SMTP id 6a1803df08f44-6c52850b64cmr21922446d6.35.1725605800493; Thu, 05 Sep 2024 23:56:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1725605800; cv=none; d=google.com; s=arc-20240605; b=UBxWP/dWT+158aaNuABx8Pn3SBL0Xdwi0cZngPYnZk9hmUj7NkL8UuKvOD0jaKGFBf fqtyYdQNR89GsksPU1NlxMkfmRtER3sSbHxBeFggr0nXlMxDPsSiB/KqBOp1bogUSQ1C LpAQEEM2/EytQNe9Bp1KfaaaYyiCwcL8UOP8z33RKZVPdElF4LbKTEE1BcpQF7syZE4l 4orE3Exp8eqA769b2kkhQb3vO34MC1UjMAECCmKQeA79AfqWmgXa4RzjoZMYoPduT3D6 /UrshRXEiK5G/k4JRNuauEZf9jznUiy5rrqJFVzmFbJQGioTnU99ljJk+bQyVwJAJhly kmLA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=MCybxD55rVJwEWHpAcE1+WTnkn04s90DiKhKmGApy/U=; fh=He0A/96iGS/hdBTIvTFKPoE7yByjlEm52ubAJxr7bqo=; b=cyrxCIVlpEDYsz0awyKqPQYLbZEsO0AOVaxs+UnSsCSEXmV66MSdVK4jKgDqrGHKtg 2AsY6qY8Cun8LW9p1Tn1DhLPyz4rM1Txlx5MpLSoFgrz9IQOT60RnTlS/1QHWuVu/xFE FFXfIIlKzQZTBoJShCzf2Me8eyXVNhboAi6nC7nMoTHa5x12d9+ZLbed5yam+RW03/oU HRFpFlyA4nqWdbzshRdV4m5z73tP7UCLV/vZN1Y+i+k+epmu2m7hcUVPqhJEU+dNFW6R b6lBUh4opAykEoG8w9H2ZoyiMAteqdH4UcuZ/IAcMQRm8XuYSN5ZeF+LoTUZzSYK8V8b XUoA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id 6a1803df08f44-6c52041ceaesi38194466d6.336.2024.09.05.23.56.40 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 05 Sep 2024 23:56:40 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1smSsy-00014y-LW; Fri, 06 Sep 2024 02:56:00 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smSsv-0000aY-Dk; Fri, 06 Sep 2024 02:55:57 -0400 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smSst-0003Lt-AZ; Fri, 06 Sep 2024 02:55:56 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id E81168C248; Fri, 6 Sep 2024 09:53:12 +0300 (MSK) Received: from tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with SMTP id A6424133400; Fri, 6 Sep 2024 09:54:30 +0300 (MSK) Received: (nullmailer pid 43447 invoked by uid 1000); Fri, 06 Sep 2024 06:54:29 -0000 From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Peter Maydell , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Michael Tokarev Subject: [Stable-8.2.7 19/53] hw/misc/bcm2835_property: Fix handling of FRAMEBUFFER_SET_PALETTE Date: Fri, 6 Sep 2024 09:53:49 +0300 Message-Id: <20240906065429.42415-19-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Peter Maydell The documentation of the "Set palette" mailbox property at https://github.com/raspberrypi/firmware/wiki/Mailbox-property-interface#set-palette says it has the form: Length: 24..1032 Value: u32: offset: first palette index to set (0-255) u32: length: number of palette entries to set (1-256) u32...: RGBA palette values (offset to offset+length-1) We get this wrong in a couple of ways: * we aren't checking the offset and length are in range, so the guest can make us spin for a long time by providing a large length * the bounds check on our loop is wrong: we should iterate through 'length' palette entries, not 'length - offset' entries Fix the loop to implement the bounds checks and get the loop condition right. In the process, make the variables local to this switch case, rather than function-global, so it's clearer what type they are when reading the code. Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Message-id: 20240723131029.1159908-2-peter.maydell@linaro.org (cherry picked from commit 0892fffc2abaadfb5d8b79bb0250ae1794862560) Signed-off-by: Michael Tokarev (Mjt: context fix due to lack of v9.0.0-1812-g5d5f1b60916a "hw/misc: Implement mailbox properties for customer OTP and device specific private keys" also remove now-unused local `n' variable which gets removed in the next change in this file, v9.0.0-2720-g32f1c201eedf "hw/misc/bcm2835_property: Avoid overflow in OTP access properties") diff --git a/hw/misc/bcm2835_property.c b/hw/misc/bcm2835_property.c index ff55a4e2cd..87876f9a58 100644 --- a/hw/misc/bcm2835_property.c +++ b/hw/misc/bcm2835_property.c @@ -28,8 +28,6 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value) uint32_t tot_len; size_t resplen; uint32_t tmp; - int n; - uint32_t offset, length, color; /* * Copy the current state of the framebuffer config; we will update @@ -264,18 +262,25 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value) resplen = 16; break; case RPI_FWREQ_FRAMEBUFFER_SET_PALETTE: - offset = ldl_le_phys(&s->dma_as, value + 12); - length = ldl_le_phys(&s->dma_as, value + 16); - n = 0; - while (n < length - offset) { - color = ldl_le_phys(&s->dma_as, value + 20 + (n << 2)); - stl_le_phys(&s->dma_as, - s->fbdev->vcram_base + ((offset + n) << 2), color); - n++; + { + uint32_t offset = ldl_le_phys(&s->dma_as, value + 12); + uint32_t length = ldl_le_phys(&s->dma_as, value + 16); + int resp; + + if (offset > 255 || length < 1 || length > 256) { + resp = 1; /* invalid request */ + } else { + for (uint32_t e = 0; e < length; e++) { + uint32_t color = ldl_le_phys(&s->dma_as, value + 20 + (e << 2)); + stl_le_phys(&s->dma_as, + s->fbdev->vcram_base + ((offset + e) << 2), color); + } + resp = 0; } - stl_le_phys(&s->dma_as, value + 12, 0); + stl_le_phys(&s->dma_as, value + 12, resp); resplen = 4; break; + } case RPI_FWREQ_FRAMEBUFFER_GET_NUM_DISPLAYS: stl_le_phys(&s->dma_as, value + 12, 1); resplen = 4; From patchwork Fri Sep 6 06:53:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 825911 Delivered-To: patch@linaro.org Received: by 2002:adf:a345:0:b0:367:895a:4699 with SMTP id d5csp662056wrb; Thu, 5 Sep 2024 23:56:42 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWih8foKZ42zTVVqGcczGKcbUwR7uJjwuxAOr51SnLmw4WtqFExA2bHmU03QA3Z+yLrbtGeJA==@linaro.org X-Google-Smtp-Source: AGHT+IHuUCn3mJBXwaQPQ5KlLaRE6VmIRNJe3+248x24kz7UA5VbpF6pGIKrm+2qHPCyirOf0jhj X-Received: by 2002:ac8:5e0d:0:b0:456:8b41:e70b with SMTP id d75a77b69052e-4580c75a128mr19327861cf.48.1725605801839; Thu, 05 Sep 2024 23:56:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1725605801; cv=none; d=google.com; s=arc-20240605; b=OcQ0Nzk56zNBfHdccIeiYal63O7CPX2EkhLXyHAuQwhXLXbGtnQwnUQnXHR13+N8aw qoPaG/Cq8eXBnE4Jbpq67GoyZWiCGJOuzYtn4EH7r0YDQByyAluWXZ9ppoBiyoJO5q+s OPWmCUfDBpX89MpfqAV2BqzD5DSYrAUFuYAGt3g1rLVtg9Qo5hiCRoaDcvUtRA7X+abh gwnlkjGZEy2gz55QV1WEegW3tIwXFN9StyPinMrzANjnKJVAfrkVr+mqHLbpWZ2MNZAT kRtrG1Ckms9nGbHoCPWe8cu7KskUQg6hpwkmV5X2joToYhq0uy7mVVZoJtWsAFTUFEns /Gww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=n27VxaASKisTka2Xg9LM+6ajDouYxMxIIcJz3kE/bt0=; fh=xJ1URYKcMN3TM0/XAv5v+aCN+5tIbzAdcfBx5UNgoLw=; b=gNNYAB8qm5Fb1xvDQqWgug0Nsj62oaI1ouj7g/2KXcsRR6I4rIuktcGhuRK50rhuQa 17wyMN+U+ePI3otkYEuMMgKFstr6tFLilymViu8vyaHMtdSZJB/6ryaBXxxld2tkXW98 32wsFmUf7yC+NwuFSFFLzVIyzeakJMAbdOLo9uhJMHTaTLa8JsPWEZLOmkpQ01x6axOj oa99rpZ18nyMTCkPCeLRxNUvUUuHr215lFZ1AoMaMpqBbQELRPX95BMJBvx5tgXS7xc1 n4Vxt+wy8Bla192LdFCdNRzvYoF4rUsBDKkhMHuDPYekblnx6m+CAmCbY9moDQ0B5SnX 8VPg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id d75a77b69052e-45814e23b3asi509511cf.51.2024.09.05.23.56.41 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 05 Sep 2024 23:56:41 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1smSt1-0001YW-CU; Fri, 06 Sep 2024 02:56:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smSsy-000155-KR; Fri, 06 Sep 2024 02:56:00 -0400 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smSsw-0003MZ-Pk; Fri, 06 Sep 2024 02:56:00 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 029678C249; Fri, 6 Sep 2024 09:53:13 +0300 (MSK) Received: from tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with SMTP id C0248133401; Fri, 6 Sep 2024 09:54:30 +0300 (MSK) Received: (nullmailer pid 43463 invoked by uid 1000); Fri, 06 Sep 2024 06:54:29 -0000 From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Peter Maydell , Richard Henderson , Michael Tokarev Subject: [Stable-8.2.7 20/53] target/arm: Don't assert for 128-bit tile accesses when SVL is 128 Date: Fri, 6 Sep 2024 09:53:50 +0300 Message-Id: <20240906065429.42415-20-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Peter Maydell For an instruction which accesses a 128-bit element tile when the SVL is also 128 (for example MOV z0.Q, p0/M, ZA0H.Q[w0,0]), we will assert in get_tile_rowcol(): qemu-system-aarch64: ../../tcg/tcg-op.c:926: tcg_gen_deposit_z_i32: Assertion `len > 0' failed. This happens because we calculate len = ctz32(streaming_vec_reg_size(s)) - esz;$ but if the SVL and the element size are the same len is 0, and the deposit operation asserts. In this case the ZA storage contains exactly one 128 bit element ZA tile, and the horizontal or vertical slice is just that tile. This means that regardless of the index value in the Ws register, we always access that tile. (In pseudocode terms, we calculate (index + offset) MOD 1, which is 0.) Special case the len == 0 case to avoid hitting the assertion in tcg_gen_deposit_z_i32(). Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20240722172957.1041231-2-peter.maydell@linaro.org (cherry picked from commit 56f1c0db928aae0b83fd91c89ddb226b137e2b21) Signed-off-by: Michael Tokarev diff --git a/target/arm/tcg/translate-sme.c b/target/arm/tcg/translate-sme.c index 185a8a917b..a50a419af2 100644 --- a/target/arm/tcg/translate-sme.c +++ b/target/arm/tcg/translate-sme.c @@ -49,7 +49,15 @@ static TCGv_ptr get_tile_rowcol(DisasContext *s, int esz, int rs, /* Prepare a power-of-two modulo via extraction of @len bits. */ len = ctz32(streaming_vec_reg_size(s)) - esz; - if (vertical) { + if (!len) { + /* + * SVL is 128 and the element size is 128. There is exactly + * one 128x128 tile in the ZA storage, and so we calculate + * (Rs + imm) MOD 1, which is always 0. We need to special case + * this because TCG doesn't allow deposit ops with len 0. + */ + tcg_gen_movi_i32(tmp, 0); + } else if (vertical) { /* * Compute the byte offset of the index within the tile: * (index % (svl / size)) * size From patchwork Fri Sep 6 06:53:51 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 825914 Delivered-To: patch@linaro.org Received: by 2002:adf:a345:0:b0:367:895a:4699 with SMTP id d5csp662290wrb; Thu, 5 Sep 2024 23:57:33 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWGcujkx4HJfld8M/s7xhALZdhN6Q1LxiRpL8XlZTc2dqi4psxaquBM7b192yvf2PvJiY7V5w==@linaro.org X-Google-Smtp-Source: AGHT+IGgRRecffVkorb+b181fEsDc2z1Pej+bKpr9607lZRZ76x+8kfAaBDkOWp8Uuj/c8dVl37C X-Received: by 2002:a05:6214:5544:b0:6c3:62bc:5dd8 with SMTP id 6a1803df08f44-6c528500482mr23740976d6.27.1725605852795; Thu, 05 Sep 2024 23:57:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1725605852; cv=none; d=google.com; s=arc-20240605; b=BBMf9tkO5dwEYDRnMEgaS2Ug5hVJRgoxKVOC87wgTZsG7ZspLDCOa08NRbjCtWAj+j 5DUzY2tID+/NiCahy7FeTTJFq97UQiPRraJQVWdCV34tF9jYZfnDRe2e11pLcUW4kP6t MO18QpnJvoB8SCR33x6ii256TdhaqaLSTHFieZFLDfCK7ZTgLMizJSA9TEzT21d+yNsZ K7kxrTtZJ97py0+qsquhYmXBYUpvIg/yGkeAzl53Mo5LQ/rxkQcRTZ0+wfL7LiycnJ4T qcHRylMvowugFcZQwSKa7JBGvD5G0J9XOkOwPYcE9vZmg3kvviZHalsSYJXPa1R5RHOl DMnQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=XOxtLhZ5tCE/URPeqJzT+qG9oFSUPUp/UoLzaMkVVtc=; fh=xJ1URYKcMN3TM0/XAv5v+aCN+5tIbzAdcfBx5UNgoLw=; b=Q1fM9/IMnS2FSslKI+PLklkmU47nO44InRnCkCw+8/g6WMWEE2Nd/nST/EDf1X77DU EVC55NBNwREhR+nyFhluufhekhAQdoUDiLpUI/29GqNQX4PAofAolKzI5Q9Ph78PE+59 vFWwHYYIUNiPJQD9lpbeuwVygUJLrp4BPmyRx2tmUnKMUvVAnG1Gz5uIBRAc82vKaVv0 RGLfHC1cKm9S5YsYrqAWocZD1uGT9KuNKGwm/5PVMhAOMcM3J5S8Zkbk60CZR5EOoDAh wjnLbqKncOc4pPVkbP/qiJCBm+DcmZyw6zVu8dI63ypUOsM8NAuKczmWubLUjwOD4vNp JfzQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id 6a1803df08f44-6c520512783si36726876d6.434.2024.09.05.23.57.32 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 05 Sep 2024 23:57:32 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1smStL-0003rV-D0; Fri, 06 Sep 2024 02:56:23 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smStI-0003b7-Ra; Fri, 06 Sep 2024 02:56:20 -0400 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smStG-0003Mj-Ve; Fri, 06 Sep 2024 02:56:20 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 114AB8C24A; Fri, 6 Sep 2024 09:53:13 +0300 (MSK) Received: from tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with SMTP id CECA5133402; Fri, 6 Sep 2024 09:54:30 +0300 (MSK) Received: (nullmailer pid 43470 invoked by uid 1000); Fri, 06 Sep 2024 06:54:29 -0000 From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Peter Maydell , Richard Henderson , Michael Tokarev Subject: [Stable-8.2.7 21/53] target/arm: Fix UMOPA/UMOPS of 16-bit values Date: Fri, 6 Sep 2024 09:53:51 +0300 Message-Id: <20240906065429.42415-21-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -57 X-Spam_score: -5.8 X-Spam_bar: ----- X-Spam_report: (-5.8 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, THIS_AD=1.099, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Peter Maydell The UMOPA/UMOPS instructions are supposed to multiply unsigned 8 or 16 bit elements and accumulate the products into a 64-bit element. In the Arm ARM pseudocode, this is done with the usual infinite-precision signed arithmetic. However our implementation doesn't quite get it right, because in the DEF_IMOP_64() macro we do: sum += (NTYPE)(n >> 0) * (MTYPE)(m >> 0); where NTYPE and MTYPE are uint16_t or int16_t. In the uint16_t case, the C usual arithmetic conversions mean the values are converted to "int" type and the multiply is done as a 32-bit multiply. This means that if the inputs are, for example, 0xffff and 0xffff then the result is 0xFFFE0001 as an int, which is then promoted to uint64_t for the accumulation into sum; this promotion incorrectly sign extends the multiply. Avoid the incorrect sign extension by casting to int64_t before the multiply, so we do the multiply as 64-bit signed arithmetic, which is a type large enough that the multiply can never overflow into the sign bit. (The equivalent 8-bit operations in DEF_IMOP_32() are fine, because the 8-bit multiplies can never overflow into the sign bit of a 32-bit integer.) Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2372 Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20240722172957.1041231-3-peter.maydell@linaro.org (cherry picked from commit ea3f5a90f036734522e9af3bffd77e69e9f47355) Signed-off-by: Michael Tokarev diff --git a/target/arm/tcg/sme_helper.c b/target/arm/tcg/sme_helper.c index 5a6dd76489..f9001f5213 100644 --- a/target/arm/tcg/sme_helper.c +++ b/target/arm/tcg/sme_helper.c @@ -1146,10 +1146,10 @@ static uint64_t NAME(uint64_t n, uint64_t m, uint64_t a, uint8_t p, bool neg) \ uint64_t sum = 0; \ /* Apply P to N as a mask, making the inactive elements 0. */ \ n &= expand_pred_h(p); \ - sum += (NTYPE)(n >> 0) * (MTYPE)(m >> 0); \ - sum += (NTYPE)(n >> 16) * (MTYPE)(m >> 16); \ - sum += (NTYPE)(n >> 32) * (MTYPE)(m >> 32); \ - sum += (NTYPE)(n >> 48) * (MTYPE)(m >> 48); \ + sum += (int64_t)(NTYPE)(n >> 0) * (MTYPE)(m >> 0); \ + sum += (int64_t)(NTYPE)(n >> 16) * (MTYPE)(m >> 16); \ + sum += (int64_t)(NTYPE)(n >> 32) * (MTYPE)(m >> 32); \ + sum += (int64_t)(NTYPE)(n >> 48) * (MTYPE)(m >> 48); \ return neg ? a - sum : a + sum; \ } From patchwork Fri Sep 6 06:53:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 825916 Delivered-To: patch@linaro.org Received: by 2002:adf:a345:0:b0:367:895a:4699 with SMTP id d5csp662317wrb; Thu, 5 Sep 2024 23:57:36 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCV8F/UJ+y6nlqWKuFaItHcVQj/HZN7Ds4v+sZUJjMZvZhiUpLVm8ly5WNN5HjvR8eMO4tQ4mA==@linaro.org X-Google-Smtp-Source: AGHT+IFOW9Dyqa0MOBwmCRL6rbMed7qKTAuZkRTByqBmA1UHPt1cUr0NpXUtEcvGAjnbzvu0txO9 X-Received: by 2002:a05:622a:1e8b:b0:447:dfe3:9e76 with SMTP id d75a77b69052e-4567f6facedmr289246271cf.62.1725605856589; Thu, 05 Sep 2024 23:57:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1725605856; cv=none; d=google.com; s=arc-20240605; b=giy4Jwz8ZhZkOCKIjzTtqqljFahOIWzor25pmDoUtXbd1hgvVDVo7qBrjrvZCK6m6F tK8DLbTiOjKCEKMyPoRbbehB0bm9atJbyVw0JrY53Ix/lx48rMKEXItthmi39ssubTf0 h2Z2yz+jndEAI85tH3qtW+f5XGPOYW2BP/M8tAeG0LEXIKDQY6XdJ4krYLRjEnS+7TSd 3zGWnuaU6AdKY0pLbPeuWmpjDpOmasZYxs8Qe+r9DpHXeUYMyQC/UKh5uyq9z6zOIwz3 2WyGylJ1bysdRXCJS2TFEJxBtjb4gnmfn/7hLc6HZky6XmtfvNnLlhOKkG2esqavzyrg bP4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=WXUELjxTo9H93go5y3CUd6H99Sq/VS7DyTeWtKTKIX0=; fh=xJ1URYKcMN3TM0/XAv5v+aCN+5tIbzAdcfBx5UNgoLw=; b=MZiZCE3VCdu6IhHJ3LmMFjEEYx4m8kVL9fM8akjADqqXkckv54d5DqzfVxbcicMBEx D5Fyht3oBqcfvirjhBu9vPw1IomsptyX1EFqxjKGZG+HqLOznXvG+bXzQRWgZ/twq7pY LmwqE9Rj1WoIaliMtmTa5lU9GD3/r75ZTxj47xUxr77FHvXPfBsmLpeyvPjUZAeayr/u rXBaKsuX+q+lujDkTdSOmgbAlUp1mMGebnt2YYCFznmpBUtze7mcrTQbqPMsUZzr/Hfo 9amKJ9Qs1gygyiIiJTRXaEyGer/XTt5dw49XotEKp1AzbEUZ7gsLZQDCMbBehbHuPQnM sdxA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id d75a77b69052e-45809c99e79si23147291cf.672.2024.09.05.23.57.36 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 05 Sep 2024 23:57:36 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1smStN-0004D3-Mn; Fri, 06 Sep 2024 02:56:25 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smStL-0003v4-No; Fri, 06 Sep 2024 02:56:23 -0400 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smStK-0003ND-1e; Fri, 06 Sep 2024 02:56:23 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 200868C24B; Fri, 6 Sep 2024 09:53:13 +0300 (MSK) Received: from tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with SMTP id DDAA2133403; Fri, 6 Sep 2024 09:54:30 +0300 (MSK) Received: (nullmailer pid 43484 invoked by uid 1000); Fri, 06 Sep 2024 06:54:30 -0000 From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Peter Maydell , Richard Henderson , Michael Tokarev Subject: [Stable-8.2.7 22/53] target/arm: Avoid shifts by -1 in tszimm_shr() and tszimm_shl() Date: Fri, 6 Sep 2024 09:53:52 +0300 Message-Id: <20240906065429.42415-22-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Peter