From patchwork Mon Jul 22 17:29:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 13738983 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 0AC01C3DA5D for ; Mon, 22 Jul 2024 17:31:46 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sVwrc-0000T3-Dt; Mon, 22 Jul 2024 13:30:20 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sVwrZ-0000HO-Fl for qemu-devel@nongnu.org; Mon, 22 Jul 2024 13:30:17 -0400 Received: from mail-wm1-x32d.google.com ([2a00:1450:4864:20::32d]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sVwrR-0006Nj-BU for qemu-devel@nongnu.org; Mon, 22 Jul 2024 13:30:17 -0400 Received: by mail-wm1-x32d.google.com with SMTP id 5b1f17b1804b1-426717a2d12so23240835e9.0 for ; Mon, 22 Jul 2024 10:30:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1721669400; x=1722274200; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=8nfDaGNYYtX7WTms9otZZ/RyOW6fJggHI+PAByoitQ4=; b=Tcp7YWDtRpvssscB17O8CJJ0K1Yook0ZQ0ZdLXoZbozNBycZDgTt4Kl+8+SqogyexN O7kD8GL768c7N9YJFd1BU+U3bzU4bIEfeLIXAMuN5KecC+RZgn9JhrVNT3wHHrEWweOm 4Ps64CWkY+SPF8jwRX0Ey7bY8nro7uVzQs7BxqoSS1uNXHA6LcKK2QzZ3LNgnCLoBpmX yNG3qjhgw+c/KQ/TpNqpwnc9m4cA1p3CTMgTFZcktezSIGQOoJaSMD28pq/Is0NN4U/r aNPBeFGtBSm+9fCC97XxTJIVHGuDwWIFqX4Sl0wVJ02T6FOyDGG4YPa8gSVvLobsGVUv 8W2g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721669400; x=1722274200; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8nfDaGNYYtX7WTms9otZZ/RyOW6fJggHI+PAByoitQ4=; b=coDjx4491Qvh+1lwdOU13PYMA8YVnCjtC+G945SxqJCH9MaX8mZKEH1OQ8CpGaujGn Y1VtUmtYfsOe7Zuupdlsc/suE03/KoLPYU68a4hGpXJ5lKc26EcSEix0ai1vrRPAbQmM 8lwumi7PUZmOICLOYgsdkhI7SdIRzw+F+EzTgGgvYFczrJ/rh2Zcdx/7hMqcXs7N0PBQ raWk/8NGXViqr87uAq5YH9dZc0cMJ6emtjbWO60QmiH6C3S1hcrFtrOPbyCraiHpMkfY SEZBs3nsOSVif8cG9q7itcDcYWN0RYNHWAuGR8FMcyLwaX5IpREDhfaNwqY2ngkKVCKx Ya/g== X-Forwarded-Encrypted: i=1; AJvYcCVzkoeEKpVP+ev0ONlIt6Jn/UKKWCYwHN0Pk1hLjThaIV9LpjtPl4BrnJlf0syHZFYVEZTtPWjDnBhwv0K7fayJPJtOGhg= X-Gm-Message-State: AOJu0Yxsf1qL3VH455U2/pn2XUqcugCLKj6UHJQFuoosalLIJqPwkcBz 96ivCz0We3P5jvEDWov7FV5AGAMdqAwSdTkCu9+UQjVpuNm1Ex56sy91wfKZMew= X-Google-Smtp-Source: AGHT+IESykxc2xIjcPnIcvWjMUjSIU/bRD3kBDqRd0w+0+M94iHjZh5f7qUzy0rUA3DtB6brt+3QCQ== X-Received: by 2002:a05:600c:4509:b0:426:67fa:f7 with SMTP id 5b1f17b1804b1-427d2a954c2mr89604295e9.9.1721669399753; Mon, 22 Jul 2024 10:29:59 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-427d68fa493sm138035665e9.10.2024.07.22.10.29.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Jul 2024 10:29:59 -0700 (PDT) From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org Subject: [PATCH 1/4] target/arm: Don't assert for 128-bit tile accesses when SVL is 128 Date: Mon, 22 Jul 2024 18:29:54 +0100 Message-Id: <20240722172957.1041231-2-peter.maydell@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240722172957.1041231-1-peter.maydell@linaro.org> References: <20240722172957.1041231-1-peter.maydell@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::32d; envelope-from=peter.maydell@linaro.org; helo=mail-wm1-x32d.