From patchwork Sat Dec 24 18:59:07 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 5961 Return-Path: X-Original-To: patchwork@peony.canonical.com Delivered-To: patchwork@peony.canonical.com Received: from fiordland.canonical.com (fiordland.canonical.com [91.189.94.145]) by peony.canonical.com (Postfix) with ESMTP id F2E2F23E0C for ; Sat, 24 Dec 2011 18:59:12 +0000 (UTC) Received: from mail-ey0-f180.google.com (mail-ey0-f180.google.com [209.85.215.180]) by fiordland.canonical.com (Postfix) with ESMTP id EB6A2A18067 for ; Sat, 24 Dec 2011 18:59:12 +0000 (UTC) Received: by mail-ey0-f180.google.com with SMTP id c11so7986279eaa.11 for ; Sat, 24 Dec 2011 10:59:12 -0800 (PST) Received: by 10.205.120.148 with SMTP id fy20mr4706385bkc.125.1324753152695; Sat, 24 Dec 2011 10:59:12 -0800 (PST) X-Forwarded-To: linaro-patchwork@canonical.com X-Forwarded-For: patch@linaro.org linaro-patchwork@canonical.com Delivered-To: patches@linaro.org Received: by 10.205.82.144 with SMTP id ac16cs117160bkc; Sat, 24 Dec 2011 10:59:12 -0800 (PST) Received: by 10.152.111.7 with SMTP id ie7mr15596044lab.11.1324753150465; Sat, 24 Dec 2011 10:59:10 -0800 (PST) Received: from mnementh.archaic.org.uk (mnementh.archaic.org.uk. [81.2.115.146]) by mx.google.com with ESMTPS id nf3si16194957lab.24.2011.12.24.10.59.09 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 24 Dec 2011 10:59:10 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 81.2.115.146 as permitted sender) client-ip=81.2.115.146; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 81.2.115.146 as permitted sender) smtp.mail=pm215@archaic.org.uk Received: from pm215 by mnementh.archaic.org.uk with local (Exim 4.72) (envelope-from ) id 1ReWoF-0001VC-Sm; Sat, 24 Dec 2011 18:59:07 +0000 From: Peter Maydell To: qemu-devel@nongnu.org Cc: patches@linaro.org Subject: [PATCH 2/2] target-arm: Ignore attempts to set invalid modes in CPSR Date: Sat, 24 Dec 2011 18:59:07 +0000 Message-Id: <1324753147-5747-3-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 1.7.2.5 In-Reply-To: <1324753147-5747-1-git-send-email-peter.maydell@linaro.org> References: <1324753147-5747-1-git-send-email-peter.maydell@linaro.org> Ignore attempts to set the CPSR mode field to an invalid value. This is UNPREDICTABLE, but we should not cpu_abort() for things a malicious guest (or a confused user on the gdbstub interface) can provoke. Signed-off-by: Peter Maydell --- target-arm/helper.c | 30 +++++++++++++++++++++++++++++- 1 files changed, 29 insertions(+), 1 deletions(-) diff --git a/target-arm/helper.c b/target-arm/helper.c index 5b994d5..261d547 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -463,6 +463,26 @@ void cpu_arm_close(CPUARMState *env) g_free(env); } +static int bad_mode_switch(CPUState *env, int mode) +{ + /* Return true if it is not valid for us to switch to + * this CPU mode (ie all the UNPREDICTABLE cases in + * the ARM ARM CPSRWriteByInstr pseudocode). + */ + switch (mode) { + case ARM_CPU_MODE_USR: + case ARM_CPU_MODE_SYS: + case ARM_CPU_MODE_SVC: + case ARM_CPU_MODE_ABT: + case ARM_CPU_MODE_UND: + case ARM_CPU_MODE_IRQ: + case ARM_CPU_MODE_FIQ: + return 0; + default: + return 1; + } +} + uint32_t cpsr_read(CPUARMState *env) { int ZF; @@ -499,7 +519,15 @@ void cpsr_write(CPUARMState *env, uint32_t val, uint32_t mask) } if ((env->uncached_cpsr ^ val) & mask & CPSR_M) { - switch_mode(env, val & CPSR_M); + if (bad_mode_switch(env, val & CPSR_M)) { + /* Attempt to switch to an invalid mode: this is UNPREDICTABLE. + * We choose to ignore the attempt and leave the CPSR M field + * untouched. + */ + mask &= ~CPSR_M; + } else { + switch_mode(env, val & CPSR_M); + } } mask &= ~CACHED_CPSR_BITS; env->uncached_cpsr = (env->uncached_cpsr & ~mask) | (val & mask);