Maydell The function tszimm_esz() returns a shift amount, or possibly -1 in certain cases that correspond to unallocated encodings in the instruction set. We catch these later in the trans_ functions (generally with an "a-esz < 0" check), but before we do the decodetree-generated code will also call tszimm_shr() or tszimm_sl(), which will use the tszimm_esz() return value as a shift count without checking that it is not negative, which is undefined behaviour. Avoid the UB by checking the return value in tszimm_shr() and tszimm_shl(). Cc: qemu-stable@nongnu.org Resolves: Coverity CID 1547617, 1547694 Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20240722172957.1041231-4-peter.maydell@linaro.org (cherry picked from commit 76916dfa89e8900639c1055c07a295c06628a0bc) Signed-off-by: Michael Tokarev diff --git a/target/arm/tcg/translate-sve.c b/target/arm/tcg/translate-sve.c index ada05aa530..466a19c25a 100644 --- a/target/arm/tcg/translate-sve.c +++ b/target/arm/tcg/translate-sve.c @@ -50,13 +50,27 @@ static int tszimm_esz(DisasContext *s, int x) static int tszimm_shr(DisasContext *s, int x) { - return (16 << tszimm_esz(s, x)) - x; + /* + * We won't use the tszimm_shr() value if tszimm_esz() returns -1 (the + * trans function will check for esz < 0), so we can return any + * value we like from here in that case as long as we avoid UB. + */ + int esz = tszimm_esz(s, x); + if (esz < 0) { + return esz; + } + return (16 << esz) - x; } /* See e.g. LSL (immediate, predicated). */ static int tszimm_shl(DisasContext *s, int x) { - return x - (8 << tszimm_esz(s, x)); + /* As with tszimm_shr(), value will be unused if esz < 0 */ + int esz = tszimm_esz(s, x); + if (esz < 0) { + return esz; + } + return x - (8 << esz); } /* The SH bit is in bit 8. Extract the low 8 and shift. */ From patchwork Fri Sep 6 06:53:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 825926 Delivered-To: patch@linaro.org Received: by 2002:adf:a345:0:b0:367:895a:4699 with SMTP id d5csp665345wrb; Fri, 6 Sep 2024 00:06:21 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUis3+N8teLcEShpNR4KppLzR/RmejpQr01MLaIRKsFGipN/zCGfnqJy5BFoSjHAGVlAO+HqQ==@linaro.org X-Google-Smtp-Source: AGHT+IGEd9RMjI8phJsR1v/KTceX+78ID7l0kPjmb+jxnH6wj5JUgiteoHOEDxFCJBdjBnwrbHpC X-Received: by 2002:a05:622a:a13:b0:456:847d:4787 with SMTP id d75a77b69052e-456847d4cedmr360950521cf.42.1725606380827; Fri, 06 Sep 2024 00:06:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1725606380; cv=none; d=google.com; s=arc-20240605; b=fI9nOG98T/T4ITf/TkhWxvxzdV7Od9kG+wEVn9UepU3ejX+qUHy7i4TJ/jWI0nT2Kj nv5LERKxGk7Th4yDIxp4RD8jhbA9GwX5x4KeUZUpyta8lrneqp2B5G9VfBecsH0hUtoN YLCHKcvtfAjI3WnbA3r8w/oZIqvi1zvTjYB1I5TQVa6uFcotZlOtZeuRKLyrecwHofI7 4TlXt4n1/bLLhrhOGil+W8UqtHLYxUOe0SzOnBHFNgRWbxT1/ZNEbKQNP7QJCjEz/gwy 2z1JDAB8CTYqdK90V5z6MP7dsKTvP8os9weslAnClhx8nwshrrhVf0oVyPTCarmJSvfK O77Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=XGisAQpB4WjreTbJfLcH0pOlwFJjXF5m0QlWl7Gj1iI=; fh=xJ1URYKcMN3TM0/XAv5v+aCN+5tIbzAdcfBx5UNgoLw=; b=Txezsh7JeynEBOGeXxhSn03IVoAcf0WJ66DlJuizpT7halJFIdAU+zT0+wpcRLFvQk fWOlUD60Z1/fx9fpIIVK7HPdL3xR+IIgzR6mQBdGfPTtZNOkWF//39T9fB8zgNaVIuNY zqa03YLwMOj8Pq4aT1rNLCmT6YPF1wNV9HqoxJJzquu8I/5SJ5LemvAyDt7ZrT5R+wFw AFk4/+3ppFQEkL9UlWS3nbiVi22XxEhYNle4QUiYRd6cIaWLtLnkBfgp+hVtPvf4rY0d 2uKmzKNC1jydHr16Zoi+CkdEUxXuYF57WDTwzw+CGbXO1DIHacQ1ufzmytApeOgrIb+3 zNDw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id d75a77b69052e-45809c4d12csi20602621cf.117.2024.09.06.00.06.20 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Fri, 06 Sep 2024 00:06:20 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1smStO-0004HT-7q; Fri, 06 Sep 2024 02:56:26 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smStM-0003yi-0V; Fri, 06 Sep 2024 02:56:24 -0400 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smStK-0003PX-8g; Fri, 06 Sep 2024 02:56:23 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 2EC6E8C24C; Fri, 6 Sep 2024 09:53:13 +0300 (MSK) Received: from tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with SMTP id EC46B133404; Fri, 6 Sep 2024 09:54:30 +0300 (MSK) Received: (nullmailer pid 43491 invoked by uid 1000); Fri, 06 Sep 2024 06:54:30 -0000 From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Peter Maydell , Richard Henderson , Michael Tokarev Subject: [Stable-8.2.7 23/53] target/arm: Ignore SMCR_EL2.LEN and SVCR_EL2.LEN if EL2 is not enabled Date: Fri, 6 Sep 2024 09:53:53 +0300 Message-Id: <20240906065429.42415-23-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Peter Maydell When determining the current vector length, the SMCR_EL2.LEN and SVCR_EL2.LEN settings should only be considered if EL2 is enabled (compare the pseudocode CurrentSVL and CurrentNSVL which call EL2Enabled()). We were checking against ARM_FEATURE_EL2 rather than calling arm_is_el2_enabled(), which meant that we would look at SMCR_EL2/SVCR_EL2 when in Secure EL1 or Secure EL0 even if Secure EL2 was not enabled. Use the correct check in sve_vqm1_for_el_sm(). Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20240722172957.1041231-5-peter.maydell@linaro.org (cherry picked from commit f573ac059ed060234fcef4299fae9e500d357c33) Signed-off-by: Michael Tokarev diff --git a/target/arm/helper.c b/target/arm/helper.c index ca2c6e9732..9ff266a235 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -6860,7 +6860,7 @@ uint32_t sve_vqm1_for_el_sm(CPUARMState *env, int el, bool sm) if (el <= 1 && !el_is_in_host(env, el)) { len = MIN(len, 0xf & (uint32_t)cr[1]); } - if (el <= 2 && arm_feature(env, ARM_FEATURE_EL2)) { + if (el <= 2 && arm_is_el2_enabled(env)) { len = MIN(len, 0xf & (uint32_t)cr[2]); } if (arm_feature(env, ARM_FEATURE_EL3)) { From patchwork Fri Sep 6 06:53:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 825913 Delivered-To: patch@linaro.org Received: by 2002:adf:a345:0:b0:367:895a:4699 with SMTP id d5csp662286wrb; Thu, 5 Sep 2024 23:57:32 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVow6p/4RNQAMEw/OYqvdIK3fYwTyUG/fcnPpd+4nN+aU4h6IXoPJSpsMiSGYTKe6Wy3apfIQ==@linaro.org X-Google-Smtp-Source: AGHT+IHeL/AGWebzD8mwh1h9oKiwKAgs22u4bDl6tXn9ZKM/+iPHdkYUfe40O2ONx470MgoFdDNi X-Received: by 2002:a05:622a:5cd:b0:44f:f6da:efaf with SMTP id d75a77b69052e-4580c786469mr16938061cf.44.1725605852302; Thu, 05 Sep 2024 23:57:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1725605852; cv=none; d=google.com; s=arc-20240605; b=fFQ+L/EGNa1cmdhBLmU7RosVAREJTEpDXkFyZcHY9jq/Q27w7DMX/UCIWogs9nbNyX BIJBlxYArcl7eeM1B4MFj7OZgLoHHE8DTM5wQMpKlYRGG49SGicFbDWgmT2W4oEupsUw tHUf32ZLLQVGLeP/z7KfvntF5PpocnmwwOItH6OouCg/VS9KXjNv52qIgq4ojQd1VnEJ won8rNpg0Igmg/0+vPtHP/1n/UJRP/8sOVydQ9QMr8d67P00BKKvK7qUymmrEezm2bhw U4fX3QKjN0QK6Zgn+xypi0aXbiNnDdmnxdiIiGOjTP0bIdw0JvDSSNrCnQ6FaJc+aPdx CYKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=LxVt8Zqzx+mHsb5SPIqxofKuCv6ai9lg4miz52rF5Qk=; fh=He0A/96iGS/hdBTIvTFKPoE7yByjlEm52ubAJxr7bqo=; b=cFF3caLBBcD+iXoNu6iJXYjXml85qNj59CGIjOCz0dZXpfLgqY7JbyZSOyhdEk7EJ/ LqJni7Ql1rjdQdI/OeMKYhHZYzb1yByu311PWaPZw9plBbx2it6DWgaH5M4oopeGb5IR YPDXyFkqX6uxcMTkU844Nu+rb1uf3JEkPFVLE20wJMUO/0bC5lfHqegVe4EmsYx/5rvf IVenLjTPKXaDbhQoEbkwmSp/fIk4zxX0HmghQ45ANBQ5Ht7vf+eniVN3FQn7RSfzAguP jmKaIhWF7AAW6KHJPGGGsRtJQpKGLsyQr5cm1pOKub2GN1KJC8lIr1ABau53Y1zVBP2u v0Qw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id d75a77b69052e-45809c59e30si20173761cf.163.2024.09.05.23.57.32 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 05 Sep 2024 23:57:32 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1smStQ-0004cD-Dz; Fri, 06 Sep 2024 02:56:28 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smStP-0004Sg-5r; Fri, 06 Sep 2024 02:56:27 -0400 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smStN-0003Px-E7; Fri, 06 Sep 2024 02:56:26 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 3DA5D8C24D; Fri, 6 Sep 2024 09:53:13 +0300 (MSK) Received: from tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with SMTP id 06F03133405; Fri, 6 Sep 2024 09:54:31 +0300 (MSK) Received: (nullmailer pid 43503 invoked by uid 1000); Fri, 06 Sep 2024 06:54:30 -0000 From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Peter Maydell , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Michael Tokarev Subject: [Stable-8.2.7 24/53] docs/sphinx/depfile.py: Handle env.doc2path() returning a Path not a str Date: Fri, 6 Sep 2024 09:53:54 +0300 Message-Id: <20240906065429.42415-24-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Peter Maydell In newer versions of Sphinx the env.doc2path() API is going to change to return a Path object rather than a str. This was originally visible in Sphinx 8.0.0rc1, but has been rolled back for the final 8.0.0 release. However it will probably emit a deprecation warning and is likely to change for good in 9.0: https://github.com/sphinx-doc/sphinx/issues/12686 Our use in depfile.py assumes a str, and if it is passed a Path it will fall over: Handler for event 'build-finished' threw an exception (exception: unsupported operand type(s) for +: 'PosixPath' and 'str') Wrapping the env.doc2path() call in str() will coerce a Path object to the str we expect, and have no effect in older Sphinx versions that do return a str. Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2458 Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Message-ID: <20240729120533.2486427-1-peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé (cherry picked from commit 48e5b5f994bccf161dd88a67fdd819d4bfb400f1) Signed-off-by: Michael Tokarev diff --git a/docs/sphinx/depfile.py b/docs/sphinx/depfile.py index afdcbcec6e..e74be6af98 100644 --- a/docs/sphinx/depfile.py +++ b/docs/sphinx/depfile.py @@ -19,7 +19,7 @@ def get_infiles(env): for x in env.found_docs: - yield env.doc2path(x) + yield str(env.doc2path(x)) yield from ((os.path.join(env.srcdir, dep) for dep in env.dependencies[x])) for mod in sys.modules.values(): From patchwork Fri Sep 6 06:53:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 825925 Delivered-To: patch@linaro.org Received: by 2002:adf:a345:0:b0:367:895a:4699 with SMTP id d5csp665332wrb; Fri, 6 Sep 2024 00:06:18 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUwVcTzJOT4eeV850CgHwGTkKiWobzC8isq4eT4BG/ajWKOkhWiulJSBM0BGDaOm7uLO5kjkQ==@linaro.org X-Google-Smtp-Source: AGHT+IFB2hL/+ROe9sbsm3ywPds6vGaz9+lIxk4c8iWOtu0HVPSXTuAJK9Q9+xFqGyvyrV09oOK8 X-Received: by 2002:a05:6902:2745:b0:e0b:a7c1:9dcc with SMTP id 3f1490d57ef6-e1d34882d90mr1624597276.20.1725606378560; Fri, 06 Sep 2024 00:06:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1725606378; cv=none; d=google.com; s=arc-20240605; b=i+eP2ildRDLHz+nNjuWgOD3oJfQbDdfUeuPIApuyNHpGQ2mlKUyZT0qhL45paJDF8+ 2F8ow0bsABNcK3lBfKoVndta0ar5xAexF8wKVWmIsnrShEbjxjiw78fcIvvy0iKylv2y tKggB9zy43yB4sjU+FOqT6rbgjNysvfyZ3ebcaOg06szLrl9KgAOz6g8j26iAMcNIVaB Lgt11rjQKSZvEYDJ4BQckgX//5/jvqIuPCyIQHO4TRRqZdlGIG5htQBiEx0TJUpUSQWJ rU/X5XZekQBffnhC9ir9ulmC8rYbHWhgtTPUHJBjRAGpD/0uSrDOTUl4MhZj9q9Y0EdN v5Lw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=262cAKYZoNQjQbu/JzPYBjYAsDiK8/+WzcqtdmUNF6I=; fh=lkSFXoxMdr4qZMbOju3jrj6agwaYXwlSFfKSAqY95WM=; b=X5bGtO2a2FHyEYTwjr+98cW2F8tNmLWrSNw3YfAx0SOo8+3hQJ0wSZS11psX9RjD2x EqqN2Y/dVJjGWqWfQKusDIQ1PUddGZrKU/eVI51xStxXK1iR/hg69gZ6LMLbJmTYeMq5 KxEVDeFofIDyU81L6KHsDft2NbKoEwErNSMWA+NM8dTufdD47bk9QiYeFgMyMis3Ou3E QM6sRYK5Ang/3qz9hj5K8cMN8qsKUKutVWuznX5TnVInIRNkzvDTB9qxua8oTpCx93Xg 6yRUrrc++1U0rm65K6aQcfHjJ5BIxeW71Uua1PGYLSxm8Ti3lxDm7LU9U3S4+FfekeOh GPWA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id 6a1803df08f44-6c52051aafesi36669396d6.459.2024.09.06.00.06.18 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Fri, 06 Sep 2024 00:06:18 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1smStm-00081h-3z; Fri, 06 Sep 2024 02:56:50 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smStj-0007Zq-BR; Fri, 06 Sep 2024 02:56:47 -0400 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smSth-0003Q5-Iq; Fri, 06 Sep 2024 02:56:47 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 4C5A68C24E; Fri, 6 Sep 2024 09:53:13 +0300 (MSK) Received: from tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with SMTP id 15D7D133406; Fri, 6 Sep 2024 09:54:31 +0300 (MSK) Received: (nullmailer pid 43510 invoked by uid 1000); Fri, 06 Sep 2024 06:54:30 -0000 From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Peter Maydell , "Michael S . Tsirkin" , Michael Tokarev Subject: [Stable-8.2.7 25/53] hw/i386/amd_iommu: Don't leak memory in amdvi_update_iotlb() Date: Fri, 6 Sep 2024 09:53:55 +0300 Message-Id: <20240906065429.42415-25-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Peter Maydell In amdvi_update_iotlb() we will only put a new entry in the hash table if to_cache.perm is not IOMMU_NONE. However we allocate the memory for the new AMDVIIOTLBEntry and for the hash table key regardless. This means that in the IOMMU_NONE case we will leak the memory we alloacted. Move the allocations into the if() to the point where we know we're going to add the item to the hash table. Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2452 Signed-off-by: Peter Maydell Message-Id: <20240731170019.3590563-1-peter.maydell@linaro.org> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin (cherry picked from commit 9a45b0761628cc59267b3283a85d15294464ac31) Signed-off-by: Michael Tokarev diff --git a/hw/i386/amd_iommu.c b/hw/i386/amd_iommu.c index 4203144da9..12742b1433 100644 --- a/hw/i386/amd_iommu.c +++ b/hw/i386/amd_iommu.c @@ -346,12 +346,12 @@ static void amdvi_update_iotlb(AMDVIState *s, uint16_t devid, uint64_t gpa, IOMMUTLBEntry to_cache, uint16_t domid) { - AMDVIIOTLBEntry *entry = g_new(AMDVIIOTLBEntry, 1); - uint64_t *key = g_new(uint64_t, 1); - uint64_t gfn = gpa >> AMDVI_PAGE_SHIFT_4K; - /* don't cache erroneous translations */ if (to_cache.perm != IOMMU_NONE) { + AMDVIIOTLBEntry *entry = g_new(AMDVIIOTLBEntry, 1); + uint64_t *key = g_new(uint64_t, 1); + uint64_t gfn = gpa >> AMDVI_PAGE_SHIFT_4K; + trace_amdvi_cache_update(domid, PCI_BUS_NUM(devid), PCI_SLOT(devid), PCI_FUNC(devid), gpa, to_cache.translated_addr); From patchwork Fri Sep 6 06:53:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 825924 Delivered-To: patch@linaro.org Received: by 2002:adf:a345:0:b0:367:895a:4699 with SMTP id d5csp664748wrb; Fri, 6 Sep 2024 00:04:36 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVXdIWeMM8Xg7CGG2tEa2knxERv+E9w1Xr99NFXBqq6oBLkcq4BopbIaLNZyYorrvGwRELqBQ==@linaro.org X-Google-Smtp-Source: AGHT+IHdXmexrPwvMfypNw3CfZujQMSwqvW2C7tF8RqXbGsEnTFl1mvpCt7EiCjIsCllViU6s/31 X-Received: by 2002:a05:620a:370a:b0:7a7:da1e:fe2d with SMTP id af79cd13be357-7a8041bb467mr3116552685a.25.1725606276259; Fri, 06 Sep 2024 00:04:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1725606276; cv=none; d=google.com; s=arc-20240605; b=eG1MiDwWeN2bTAJ8feC6J8k0AcEerrJ5G4EmRD5pwr4a8L1jMIUu4vZaR/hMRv/HBC 3m8MFhX+l6aong9HqkJ1uOoW31EUXzb4pCNku+k4PxndJUo5eMgwD9IEAQN4OEhIgrVJ wwVgd8og1R5o1JJonBuiGhX3SgQXvcLHI9Ww4moU461CCMJP20mUCZtGQDd/hf0J1y87 kkuJYluL8K1iW+xev4n91wBFXp8D9pgW7CaYxI+IeNCB+PTpx61F6fb2Wj//guDgMgh3 jQLFr9TUr7aCK49vltOg9p4uKF7rLU9MS5ULDjSaaJCrehj6O+BLNPveJ7k/Qzbnj37o D4QA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=B6UMtjlZGw29ztUu2T90k4F48ytfJKpl3S6o53CxgGw=; fh=xJ1URYKcMN3TM0/XAv5v+aCN+5tIbzAdcfBx5UNgoLw=; b=eWd/FCY/BLbHp7Zy6bNZum4gHb8bTMznCkDb4Li08n8plr2bb/2UKKXUpRm5L1mLKn yd3qagXSqgI/k1ssT9D0cUtPhU5Y3AUaEIebC9zY3W+3r1p2nVH4psRNt2Kts19u96XS EMBotY4SE6jAXgJ9jS4KnezSwHOHfCVO/htiTYW4HsuVNaHGoH2Gx1gQ0ZdyzEarrCU4 5iTure8oUnE5OYLB95URW6ZplGiPDZKREmYY/qcHuMvXA0qxO0VB7JSkSF1DyRNOrXjv CB2960Q0T69PWzeOJWeN+K6viglxuqRPQoXffcrbrr4BO8xmztCEuD0Af7rX+H2/GA2X 3bKw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id af79cd13be357-7a98ef1e487si374050385a.133.2024.09.06.00.04.36 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Fri, 06 Sep 2024 00:04:36 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1smSuR-0002eS-2a; Fri, 06 Sep 2024 02:57:31 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smSto-0008PZ-MM; Fri, 06 Sep 2024 02:56:55 -0400 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smStm-0003TC-7S; Fri, 06 Sep 2024 02:56:52 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 6BD0F8C250; Fri, 6 Sep 2024 09:53:13 +0300 (MSK) Received: from tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with SMTP id 33B94133408; Fri, 6 Sep 2024 09:54:31 +0300 (MSK) Received: (nullmailer pid 43529 invoked by uid 1000); Fri, 06 Sep 2024 06:54:30 -0000 From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Peter Maydell , Richard Henderson , Michael Tokarev Subject: [Stable-8.2.7 27/53] target/arm: Handle denormals correctly for FMOPA (widening) Date: Fri, 6 Sep 2024 09:53:57 +0300 Message-Id: <20240906065429.42415-27-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Peter Maydell The FMOPA (widening) SME instruction takes pairs of half-precision floating point values, widens them to single-precision, does a two-way dot product and accumulates the results into a single-precision destination. We don't quite correctly handle the FPCR bits FZ and FZ16 which control flushing of denormal inputs and outputs. This is because at the moment we pass a single float_status value to the helper function, which then uses that configuration for all the fp operations it does. However, because the inputs to this operation are float16 and the outputs are float32 we need to use the fp_status_f16 for the float16 input widening but the normal fp_status for everything else. Otherwise we will apply the flushing control FPCR.FZ16 to the 