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org For an instruction which accesses a 128-bit element tile when the SVL is also 128 (for example MOV z0.Q, p0/M, ZA0H.Q[w0,0]), we will assert in get_tile_rowcol(): qemu-system-aarch64: ../../tcg/tcg-op.c:926: tcg_gen_deposit_z_i32: Assertion `len > 0' failed. This happens because we calculate len = ctz32(streaming_vec_reg_size(s)) - esz;$ but if the SVL and the element size are the same len is 0, and the deposit operation asserts. In this case the ZA storage contains exactly one 128 bit element ZA tile, and the horizontal or vertical slice is just that tile. This means that regardless of the index value in the Ws register, we always access that tile. (In pseudocode terms, we calculate (index + offset) MOD 1, which is 0.) Special case the len == 0 case to avoid hitting the assertion in tcg_gen_deposit_z_i32(). Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell --- target/arm/tcg/translate-sme.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/target/arm/tcg/translate-sme.c b/target/arm/tcg/translate-sme.c index 185a8a917b0..a50a419af27 100644 --- a/target/arm/tcg/translate-sme.c +++ b/target/arm/tcg/translate-sme.c @@ -49,7 +49,15 @@ static TCGv_ptr get_tile_rowcol(DisasContext *s, int esz, int rs, /* Prepare a power-of-two modulo via extraction of @len bits. */ len = ctz32(streaming_vec_reg_size(s)) - esz; - if (vertical) { + if (!len) { + /* + * SVL is 128 and the element size is 128. There is exactly + * one 128x128 tile in the ZA storage, and so we calculate + * (Rs + imm) MOD 1, which is always 0. We need to special case + * this because TCG doesn't allow deposit ops with len 0. + */ + tcg_gen_movi_i32(tmp, 0); + } else if (vertical) { /* * Compute the byte offset of the index within the tile: * (index % (svl / size)) * size From patchwork Mon Jul 22 17:29:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 13738985 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 42DB8C3DA5D for ; Mon, 22 Jul 2024 17:31:58 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sVwra-0000Jn-1x; Mon, 22 Jul 2024 13:30:18 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sVwrY-0000Bu-5b for qemu-devel@nongnu.org; Mon, 22 Jul 2024 13:30:16 -0400 Received: from mail-wm1-x330.google.com ([2a00:1450:4864:20::330]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sVwrP-0006Nn-Pt for qemu-devel@nongnu.org; Mon, 22 Jul 2024 13:30:15 -0400 Received: by mail-wm1-x330.google.com with SMTP id 5b1f17b1804b1-4266ea6a488so39638185e9.1 for ; Mon, 22 Jul 2024 10:30:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1721669400; x=1722274200; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=q1fk3MZNeiAsw57LUWbslOnLlaVnbzI66YELvNijArk=; b=OUtE/lfyXE3J3ycU7iFQhZaPhFFW8BOvFUJgG4UMgljFJV8ZxW8NT60R2itPFMn9on YPxJeEiIL85/5OwiwxqIWeCY7J8AM2opk7jc6TP8D+o3hX0V2t6OY2zPJTaRcHJfe9/c gDmUveaZRehgQWKIxF/SGDaX1jiYOturEuoY9EGrgJ0vXR1C6UDB2xm8P2ygVfZqsQit oQusGH8NyGJY0fTN+akVqLOCGvciRKcYBbjyfwX4DoZzUtHDHYCGKKxKpggxDAGBnP1P N/DU6Q3IHBVdMigIpc+EyETV6I6t3eS8urhr+egK5Z5K8gqehfeviYOeohF3AAO+cgNO Bddg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721669400; x=1722274200; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=q1fk3MZNeiAsw57LUWbslOnLlaVnbzI66YELvNijArk=; b=rRG+sUb/9PeXBzyD4WBChyyv532ajSKAi7mSa1NFHLccwxeTlMDORSUraolgrRIXLU 