Re: [PATCH 02/10] target/arm: Correct value returned by pmu_counter

qemu-arm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 02/10] target/arm: Correct value returned by pmu_counter_mask

From:	Richard Henderson
Subject:	Re: [PATCH 02/10] target/arm: Correct value returned by pmu_counter_mask()
Date:	Thu, 11 Aug 2022 10:42:03 -0700
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0

On 8/11/22 10:16, Peter Maydell wrote:

pmu_counter_mask() accidentally returns a value with bits [63:32]
set, because the expression it returns is evaluated as a signed value
that gets sign-extended to 64 bits.  Force the whole expression to be
evaluated with 64-bit arithmetic with ULL suffixes.

The main effect of this bug was that a guest could write to the bits
in the high half of registers like PMCNTENSET_EL0 that are supposed
to be RES0.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
  target/arm/internals.h | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/arm/internals.h b/target/arm/internals.h
index b8fefdff675..83526166de0 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1296,7 +1296,7 @@ static inline uint32_t pmu_num_counters(CPUARMState *env)
  /* Bits allowed to be set/cleared for PMCNTEN* and PMINTEN* */
  static inline uint64_t pmu_counter_mask(CPUARMState *env)
  {
-  return (1 << 31) | ((1 << pmu_num_counters(env)) - 1);
+  return (1ULL << 31) | ((1ULL << pmu_num_counters(env)) - 1);
  }

#ifdef TARGET_AARCH64

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 00/10] target/arm: Implement FEAT_PMUv3p5, Peter Maydell, 2022/08/11
- [PATCH 01/10] target/arm: Don't corrupt high half of PMOVSR when cycle counter overflows, Peter Maydell, 2022/08/11
  - Re: [PATCH 01/10] target/arm: Don't corrupt high half of PMOVSR when cycle counter overflows, Richard Henderson, 2022/08/11
- [PATCH 02/10] target/arm: Correct value returned by pmu_counter_mask(), Peter Maydell, 2022/08/11
  - Re: [PATCH 02/10] target/arm: Correct value returned by pmu_counter_mask(), Richard Henderson <=
- [PATCH 04/10] target/arm: Ignore PMCR.D when PMCR.LC is set, Peter Maydell, 2022/08/11
  - Re: [PATCH 04/10] target/arm: Ignore PMCR.D when PMCR.LC is set, Richard Henderson, 2022/08/11
- [PATCH 05/10] target/arm: Honour MDCR_EL2.HPMD in Secure EL2, Peter Maydell, 2022/08/11
  - Re: [PATCH 05/10] target/arm: Honour MDCR_EL2.HPMD in Secure EL2, Richard Henderson, 2022/08/11
    - Re: [PATCH 05/10] target/arm: Honour MDCR_EL2.HPMD in Secure EL2, Peter Maydell, 2022/08/11
- [PATCH 08/10] target/arm: Implement FEAT_PMUv3p5 cycle counter disable bits, Peter Maydell, 2022/08/11
  - Re: [PATCH 08/10] target/arm: Implement FEAT_PMUv3p5 cycle counter disable bits, Richard Henderson, 2022/08/20
    - Re: [PATCH 08/10] target/arm: Implement FEAT_PMUv3p5 cycle counter disable bits, Peter Maydell, 2022/08/22
- [PATCH 03/10] target/arm: Don't mishandle count when enabling or disabling PMU counters, Peter Maydell, 2022/08/11
  - Re: [PATCH 03/10] target/arm: Don't mishandle count when enabling or disabling PMU counters, Richard Henderson, 2022/08/11

Prev by Date: Re: [PATCH 01/10] target/arm: Don't corrupt high half of PMOVSR when cycle counter overflows
Next by Date: Re: [PATCH 03/10] target/arm: Don't mishandle count when enabling or disabling PMU counters
Previous by thread: [PATCH 02/10] target/arm: Correct value returned by pmu_counter_mask()
Next by thread: [PATCH 04/10] target/arm: Ignore PMCR.D when PMCR.LC is set
Index(es):
- Date
- Thread