32-bit output rather than the FPCR.FZ control, and incorrectly flush a denormal output to zero when we should not (or vice-versa). (In commit 207d30b5fdb5b we tried to fix the FZ handling but didn't get it right, switching from "use FPCR.FZ for everything" to "use FPCR.FZ16 for everything".) (Mjt: it is commit 4975f9fc4ea3 in stable-8.2) Pass the CPU env to the sme_fmopa_h helper instead of an fp_status pointer, and have the helper pass an extra fp_status into the f16_dotadd() function so that we can use the right status for the right parts of this operation. Cc: qemu-stable@nongnu.org Fixes: 207d30b5fdb5 ("target/arm: Use FPST_F16 for SME FMOPA (widening)") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2373 Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson (cherry picked from commit 55f9f4ee018c5ccea81d8c8c586756d7711ae46f) Signed-off-by: Michael Tokarev diff --git a/target/arm/tcg/helper-sme.h b/target/arm/tcg/helper-sme.h index 27eef49a11..d22bf9d21b 100644 --- a/target/arm/tcg/helper-sme.h +++ b/target/arm/tcg/helper-sme.h @@ -121,7 +121,7 @@ DEF_HELPER_FLAGS_5(sme_addha_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, i32) DEF_HELPER_FLAGS_5(sme_addva_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, i32) DEF_HELPER_FLAGS_7(sme_fmopa_h, TCG_CALL_NO_RWG, - void, ptr, ptr, ptr, ptr, ptr, ptr, i32) + void, ptr, ptr, ptr, ptr, ptr, env, i32) DEF_HELPER_FLAGS_7(sme_fmopa_s, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, ptr, ptr, i32) DEF_HELPER_FLAGS_7(sme_fmopa_d, TCG_CALL_NO_RWG, diff --git a/target/arm/tcg/sme_helper.c b/target/arm/tcg/sme_helper.c index f9001f5213..3906bb51c0 100644 --- a/target/arm/tcg/sme_helper.c +++ b/target/arm/tcg/sme_helper.c @@ -976,12 +976,23 @@ static inline uint32_t f16mop_adj_pair(uint32_t pair, uint32_t pg, uint32_t neg) } static float32 f16_dotadd(float32 sum, uint32_t e1, uint32_t e2, - float_status *s_std, float_status *s_odd) + float_status *s_f16, float_status *s_std, + float_status *s_odd) { - float64 e1r = float16_to_float64(e1 & 0xffff, true, s_std); - float64 e1c = float16_to_float64(e1 >> 16, true, s_std); - float64 e2r = float16_to_float64(e2 & 0xffff, true, s_std); - float64 e2c = float16_to_float64(e2 >> 16, true, s_std); + /* + * We need three different float_status for different parts of this + * operation: + * - the input conversion of the float16 values must use the + * f16-specific float_status, so that the FPCR.FZ16 control is applied + * - operations on float32 including the final accumulation must use + * the normal float_status, so that FPCR.FZ is applied + * - we have pre-set-up copy of s_std which is set to round-to-odd, + * for the multiply (see below) + */ + float64 e1r = float16_to_float64(e1 & 0xffff, true, s_f16); + float64 e1c = float16_to_float64(e1 >> 16, true, s_f16); + float64 e2r = float16_to_float64(e2 & 0xffff, true, s_f16); + float64 e2c = float16_to_float64(e2 >> 16, true, s_f16); float64 t64; float32 t32; @@ -1003,20 +1014,23 @@ static float32 f16_dotadd(float32 sum, uint32_t e1, uint32_t e2, } void HELPER(sme_fmopa_h)(void *vza, void *vzn, void *vzm, void *vpn, - void *vpm, void *vst, uint32_t desc) + void *vpm, CPUARMState *env, uint32_t desc) { intptr_t row, col, oprsz = simd_maxsz(desc); uint32_t neg = simd_data(desc) * 0x80008000u; uint16_t *pn = vpn, *pm = vpm; - float_status fpst_odd, fpst_std; + float_status fpst_odd, fpst_std, fpst_f16; /* - * Make a copy of float_status because this operation does not - * update the cumulative fp exception status. It also produces - * default nans. Make a second copy with round-to-odd -- see above. + * Make copies of fp_status and fp_status_f16, because this operation + * does not update the cumulative fp exception status. It also + * produces default NaNs. We also need a second copy of fp_status with + * round-to-odd -- see above. */ - fpst_std = *(float_status *)vst; + fpst_f16 = env->vfp.fp_status_f16; + fpst_std = env->vfp.fp_status; set_default_nan_mode(true, &fpst_std); + set_default_nan_mode(true, &fpst_f16); fpst_odd = fpst_std; set_float_rounding_mode(float_round_to_odd, &fpst_odd); @@ -1036,7 +1050,8 @@ void HELPER(sme_fmopa_h)(void *vza, void *vzn, void *vzm, void *vpn, uint32_t m = *(uint32_t *)(vzm + H1_4(col)); m = f16mop_adj_pair(m, pcol, 0); - *a = f16_dotadd(*a, n, m, &fpst_std, &fpst_odd); + *a = f16_dotadd(*a, n, m, + &fpst_f16, &fpst_std, &fpst_odd); } col += 4; pcol >>= 4; diff --git a/target/arm/tcg/translate-sme.c b/target/arm/tcg/translate-sme.c index a50a419af2..ae42ddef7b 100644 --- a/target/arm/tcg/translate-sme.c +++ b/target/arm/tcg/translate-sme.c @@ -334,8 +334,29 @@ static bool do_outprod_fpst(DisasContext *s, arg_op *a, MemOp esz, return true; } -TRANS_FEAT(FMOPA_h, aa64_sme, do_outprod_fpst, a, - MO_32, FPST_FPCR_F16, gen_helper_sme_fmopa_h) +static bool do_outprod_env(DisasContext *s, arg_op *a, MemOp esz, + gen_helper_gvec_5_ptr *fn) +{ + int svl = streaming_vec_reg_size(s); + uint32_t desc = simd_desc(svl, svl, a->sub); + TCGv_ptr za, zn, zm, pn, pm; + + if (!sme_smza_enabled_check(s)) { + return true; + } + + za = get_tile(s, esz, a->zad); + zn = vec_full_reg_ptr(s, a->zn); + zm = vec_full_reg_ptr(s, a->zm); + pn = pred_full_reg_ptr(s, a->pn); + pm = pred_full_reg_ptr(s, a->pm); + + fn(za, zn, zm, pn, pm, tcg_env, tcg_constant_i32(desc)); + return true; +} + +TRANS_FEAT(FMOPA_h, aa64_sme, do_outprod_env, a, + MO_32, gen_helper_sme_fmopa_h) TRANS_FEAT(FMOPA_s, aa64_sme, do_outprod_fpst, a, MO_32, FPST_FPCR, gen_helper_sme_fmopa_s) TRANS_FEAT(FMOPA_d, aa64_sme_f64f64, do_outprod_fpst, a, From patchwork Fri Sep 6 06:54:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 825921 Delivered-To: patch@linaro.org Received: by 2002:adf:a345:0:b0:367:895a:4699 with SMTP id d5csp663172wrb; Fri, 6 Sep 2024 00:00:40 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCV54KNr01heHskFITexeDFfL8zPY7tq5HMSVZkwP1FsbrEk7I22LTyM8/UhMME1b0KavOcZsA==@linaro.org X-Google-Smtp-Source: AGHT+IF00+e5PUKNrfL6O/oQWRluKSS0FAKgW3p04zIqIuX6cgLFV5WwXzSwjev91hSuUZylgtAL X-Received: by 2002:a05:6214:5d8a:b0:6c3:5f8f:2745 with SMTP id 6a1803df08f44-6c528506eacmr20685606d6.27.1725606040498; Fri, 06 Sep 2024 00:00:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1725606040; cv=none; d=google.com; s=arc-20240605; b=C/ECA1IyWvQgzQxQqA/P6+Pe6M8RMxy0pZh+0HpYjEVBmeQG1D+/athNQpEFTpxw8W +g5fnsgZUKxZermW+psOIhCJuZuX6XTs4y0x0hw2OObqT9+f2fgcoH8i7qRTWqX3JxZY Jx+Zds5rXfntgmE/CpDIWpSiCqjC9djnAm/R9FPj3b0iY+12RNE1TCc5Q30q5vIVAuNp 3niFDbpANLZXivvKykhNYN5dVOWUrZZ+mpP73Ecb4IgQXrJboAohiLRZPdynPjOuqCwY VvTHwfVAaY77GUNICge5fTWrhYjyQEyM8sZxHkUekEFv8F8NBaD3uTQoHP5MwQVjNKin mtaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=dvsjRrzXctqiyAPv27iqTGaobwIk9TWWXFZQj2baTZc=; fh=73++FxpCBH5KDXgG1Nqvg9f5zGI68qj4hqVYWy1KEho=; b=Z/9IEJHRYRs9O2Nm77BYkv9WID/Q0A4apEb3fAucpE9xgCqH4pLGisPtoZ3s3iaIHp 52DoHVh/KhtFflbpGDrH1EGQ0gMQb9+Kdkt7GUKJc6c/MsTqXmCHgmlr5H46U+Q6+I2I vmehThPAnY04yfVwIHcvhKEez6S8KlbY+o5jzT9DT11BWW1AaRotFGBMRFYNIqvlr58Y U/Gh3WtgyG82Xi/FHHPbR67nUPR1BIeTGWWLl5DTmjESuA0j4U/wf8P/GoMctmqvNJ62 58qyWEyirNxvRzpKAVKw/uJhKnltbqBSRE3QEyz43TFo5MAQN4kXw5ovbK8s3HdwRl2N J5jA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id 6a1803df08f44-6c52031f6e4si37481156d6.267.2024.09.06.00.00.40 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Fri, 06 Sep 2024 00:00:40 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1smSuQ-0002Td-FV; Fri, 06 Sep 2024 02:57:30 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smSuD-0001nS-HY; Fri, 06 Sep 2024 02:57:20 -0400 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smSuB-0003UN-J8; Fri, 06 Sep 2024 02:57:17 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 9E43E8C253; Fri, 6 Sep 2024 09:53:13 +0300 (MSK) Received: from tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with SMTP id 6696213340B; Fri, 6 Sep 2024 09:54:31 +0300 (MSK) Received: (nullmailer pid 43562 invoked by uid 1000); Fri, 06 Sep 2024 06:54:30 -0000 From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Richard Henderson , Paolo Bonzini , Michael Tokarev Subject: [Stable-8.2.7 30/53] target/i386: Fix VSIB decode Date: Fri, 6 Sep 2024 09:54:00 +0300 Message-Id: <20240906065429.42415-30-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Richard Henderson With normal SIB, index == 4 indicates no index. With VSIB, there is no exception for VR4/VR12. