From patchwork Tue Mar 25 06:50:26 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 875990 Delivered-To: patch@linaro.org Received: by 2002:a5d:5f4c:0:b0:38f:210b:807b with SMTP id cm12csp2504944wrb; Mon, 24 Mar 2025 23:57:49 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUsAyjfTq3/DbRYG40uZCs/TX2crZ2HYkrq43xrxIOu9rRezw+kMQUKjfb/eOkn3Vt8NadCwA==@linaro.org X-Google-Smtp-Source: AGHT+IFKfnYCcKG1KBCD3QeZAMdAoIix2nrU46RraAod9jpRnaNgrFe4aZSAMjQ4HsZzdpRlO6MF X-Received: by 2002:a05:600c:3ba7:b0:43d:ac5:11ed with SMTP id 5b1f17b1804b1-43d568c3705mr86795325e9.24.1742885869133; Mon, 24 Mar 2025 23:57:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1742885869; cv=none; d=google.com; s=arc-20240605; b=EvyKSlEWBHFSy+HTj5R4c1Xtl5JgqqBEppMJgNrCGSVDfauUx+wbVo577sdx/2Bqvc iRje0PsgDSIWc1YijqtWjJHm0AybgR9/a8RYzSZ86Gw3Uy+wa4rljV/MohFXr61GwSel kp+gpYEIRfzBltsjEFK1NEzAjlPzn6LxvDN4R3KxxdM3cz7Zqq8SSd7aitFOsjCXzkzr hKuZXS4GGlVeKOyLPDP0u1jKTAvQXjWhTEmPqbBXksKlPwnubPcFFVZL7/M3hraAJ2wp 2EXU6tP+yKRp1i8SK2xi4leo/+xENUt++6wPzxx0ROZlyX4NTXstoryQXjLf4WDqEKQd Rd7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=gI6DK31Qku0WCFj5yUjJ18Vhp0oPuI2z+MXFoSHfI8M=; fh=NoJ7n5JVE2hviRF6uNBFRIJvWH7igafuy1AIwg26ToM=; b=i9SqNw6nIV6BhaFyedrvskz9Be9jkkHeYguPHyeYr6YNJ9wfFF6/blNbojTen2aL2+ FBcSm1RRcmidBgNnrkraZY4IUC0vc9shc7VjmI6WCIiIQsQtjzlycEhsvMVCeJA3/B2L gzEwMFsubf9P4jjAgcCZPCJZ2pfOFCJrxts4WWMzdpba9ltybs6ysMoGwgb6RhsDurpL SWEOIulZNf6x3i5E0yewfrCSEMN4knOJ78H6ERcvPa8Z40JNx21LcjwfrzCR98/egXpT +Efnqaf0ouHKiiXzxigLP3W3c6mCRJibfC+D/TutMt/P+5sIg6l4yZ9TRPJ4kcO5c0EB ULXA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id 5b1f17b1804b1-43d4fdbd1d2si75405485e9.135.2025.03.24.23.57.49 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Mon, 24 Mar 2025 23:57:49 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1twyAm-00015I-R9; Tue, 25 Mar 2025 02:54:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1twy90-0005ZB-1O; Tue, 25 Mar 2025 02:52:18 -0400 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1twy8t-0001vd-H4; Tue, 25 Mar 2025 02:52:13 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id CF1DA107D77; Tue, 25 Mar 2025 09:49:33 +0300 (MSK) Received: from gandalf.tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with ESMTP id 71C661D5E82; Tue, 25 Mar 2025 09:50:43 +0300 (MSK) Received: by gandalf.tls.msk.ru (Postfix, from userid 1000) id 6F0E15704C; Tue, 25 Mar 2025 09:50:43 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Richard Henderson , Peter Maydell , Michael Tokarev Subject: [Stable-9.2.3 52/69] target/arm: Make DisasContext.{fp, sve}_access_checked tristate Date: Tue, 25 Mar 2025 09:50:26 +0300 Message-Id: <20250325065043.3263864-2-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.5 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Richard Henderson The check for fp_excp_el in assert_fp_access_checked is incorrect. For SME, with StreamingMode enabled, the access is really against the streaming mode vectors, and access to the normal fp registers is allowed to be disabled. C.f. sme_enabled_check. Convert sve_access_checked to match, even though we don't currently check the exception state. Cc: qemu-stable@nongnu.org Fixes: 3d74825f4d6 ("target/arm: Add SME enablement checks") Signed-off-by: Richard Henderson Message-id: 20250307190415.982049-2-richard.henderson@linaro.org Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell (cherry picked from commit 298a04998fa4a6dc977abe9234d98dfcdab98423) Signed-off-by: Michael Tokarev diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c index b2851ea503..dc6af6ea25 100644 --- a/target/arm/tcg/translate-a64.c +++ b/target/arm/tcg/translate-a64.c @@ -1215,14 +1215,14 @@ static bool fp_access_check_only(DisasContext *s) { if (s->fp_excp_el) { assert(!s->fp_access_checked); - s->fp_access_checked = true; + s->fp_access_checked = -1; gen_exception_insn_el(s, 0, EXCP_UDEF, syn_fp_access_trap(1, 0xe, false, 0), s->fp_excp_el); return false; } - s->fp_access_checked = true; + s->fp_access_checked = 1; return true; } @@ -1256,13 +1256,13 @@ bool sve_access_check(DisasContext *s) syn_sve_access_trap(), s->sve_excp_el); goto fail_exit; } - s->sve_access_checked = true; + s->sve_access_checked = 1; return fp_access_check(s); fail_exit: /* Assert that we only raise one exception per instruction. */ assert(!s->sve_access_checked); - s->sve_access_checked = true; + s->sve_access_checked = -1; return false; } @@ -1291,8 +1291,9 @@ bool sme_enabled_check(DisasContext *s) * sme_excp_el by itself for cpregs access checks. */ if (!s->fp_excp_el || s->sme_excp_el < s->fp_excp_el) { - s->fp_access_checked = true; - return sme_access_check(s); + bool ret = sme_access_check(s); + s->fp_access_checked = (ret ? 1 : -1); + return ret; } return fp_access_check_only(s); } @@ -11825,8 +11826,8 @@ static void aarch64_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu) s->insn = insn; s->base.pc_next = pc + 4; - s->fp_access_checked = false; - s->sve_access_checked = false; + s->fp_access_checked = 0; + s->sve_access_checked = 0; if (s->pstate_il) { /* diff --git a/target/arm/tcg/translate-a64.h b/target/arm/tcg/translate-a64.h index 0fcf7cb63a..bb35ebe3ef 100644 --- a/target/arm/tcg/translate-a64.h +++ b/target/arm/tcg/translate-a64.h @@ -65,7 +65,7 @@ TCGv_i64 gen_mte_checkN(DisasContext *s, TCGv_i64 addr, bool is_write, static inline void assert_fp_access_checked(DisasContext *s) { #ifdef CONFIG_DEBUG_TCG - if (unlikely(!s->fp_access_checked || s->fp_excp_el)) { + if (unlikely(s->fp_access_checked <= 0)) { fprintf(stderr, "target-arm: FP access check missing for " "instruction 0x%08x\n", s->insn); abort(); diff --git a/target/arm/tcg/translate.h b/target/arm/tcg/translate.h index 20cd0e851c..06893a61c0 100644 --- a/target/arm/tcg/translate.h +++ b/target/arm/tcg/translate.h @@ -91,15 +91,19 @@ typedef struct DisasContext { bool aarch64; bool thumb; bool lse2; - /* Because unallocated encodings generate different exception syndrome + /* + * Because unallocated encodings generate different exception syndrome * information from traps due to FP being disabled, we can't do a single * "is fp access disabled" check at a high level in the decode tree. * To help in catching bugs where the access check was forgotten in some * code path, we set this flag when the access check is done, and assert * that it is set at the point where we actually touch the FP regs. + * 0: not checked, + * 1: checked, access ok + * -1: checked, access denied */ - bool fp_access_checked; - bool sve_access_checked; + int8_t fp_access_checked; + int8_t sve_access_checked; /* ARMv8 single-step state (this is distinct from the QEMU gdbstub * single-step support). */ From patchwork Tue Mar 25 