From patchwork Thu Jun 27 15:38:47 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 18164 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-yh0-f69.google.com (mail-yh0-f69.google.com [209.85.213.69]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id D167125E0D for ; Thu, 27 Jun 2013 15:38:50 +0000 (UTC) Received: by mail-yh0-f69.google.com with SMTP id b12sf1428895yha.0 for ; Thu, 27 Jun 2013 08:38:50 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-beenthere:x-forwarded-to:x-forwarded-for :delivered-to:from:to:cc:subject:date:message-id:x-mailer :x-gm-message-state:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :x-google-group-id:list-post:list-help:list-archive:list-unsubscribe; bh=YLXXFaBWQEIH5OrNP5GNa4O0XwE5c24xSdejyRiHtLY=; b=Bf60sGzPZ0XPsAT5modmB7Tkzk0HS0N5qFt1+zy386Gy/IOE/wYNsMJa21wMPOINB1 CFq4nJKX4Dn9RqYFgDCwN1n0faIEB3MLVm2V6lg+WI96rFpGK5V6Bg27ZWFr9TMkiAZV DnbAWxeGhla2tcMHjUeQaR6r26+/7TVCGCiVbHwrHrLUhE4XhAXJPEgqlkFlNdcCEpwY NlXG0WrkZFdo/QcF/8P9E0DXMSFGFgObA3zngeFB40IeZ/8j7r/hIs/WEetaJIog4NP5 FpC69g5Oxpk7sCqhgmIzlZ/VrqEOdJo56Xukq/DK84N/ehrTejdY3c+Ws4fJRnxPaxhj tm+A== X-Received: by 10.224.200.202 with SMTP id ex10mr9377206qab.8.1372347530224; Thu, 27 Jun 2013 08:38:50 -0700 (PDT) MIME-Version: 1.0 X-BeenThere: patchwork-forward@linaro.org Received: by 10.49.17.98 with SMTP id n2ls880409qed.22.gmail; Thu, 27 Jun 2013 08:38:50 -0700 (PDT) X-Received: by 10.52.186.129 with SMTP id fk1mr3103843vdc.66.1372347530124; Thu, 27 Jun 2013 08:38:50 -0700 (PDT) Received: from mail-ve0-f174.google.com (mail-ve0-f174.google.com [209.85.128.174]) by mx.google.com with ESMTPS id aj7si915181vec.59.2013.06.27.08.38.50 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 27 Jun 2013 08:38:50 -0700 (PDT) Received-SPF: neutral (google.com: 209.85.128.174 is neither permitted nor denied by best guess record for domain of patch+caf_=patchwork-forward=linaro.org@linaro.org) client-ip=209.85.128.174; Received: by mail-ve0-f174.google.com with SMTP id oz10so827100veb.33 for ; Thu, 27 Jun 2013 08:38:50 -0700 (PDT) X-Received: by 10.52.120.77 with SMTP id la13mr3156888vdb.23.1372347530019; Thu, 27 Jun 2013 08:38:50 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patches@linaro.org Received: by 10.58.165.8 with SMTP id yu8csp153386veb; Thu, 27 Jun 2013 08:38:49 -0700 (PDT) X-Received: by 10.194.19.130 with SMTP id f2mr6566071wje.22.1372347529111; Thu, 27 Jun 2013 08:38:49 -0700 (PDT) Received: from mnementh.archaic.org.uk (1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.1.0.0.b.8.0.1.0.0.2.ip6.arpa. [2001:8b0:1d0::1]) by mx.google.com with ESMTPS id m9si2637828wiy.9.2013.06.27.08.38.48 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Thu, 27 Jun 2013 08:38:48 -0700 (PDT) Received-SPF: neutral (google.com: 2001:8b0:1d0::1 is neither permitted nor denied by best guess record for domain of pm215@archaic.org.uk) client-ip=2001:8b0:1d0::1; Received: from pm215 by mnementh.archaic.org.uk with local (Exim 4.80) (envelope-from ) id 1UsEHX-00019t-8T; Thu, 27 Jun 2013 16:38:47 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Cc: patches@linaro.org Subject: [PATCH] target-arm: avoid undefined behaviour when writing TTBCR Date: Thu, 27 Jun 2013 16:38:47 +0100 Message-Id: <1372347527-4428-1-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 1.7.10.4 X-Gm-Message-State: ALoCoQltiHTqyrA2za6Yk+GJ/Ggg/1dVW+5ZEg/t87p0Qwb4v+GhYVKhLW+tHQ72kqq8UvTClxjN X-Original-Sender: peter.maydell@linaro.org X-Original-Authentication-Results: mx.google.com; spf=neutral (google.com: 209.85.128.174 is neither permitted nor denied by best guess record for domain of patch+caf_=patchwork-forward=linaro.org@linaro.org) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Precedence: list Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org List-ID: X-Google-Group-Id: 836684582541 List-Post: , List-Help: , List-Archive: List-Unsubscribe: , LPAE CPUs have more potentially valid bits in the TTBCR, and so the simple masking out of invalid bits is no longer sufficient to obtain the base address width field of the register, which is what we use to precalculate c2_mask and c2_base_mask. Explicitly extract the relevant register field rather than simply shifting by the register value. This bug would have had no ill effects in practice, since if the EAE bit (TTBCR bit 31) is set then we don't use the precalculated masks, and if EAE is zero then bits 30..3 are all UNK/SBZP, so well-behaved guests won't set them. However the shift is undefined behaviour, so we should avoid it. Signed-off-by: Peter Maydell --- Another one spotted by clang... target-arm/helper.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/target-arm/helper.c b/target-arm/helper.c index 5f639fd..4bca570 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -891,6 +891,8 @@ static const ARMCPRegInfo pmsav5_cp_reginfo[] = { static int vmsa_ttbcr_raw_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) { + int maskshift = extract32(value, 0, 3); + if (arm_feature(env, ARM_FEATURE_LPAE)) { value &= ~((7 << 19) | (3 << 14) | (0xf << 3)); } else { @@ -902,8 +904,8 @@ static int vmsa_ttbcr_raw_write(CPUARMState *env, const ARMCPRegInfo *ri, * and the c2_mask and c2_base_mask values are meaningless. */ env->cp15.c2_control = value; - env->cp15.c2_mask = ~(((uint32_t)0xffffffffu) >> value); - env->cp15.c2_base_mask = ~((uint32_t)0x3fffu >> value); + env->cp15.c2_mask = ~(((uint32_t)0xffffffffu) >> maskshift); + env->cp15.c2_base_mask = ~((uint32_t)0x3fffu >> maskshift); return 0; }