5uRpL4BDKcRFLq7bvZLz4PpmN+lSoBVPHBWYbjQNo+ZebARpgvMdMBHtysWZuRulFMF+ BpiRLZ5wBoDaRU9nnlwRh/A3CqyOZsTMnFx3eA59CrjoE7OYiU/TLZcir0U8sifEAQnN wfWChRiL6mw4HB5Qk6pP28ni/pij/6UExONq0DhJpLeu7iFC7YfuuNfLUZS6mheSjTZu pBnS9cngO0qIYkNWpsCQlU67x0g90Jiak3EPptoqDuKlP2pt/euP2VfmSYvHiVykrSGg NuTQ== X-Forwarded-Encrypted: i=1; AJvYcCXyZDSBl+146Zz31Zg+hVrFcisKEzyooWxM+pzntZjkCZCANF+utECvP1hxZRBcB64l8YAft4q1qypT/FhPH69jEgMbwFQ= X-Gm-Message-State: AOJu0YzLto9YX2dHXJt177/HH40Np/9eW0FYadKkw81xrxKDI2/wiIm4 JaTM3DNZcZDDxngThSZuxev9xEBmQuw6lXJ9Zl1Z/SW8q6XCA06d4Vm28nG6IcE= X-Google-Smtp-Source: AGHT+IERdPDDMw8FKthSXDy81Sq0hLsQtrN9IHHY3SbgVY2wTcneNg3HdWBjcl41bP6LjTipwvVsvg== X-Received: by 2002:a05:600c:4452:b0:426:63f1:9a1b with SMTP id 5b1f17b1804b1-427dc56b427mr49402815e9.33.1721669400337; Mon, 22 Jul 2024 10:30:00 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-427d68fa493sm138035665e9.10.2024.07.22.10.29.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Jul 2024 10:30:00 -0700 (PDT) From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org Subject: [PATCH 2/4] target/arm: Fix UMOPA/UMOPS of 16-bit values Date: Mon, 22 Jul 2024 18:29:55 +0100 Message-Id: <20240722172957.1041231-3-peter.maydell@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240722172957.1041231-1-peter.maydell@linaro.org> References: <20240722172957.1041231-1-peter.maydell@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::330; envelope-from=peter.maydell@linaro.org; helo=mail-wm1-x330.google.com X-Spam_score_int: -11 X-Spam_score: -1.2 X-Spam_bar: - X-Spam_report: (-1.2 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, THIS_AD=0.899 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org The UMOPA/UMOPS instructions are supposed to multiply unsigned 8 or 16 bit elements and accumulate the products into a 64-bit element. In the Arm ARM pseudocode, this is done with the usual infinite-precision signed arithmetic. However our implementation doesn't quite get it right, because in the DEF_IMOP_64() macro we do: sum += (NTYPE)(n >> 0) * (MTYPE)(m >> 0); where NTYPE and MTYPE are uint16_t or int16_t. In the uint16_t case, the C usual arithmetic conversions mean the values are converted to "int" type and the multiply is done as a 32-bit multiply. This means that if the inputs are, for example, 0xffff and 0xffff then the result is 0xFFFE0001 as an int, which is then promoted to uint64_t for the accumulation into sum; this promotion incorrectly sign extends the multiply. Avoid the incorrect sign extension by casting to int64_t before the multiply, so we do the multiply as 64-bit signed arithmetic, which is a type large enough that the multiply can never overflow into the sign bit. (The equivalent 8-bit operations in DEF_IMOP_32() are fine, because the 8-bit multiplies can never overflow into the sign bit of a 32-bit integer.) Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2372 Signed-off-by: Peter Maydell --- target/arm/tcg/sme_helper.