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2474 Signed-off-by: Richard Henderson Link: https://lore.kernel.org/r/20240805003130.1421051-3-richard.henderson@linaro.org Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini (cherry picked from commit ac63755b20013ec6a3d2aef4538d37dc90bc3d10) Signed-off-by: Michael Tokarev (Mjt: modify the change to pre-new-decoder introduced past qemu 9.0) diff --git a/target/i386/tcg/decode-new.c.inc b/target/i386/tcg/decode-new.c.inc index 73aa2c42b7..ffd3a42688 100644 --- a/target/i386/tcg/decode-new.c.inc +++ b/target/i386/tcg/decode-new.c.inc @@ -1102,7 +1102,8 @@ static int decode_modrm(DisasContext *s, CPUX86State *env, X86DecodedInsn *decod } else { op->has_ea = true; op->n = -1; - decode->mem = gen_lea_modrm_0(env, s, get_modrm(s, env)); + decode->mem = gen_lea_modrm_0(env, s, modrm, + decode->e.vex_class == 12); } return modrm; } diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 716a747df7..157348273e 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -2159,7 +2159,7 @@ typedef struct AddressParts { } AddressParts; static AddressParts gen_lea_modrm_0(CPUX86State *env, DisasContext *s, - int modrm) + int modrm, bool is_vsib) { int def_seg, base, index, scale, mod, rm; target_long disp; @@ -2188,7 +2188,7 @@ static AddressParts gen_lea_modrm_0(CPUX86State *env, DisasContext *s, int code = x86_ldub_code(env, s); scale = (code >> 6) & 3; index = ((code >> 3) & 7) | REX_X(s); - if (index == 4) { + if (index == 4 && !is_vsib) { index = -1; /* no index */ } base = (code & 7) | REX_B(s); @@ -2318,21 +2318,21 @@ static TCGv gen_lea_modrm_1(DisasContext *s, AddressParts a, bool is_vsib) static void gen_lea_modrm(CPUX86State *env, DisasContext *s, int modrm) { - AddressParts a = gen_lea_modrm_0(env, s, modrm); + AddressParts a = gen_lea_modrm_0(env, s, modrm, false); TCGv ea = gen_lea_modrm_1(s, a, false); gen_lea_v_seg(s, s->aflag, ea, a.def_seg, s->override); } static void gen_nop_modrm(CPUX86State *env, DisasContext *s, int modrm) { - (void)gen_lea_modrm_0(env, s, modrm); + (void)gen_lea_modrm_0(env, s, modrm, false); } /* Used for BNDCL, BNDCU, BNDCN. */ static void gen_bndck(CPUX86State *env, DisasContext *s, int modrm, TCGCond cond, TCGv_i64 bndv) { - AddressParts a = gen_lea_modrm_0(env, s, modrm); + AddressParts a = gen_lea_modrm_0(env, s, modrm, false); TCGv ea = gen_lea_modrm_1(s, a, false); tcg_gen_extu_tl_i64(s->tmp1_i64, ea); @@ -4156,7 +4156,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) goto illegal_op; reg = ((modrm >> 3) & 7) | REX_R(s); { - AddressParts a = gen_lea_modrm_0(env, s, modrm); + AddressParts a = gen_lea_modrm_0(env, s, modrm, false); TCGv ea = gen_lea_modrm_1(s, a, false); gen_lea_v_seg(s, s->aflag, ea, -1, -1); gen_op_mov_reg_v(s, dflag, reg, s->A0); @@ -4378,7 +4378,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) op = ((b & 7) << 3) | ((modrm >> 3) & 7); if (mod != 3) { /* memory op */ - AddressParts a = gen_lea_modrm_0(env, s, modrm); + AddressParts a = gen_lea_modrm_0(env, s, modrm, false); TCGv ea = gen_lea_modrm_1(s, a, false); TCGv last_addr = tcg_temp_new(); bool update_fdp = true; @@ -5322,7 +5322,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) rm = (modrm & 7) | REX_B(s); gen_op_mov_v_reg(s, MO_32, s->T1, reg); if (mod != 3) { - AddressParts a = gen_lea_modrm_0(env, s, modrm); + AddressParts a = gen_lea_modrm_0(env, s, modrm, false); /* specific case: we need to add a displacement */ gen_exts(ot, s->T1); tcg_gen_sari_tl(s->tmp0, s->T1, 3 + ot); @@ -6318,7 +6318,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) } } else if (mod != 3) { /* bndldx */ - AddressParts a = gen_lea_modrm_0(env, s, modrm); + AddressParts a = gen_lea_modrm_0(env, s, modrm, false); if (reg >= 4 || (prefixes & PREFIX_LOCK) || s->aflag == MO_16 @@ -6362,7 +6362,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) || s->aflag == MO_16) { goto illegal_op; } - AddressParts a = gen_lea_modrm_0(env, s, modrm); + AddressParts a = gen_lea_modrm_0(env, s, modrm, false); if (a.base >= 0) { tcg_gen_extu_tl_i64(cpu_bndl[reg], cpu_regs[a.base]); if (!CODE64(s)) { @@ -6423,7 +6423,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) } } else if (mod != 3) { /* bndstx */ - AddressParts a = gen_lea_modrm_0(env, s, modrm); + AddressParts a = gen_lea_modrm_0(env, s, modrm, false); if (reg >= 4 || (prefixes & PREFIX_LOCK) || s->aflag == MO_16 From patchwork Fri Sep 6 06:54:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 825920 Delivered-To: patch@linaro.org Received: by 2002:adf:a345:0:b0:367:895a:4699 with SMTP id d5csp662787wrb; Thu, 5 Sep 2024 23:59:28 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCV1j+7b5R2GRbwU1L2hql3XdVZ2t2+kl1/Yjih4Sm4+yePNuxvQRkCff+v9PG95AksdEeNReg==@linaro.org X-Google-Smtp-Source: AGHT+IGonLRBmSIBwHCcSJKQJC9PLy1ELRI5tlIOTMDlWQG67DvoUrTjtJIQ8anZc2SG5ic5txM7 X-Received: by 2002:a05:620a:319a:b0:7a3:5004:43dc with SMTP id af79cd13be357-7a8041f1a8bmr3255808585a.40.1725605967943; Thu, 05 Sep 2024 23:59:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1725605967; cv=none; d=google.com; s=arc-20240605; b=WNdBApESNtEsX7aB9ruvXpxkb5r1OAeFP5Eu3enr8/A4L/zoJvdorjO9zJy7xftHfi RbBvWVoE+hGIMvcpB7YhQ5iIKSd5nGKLnBy7IMznTKttmqtbNQdHbbbjjLQbxi1umVl5 YMxFJBwfMgBY+fDwTw9GtKmzSganF23jpNXIc+g4EStrjCAvzd6CoUbL0mzjlHqnL0wb iIsyP4YJ8akLWVvI3vJroInIzZHRQFnSfYfscVji/k5C2MvwMlhZkh11acCHAB98soCs piSs69eG1jsPFgA1tdE0cZx8Tq7CMIG8GY0j/TrDv9Rf+lhB4GGrfJt2WpTPaOCdRjA/ o82Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=O+JNv/2ADiHaBzCteTDBJdsWwCjIb7joL84OgyYDO5M=; fh=5bR2Ckfc1WOYjVTih8W/ByZTKk2PNsQ3J6+3vQjlF0I=; b=MlaL6qj4W3LiPchTbcfwGQMGqRFoaHR76cB6rgFuswA6EM7Qt00WXgct2o7Ci5u/2e K8edlTtIw89C0wMmgpOb4gU2AEKkNyb3ytdi/b6EnIPFWK/9fijrXqLk1PHdRSb3McxH BvmIFAErXS5lrMUmgXSE3bT/vz/GztMLUsN6ArEeAZwRUO0SCWA/GzHRFG5gZ/g/suJj 2XfdV3ZaX9lB6+IN2KDlPrDhiy9uU2qZ1f5//uGBtmoAIAMgs0ihm2FXTkI10gLiYCyE G46j//TIZlKmT2fdEMan2ZJ34IJ516KsBxil8wQUV+jtCVU5R32+wlVOFQOIkrPbMHtG wUqQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id af79cd13be357-7a98f039df5si363951485a.726.2024.09.05.23.59.27 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 05 Sep 2024 23:59:27 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1smSuS-0002w1-FN; Fri, 06 Sep 2024 02:57:32 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smSuG-0001rV-EX; Fri, 06 Sep 2024 02:57:23 -0400 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smSuD-0003Uo-T8; Fri, 06 Sep 2024 02:57:19 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id AE6C48C254; Fri, 6 Sep 2024 09:53:13 +0300 (MSK) Received: from tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with SMTP id 768CC13340C; Fri, 6 Sep 2024 09:54:31 +0300 (MSK) Received: (nullmailer pid 43574 invoked by uid 1000); Fri, 06 Sep 2024 06:54:30 -0000 From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Zheyu Ma , Richard Henderson , Michael Tokarev Subject: [Stable-8.2.7 31/53] hw/sd/sdhci: Reset @data_count index on invalid ADMA transfers Date: Fri, 6 Sep 2024 09:54:01 +0300 Message-Id: <20240906065429.42415-31-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Philippe Mathieu-Daudé We neglected to clear the @data_count index on ADMA error, allowing to trigger assertion in sdhci_read_dataport() or sdhci_write_dataport(). Cc: qemu-stable@nongnu.org Fixes: d7dfca0807 ("hw/sdhci: introduce standard SD host controller") Reported-by: Zheyu Ma Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2455 Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Richard Henderson Message-Id: <20240730092138.32443-4-philmd@linaro.org> (cherry picked from commit ed5a159c3de48a581f46de4c8c02b4b295e6c52d) Signed-off-by: Michael Tokarev diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c index e95ea34895..8bfdcf6854 100644 --- a/hw/sd/sdhci.c +++ b/hw/sd/sdhci.c @@ -846,6 +846,7 @@ static void sdhci_do_adma(SDHCIState *s) } } if (res != MEMTX_OK) { + s->data_count = 0; if (s->errintstsen & SDHC_EISEN_ADMAERR) { trace_sdhci_error("Set ADMA error flag"); s->errintsts |= SDHC_EIS_ADMAERR; From patchwork Fri Sep 6 06:54:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 825922 Delivered-To: patch@linaro.org Received: by 2002:adf:a345:0:b0:367:895a:4699 with SMTP id d5csp663286wrb; Fri, 6 Sep 2024 00:00:55 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXRR/MXTgY5tyyh5eE8FPkC6q8kH2/Z9LXlNPgmdXzYl0cDp+VZnfo4vyMU6VQknvBsq1MdRQ==@linaro.org X-Google-Smtp-Source: AGHT+IFNtldccp0XJUyIrNuE91kS0yop12nlrSnAbAKek3HRJOpzLjhFSg9PHwMFcDi/IR1hwPaP X-Received: by 2002:ac8:57c2:0:b0:451:d6b3:3930 with SMTP id d75a77b69052e-4580c76b76dmr17828171cf.47.1725606055061; Fri, 06 Sep 2024 00:00:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1725606055; cv=none; d=google.com; s=arc-20240605; b=XXz9izjwbV3zjreE8lwm15BG3FRQP//yz1IQuJ2DP5f049X5RCwZOvkyP7b820CtXI D8BMT6Hzd0qYE5gAzgalBq85C6cAcdgDNnSQhIoN1Xrz1As+DmcCEOrW5L1yhuAJDmwR UXQCAI5VdufiLMe3Tcl+/mG7UX9A4RRrBxuovwp5d9mZNGNa2BJH83kKA5hW/fnNTuqi RNSWlj4yq3D+3dQd36tsCENzwSkOGoyODw8JQFnF2GEJIfEu3VTY28hnAoqGPfCfHPeF XF10Y+kK4IrESMH4wJMStjfreU3Ujywg1saG7+pDtOFw2jyDcbk+f8lVXXAx9a6GRxQ/ VyOA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=3gr0ExRu6TCjRam4F1dFQGavUThGaTNVHvmvDPNq9rM=; fh=73++FxpCBH5KDXgG1Nqvg9f5zGI68qj4hqVYWy1KEho=; b=g4sNfcw8TfNlePELJRD0Z4R6Yo2nIHnfy15UmQOcdzpcaMN3zU8kjdyrosRaWQhyqH 9DKu9PXLQ4C28ldayeIiBZkun45e2vcAhQI2qs1OyjLCGHuHKoftbd8lnJj5+3R3iPu/ 39uTpDikdg8A178EKbCeoVWB/6iyCDT12nTUogWeYt9RPK2YINyOD2onEiM9kVEkaZtC UMY1Vr1PfOPSYsS42guPBagF4o4l603Gia31y29utKJh42hzDf/lpKp+Vwu7xfOo3bl+ V9L789wlbknDoF0m3RS3e2IxNVwHg70nnfQN4FQPhJnYWCEyUzV4zY8eQgNklZ7pbxK8 Z+jw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id d75a77b69052e-45814680028si1242691cf.232.2024.09.06.00.00.54 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Fri, 06 Sep 2024 00:00:55 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1smSwH-0006PZ-1u; Fri, 06 Sep 2024 02:59:25 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smSvN-0008CL-HX; Fri, 06 Sep 2024 02:58:30 -0400 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smSvL-0003iJ-Sr; Fri, 06 Sep 2024 02:58:29 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 8A8848C261; Fri, 6 Sep 2024 09:53:14 +0300 (MSK) Received: from tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with SMTP id 53C55133419; Fri, 6 Sep 2024 09:54:32 +0300 (MSK) Received: (nullmailer pid 43670 invoked by uid 1000); Fri, 06 Sep 2024 06:54:31 -0000 From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Richard Henderson , Paolo Bonzini , Michael Tokarev Subject: [Stable-8.2.7 44/53] target/i386: Do not apply REX to MMX operands Date: Fri, 6 Sep 2024 09:54:14 +0300 Message-Id: <20240906065429.42415-44-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Richard Henderson Cc: qemu-stable@nongnu.org Fixes: b3e22b2318a ("target/i386: add core of new i386 decoder") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2495 Signed-off-by: Richard Henderson Link: https://lore.kernel.org/r/20240812025844.58956-2-richard.henderson@linaro.org Signed-off-by: Paolo Bonzini (cherry picked from commit 416f2b16c02c618c0f233372ebfe343f9ee667d4) Signed-off-by: Michael Tokarev diff --git a/target/i386/tcg/decode-new.c.inc b/target/i386/tcg/decode-new.c.inc index ffd3a42688..852579eef5 100644 --- a/target/i386/tcg/decode-new.c.inc +++ b/target/i386/tcg/decode-new.c.inc @@ -1237,7 +1237,10 @@ static bool decode_op(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode, op->unit = X86_OP_SSE; } get_reg: - op->n = ((get_modrm(s, env) >> 3) & 7) | REX_R(s); + op->n = ((get_modrm(s, env) >> 3) & 7); + if (op->unit != X86_OP_MMX) { + op->n |= REX_R(s); + } break; case X86_TYPE_E: /* ALU modrm operand */ From patchwork Fri Sep 6 06:54:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 825927 Delivered-To: patch@linaro.org Received: by 2002:adf:a345:0:b0:367:895a:4699 with SMTP id d5csp665387wrb; Fri, 6 Sep 2024 00:06:28 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXbOUmQofI3segjKTYaZrfXJn97RuEbjWlU2/JFLJUBRt8CWyUbImNVthSPXoN7Hd4DrqYQXQ==@linaro.org X-Google-Smtp-Source: AGHT+IFgENbByeiOS/vD9yY7hl9UHXmZchW+3ip5OizWDka2SuDFQb7gbM1iFFw+7L/qYguqBKpp X-Received: by 2002:a05:622a:118d:b0:44f:ed41:6a02 with SMTP id d75a77b69052e-4580c79b46cmr18403681cf.57.1725606388396; Fri, 06 Sep 2024 00:06:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1725606388; cv=none; d=google.com; s=arc-20240605; b=a8TKWpCl4tCzd2UdQHGA7l8s8pXjWKPFc8V9sYLcWsIIWU5TqgjNU8LiCG886uCRCi snrUojwxIccZBg6Fr+RvZwgVj+8ZLOk/RMpFXgRZ+KS+6UAQUxQ/PKWbvQCqa1x6rHNA 6p77FSjfyw2IzxmqVJUIne+bIn+XGwYfusz+HptcDdht8CbphPBI46zIHaO3FYEeGebb UE6UIn8YH5I8Qy45ZOaEQJBXlO2ruwpPsGbwlsJcvsO/x83k9GGGIszIlALc1/6Iu8lS 30fawzLi2a//amtl1TuK9ScgcsvxHmjTEKhJgUEZeSr4vuzJNcru2QHo8EEZa6Kz+Tdu 5fuA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=i7CTwaG00X75OEIoBcRS0pPqF5Uzh231/FHrCKHcdE8=; fh=NoJ7n5JVE2hviRF6uNBFRIJvWH7igafuy1AIwg26ToM=; b=V+Hp6jsU5nzKscn02LG53CVFOr41NJhsg3djOTiI9gkLW4msgOL+5g1aQWT3qejWya ZswPdrDoWGeO/f8eHwcLaZHp6JWLFB19S2S+U0yz/VJXnKtCE79/KyyUXIMGD8f0jO8Y WseJmQpQodF4PQbxRLDV0gn2ceerdCAen54CK9t8lr5DHu2DZXZVe5RwDGswj2XnLS2v z1eAEvPpLSbimeXQIF3ADH3nwtrQKQOzBcZD1KE02PsP3KVea8JBLTScdTynEKwcqhqO yZUoITLpTrVMOOqBYc3qHtn0yAPqPqpMuWz1e4GfAWZeUluKlm3d/F+DLnw6NiDeT6NK 5vgg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id d75a77b69052e-45809c4d034si20113071cf.1.2024.09.06.00.06.28 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Fri, 06 Sep 2024 00:06:28 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1smSvx-0003JX-K9; Fri, 06 Sep 2024 02:59:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smSvh-0001Zd-H1; Fri, 06 Sep 2024 02:58:53 -0400 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smSvf-0003iM-Ui; Fri, 06 Sep 2024 02:58:49 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 995388C262; Fri, 6 Sep 2024 09:53:14 +0300 (MSK) Received: from tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with SMTP id 633B713341A; Fri, 6 Sep 2024 09:54:32 +0300 (MSK) Received: (nullmailer pid 43681 invoked by uid 1000); Fri, 06 Sep 2024 06:54:31 -0000 From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Richard Henderson , Peter Maydell , Michael Tokarev Subject: [Stable-8.2.7 45/53] target/arm: Clear high SVE elements in handle_vec_simd_wshli Date: Fri, 6 Sep 2024 09:54:15 +0300 Message-Id: <20240906065429.42415-45-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Richard Henderson AdvSIMD instructions are supposed to zero bits beyond 128. Affects SSHLL, USHLL, SSHLL2, USHLL2. Cc: qemu-stable@nongnu.org Signed-off-by: Richard Henderson Message-id: 20240717060903.205098-15-richard.henderson@linaro.org Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell (cherry picked from commit 8e0c9a9efa21a16190cbac288e414bbf1d80f639) Signed-off-by: Michael Tokarev diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c index 2fccd836b7..5beac07b60 100644 --- a/target/arm/tcg/translate-a64.c +++ b/target/arm/tcg/translate-a64.c @@ -10141,6 +10141,7 @@ static void handle_vec_simd_wshli(DisasContext *s, bool is_q, bool is_u, tcg_gen_shli_i64(tcg_rd, tcg_rd, shift); write_vec_element(s, tcg_rd, rd, i, size + 1); } + clear_vec_high(s, true, rd); } /* SHRN/RSHRN - Shift right with narrowing (and potential rounding) */ From patchwork Fri Sep 6 06:54:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 825919 Delivered-To: patch@linaro.org Received: by 2002:adf:a345:0:b0:367:895a:4699 with SMTP id d5csp662742wrb; Thu, 5 Sep 2024 23:59:16 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUn97jtJgFLt+/UETMJzXIlNB7RRWK0M89VxdfMwN9jhtM0NfI0Olk+9VwmTSLh2jRkJnO3Mg==@linaro.org X-Google-Smtp-Source: AGHT+IEXGdqhIwUHi9/tSqRVZYO2UMqd7uNeOoXZ/eYmJb/a+UxJLPn6OE7Mw3Psx7cbjY3Pg3qG X-Received: by 2002:a05:622a:259b:b0:450:4788:ac93 with SMTP id d75a77b69052e-4567f542393mr261113821cf.26.1725605956547; Thu, 05 Sep 2024 23:59:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1725605956; cv=none; d=google.com; s=arc-20240605; b=JaprrhvEAxuPT+5MwpA6rjZ9/oY18zWbenuCud56/aWmJeNWlH9TgZasIWXT0bt8dU KRvmTvVBhv/BLvZY2KIxgtWJWiIh1JAO0DWhJvVfrobP0SuoAEIvwfi4XNBQgYVzmwcG y2z+F4LEHJ/ANzPFymyr6UATqCSAheE0Qx9mKwkkoxJAkrj9GXk6zRs/+TdxcX4rLGv5 B3Ew0R210KaORT5sMvIcc33vGqQItCQeAqVKJUSiid1M2E2zCWTnP7RAWUlxH1Q6sJ3q s/UjBS/0lApkZ2zmIblccATKTQEEMs38zlzMGtTx9tdPgBFyXJNMbbbsuxyzfFVgIGvQ nH/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=DyFEawXU3BrVtWXQTzUYpAlAE85lvs+W8aiHzwtoi7U=; fh=K4abbxCgZAPvqzOXA+PZ7RIZh+KufMVJze7rXLOwES0=; b=W1+0a/9V8fAQaWk1DSeepbca/0BCyMpn8RAxh4BnYEGzyigTl+/TXEDTLyi92klu99 edlFy0oO1rb9NvgnhMNlPGiAWISH1lvty93yPhQHXboKn9ylahGIxoO2GkiPHbxRUiLo ON9QAkDwpndGkHtxxRQU+OT9ADj4gFqkGu8Fat+GLWf1/dt5vBwlyJTz+mPhcC7/3UEz zkwjPPMXQUFxoVbz3spQzt3l9ZtkK4UPRxuvrY+vd6px2Rl33OXhDxlRwM67dv457TUN KxfZmtDAlns3ZEqPwDvSZhvSKTCY0oqZnxv62r1sT31zrV1EUh2QLmFUbESAo3Mo+BWa nA8g==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id d75a77b69052e-45809c9902csi20106521cf.567.2024.09.05.23.59.16 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 05 Sep 2024 23:59:16 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1smSw3-0004gF-HF; Fri, 06 Sep 2024 02:59:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smSvo-00026J-SU; Fri, 06 Sep 2024 02:58:57 -0400 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smSvn-0003lj-BG; Fri, 06 Sep 2024 02:58:56 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id C7F908C265; Fri, 6 Sep 2024 09:53:14 +0300 (MSK) Received: from tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with SMTP id 91B3413341D; Fri, 6 Sep 2024 09:54:32 +0300 (MSK) Received: (nullmailer pid 43697 invoked by uid 1000); Fri, 06 Sep 2024 06:54:31 -0000 From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Richard Henderson , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Michael Tokarev Subject: [Stable-8.2.7 48/53] target/sparc: Restrict STQF to sparcv9 Date: Fri, 6 Sep 2024 09:54:18 +0300 Message-Id: <20240906065429.42415-48-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Richard Henderson Prior to sparcv9, the same encoding was STDFQ. Cc: qemu-stable@nongnu.org Fixes: 06c060d9e5b ("target/sparc: Move simple fp load/store to decodetree") Signed-off-by: Richard Henderson Reviewed-by: Philippe Mathieu-Daudé Message-ID: <20240816072311.353234-2-richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé (cherry picked from commit 12d36294a2d978faf893101862118d1ac1815e85) Signed-off-by: Michael Tokarev diff --git a/target/sparc/insns.decode b/target/sparc/insns.decode index e2d8a07dc4..d2b29de084 100644 --- a/target/sparc/insns.decode +++ b/target/sparc/insns.decode @@ -484,7 +484,7 @@ STF 11 ..... 