[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 2838b1: target/mips: Fix potential integer ov
|
From: |
Peter Maydell |
|
Subject: |
[Qemu-commits] [qemu/qemu] 2838b1: target/mips: Fix potential integer overflow (CID 1... |
|
Date: |
Mon, 28 Jun 2021 06:01:30 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 2838b1d6356044eb240edd4e1b9b5ab5946c5b28
https://github.com/qemu/qemu/commit/2838b1d6356044eb240edd4e1b9b5ab5946c5b28
Author: Philippe Mathieu-Daudé <f4bug@amsat.org>
Date: 2021-06-24 (Thu, 24 Jun 2021)
Changed paths:
M target/mips/tcg/sysemu/tlb_helper.c
Log Message:
-----------
target/mips: Fix potential integer overflow (CID 1452921)
Use the BIT_ULL() macro to ensure we use 64-bit arithmetic.
This fixes the following Coverity issue (OVERFLOW_BEFORE_WIDEN):
CID 1452921: Integer handling issues:
Potentially overflowing expression "1 << w" with type "int"
(32 bits, signed) is evaluated using 32-bit arithmetic, and
then used in a context that expects an expression of type
"uint64_t" (64 bits, unsigned).
Fixes: 074cfcb4dae ("target/mips: Implement hardware page table walker")
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210505215119.1517465-1-f4bug@amsat.org>
Commit: 96342d53a881a5686b1e4797aead1c025985772e
https://github.com/qemu/qemu/commit/96342d53a881a5686b1e4797aead1c025985772e
Author: Philippe Mathieu-Daudé <f4bug@amsat.org>
Date: 2021-06-24 (Thu, 24 Jun 2021)
Changed paths:
M target/mips/tcg/translate.c
Log Message:
-----------
target/mips: Fix TCG temporary leaks in gen_pool32a5_nanomips_insn()
Fix a pair of TCG temporary leak when translating nanoMIPS SHILO opcode.
Fixes: 3285a3e4445 ("target/mips: Add emulation of DSP ASE for nanoMIPS")
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210530094538.1275329-1-f4bug@amsat.org>
Commit: 6eb223104c4e5cdfeaf57cff20fb1ad54084393b
https://github.com/qemu/qemu/commit/6eb223104c4e5cdfeaf57cff20fb1ad54084393b
Author: Philippe Mathieu-Daudé <f4bug@amsat.org>
Date: 2021-06-24 (Thu, 24 Jun 2021)
Changed paths:
M target/mips/tcg/translate.c
Log Message:
-----------
target/mips: Fix more TCG temporary leaks in gen_pool32a5_nanomips_insn
Fix multiple TCG temporary leaks in gen_pool32a5_nanomips_insn().
Fixes: 3285a3e4445 ("target/mips: Add emulation of DSP ASE for nanoMIPS - part
1")
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210617174323.2900831-3-f4bug@amsat.org>
Commit: a071578b93e850dcbebbe2c0cfe86e7977ddffa7
https://github.com/qemu/qemu/commit/a071578b93e850dcbebbe2c0cfe86e7977ddffa7
Author: Philippe Mathieu-Daudé <f4bug@amsat.org>
Date: 2021-06-24 (Thu, 24 Jun 2021)
Changed paths:
M target/mips/tcg/translate.c
Log Message:
-----------
target/mips: Raise exception when DINSV opcode used with DSP disabled
Per the "MIPS® DSP Module for MIPS64 Architecture" manual, rev. 3.02,
Table 5.3 "SPECIAL3 Encoding of Function Field for DSP Module":
If the Module/ASE is not implemented, executing such an instruction
must cause a Reserved Instruction Exception.
The DINSV instruction lists the following exceptions:
- Reserved Instruction
- DSP Disabled
If the MIPS core doesn't support the DSP module, or the DSP is
disabled, do not handle the '$rt = $0' case as a no-op but raise
the proper exception instead.
