From patchwork Mon Nov 18 18:06:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 844110 Delivered-To: patch@linaro.org Received: by 2002:a05:6000:8b:b0:382:43a8:7b94 with SMTP id m11csp764067wrx; Mon, 18 Nov 2024 10:09:28 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCU0Pcyc3arWsTiYCXbx/w+DiTjr4KyP0jDKzwrTFuri2MU7yJGQb8iRdU6/PNKWWvAM7Uw7lA==@linaro.org X-Google-Smtp-Source: AGHT+IHc3I9k8q0xRTTynxpyTJ/tAFlLfd1scXgSHAR4KmhwYj24SsuP7b+IQvUyakdUMr5P+P8w X-Received: by 2002:a05:6214:5c08:b0:6cd:ef7a:8c82 with SMTP id 6a1803df08f44-6d3fb89a106mr175097456d6.41.1731953367845; Mon, 18 Nov 2024 10:09:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1731953367; cv=none; d=google.com; s=arc-20240605; b=J8ZnmH45XbAObQmw+FO3fOe8z5s0tLpdI3ktJ215l7z2w7zTZlmuYTr2LJF9/w67nU GPgc6tI9kS3iSdaDMFSyxIpO92sSo9SZEAGRt/HKRYW8BY77iUeg8orPboYM7S/JAizY cDm1lj07Jpg+CCspjti0rQTsEkibPO865G2hEmiWEAgkK1YLIwphDIByIBlum6lzw+pF 5fDPYN9+ilAEO2yCtngksd7cKPR558Aa729zwKrP6ksqhaZLbb+T7ysEI49xTug8KNxP ogJNqQ/A82hZl34a2uNG9UEFq/xhQ5oRiRsqNM69Fq4xb1QHMDBp54u+O5srGOX71pb9 d0qA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=JhYRsD0mb+TozOF4REiFKqm2ADUkQEzmFKlWEcO+08Q=; fh=NoJ7n5JVE2hviRF6uNBFRIJvWH7igafuy1AIwg26ToM=; b=Dpi06O8L6uePtLti/nCWKlWpUPDXiDuzIH4o3cPM6vTDIMDv8w5xYaYcyr0jzI9nsx zBQNnC7JnrdvipE+QE1+QH9LODqeQTDCc978OgGb+j2txEGWO2r3yTgZCqjH/RioInaQ ausCA1MqWc7kTymPkP+OUy6OvvlvPn/t/jm5YZ4QtTwduWLakMrYZbDdlDl/dHPeMrga NH1/xK9s7FQA2OHBdXx61KySO2lj3g39HznybtwKjtFc6MJ6Nkmzdy1cziHmutbcM+b/ 4aJKtiKYwIXBNjPHfbpVFZ4/WZOmk+MZBzt/+Xld8neAu7LJIEzUbSIBd3wlDS8Zptn1 OsXA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id af79cd13be357-7b37a89845dsi22131185a.401.2024.11.18.10.09.27 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Mon, 18 Nov 2024 10:09:27 -0800 (PST) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tD69K-0004co-9i; Mon, 18 Nov 2024 13:06:58 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tD69C-0004ZX-6q; Mon, 18 Nov 2024 13:06:50 -0500 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tD698-0008Qq-Qm; Mon, 18 Nov 2024 13:06:49 -0500 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 42C46A5482; Mon, 18 Nov 2024 21:06:31 +0300 (MSK) Received: from tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with SMTP id 9D61517351B; Mon, 18 Nov 2024 21:06:34 +0300 (MSK) Received: (nullmailer pid 2302453 invoked by uid 1000); Mon, 18 Nov 2024 18:06:34 -0000 From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Richard Henderson , Peter Maydell , Michael Tokarev Subject: [Stable-7.2.15 35/39] target/arm: Drop user-only special case in sve_stN_r Date: Mon, 18 Nov 2024 21:06:23 +0300 Message-Id: <20241118180634.2302410-3-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.5 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Richard Henderson This path is reachable with plugins enabled, and provoked with run-plugin-catch-syscalls-with-libinline.so. Cc: qemu-stable@nongnu.org Reviewed-by: Peter Maydell Signed-off-by: Richard Henderson Message-ID: <20241112141232.321354-1-richard.henderson@linaro.org> (cherry