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/target/arm/tcg/sme_helper.c b/target/arm/tcg/sme_helper.c index 5a6dd76489f..f9001f5213a 100644 --- a/target/arm/tcg/sme_helper.c +++ b/target/arm/tcg/sme_helper.c @@ -1146,10 +1146,10 @@ static uint64_t NAME(uint64_t n, uint64_t m, uint64_t a, uint8_t p, bool neg) \ uint64_t sum = 0; \ /* Apply P to N as a mask, making the inactive elements 0. */ \ n &= expand_pred_h(p); \ - sum += (NTYPE)(n >> 0) * (MTYPE)(m >> 0); \ - sum += (NTYPE)(n >> 16) * (MTYPE)(m >> 16); \ - sum += (NTYPE)(n >> 32) * (MTYPE)(m >> 32); \ - sum += (NTYPE)(n >> 48) * (MTYPE)(m >> 48); \ + sum += (int64_t)(NTYPE)(n >> 0) * (MTYPE)(m >> 0); \ + sum += (int64_t)(NTYPE)(n >> 16) * (MTYPE)(m >> 16); \ + sum += (int64_t)(NTYPE)(n >> 32) * (MTYPE)(m >> 32); \ + sum += (int64_t)(NTYPE)(n >> 48) * (MTYPE)(m >> 48); \ return neg ? a - sum : a + sum; \ } From patchwork Mon Jul 22 17:29:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 13738986 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 3DFE7C3DA59 for ; Mon, 22 Jul 2024 17:32:06 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sVwrZ-0000Fk-4S; Mon, 22 Jul 2024 13:30:17 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sVwrX-00006e-0i for qemu-devel@nongnu.org; Mon, 22 Jul 2024 13:30:15 -0400 Received: from mail-wm1-x32a.google.com ([2a00:1450:4864:20::32a]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sVwrP-0006O1-RH for qemu-devel@nongnu.org; Mon, 22 Jul 2024 13:30:13 -0400 Received: by mail-wm1-x32a.google.com with SMTP id 5b1f17b1804b1-427d2cc1c4eso32447365e9.1 for ; Mon, 22 Jul 2024 10:30:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1721669401; x=1722274201; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=sbbsiddWGomdgmf8A4MCaSQ4lYafoX1GSRn6PujArso=; b=vZSceE9/t1u2xvvepcrN1jjLZBO/pHm59pnHfxW4rLa2AlQlL0PdboXwD46nYylDYZ jNNhCXzErrTc0Ax1EogVvJA6wooY5ic/rF/+h3nG9V2FCL2YabQM3Z2TSG/98OyV6y9E oXmz9tA61NQ8QH4ylP5TNTGhj6t8wOY1Xdx96ebQkJpWEv+YJqqGK6hTVpfBz+bm2iaX Vv40FHJvihCM3fpcSX3LqliFmDl9Qa8aYA09TSUvn4bKoCH5XIwNfRwKW/7T1Oxc4fsw BDnqn9jcvetYUUyzZknbjSZOXHcV4GXJymyqcgk3Yw1YjSF0hUR6W9+CC1WxqvbZ5X79 Y6Xg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721669401; x=1722274201; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=sbbsiddWGomdgmf8A4MCaSQ4lYafoX1GSRn6PujArso=; b=cirzhwouGkVTBwIymPj48TEObHJGzTUzffggCiUj3GIR3T297MqE+O8fcOXHqR6xmT rKKrl2Y+v4SRWJIVk60MY6jJ4OIrNiJWutfcN667Mi8ZcDescUT4tBSK8B+BnUxVoDM0 0dk1Y8nyBGHrhszERBtZUanjrsZbuyfjp4y8oqWH9YnEyJIXM4Y8x5cmp3zmrvKruSNb wtvlyAYqvQkxwyLg7vs6dQdx6ilGUMyT2mgIg4PrRJWK8PsHdtVD/wBAoZ2OAVG0xCcR nzUetEthJqncxb8DXKyHbEgIbg1A39+8nd92K0tse2BamoD5pK93gJhVmAWVJwmqdttE muLg== X-Forwarded-Encrypted: i=1; AJvYcCWvm8KyLe3cTwJaLSpLS8U231PIDKVoIKSl6jRpPs5bleJX4QfRJG1ehbpYl7I2eKrYOk6o7Ikru4bvy/uZPsYCqgfOXAY= X-Gm-Message-State: AOJu0YwvRYqzJCC38cPRAkL97eNAvy/Zlf/gUouiYnKmaMUF7JqWobvp C3X2EBUNxbLoqyEzBSAW6Q8TWdYYRItkD9TwxP1SGYR3bw/6aSjRtyF47cb5vYI= X-Google-Smtp-Source: AGHT+IFScLrj7a7xZGF9KbmL/b6Qap7uNZ9kv86wDB+xJY0wejgmKMu11lO4DfPa6botSdOCL4/Lww== X-Received: by 2002:a05:600c:4f4f:b0:427:d8fd:458a with SMTP id 5b1f17b1804b1-427ed001c92mr4015635e9.19.1721669400910; Mon, 22 Jul 2024 10:30:00 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-427d68fa493sm138035665e9.10.2024.07.22.10.30.