841956ecbc
- tests: bump QOS_PATH_MAX_ELEMENT_SIZE again - softmmu/physmem: fix memory leak in dirty_memory_extend() - crypto: run qcrypto_pbkdf2_count_iters in a new thread - hw/audio/virtio-sound: fix heap buffer overflow - hw/intc/arm_gic: fix spurious level triggered interrupts - ui/sdl2: set swap interval explicitly when OpenGL is enabled - target/riscv/kvm: tolerate KVM disable ext errors - virtio: remove virtio_tswap16s() call in vring_packed_event_read() - block: fix -Werror=maybe-uninitialized false-positive - hw/remote/vfio-user: Fix config space access byte order - hw/loongarch/virt: Fix memory leak - hw/intc/riscv_aplic: APLICs should add child earlier than realize - stdvga: fix screen blanking - ui/gtk: Draw guest frame at refresh cycle - target/i386: fix size of EBP writeback in gen_enter() - virtio-net: drop too short packets early - target/ppc: Fix lxv/stxv MSR facility check - target/ppc: Fix lxvx/stxvx facility check - virtio-snd: add max size bounds check in input cb(CVE-2024-7730) Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com> (cherry picked from commit e2eb79f1867bb8d8d870e758f06d2a32b3a4fc8a)
64 lines
2.1 KiB
Diff
64 lines
2.1 KiB
Diff
From 67ce79a910ab02d8c1e08a9ebfa6c5aae2e9d5af Mon Sep 17 00:00:00 2001
|
||
From: qihao_ss <qihao_yewu@cmss.chinamobile.com>
|
||
Date: Sun, 29 Sep 2024 06:44:29 -0400
|
||
Subject: [PATCH] target/ppc: Fix lxvx/stxvx facility check
|
||
MIME-Version: 1.0
|
||
Content-Type: text/plain; charset=UTF-8
|
||
Content-Transfer-Encoding: 8bit
|
||
|
||
cheery-pick from 8bded2e73e80823a67f730140788a3c5e60bf4b5
|
||
|
||
The XT check for the lxvx/stxvx instructions is currently
|
||
inverted. This was introduced during the move to decodetree.
|
||
|
||
>From the ISA:
|
||
Chapter 7. Vector-Scalar Extension Facility
|
||
Load VSX Vector Indexed X-form
|
||
|
||
lxvx XT,RA,RB
|
||
if TX=0 & MSR.VSX=0 then VSX_Unavailable()
|
||
if TX=1 & MSR.VEC=0 then Vector_Unavailable()
|
||
...
|
||
Let XT be the value 32×TX + T.
|
||
|
||
The code currently does the opposite:
|
||
|
||
if (paired || a->rt >= 32) {
|
||
REQUIRE_VSX(ctx);
|
||
} else {
|
||
REQUIRE_VECTOR(ctx);
|
||
}
|
||
|
||
This was already fixed for lxv/stxv at commit "2cc0e449d1 (target/ppc:
|
||
Fix lxv/stxv MSR facility check)", but the indexed forms were missed.
|
||
|
||
Cc: qemu-stable@nongnu.org
|
||
Fixes: 70426b5bb7 ("target/ppc: moved stxvx and lxvx from legacy to decodtree")
|
||
Signed-off-by: Fabiano Rosas <farosas@suse.de>
|
||
Reviewed-by: Claudio Fontana <cfontana@suse.de>
|
||
Acked-by: Ilya Leoshkevich <iii@linux.ibm.com>
|
||
Reviewed-by: Fabiano Rosas <farosas@suse.de>
|
||
Message-ID: <20240911141651.6914-1-farosas@suse.de>
|
||
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
|
||
Signed-off-by: qihao_yewu <qihao_yewu@cmss.chinamobile.com>
|
||
---
|
||
target/ppc/translate/vsx-impl.c.inc | 2 +-
|
||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||
|
||
diff --git a/target/ppc/translate/vsx-impl.c.inc b/target/ppc/translate/vsx-impl.c.inc
|
||
index 6db87ab336..a2020da9fd 100644
|
||
--- a/target/ppc/translate/vsx-impl.c.inc
|
||
+++ b/target/ppc/translate/vsx-impl.c.inc
|
||
@@ -2292,7 +2292,7 @@ static bool do_lstxv_PLS_D(DisasContext *ctx, arg_PLS_D *a,
|
||
|
||
static bool do_lstxv_X(DisasContext *ctx, arg_X *a, bool store, bool paired)
|
||
{
|
||
- if (paired || a->rt >= 32) {
|
||
+ if (paired || a->rt < 32) {
|
||
REQUIRE_VSX(ctx);
|
||
} else {
|
||
REQUIRE_VECTOR(ctx);
|
||
--
|
||
2.41.0.windows.1
|
||
|