06:50:27 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 875992 Delivered-To: patch@linaro.org Received: by 2002:a5d:5f4c:0:b0:38f:210b:807b with SMTP id cm12csp2505075wrb; Mon, 24 Mar 2025 23:58:26 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCW9MILi91TLDWcHVzgTKazw4SbnGhlpZeWXcidpVqfNUuzXvQFAo5xSWo4jDx4T+0c5xk0jyw==@linaro.org X-Google-Smtp-Source: AGHT+IHhTce+5qFLAtGKmT3EmzIYRJ8XCbdrvGU/jLTRnEwX/VZ5dLQ3b9/AYffck4kB7U+U2GU5 X-Received: by 2002:a5d:5f92:0:b0:391:98b:e5b3 with SMTP id ffacd0b85a97d-3997f90f66emr15236530f8f.14.1742885906591; Mon, 24 Mar 2025 23:58:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1742885906; cv=none; d=google.com; s=arc-20240605; b=BT5bjP7yYyv4tutC6SinNK1k5vA59XIEb6x0T/f++WA3UZ9UU2OnFooYVad6cQaFdc aACxbFeXJLNq1c42yX/hhtPOzCZPJdwvULfCPRnT4Tgbo5PZi4e0gKI5ss8YhGtG024o mZss9OeQosGcfiYAm6ZqhihdlW7doMc8YHD5YzuAIl9nrm1aj2jkvh1E9HTa3gnXNq7o bu6FT+Kc/Eyd4bLM8ttysRKWfHLCsV8Pr3W4ksBDUCzdyJpIqVZ1zw5ub4d0/4yBhGMu h2bLkPALrzVNiq1PNcHKxkUxS/KiJ3HSKchpmDuXgyapDOxqKUZfkvXpGtFkEOTWlu0G zODQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=rkbbip6HCC/Lo5i4ywIWvmUOb+EFhtbFHt0Thryq+dc=; fh=NoJ7n5JVE2hviRF6uNBFRIJvWH7igafuy1AIwg26ToM=; b=bzk8eYtm0u8rk0bwhDcR/BkQ/RtANXWB5dZbA++3s5Y5a3D0D/RX8QSSHQ5xXbIpVa lNKltgZtYfB1r/74WJ+dEZw+jOTlXOq3brE46EkhPwsS9zTnm9PzRRneAAgWhdgFeTQD AP0kUI5TDZ/8TBA1u9T/b9g4nHn4XxE9OYIwvtKfhG3/JSzHAPigNt9LutAwhXqi8YK9 UVAhczbZT6J5xFWuZ6QeInWlHbIhCb2qDV4kOfjiuxZdsal7BHCs2krgkz+JLeRiEMej EbKl4SAVOigakVV6wlLdvx73mw5MUM03ADn+aA+GTMwSuGMPttfpFIpAcum+eCICB1AB xBwA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id ffacd0b85a97d-3997f9da9c1si7255433f8f.447.2025.03.24.23.58.26 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Mon, 24 Mar 2025 23:58:26 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1twyBD-0001Y1-1T; Tue, 25 Mar 2025 02:54:31 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1twy8y-0005Ys-B5; Tue, 25 Mar 2025 02:52:17 -0400 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1twy8t-0001vf-HR; Tue, 25 Mar 2025 02:52:12 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id D3007107D78; Tue, 25 Mar 2025 09:49:33 +0300 (MSK) Received: from gandalf.tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with ESMTP id 75BC11D5E83; Tue, 25 Mar 2025 09:50:43 +0300 (MSK) Received: by gandalf.tls.msk.ru (Postfix, from userid 1000) id 718945704E; Tue, 25 Mar 2025 09:50:43 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Richard Henderson , Peter Maydell , Michael Tokarev Subject: [Stable-9.2.3 53/69] target/arm: Simplify pstate_sm check in sve_access_check Date: Tue, 25 Mar 2025 09:50:27 +0300 Message-Id: <20250325065043.3263864-3-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.5 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Richard Henderson In StreamingMode, fp_access_checked is handled already. We cannot fall through to fp_access_check lest we fall foul of the double-check assertion. Cc: qemu-stable@nongnu.org Fixes: 285b1d5fcef ("target/arm: Handle SME in sve_access_check") Signed-off-by: Richard Henderson Message-id: 20250307190415.982049-3-richard.henderson@linaro.org Reviewed-by: Peter Maydell [PMM: move declaration of 'ret' to top of block] Signed-off-by: Peter Maydell (cherry picked from commit cc7abc35dfa790ba6c20473c03745428c1c626b6) Signed-off-by: Michael Tokarev diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c index dc6af6ea25..422445aa1d 100644 --- a/target/arm/tcg/translate-a64.c +++ b/target/arm/tcg/translate-a64.c @@ -1247,23 +1247,23 @@ static bool fp_access_check(DisasContext *s) bool sve_access_check(DisasContext *s) { if (s->pstate_sm || !dc_isar_feature(aa64_sve, s)) { + bool ret; + assert(dc_isar_feature(aa64_sme, s)); - if (!sme_sm_enabled_check(s)) { - goto fail_exit; - } - } else if (s->sve_excp_el) { + ret = sme_sm_enabled_check(s); + s->sve_access_checked = (ret ? 