Cc: Jia Liu <proljc@gmail.com>
Fixes: 1cb6686cf92 ("target-mips: Add ASE DSP bit/manipulation instructions")
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210529165443.1114402-1-f4bug@amsat.org>
Commit: 05d9d0359e6da7dc8255712d745d079a04fa5ae5
https://github.com/qemu/qemu/commit/05d9d0359e6da7dc8255712d745d079a04fa5ae5
Author: Philippe Mathieu-Daudé <f4bug@amsat.org>
Date: 2021-06-24 (Thu, 24 Jun 2021)
Changed paths:
M target/mips/tcg/translate.c
Log Message:
-----------
target/mips: Do not abort on invalid instruction
On real hardware an invalid instruction doesn't halt the world,
but usually triggers a RESERVED INSTRUCTION exception.
TCG guest code shouldn't abort QEMU anyway.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210617174323.2900831-2-f4bug@amsat.org>
Commit: 34b8ff25db3eff9c8c02371ac976b16389d0fcb7
https://github.com/qemu/qemu/commit/34b8ff25db3eff9c8c02371ac976b16389d0fcb7
Author: Philippe Mathieu-Daudé <f4bug@amsat.org>
Date: 2021-06-24 (Thu, 24 Jun 2021)
Changed paths:
M meson.build
A target/mips/tcg/trace-events
A target/mips/tcg/trace.h
M target/mips/tcg/translate.c
R target/mips/trace-events
R target/mips/trace.h
Log Message:
-----------
target/mips: Move TCG trace events to tcg/ sub directory
Commit a2b0a27d33e ("target/mips: Move TCG source files under
tcg/ sub directory") forgot to move the trace-event file.
As it only contains TCG events, move it for consistency.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210617174323.2900831-4-f4bug@amsat.org>
Commit: a9eb3b49fb2224ca2eda514b55c5d288379460ee
https://github.com/qemu/qemu/commit/a9eb3b49fb2224ca2eda514b55c5d288379460ee
Author: Philippe Mathieu-Daudé <f4bug@amsat.org>
Date: 2021-06-24 (Thu, 24 Jun 2021)
Changed paths:
A target/mips/tcg/translate.h
R target/mips/translate.h
Log Message:
-----------
target/mips: Move translate.h to tcg/ sub directory
We moved various TCG source files in commit a2b0a27d33e
("target/mips: Move TCG source files under tcg/ sub directory")
but forgot to move the header declaring their prototypes.
Do it now, since all it declares is TCG specific.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210617174323.2900831-5-f4bug@amsat.org>
Commit: 85ccd962d622475e6281ea98ab69c03de7bc37c1
https://github.com/qemu/qemu/commit/85ccd962d622475e6281ea98ab69c03de7bc37c1
Author: Philippe Mathieu-Daudé <f4bug@amsat.org>
Date: 2021-06-24 (Thu, 24 Jun 2021)
Changed paths:
M target/mips/cpu.h
Log Message:
-----------
target/mips: Restrict some system specific declarations to sysemu
Commit 043715d1e0f ("target/mips: Update ITU to utilize SAARI
and SAAR CP0 registers") declared itc_reconfigure() in public
namespace, while it is restricted to system emulation.
Similarly commit 5679479b9a1 ("target/mips: Move CP0 helpers
to sysemu/cp0.c") restricted cpu_mips_soft_irq() definition to
system emulation, but forgot to restrict its declaration.
To avoid polluting user-mode emulation with these declarations,
restrict them to sysemu. Also restrict the sysemu ITU/ITC/IRQ
fields from CPUMIPSState.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210617174323.2900831-6-f4bug@amsat.org>
Commit: 9f47eb54b25e67b28a85a0b3eac304f2909f10ae
https://github.com/qemu/qemu/commit/9f47eb54b25e67b28a85a0b3eac304f2909f10ae
Author: Philippe Mathieu-Daudé <f4bug@amsat.org>
Date: 2021-06-24 (Thu, 24 Jun 2021)
Changed paths:
M target/mips/tcg/translate.c
Log Message:
-----------
target/mips: Remove SmartMIPS / MDMX unuseful comments
These placeholder comments for SmartMIPS and MDMX extensions have
been added commit 3c824109da0 ("target-mips: microMIPS ASE support").
