packages/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
qemu/tcg-Allow-top-bit-of-SIMD_DATA_BITS-to-be-set-in-sim.patch
Jiabo Feng f4f53a5098 QEMU update to version 6.2.0-106: 
- hw/nvme: Remove redundant dma_blk_write
- tests/avocado/machine_s390_ccw_virtio: Adapt test to new default resolution
- edid: set default resolution to 1280x800 (WXGA)
- iotests/308: Fix for CAP_DAC_OVERRIDE
- hvf: remove unused but set variable
- vvfat: Fix vvfat_write() for writes before the root directory
- hw/misc/nrf51_rng: Don't use BIT_MASK() when we mean BIT()
- hw/pci: Remove unused pci_irq_pulse() method
- ui/gtk: fix leaks found wtih fuzzing
- target/i386: fix size of EBP writeback in gen_enter()
- tests/qtest/fuzz: fix memleak in qos_fuzz.c
- hw/core/loader: gunzip(): fix memory leak on error path
- migration: fix a typo
- scsi: fetch unit attention when creating the request
- raw-format: Fix error message for invalid offset/size
- tcg: Reset data_gen_ptr correctly
- Fix calculation of minimum in colo_compare_tcp
- hw/intc: Don't clear pending bits on IRQ lowering
- target/arm: Drop user-only special case in sve_stN_r
- usb-hub: Fix handling port power control messages
- target/ppc: Set ctx->opcode for decode_insn32()
- linux-user: Add proper strace format strings for getdents()/getdents64()
- linux-user: Fix TARGET_PROT_SEM for XTENSA
- linux-user/hppa: Set TASK_UNMAPPED_BASE to 0xfa000000 for hppa arch
- linux-user/hppa: Dump IIR on register dump
- tests: Fix typo in check-help output
- qdev-core.h: Fix wrongly named reference to TYPE_SPLIT_IRQ
- hw/scsi/megasas: Simplify using the ldst API
- gqa-win: get_pci_info: Clean dev_info if handle is valid
- target/ppc: Fix 7448 support
- vvfat: Fix size of temporary qcow file
- docs: Correct 'vhost-user-blk' spelling
- jackaudio: use ifdefs to hide unavailable functions
- simplebench: Fix Python syntax error (reported by LGTM)
- python: update type hints for mypy 0.930
- Python/aqmp: fix type definitions for mypy 0.920
- tcg: Allow top bit of SIMD_DATA_BITS to be set in simd_desc()
- hw/ppc/e500: Prefer QOM cast
- hw/ppc/e500: Remove unused "irqs" parameter
- hw/ppc/e500: Add missing device tree properties to i2c controller node
- linux-user: Show timespec on strace for futex()
- linux-user: Add strace for clock_nanosleep()
- linux-user: Fix strace of chmod() if mode == 0
- linux-user: Log failing executable in EXCP_DUMP()
- linux-user: Add pidfd_open(), pidfd_send_signal() and pidfd_getfd() syscalls

Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
(cherry picked from commit 87ebac5b5cfb97ddb7ac2af097703758fb0751c4)
2025-02-21 17:43:48 +08:00

70 lines
3.0 KiB
Diff
Raw Blame History

From a14e2e0cb558f2bcbabffa2fbadb54948a770993 Mon Sep 17 00:00:00 2001
From: Peter Maydell <peter.maydell@linaro.org>
Date: Fri, 15 Nov 2024 17:25:15 +0000
Subject: [PATCH] tcg: Allow top bit of SIMD_DATA_BITS to be set in simd_desc()
In simd_desc() we create a SIMD descriptor from various pieces
including an arbitrary data value from the caller. We try to
sanitize these to make sure everything will fit: the 'data' value
needs to fit in the SIMD_DATA_BITS (== 22) sized field. However we
do that sanitizing with:
tcg_debug_assert(data == sextract32(data, 0, SIMD_DATA_BITS));
This works for the case where the data is supposed to be considered
as a signed integer (which can then be returned via simd_data()).
However, some callers want to treat the data value as unsigned.
Specifically, for the Arm SVE operations, make_svemte_desc()
assembles a data value as a collection of fields, and it needs to use
all 22 bits. Currently if MTE is enabled then its MTEDESC SIZEM1
field may have the most significant bit set, and then it will trip
this assertion.
Loosen the assertion so that we only check that the data value will
fit into the field in some way, either as a signed or as an unsigned
value. This means we will fail to detect some kinds of bug in the
callers, but we won't spuriously assert for intentional use of the
data field as unsigned.
Cc: qemu-stable@nongnu.org
Fixes: db432672dc50e ("tcg: Add generic vector expanders")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2601
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-ID: <20241115172515.1229393-1-peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Zhongrui Tang <tangzhongrui_yewu@cmss.chinamobile.com>
---
tcg/tcg-op-gvec.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/tcg/tcg-op-gvec.c b/tcg/tcg-op-gvec.c
index ffe55e908f..aea44c53b0 100644
--- a/tcg/tcg-op-gvec.c
+++ b/tcg/tcg-op-gvec.c
@@ -88,7 +88,20 @@ uint32_t simd_desc(uint32_t oprsz, uint32_t maxsz, int32_t data)
uint32_t desc = 0;
check_size_align(oprsz, maxsz, 0);
- tcg_debug_assert(data == sextract32(data, 0, SIMD_DATA_BITS));
+
+ /*
+ * We want to check that 'data' will fit into SIMD_DATA_BITS.
+ * However, some callers want to treat the data as a signed
+ * value (which they can later get back with simd_data())
+ * and some want to treat it as an unsigned value.
+ * So here we assert only that the data will fit into the
+ * field in at least one way. This means that some invalid
+ * values from the caller will not be detected, e.g. if the
+ * caller wants to handle the value as a signed integer but
+ * incorrectly passes us 1 << (SIMD_DATA_BITS - 1).
+ */
+ tcg_debug_assert(data == sextract32(data, 0, SIMD_DATA_BITS) ||
+ data == extract32(data, 0, SIMD_DATA_BITS));
oprsz = (oprsz / 8) - 1;
maxsz = (maxsz / 8) - 1;
--
2.41.0.windows.1
Reference in New Issue View Git Blame Copy Permalink