100100 ..... . ............. @r_r_ri_na STFSR 11 00000 100101 ..... . ............. @n_r_ri STXFSR 11 00001 100101 ..... . ............. @n_r_ri { - STQF 11 ..... 100110 ..... . ............. @q_r_ri_na + STQF 11 ..... 100110 ..... . ............. @q_r_ri_na # v9 STDFQ 11 ----- 100110 ----- - ------------- } STDF 11 ..... 100111 ..... . ............. @d_r_ri_na diff --git a/target/sparc/translate.c b/target/sparc/translate.c index 7058b6c2a4..94350aa588 100644 --- a/target/sparc/translate.c +++ b/target/sparc/translate.c @@ -4362,7 +4362,7 @@ static bool do_st_fpr(DisasContext *dc, arg_r_r_ri_asi *a, MemOp sz) TRANS(STF, ALL, do_st_fpr, a, MO_32) TRANS(STDF, ALL, do_st_fpr, a, MO_64) -TRANS(STQF, ALL, do_st_fpr, a, MO_128) +TRANS(STQF, 64, do_st_fpr, a, MO_128) TRANS(STFA, 64, do_st_fpr, a, MO_32) TRANS(STDFA, 64, do_st_fpr, a, MO_64) From patchwork Fri Sep 6 06:54:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 825923 Delivered-To: patch@linaro.org Received: by 2002:adf:a345:0:b0:367:895a:4699 with SMTP id d5csp663395wrb; Fri, 6 Sep 2024 00:01:10 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVcwEEnsWI4k/S/rKAXFg0cm13lZ74YTB0OGIs7+v1DmfKwH9/XszeMr/b1HwpKO9WCXR5Fdw==@linaro.org X-Google-Smtp-Source: AGHT+IE/KfFhJC+roibhuL2rF3WTOrSp5eoTUr/nh4OOw79qQqgzxl9+1kUMRoQgI/5OpL3wT0o+ X-Received: by 2002:a05:620a:280c:b0:7a1:e3e5:c8c with SMTP id af79cd13be357-7a99731be3emr175077885a.5.1725606070109; Fri, 06 Sep 2024 00:01:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1725606070; cv=none; d=google.com; s=arc-20240605; b=AOf6BZlWnoM/4PXXIKgj3EBu8d44ZcLeGzIjRcO/L7zXOIpiGOK622vStgKDbPLGYJ B2+tuCmQYy1mgRZXlFpuf/Hl4BEX/EE7bVMSh9IXrfiWZpEwXJTX+jseVMyZWonp6Faf OgALrUrcf/6tZMhHp30qYe+qpO6teY7xsWvOd9qZl2DigGWhMwdPvLlmay4RifiCJK2c HE8y8//l0Ywi+P+c2adp+IvX+gOUGrRCTYEO9ub29+z0kNbhqxkV1d1hEJWdQKbXcdwF FokFW6h4v8VkUR7m9VkY0uXIm/7OcBsiVemJ/xbUoICBXYShVRuhYZU+xYdfzl2djQ+b yKog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=8WAFiRoMNMFSxEhAH0VURHMNNFDw6dFyTjxgSQ6GU+o=; fh=QCiO3s1cvaqADEyfPI2NiS1m5l7Cs6ciWF636GXs0Bw=; b=bwOzsf74Kf7aX+HNKPsNWutFtop3SRHI+X4nfQMF6BqFK/dGB1i1EfiFA8QznB5JVK 7799dxcdNl1jzRTaR0QpBkrqZd3MnjluyTBm6l+tKI/GRh/2dKjoRy4qokg5n7JEEofm 0p6sGKrlim6ZbMgCE+24+3YDdkELDDFLE4Utnd17ZZmEYNRw5f1E6RO7mSipQ1XZZ9Kb 7d+XixLH/3AbhIZOF+ZNWGc45pfg9hpAAWMrcbglAEnYRjZxqJeJgSZZatZvQlA+3eiR d7FVumBQQzllXzMiVA8glwj4FID9wBe2Pu/1opPASrU6XwrGHPv6jtj+gjQPahVkSxmt 2dgw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id af79cd13be357-7a98f0299dcsi363098585a.662.2024.09.06.00.01.09 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Fri, 06 Sep 2024 00:01:10 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1smSwQ-0007d2-94; Fri, 06 Sep 2024 02:59:34 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smSvp-00028m-GK; Fri, 06 Sep 2024 02:58:58 -0400 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smSvn-0003lk-BF; Fri, 06 Sep 2024 02:58:57 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id D91888C266; Fri, 6 Sep 2024 09:53:14 +0300 (MSK) Received: from tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with SMTP id A02E913341E; Fri, 6 Sep 2024 09:54:32 +0300 (MSK) Received: (nullmailer pid 43704 invoked by uid 1000); Fri, 06 Sep 2024 06:54:31 -0000 From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Peter Maydell , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , =?utf-8?q?Phi?= =?utf-8?q?lippe_Mathieu-Daud=C3=A9?= , Michael Tokarev Subject: [Stable-8.2.7 49/53] crypto/tlscredspsk: Free username on finalize Date: Fri, 6 Sep 2024 09:54:19 +0300 Message-Id: <20240906065429.42415-49-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Peter Maydell When the creds->username property is set we allocate memory for it in qcrypto_tls_creds_psk_prop_set_username(), but we never free this when the QCryptoTLSCredsPSK is destroyed. Free the memory in finalize. This fixes a LeakSanitizer complaint in migration-test: $ (cd build/asan; ASAN_OPTIONS="fast_unwind_on_malloc=0" QTEST_QEMU_BINARY=./qemu-system-x86_64 ./tests/qtest/migration-test --tap -k -p /x86_64/migration/precopy/unix/tls/psk) ================================================================= ==3867512==ERROR: LeakSanitizer: detected memory leaks Direct leak of 5 byte(s) in 1 object(s) allocated from: #0 0x5624e5c99dee in malloc (/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/qemu-system-x86_64+0x218edee) (BuildId: a9e623fa1009a9435c0142c037cd7b8c1ad04ce3) #1 0x7fb199ae9738 in g_malloc debian/build/deb/../../../glib/gmem.c:128:13 #2 0x7fb199afe583 in g_strdup debian/build/deb/../../../glib/gstrfuncs.c:361:17 #3 0x5624e82ea919 in qcrypto_tls_creds_psk_prop_set_username /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../crypto/tlscredspsk.c:255:23 #4 0x5624e812c6b5 in property_set_str /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../qom/object.c:2277:5 #5 0x5624e8125ce5 in object_property_set /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../qom/object.c:1463:5 #6 0x5624e8136e7c in object_set_properties_from_qdict /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../qom/object_interfaces.c:55:14 #7 0x5624e81372d2 in user_creatable_add_type /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../qom/object_interfaces.c:112:5 #8 0x5624e8137964 in user_creatable_add_qapi /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../qom/object_interfaces.c:157:11 #9 0x5624e891ba3c in qmp_object_add /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../qom/qom-qmp-cmds.c:227:5 #10 0x5624e8af9118 in qmp_marshal_object_add /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/qapi/qapi-commands-qom.c:337:5 #11 0x5624e8bd1d49 in do_qmp_dispatch_bh /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../qapi/qmp-dispatch.c:128:5 #12 0x5624e8cb2531 in aio_bh_call /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../util/async.c:171:5 #13 0x5624e8cb340c in aio_bh_poll /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../util/async.c:218:13 #14 0x5624e8c0be98 in aio_dispatch /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../util/aio-posix.c:423:5 #15 0x5624e8cba3ce in aio_ctx_dispatch /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../util/async.c:360:5 #16 0x7fb199ae0d3a in g_main_dispatch debian/build/deb/../../../glib/gmain.c:3419:28 #17 0x7fb199ae0d3a in g_main_context_dispatch debian/build/deb/../../../glib/gmain.c:4137:7 #18 0x5624e8cbe1d9 in glib_pollfds_poll /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../util/main-loop.c:287:9 #19 0x5624e8cbcb13 in os_host_main_loop_wait /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../util/main-loop.c:310:5 #20 0x5624e8cbc6dc in main_loop_wait /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../util/main-loop.c:589:11 #21 0x5624e6f3f917 in qemu_main_loop /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../system/runstate.c:801:9 #22 0x5624e893379c in qemu_default_main /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../system/main.c:37:14 #23 0x5624e89337e7 in main /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../system/main.c:48:12 #24 0x7fb197972d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #25 0x7fb197972e3f in __libc_start_main csu/../csu/libc-start.c:392:3 #26 0x5624e5c16fa4 in _start (/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/qemu-system-x86_64+0x210bfa4) (BuildId: a9e623fa1009a9435c0142c037cd7b8c1ad04ce3) SUMMARY: AddressSanitizer: 5 byte(s) leaked in 1 allocation(s). Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell Reviewed-by: Daniel P. Berrangé Message-ID: <20240819145021.38524-1-peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé (cherry picked from commit 87e012f29f2e47dcd8c385ff8bb8188f9e06d4ea) Signed-off-by: Michael Tokarev diff --git a/crypto/tlscredspsk.c b/crypto/tlscredspsk.c index 546cad1c5a..0d6b71a37c 100644 --- a/crypto/tlscredspsk.c +++ b/crypto/tlscredspsk.c @@ -243,6 +243,7 @@ qcrypto_tls_creds_psk_finalize(Object *obj) QCryptoTLSCredsPSK *creds = QCRYPTO_TLS_CREDS_PSK(obj); qcrypto_tls_creds_psk_unload(creds); + g_free(creds->username); } static void