More than 11 years later it is safe to assume there won't be added
soon, so remove these unuseful comments.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210617174323.2900831-7-f4bug@amsat.org>
Commit: 916e957070e1f4b697c905d0a35984e70f106ed6
https://github.com/qemu/qemu/commit/916e957070e1f4b697c905d0a35984e70f106ed6
Author: Philippe Mathieu-Daudé <f4bug@amsat.org>
Date: 2021-06-24 (Thu, 24 Jun 2021)
Changed paths:
M target/mips/tcg/translate.c
Log Message:
-----------
target/mips: Remove microMIPS BPOSGE32 / BPOSGE64 unuseful cases
These switch cases for the microMIPS BPOSGE32 / BPOSGE64 opcodes have
been added commit 3c824109da0 ("target-mips: microMIPS ASE support").
More than 11 years later it is safe to assume there won't be added
soon. The cases fall back to the default which generates a RESERVED
INSTRUCTION, so it is safe to remove them.
Functionally speaking, the patch is a no-op.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210617174323.2900831-8-f4bug@amsat.org>
Commit: e5e6f00c3154055dba99eb3b789c38dc70578111
https://github.com/qemu/qemu/commit/e5e6f00c3154055dba99eb3b789c38dc70578111
Author: Aleksandar Rikalo <Aleksandar.Rikalo@syrmia.com>
Date: 2021-06-24 (Thu, 24 Jun 2021)
Changed paths:
M target/mips/tcg/translate.c
Log Message:
-----------
target/mips: fix emulation of nanoMIPS BPOSGE32 instruction
Per the "MIPS® Architecture Extension: nanoMIPS32 DSP Technical
Reference Manual — Revision 0.04" p. 88 "BPOSGE32C", offset argument (imm)
should be left-shifted first.
This change was tested against test_dsp_r1_bposge32.c DSP test.
Reported-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Aleksandar Rikalo <aleksandar.rikalo@syrmia.com>
Signed-off-by: Filip Vidojevic <filip.vidojevic@syrmia.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id:
<VI1PR0302MB34869449EE56F226FC3C21129C309@VI1PR0302MB3486.eurprd03.prod.outlook.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Commit: dae7324b97ebe2c4012f299f0b6ec48ac8c1e74d
https://github.com/qemu/qemu/commit/dae7324b97ebe2c4012f299f0b6ec48ac8c1e74d
Author: Philippe Mathieu-Daudé <f4bug@amsat.org>
Date: 2021-06-24 (Thu, 24 Jun 2021)
Changed paths:
M target/mips/tcg/sysemu/mips-semi.c
Log Message:
-----------
target/mips: Constify host_to_mips_errno[]
Keep host_to_mips_errno[] in .rodata by marking the array const.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210617174323.2900831-9-f4bug@amsat.org>
Commit: 06106772933bd215a797d28cdbff4aac5676b430
https://github.com/qemu/qemu/commit/06106772933bd215a797d28cdbff4aac5676b430
Author: Philippe Mathieu-Daudé <f4bug@amsat.org>
Date: 2021-06-24 (Thu, 24 Jun 2021)
Changed paths:
M target/mips/cpu.c
M target/mips/internal.h
M target/mips/tcg/msa_translate.c
M target/mips/tcg/mxu_translate.c
M target/mips/tcg/translate.c
Log Message:
-----------
target/mips: Optimize regnames[] arrays
Since all entries are no more than 3/4/6 bytes (including nul
terminator), can save space and pie runtime relocations by
declaring regnames[] as array of 3/4/6 const char.