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Jul 2024 10:30:00 -0700 (PDT) From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org Subject: [PATCH 3/4] target/arm: Avoid shifts by -1 in tszimm_shr() and tszimm_shl() Date: Mon, 22 Jul 2024 18:29:56 +0100 Message-Id: <20240722172957.1041231-4-peter.maydell@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240722172957.1041231-1-peter.maydell@linaro.org> References: <20240722172957.1041231-1-peter.maydell@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::32a; envelope-from=peter.maydell@linaro.org; helo=mail-wm1-x32a.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org The function tszimm_esz() returns a shift amount, or possibly -1 in certain cases that correspond to unallocated encodings in the instruction set. We catch these later in the trans_ functions (generally with an "a-esz < 0" check), but before we do the decodetree-generated code will also call tszimm_shr() or tszimm_sl(), which will use the tszimm_esz() return value as a shift count without checking that it is not negative, which is undefined behaviour. Avoid the UB by checking the return value in tszimm_shr() and tszimm_shl(). Cc: qemu-stable@nongnu.org Resolves: Coverity CID 1547617, 1547694 Signed-off-by: Peter Maydell --- target/arm/tcg/translate-sve.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/target/arm/tcg/translate-sve.c b/target/arm/tcg/translate-sve.c index 798ab2bfb13..a72c2620960 100644 --- a/target/arm/tcg/translate-sve.c +++ b/target/arm/tcg/translate-sve.c @@ -50,13 +50,27 @@ static int tszimm_esz(DisasContext *s, int x) static int tszimm_shr(DisasContext *s, int x) { - return (16 << tszimm_esz(s, x)) - x; + /* + * We won't use the tszimm_shr() value if tszimm_esz() returns -1 (the + * trans function will check for esz < 0), so we can return any + * value we like from here in that case as long as we avoid UB. + */ + int esz = tszimm_esz(s, x); + if (esz < 0) { + return esz; + } + return (16 << esz) - x; } /* See e.g. LSL (immediate, predicated). */ static int tszimm_shl(DisasContext *s, int x) { - return x - (8 << tszimm_esz(s, x)); + /* As with tszimm_shr(), value will be unused if esz < 0 */ + int esz = tszimm_esz(s, x); + if (esz < 0) { + return esz; + } + return x - (8 << esz); } /* The SH bit is in bit 8. Extract the low 8 and shift. */ From patchwork Mon Jul 22 17:29:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 13738982 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 418BFC3DA59 for ; Mon, 22 Jul 2024 17:31:37 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sVwrb-0000Nm-0y; Mon, 22 Jul 2024 13:30:19 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sVwrX-00009y-Lg for qemu-devel@nongnu.org; Mon, 22 Jul 2024 13:30:15 -0400 Received: from mail-wm1-x329.google.com ([2a00:1450:4864:20::329]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sVwrP-0006OK-QY for qemu-devel@nongnu.org; Mon, 22 Jul 2024 13:30:15 -0400 Received: by mail-wm1-x329.google.com with SMTP id 5b1f17b1804b1-4279c10a40eso33449335e9.3 for ; Mon, 22 Jul 2024 10:30:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1721669401; x=1722274201; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=bf7ARIytQmQRzsKfx3SaAbLzTh/grrFtr44A30HzPU4=; b=SEf5FqNR1Kdi9mAFGhw0ttVr9xsmgCnV4h8F/5x2NiHuy37gME1nKEBiS1YMH+NXvh