| Message ID | 20220718100144.3248052-1-peter.maydell@linaro.org |
|---|---|
| State | Superseded |
| Headers | show |
| Series | target/arm: Add MO_128 entry to pred_esz_masks[] | expand |
On 7/18/22 15:31, Peter Maydell wrote: > In commit 7390e0e9ab8475, we added support for SME loads and stores. > Unlike SVE loads and stores, these include handling of 128-bit > elements. The SME load/store functions call down into the existing > sve_cont_ldst_elements() function, which uses the element size MO_* > value as an index into the pred_esz_masks[] array. Because this code > path now has to handle MO_128, we need to add an extra element to the > array. > > This bug was spotted by Coverity because it meant we were reading off > the end of the array. > > Resolves: Coverity CID 1490539, 1490541, 1490543, 1490544, 1490545, > 1490546, 1490548, 1490549, 1490550, 1490551, 1490555, 1490557, > 1490558, 1490560, 1490561, 1490563 > Fixes: 7390e0e9ab8475 ("target/arm: Implement SME LD1, ST1") > Signed-off-by: Peter Maydell<peter.maydell@linaro.org> > --- > target/arm/cpu.h | 2 +- > target/arm/translate-sve.c | 5 +++-- > 2 files changed, 4 insertions(+), 3 deletions(-) Reviewed-by: Richard Henderson <richard.henderson@linaro.org> r~
diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 1e36a839ee4..3123488014d 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -3374,7 +3374,7 @@ static inline uint64_t *aa64_vfp_qreg(CPUARMState *env, unsigned regno) } /* Shared between translate-sve.c and sve_helper.c. */ -extern const uint64_t pred_esz_masks[4]; +extern const uint64_t pred_esz_masks[5]; /* Helper for the macros below, validating the argument type. */ static inline MemTxAttrs *typecheck_memtxattrs(MemTxAttrs *x) diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c index 41f8b12259e..621a2abb22f 100644 --- a/target/arm/translate-sve.c +++ b/target/arm/translate-sve.c @@ -529,9 +529,10 @@ static void do_predtest(DisasContext *s, int dofs, int gofs, int words) } /* For each element size, the bits within a predicate word that are active. */ -const uint64_t pred_esz_masks[4] = { +const uint64_t pred_esz_masks[5] = { 0xffffffffffffffffull, 0x5555555555555555ull, - 0x1111111111111111ull, 0x0101010101010101ull + 0x1111111111111111ull, 0x0101010101010101ull, + 0x0001000100010001ull, }; static bool trans_INVALID(DisasContext *s, arg_INVALID *a)
In commit 7390e0e9ab8475, we added support for SME loads and stores. Unlike SVE loads and stores, these include handling of 128-bit elements. The SME load/store functions call down into the existing sve_cont_ldst_elements() function, which uses the element size MO_* value as an index into the pred_esz_masks[] array. Because this code path now has to handle MO_128, we need to add an extra element to the array. This bug was spotted by Coverity because it meant we were reading off the end of the array. Resolves: Coverity CID 1490539, 1490541, 1490543, 1490544, 1490545, 1490546, 1490548, 1490549, 1490550, 1490551, 1490555, 1490557, 1490558, 1490560, 1490561, 1490563 Fixes: 7390e0e9ab8475 ("target/arm: Implement SME LD1, ST1") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/cpu.h | 2 +- target/arm/translate-sve.c | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-)