picked from commit f27550804688da43c6e0d87b2f9e143adbf76271) Signed-off-by: Michael Tokarev diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c index 45a93755fe..989257416e 100644 --- a/target/arm/sve_helper.c +++ b/target/arm/sve_helper.c @@ -6309,9 +6309,6 @@ void sve_stN_r(CPUARMState *env, uint64_t *vg, target_ulong addr, flags = info.page[0].flags | info.page[1].flags; if (unlikely(flags != 0)) { -#ifdef CONFIG_USER_ONLY - g_assert_not_reached(); -#else /* * At least one page includes MMIO. * Any bus operation can fail with cpu_transaction_failed, @@ -6342,7 +6339,6 @@ void sve_stN_r(CPUARMState *env, uint64_t *vg, target_ulong addr, } while (reg_off & 63); } while (reg_off <= reg_last); return; -#endif } mem_off = info.mem_off_first[0]; From patchwork Mon Nov 18 18:06:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 844109 Delivered-To: patch@linaro.org Received: by 2002:a05:6000:8b:b0:382:43a8:7b94 with SMTP id m11csp763623wrx; Mon, 18 Nov 2024 10:08:43 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCWcBLWgGpB/Yvfzqs5wcgUxclckxsnyo7VEiR8cBq9aaC62EbDNXOMvfIVPiJNbTXKYNq25mw==@linaro.org X-Google-Smtp-Source: AGHT+IEyT5IiLGgaADhJ5f7c37r0XXN6xe/tKEOX0eFPvSkSE84xdCQzzbM9YPdAyCoiSxreei5N X-Received: by 2002:a05:6122:4693:b0:50c:55f4:b529 with SMTP id 71dfb90a1353d-514781f01f9mr11183385e0c.8.1731953322910; Mon, 18 Nov 2024 10:08:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1731953322; cv=none; d=google.com; s=arc-20240605; b=Px+pHJYJkn2pSknzN4L25eincGTWYxF2wkvBJQpjFCusHUR8y2fyMHXpQpZc9I81H6 e0gyYxIC0TlYcQhagj7pJ/wZw5wSMYuxkGBqfCkoXy0fKT4vpBn9bTK7vHNQZVRPFgSp 6VF8SAjyd5oyLPnt2K6KlssUBv5nYkfjP+GlaeNFnIppjLs4mzQGCCzPpes3BopOGBoQ zZMI7Opwvcw3h/0+H8K+q7C+sED/jsNv6axi3HcUaGTXXSuBlLcTFz9Z84iJ1aYoha5D e4qFJsvElwecTxFlZ8Ot2nXeWzJqzpAM+yxV0zHYJ3ozBDwSFNOrdlMLsq31wSlxbfut 6SyA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=alrG9ud6hhl2+AG4h6sXqRBD61Pw2RB7RFzwgymRTBQ=; fh=xJ1URYKcMN3TM0/XAv5v+aCN+5tIbzAdcfBx5UNgoLw=; b=M1gBT0Fuj+E9Me/hECIofh+xw10YYoTStbyOkj+p8F4FRXlkddHBf5JszDGQH7MSMW e6HRdRTaiKca1gcBqZrAz+4gyft0Z/Fks3vdBjeDfdEZ7L+XfnE/jRxdXS4zMNKFsJHL yiIkVR3ZpWzFN5c3M4CvrIlKq4CPnu5D0GAfLxQc5Wgpx0SPhykHZ+NkM+jgq6hAeW5C ITjviWArD7sQO6iu2ufNmX/H6BVFocOY0+VHtLMRvR7Kz/cCK+GrNnl1yfx8HGwcBqlX 6Mqopyz1euSVjJu1UqS2if1QD81clpsgUtYS2dGgSGdzyoOGDw5KAkiaFxvK4rZBMKpm uChQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id 71dfb90a1353d-51479b190d0si2071223e0c.98.2024.11.18.10.08.42 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Mon, 18 Nov 2024 10:08:42 -0800 (PST) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tD69L-0004dy-Nq; Mon, 18 Nov 2024 13:06:59 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tD69G-0004bF-Ga; Mon, 18 Nov 2024 13:06:54 -0500 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tD69D-0008RK-Hx; Mon, 18 Nov 2024 13:06:54 -0500 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 5066DA5483; Mon, 18 Nov 2024 21:06:31 +0300 (MSK) Received: from tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with SMTP id AB71B17351C; Mon, 18 Nov 2024 21:06:34 +0300 (MSK) Received: (nullmailer pid 2302456 invoked by uid 1000); Mon, 18 Nov 2024 18:06:34 -0000 From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Peter Maydell , Richard Henderson , Michael Tokarev Subject: [Stable-7.2.15 36/39] tcg: Allow top bit of SIMD_DATA_BITS to be set in simd_desc() Date: Mon, 18 Nov 2024 21:06:24 +0300 Message-Id: <20241118180634.2302410-4-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.5 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Peter Maydell In simd_desc() we create a SIMD descriptor from various pieces including an arbitrary data value from the caller. We try to sanitize these to make sure everything will fit: the 'data' value needs to fit in the SIMD_DATA_BITS (== 22) sized field. However we do that sanitizing with: tcg_debug_assert(data == sextract32(data, 0, SIMD_DATA_BITS)); This works for the case where the data is supposed to be considered as a signed integer (which can then be returned via simd_data()). However, some callers want to treat the data value as unsigned. Specifically, for the Arm SVE operations, make_svemte_desc() assembles a data value as a collection of fields, and it needs to use all 22 bits. Currently if MTE is enabled then its MTEDESC SIZEM1 field may have the most significant bit set, and then it will trip this assertion. Loosen the assertion so that we only check that the data value will fit into the field in some way, either as a signed or as an unsigned value. This means we will fail to detect some kinds of bug in the callers, but we won't spuriously assert for intentional use of the data field as unsigned. Cc: qemu-stable@nongnu.org Fixes: db432672dc50e ("tcg: Add generic vector expanders") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2601 Signed-off-by: Peter Maydell Message-ID: <20241115172515.1229393-1-peter.maydell@linaro.org> Reviewed-by: Richard Henderson Signed-off-by: Richard Henderson (cherry picked from commit 8377e3fb854d126ba10e61cb6b60885af8443ad4) Signed-off-by: Michael Tokarev diff --git a/tcg/tcg-op-gvec.c b/tcg/tcg-op-gvec.c index 079a761b04..63bcfcb1eb 100644 --- a/tcg/tcg-op-gvec.c +++ b/tcg/tcg-op-gvec.c @@ -88,7 +88,20 @@ uint32_t simd_desc(uint32_t oprsz, uint32_t maxsz, int32_t data) uint32_t desc = 0; check_size_align(oprsz, maxsz, 0); - tcg_debug_assert(data == sextract32(data, 0, SIMD_DATA_BITS)); + + /* + * We want to check that 'data' will fit into SIMD_DATA_BITS. + * However, some callers want to treat the data as a signed + * value (which they can later get back with simd_data()) + * and some want to treat it as an unsigned value. + * So here we assert only that the data will fit into the + * field in at least one way. This means that some invalid + * values from the caller will not be detected, e.g. if the + * caller wants to handle the value as a signed integer but + * incorrectly passes us 1 << (SIMD_DATA_BITS - 1). + */ + tcg_debug_assert(data == sextract32(data, 0, SIMD_DATA_BITS) || + data == extract32(data, 0, SIMD_DATA_BITS)); oprsz = (oprsz / 8) - 1; maxsz = (maxsz / 8) - 1;