qemu/target-arm-Fix-A64-scalar-SQSHRN-and-SQRSHRN.patch

From fe9725eed4d9be8e14d2c3865f1d7d5f24cbdd73 Mon Sep 17 00:00:00 2001
From: gubin <gubin_yewu@cmss.chinamobile.com>
Date: Thu, 28 Nov 2024 14:21:15 +0800
Subject: [PATCH] target/arm: Fix A64 scalar SQSHRN and SQRSHRN

cherry-pick from 6fffc8378562c7fea6290c430b4f653f830a4c1a

In commit 1b7bc9b5c8bf374dd we changed handle_vec_simd_sqshrn() so
that instead of starting with a 0 value and depositing in each new
element from the narrowing operation, it instead started with the raw
result of the narrowing operation of the first element.

This is fine in the vector case, because the deposit operations for
the second and subsequent elements will always overwrite any higher
bits that might have been in the first element's result value in
tcg_rd.  However in the scalar case we only go through this loop
once.  The effect is that for a signed narrowing operation, if the
result is negative then we will now return a value where the bits
above the first element are incorrectly 1 (because the narrowfn
returns a sign-extended result, not one that is truncated to the
element size).

Fix this by using an extract operation to get exactly the correct
bits of the output of the narrowfn for element 1, instead of a
plain move.

Cc: qemu-stable@nongnu.org
Fixes: 1b7bc9b5c8bf374dd3 ("target/arm: Avoid tcg_const_ptr in handle_vec_simd_sqshrn")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2089
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240123153416.877308-1-peter.maydell@linaro.org
Signed-off-by: gubin <gubin_yewu@cmss.chinamobile.com>
---
 target/arm/tcg/translate-a64.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
index 5560a53630..a05182b57f 100644
--- a/target/arm/tcg/translate-a64.c
+++ b/target/arm/tcg/translate-a64.c
@@ -8221,7 +8221,7 @@ static void handle_vec_simd_sqshrn(DisasContext *s, bool is_scalar, bool is_q,
         narrowfn(tcg_rd_narrowed, tcg_env, tcg_rd);
         tcg_gen_extu_i32_i64(tcg_rd, tcg_rd_narrowed);
         if (i == 0) {
-            tcg_gen_mov_i64(tcg_final, tcg_rd);
+            tcg_gen_extract_i64(tcg_final, tcg_rd, 0, esize);
         } else {
             tcg_gen_deposit_i64(tcg_final, tcg_final, tcg_rd, esize * i, esize);
         }
-- 
2.41.0.windows.1
QEMU update to version 8.2.0-29: - target/i386: csv: Support inject secret for CSV3 guest only if the extension is enabled - target/i386: csv: Support load kernel hashes for CSV3 guest only if the extension is enabled - target/i386: csv: Request to set private memory of CSV3 guest if the extension is enabled - target/i386: kvm: Support to get and enable extensions for Hygon CoCo guest - qapi/qom,target/i386: csv-guest: Introduce secret-header-file=str and secret-file=str options - bakcend: VirtCCA:resolve hugepage memory waste issue in vhost-user scenario - parallels: fix ext_off assertion failure due to overflow - backends/cryptodev-vhost-user: Fix local_error leaks - hw/usb/hcd-ehci: Fix debug printf format string - target/riscv/vector_helper.c: fix 'vmvr_v' memcpy endianess - target/riscv/vector_helper.c: optimize loops in ldst helpers - target/riscv/vector_helper.c: set vstart = 0 in GEN_VEXT_VSLIDEUP_VX() - target/hexagon: don't look for static glib - virtio-net: Fix network stall at the host side waiting for kick - Add if condition to avoid assertion failed error in blockdev_init - target/arm: Use float_status copy in sme_fmopa_s - target/arm: take HSTR traps of cp15 accesses to EL2, not EL1 - target/arm: Reinstate "vfp" property on AArch32 CPUs - target/i386/cpu: Fix notes for CPU models - target/arm: LDAPR should honour SCTLR_ELx.nAA - target/riscv: Avoid bad shift in riscv_cpu_do_interrupt() - hvf: remove unused but set variable - hw/misc/nrf51_rng: Don't use BIT_MASK() when we mean BIT() - Avoid taking address of out-of-bounds array index - target/arm: Fix VCMLA Dd, Dn, Dm[idx] - target/arm: Fix UMOPA/UMOPS of 16-bit values - target/arm: Fix SVE/SME gross MTE suppression checks - target/arm: Fix nregs computation in do_{ld,st}_zpa - crypto: fix error check on gcry_md_open - Change vmstate_cpuhp_sts vmstateDescription version_id - hw/pci: Remove unused pci_irq_pulse() method - hw/intc: Don't clear pending bits on IRQ lowering - target/arm: Drop user-only special case in sve_stN_r - migration: Ensure vmstate_save() sets errp - target/i386: fix hang when using slow path for ptw_setl - contrib/plugins: add compat for g_memdup2 - hw/audio/hda: fix memory leak on audio setup - crypto: perform runtime check for hash/hmac support in gcrypt - target/arm: Fix incorrect aa64_tidcp1 feature check - target/arm: fix exception syndrome for AArch32 bkpt insn - target/arm: Don't get MDCR_EL2 in pmu_counter_enabled() before checking ARM_FEATURE_PMU - linux-user: Print tid not pid with strace - target/arm: Fix A64 scalar SQSHRN and SQRSHRN - target/arm: Don't assert for 128-bit tile accesses when SVL is 128 - hw/timer/exynos4210_mct: fix possible int overflow - target/arm: Avoid shifts by -1 in tszimm_shr() and tszimm_shl() - hw/audio/virtio-snd: Always use little endian audio format - target/riscv: Fix vcompress with rvv_ta_all_1s - usb-hub: Fix handling port power control messages Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com> (cherry picked from commit d4a20b24ff377fd07fcbf2b72eecaf07a3ac4cc0) 2025-02-21 15:08:43 +08:00			`From fe9725eed4d9be8e14d2c3865f1d7d5f24cbdd73 Mon Sep 17 00:00:00 2001`
			`From: gubin <gubin_yewu@cmss.chinamobile.com>`
			`Date: Thu, 28 Nov 2024 14:21:15 +0800`
			`Subject: [PATCH] target/arm: Fix A64 scalar SQSHRN and SQRSHRN`