1 : -1); + return ret; + } + if (s->sve_excp_el) { + /* Assert that we only raise one exception per instruction. */ + assert(!s->sve_access_checked); gen_exception_insn_el(s, 0, EXCP_UDEF, syn_sve_access_trap(), s->sve_excp_el); - goto fail_exit; + s->sve_access_checked = -1; + return false; } s->sve_access_checked = 1; return fp_access_check(s); - - fail_exit: - /* Assert that we only raise one exception per instruction. */ - assert(!s->sve_access_checked); - s->sve_access_checked = -1; - return false; } /* From patchwork Tue Mar 25 06:50:33 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 875988 Delivered-To: patch@linaro.org Received: by 2002:a5d:5f4c:0:b0:38f:210b:807b with SMTP id cm12csp2504232wrb; Mon, 24 Mar 2025 23:54:36 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWrzkXuhIL/pliZZN/mvnAa00xRWlmTNmiHCM+5pzfOyuF5zgCxR98pJkeNAyHCvF/xHXiy1g==@linaro.org X-Google-Smtp-Source: AGHT+IEq2XEVjieN/x6KlTJzVzGaE1TdSEFP5dlLVag5jtoLigTUt0p1++U1z+92+41YIEPQP/mF X-Received: by 2002:a5d:6daa:0:b0:38d:ae1e:2f3c with SMTP id ffacd0b85a97d-3997f93c45dmr14192421f8f.25.1742885676796; Mon, 24 Mar 2025 23:54:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1742885676; cv=none; d=google.com; s=arc-20240605; b=gppHHpsQtK8wOnTiLf/hT1irmjXqdJoZCNGMBhhzK0UmH8CV+uiaoxtKUJfbMC/jsQ F/+R7fj0fi90z0r5Xv7giFRCGErrjK7KN97BEXTDxFzvtQ0S5B6uhpMTlLqWaPS0vO8S Um3JvskthgH8RsV7hoi1Pj9Hr3/KUp1Uvvlep5wUJUNMHtKLOXCrYCS1r5L1k3CG1oaa T9QAtBrUitXKKf3bIs6IPDAPweLoGd5Mlisq0VK8Pptd4Ig90C2En9dFVuZk3YbbIcqE 7JvVdxlMI6Ijn76PQjGbSgT1walxcKpKUvU9CnXI66gFC6Wk38myKNEj7TmdYlE5ifOI 9ZIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=VzRGeb0Uyk54ZaIR03TVcTEFe4RUakFz6pvYhFM+TUY=; fh=ov5PGwK6o9oDGAZqMMM9bNm8kym9ov6lFbplfKYaKOA=; b=dABPj/nQ6475XPxvj/lb1E6HyCDkFgx3SHFzjRr+IOwsui0Itl1bYr6r+73hgI10Oo 5KALZ9xOzZOG7azbeZT87HvhH8xQyTdP1yDHWULpuPfHfC5/WZqodAn8kj/mYT7Cobnv lFD6CwhQ2DvI58WfhSOUnlY6NxVhI8jkoqQmH7GiUDyRvdovG/FDiEUYrMesEOnW44t0 lRe3Iauj/2SHYeWwXX257rY9bPpkNprpLxM+FxjN3XUJ8BqG6SH84NxwW7ajoa4zufv4 GeXeWFIF8gM0VCR4NTJ0sUK/wvzTjgaKYbD5J+j9Buobb0DQAHrIn+od9lstvNTbT1aE du7g==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id ffacd0b85a97d-3997f9d23a6si7037814f8f.411.2025.03.24.23.54.36 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Mon, 24 Mar 2025 23:54:36 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1twyBC-0001U6-JE; Tue, 25 Mar 2025 02:54:31 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1twy9c-0006Ny-Ji; Tue, 25 Mar 2025 02:52:55 -0400 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1twy9Z-0001yQ-IV; Tue, 25 Mar 2025 02:52:52 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id EA68A107D7E; Tue, 25 Mar 2025 09:49:33 +0300 (MSK) Received: from gandalf.tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with ESMTP id 8D12A1D5E89; Tue, 25 Mar 2025 09:50:43 +0300 (MSK) Received: by gandalf.tls.msk.ru (Postfix, from userid 1000) id 80C175705A; Tue, 25 Mar 2025 09:50:43 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Richard Henderson , Andreas Schwab , Alistair Francis , Michael Tokarev Subject: [Stable-9.2.3 60/69] linux-user/riscv: Fix handling of cpu mask in riscv_hwprobe syscall Date: Tue, 25 Mar 2025 09:50:33 +0300 Message-Id: <20250325065043.3263864-9-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.5 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Richard Henderson The third argument of the syscall contains the size of the cpu mask in bytes, not bits. Nor is the size rounded up to a multiple of sizeof(abi_ulong). Cc: qemu-stable@nongnu.org Reported-by: Andreas Schwab Fixes: 9e1c7d982d7 ("linux-user/riscv: Add syscall riscv_hwprobe") Signed-off-by: Richard Henderson Reviewed-by: Alistair Francis Message-ID: <20250308225902.1208237-3-richard.henderson@linaro.org> Signed-off-by: Alistair Francis (cherry picked from commit 1a010d22b7adecf0fb1c069e1e535af1aa51e9cf) Signed-off-by: Michael Tokarev diff --git a/linux-user/syscall.c b/linux-user/syscall.c index a407d4a023..549e39e196 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -9097,35 +9097,38 @@ static void risc_hwprobe_fill_pairs(CPURISCVState *env, } } -static int cpu_set_valid(abi_long arg3, abi_long arg4) +/* + * If the cpumask_t of (target_cpus, cpusetsize) cannot be read: -EFAULT. + * If the cpumast_t has no bits set: -EINVAL. + * Otherwise the cpumask_t contains some bit set: 0. + * Unlike the kernel, we do not mask cpumask_t by the set of online cpus, + * nor bound the search by cpumask_size(). + */ +static int nonempty_cpu_set(abi_ulong cpusetsize, abi_ptr target_cpus) { - int ret, i, tmp; - size_t host_mask_size, target_mask_size; - unsigned long *host_mask; - - /* - * cpu_set_t represent CPU masks as bit masks of type unsigned long *. - * arg3 contains the cpu count. - */ - tmp = (8 * sizeof(abi_ulong)); - target_mask_size = ((arg3 + tmp - 1) / tmp) * sizeof(abi_ulong); - host_mask_size = (target_mask_size + (sizeof(*host_mask) - 1)) & - ~(sizeof(*host_mask) - 1); - - host_mask = alloca(host_mask_size); - - ret = target_to_host_cpu_mask(host_mask, host_mask_size, - arg4, target_mask_size); - if (ret != 0) { - return ret; - } + unsigned char *p = lock_user(VERIFY_READ, target_cpus, cpusetsize, 1); + int ret = -TARGET_EFAULT; - for (i = 0 ; i < host_mask_size / sizeof(*host_mask); i++) { - if (host_mask[i] != 0) { - return 0; + if (p) { + ret = -TARGET_EINVAL; + /* + * Since we only care about the empty/non-empty state of the cpumask_t + * not the individual bits, we do not need to repartition the bits + * from target abi_ulong to host unsigned long. + * + * Note that the kernel does not round up cpusetsize to a multiple of + * sizeof(abi_ulong). After bounding cpusetsize by cpumask_size(), + * it copies exactly cpusetsize bytes into a zeroed buffer. + */ + for (abi_ulong i = 0; i < cpusetsize; ++i) { + if (p[i]) { + ret = 0; + break; + } } + unlock_user(p, target_cpus, 0); } - return -TARGET_EINVAL; + return ret; } static abi_long do_riscv_hwprobe(CPUArchState *cpu_env, abi_long arg1, @@ -9142,7 +9145,7 @@ static abi_long do_riscv_hwprobe(CPUArchState *cpu_env, abi_long arg1, /* check cpu_set */ if (arg3 != 0) { - ret = cpu_set_valid(arg3, arg4); + ret = nonempty_cpu_set(arg3, arg4); if (ret != 0) { return ret; }