LPpjXwIcOXTIzgtuG+clshOdC1WxZMs+S5/l197iPSvX2Hu73T59VDV5T4CPEhFhjbsf Y/YA/IcV1tXGcK9aF/is/Gbv4D1Cdvzk+/I5+eecGcoDDWLpOPQxi61vxeVFxL9XDdI/ S50gbxhzcAE5HsdEcJrqMixmb8LcWYpNhmBsi9hrQKXHBnp4tO7H0rRhYUUEHIOdO/Te XaNh5e8uqkLuiyfq8N+ENAw+DT9IWbYFn3pZcdOojXz/uCY2TbQz6q3RyU7et4cNzNvw pePw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721669401; x=1722274201; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=bf7ARIytQmQRzsKfx3SaAbLzTh/grrFtr44A30HzPU4=; b=DxK/kF5adz5tWvRM/DFZBqvmwvEPrLFnOvehqXJJMbR+ftxA3wXsqdHxT/cbkReEZI oT3rYCk9fL3hruPT54yJTPoliNR5TTwLa9JEpLqp6ce5Wn0CyPA57YBqrOzSlY2Wjdp3 3hGQh2f5O01QwRAOTk7asrS3t/MQ4GRxTXeWPdOlEShyffJFMAlpZfhIJwY3GInc0zFs eopEA4NN6QKlRGRMLSG+jjsgBO+wcsi9qqguqZUgVot6iPd4Upyeuap1DCeaZunSPf0T lGJBY2EWcHk4uHZ0s1BBI+GhMckYISMxZcsjP42W9O/9JrG7xVnB3ae2QWMKM2Er8UM6 vJUQ== X-Forwarded-Encrypted: i=1; AJvYcCW/Wnxc9XNaWee4fvy71w3FYASDkc8py3YIj5mVN0WAHRSTibxeHpUgPlezhJk7/pSbkFOaS3g4bYwJxkIwLcDoA1HjZUg= X-Gm-Message-State: AOJu0Yym/Dm/54rlQc4GNvd3+npV2Kdmn8SCeUUy+xD157HV4/fx7u8A +Bmph64ywzNrwtSaWNFpRa/kf/KwBEI+DRearn1ZLUUTTDIy3vleLS6dnOeMtAs= X-Google-Smtp-Source: AGHT+IEJGKPG9kmxwX0yIMsb0H4j3BHjvqG8H/6GM2GM0LnMLqSg4fijsXE0WM9PZrlMCFWBcbl1iQ== X-Received: by 2002:a05:600c:1c27:b0:426:62c5:4741 with SMTP id 5b1f17b1804b1-427dc515f90mr45072115e9.2.1721669401439; Mon, 22 Jul 2024 10:30:01 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-427d68fa493sm138035665e9.10.2024.07.22.10.30.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Jul 2024 10:30:01 -0700 (PDT) From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org Subject: [PATCH 4/4] target/arm: Ignore SMCR_EL2.LEN and SVCR_EL2.LEN if EL2 is not enabled Date: Mon, 22 Jul 2024 18:29:57 +0100 Message-Id: <20240722172957.1041231-5-peter.maydell@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240722172957.1041231-1-peter.maydell@linaro.org> References: <20240722172957.1041231-1-peter.maydell@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::329; envelope-from=peter.maydell@linaro.org; helo=mail-wm1-x329.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org When determining the current vector length, the SMCR_EL2.LEN and SVCR_EL2.LEN settings should only be considered if EL2 is enabled (compare the pseudocode CurrentSVL and CurrentNSVL which call EL2Enabled()). We were checking against ARM_FEATURE_EL2 rather than calling arm_is_el2_enabled(), which meant that we would look at SMCR_EL2/SVCR_EL2 when in Secure EL1 or Secure EL0 even if Secure EL2 was not enabled. Use the correct check in sve_vqm1_for_el_sm(). Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell --- target/arm/helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index ce319572354..8fb4b474e83 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -7232,7 +7232,7 @@ uint32_t sve_vqm1_for_el_sm(CPUARMState *env, int el, bool sm) if (el <= 1 && !el_is_in_host(env, el)) { len = MIN(len, 0xf & (uint32_t)cr[1]); } - if (el <= 2 && arm_feature(env, ARM_FEATURE_EL2)) { + if (el <= 2 && arm_is_el2_enabled(env)) { len = MIN(len, 0xf & (uint32_t)cr[2]); } if (arm_feature(env, ARM_FEATURE_EL3)) {