			`cherry-pick from 6fffc8378562c7fea6290c430b4f653f830a4c1a`

			`In commit 1b7bc9b5c8bf374dd we changed handle_vec_simd_sqshrn() so`
			`that instead of starting with a 0 value and depositing in each new`
			`element from the narrowing operation, it instead started with the raw`
			`result of the narrowing operation of the first element.`

			`This is fine in the vector case, because the deposit operations for`
			`the second and subsequent elements will always overwrite any higher`
			`bits that might have been in the first element's result value in`
			`tcg_rd. However in the scalar case we only go through this loop`
			`once. The effect is that for a signed narrowing operation, if the`
			`result is negative then we will now return a value where the bits`
			`above the first element are incorrectly 1 (because the narrowfn`
			`returns a sign-extended result, not one that is truncated to the`
			`element size).`

			`Fix this by using an extract operation to get exactly the correct`
			`bits of the output of the narrowfn for element 1, instead of a`
			`plain move.`

			`Cc: qemu-stable@nongnu.org`
			`Fixes: 1b7bc9b5c8bf374dd3 ("target/arm: Avoid tcg_const_ptr in handle_vec_simd_sqshrn")`
			`Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2089`
			`Signed-off-by: Peter Maydell <peter.maydell@linaro.org>`
			`Reviewed-by: Richard Henderson <richard.henderson@linaro.org>`
			`Message-id: 20240123153416.877308-1-peter.maydell@linaro.org`
			`Signed-off-by: gubin <gubin_yewu@cmss.chinamobile.com>`
			`---`
			`target/arm/tcg/translate-a64.c \| 2 +-`
			`1 file changed, 1 insertion(+), 1 deletion(-)`

			`diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c`
			`index 5560a53630..a05182b57f 100644`
			`--- a/target/arm/tcg/translate-a64.c`
			`+++ b/target/arm/tcg/translate-a64.c`
			`@@ -8221,7 +8221,7 @@ static void handle_vec_simd_sqshrn(DisasContext *s, bool is_scalar, bool is_q,`
			`narrowfn(tcg_rd_narrowed, tcg_env, tcg_rd);`
			`tcg_gen_extu_i32_i64(tcg_rd, tcg_rd_narrowed);`
			`if (i == 0) {`
			`- tcg_gen_mov_i64(tcg_final, tcg_rd);`
			`+ tcg_gen_extract_i64(tcg_final, tcg_rd, 0, esize);`
			`} else {`
			`tcg_gen_deposit_i64(tcg_final, tcg_final, tcg_rd, esize * i, esize);`
			`}`
			`--`
			`2.41.0.windows.1`