All of lore.kernel.org
 help / color / mirror / Atom feed
From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PULL 3/9] target/arm: Add MO_128 entry to pred_esz_masks[]
Date: Tue, 26 Jul 2022 16:20:06 +0100	[thread overview]
Message-ID: <20220726152012.1631158-4-peter.maydell@linaro.org> (raw)
In-Reply-To: <20220726152012.1631158-1-peter.maydell@linaro.org>

In commit 7390e0e9ab8475, we added support for SME loads and stores.
Unlike SVE loads and stores, these include handling of 128-bit
elements.  The SME load/store functions call down into the existing
sve_cont_ldst_elements() function, which uses the element size MO_*
value as an index into the pred_esz_masks[] array.  Because this code
path now has to handle MO_128, we need to add an extra element to the
array.

This bug was spotted by Coverity because it meant we were reading off
the end of the array.

Resolves: Coverity CID 1490539, 1490541, 1490543, 1490544, 1490545,
 1490546, 1490548, 1490549, 1490550, 1490551, 1490555, 1490557,
 1490558, 1490560, 1490561, 1490563
Fixes: 7390e0e9ab8475 ("target/arm: Implement SME LD1, ST1")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220718100144.3248052-1-peter.maydell@linaro.org
---
 target/arm/cpu.h           | 2 +-
 target/arm/translate-sve.c | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index e890ee074d3..5168e3d837e 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -3387,7 +3387,7 @@ static inline uint64_t *aa64_vfp_qreg(CPUARMState *env, unsigned regno)
 }
 
 /* Shared between translate-sve.c and sve_helper.c.  */
-extern const uint64_t pred_esz_masks[4];
+extern const uint64_t pred_esz_masks[5];
 
 /* Helper for the macros below, validating the argument type. */
 static inline MemTxAttrs *typecheck_memtxattrs(MemTxAttrs *x)
diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
index 41f8b12259e..621a2abb22f 100644
--- a/target/arm/translate-sve.c
+++ b/target/arm/translate-sve.c
@@ -529,9 +529,10 @@ static void do_predtest(DisasContext *s, int dofs, int gofs, int words)
 }
 
 /* For each element size, the bits within a predicate word that are active.  */
-const uint64_t pred_esz_masks[4] = {
+const uint64_t pred_esz_masks[5] = {
     0xffffffffffffffffull, 0x5555555555555555ull,
-    0x1111111111111111ull, 0x0101010101010101ull
+    0x1111111111111111ull, 0x0101010101010101ull,
+    0x0001000100010001ull,
 };
 
 static bool trans_INVALID(DisasContext *s, arg_INVALID *a)
-- 
2.25.1



  parent reply	other threads:[~2022-07-26 15:24 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-07-26 15:20 [PULL 0/9] target-arm queue Peter Maydell
2022-07-26 15:20 ` [PULL 1/9] scripts/coverity-scan/COMPONENTS.md: Add loongarch component Peter Maydell
2022-07-26 15:20 ` [PULL 2/9] scripts/coverity-scan/COMPONENTS.md: Update slirp component info Peter Maydell
2022-07-26 15:20 ` Peter Maydell [this message]
2022-07-26 15:20 ` [PULL 4/9] configure: Add missing POSIX-required space Peter Maydell
2022-07-26 15:20 ` [PULL 5/9] configure: Add braces to clarify intent of $emu[[:space:]] Peter Maydell
2022-07-26 15:20 ` [PULL 6/9] configure: Don't use bash-specific string-replacement syntax Peter Maydell
2022-07-26 15:20 ` [PULL 7/9] configure: Drop dead code attempting to use -msmall-data on alpha hosts Peter Maydell
2022-07-26 15:20 ` [PULL 8/9] configure: Avoid '==' bashism Peter Maydell
2022-07-26 15:20 ` [PULL 9/9] hw/display/bcm2835_fb: Fix framebuffer allocation address Peter Maydell
2022-07-26 18:36 ` [PULL 0/9] target-arm queue Richard Henderson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220726152012.1631158-4-peter.maydell@linaro.org \
    --to=peter.maydell@linaro.org \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.