Inspired-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210617174323.2900831-10-f4bug@amsat.org>
Commit: 525ea877b27d933eaac69b32c75b8861779811cf
https://github.com/qemu/qemu/commit/525ea877b27d933eaac69b32c75b8861779811cf
Author: Philippe Mathieu-Daudé <f4bug@amsat.org>
Date: 2021-06-24 (Thu, 24 Jun 2021)
Changed paths:
M target/mips/tcg/msa_translate.c
Log Message:
-----------
target/mips: Remove pointless gen_msa()
Only trans_MSA() calls gen_msa(), inline it to simplify.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210617174636.2902654-2-f4bug@amsat.org>
Commit: f5c6ee0c6b7b4b79b52a1614a808633dbb694de4
https://github.com/qemu/qemu/commit/f5c6ee0c6b7b4b79b52a1614a808633dbb694de4
Author: Philippe Mathieu-Daudé <f4bug@amsat.org>
Date: 2021-06-24 (Thu, 24 Jun 2021)
Changed paths:
M target/mips/tcg/meson.build
A target/mips/tcg/msa.decode
R target/mips/tcg/msa32.decode
R target/mips/tcg/msa64.decode
M target/mips/tcg/msa_translate.c
Log Message:
-----------
target/mips: Merge msa32/msa64 decodetree definitions
We don't need to maintain 2 sets of decodetree definitions.
Merge them into a single file.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210617174636.2902654-3-f4bug@amsat.org>
Commit: 687f9f7834e30330fd952f1fe096518509ff8ff7
https://github.com/qemu/qemu/commit/687f9f7834e30330fd952f1fe096518509ff8ff7
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2021-06-28 (Mon, 28 Jun 2021)
Changed paths:
M meson.build
M target/mips/cpu.c
M target/mips/cpu.h
M target/mips/internal.h
M target/mips/tcg/meson.build
A target/mips/tcg/msa.decode
R target/mips/tcg/msa32.decode
R target/mips/tcg/msa64.decode
M target/mips/tcg/msa_translate.c
M target/mips/tcg/mxu_translate.c
M target/mips/tcg/sysemu/mips-semi.c
M target/mips/tcg/sysemu/tlb_helper.c
A target/mips/tcg/trace-events
A target/mips/tcg/trace.h
M target/mips/tcg/translate.c
A target/mips/tcg/translate.h
R target/mips/trace-events
R target/mips/trace.h
R target/mips/translate.h
Log Message:
-----------
Merge remote-tracking branch 'remotes/philmd/tags/mips-20210625' into staging
MIPS patches queue
Various fixes:
- Potential integer overflow (CID 1452921)
- Invalid emulation of nanoMIPS BPOSGE32 opcode
- Missing exception when DINSV opcode used with DSP disabled
- Do not abort but emit exception for invalid BRANCH opcodes
- TCG temporary leaks
Housekeeping:
- Remove dead code / comments
- Restrict few files to TCG, declarations to sysemu
- Merge MSA32 and MSA64 decodetree definitions
# gpg: Signature made Fri 25 Jun 2021 10:22:20 BST
# gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>"
[full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE
* remotes/philmd/tags/mips-20210625:
target/mips: Merge msa32/msa64 decodetree definitions
target/mips: Remove pointless gen_msa()
target/mips: Optimize regnames[] arrays
target/mips: Constify host_to_mips_errno[]
target/mips: fix emulation of nanoMIPS BPOSGE32 instruction
target/mips: Remove microMIPS BPOSGE32 / BPOSGE64 unuseful cases
target/mips: Remove SmartMIPS / MDMX unuseful comments
target/mips: Restrict some system specific declarations to sysemu
target/mips: Move translate.h to tcg/ sub directory
target/mips: Move TCG trace events to tcg/ sub directory
target/mips: Do not abort on invalid instruction
target/mips: Raise exception when DINSV opcode used with DSP disabled
target/mips: Fix more TCG temporary leaks in gen_pool32a5_nanomips_insn
target/mips: Fix TCG temporary leaks in gen_pool32a5_nanomips_insn()
target/mips: Fix potential integer overflow (CID 1452921)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Compare: https://github.com/qemu/qemu/compare/5d2d18ae395f...687f9f7834e3