841956ecbc
- tests: bump QOS_PATH_MAX_ELEMENT_SIZE again - softmmu/physmem: fix memory leak in dirty_memory_extend() - crypto: run qcrypto_pbkdf2_count_iters in a new thread - hw/audio/virtio-sound: fix heap buffer overflow - hw/intc/arm_gic: fix spurious level triggered interrupts - ui/sdl2: set swap interval explicitly when OpenGL is enabled - target/riscv/kvm: tolerate KVM disable ext errors - virtio: remove virtio_tswap16s() call in vring_packed_event_read() - block: fix -Werror=maybe-uninitialized false-positive - hw/remote/vfio-user: Fix config space access byte order - hw/loongarch/virt: Fix memory leak - hw/intc/riscv_aplic: APLICs should add child earlier than realize - stdvga: fix screen blanking - ui/gtk: Draw guest frame at refresh cycle - target/i386: fix size of EBP writeback in gen_enter() - virtio-net: drop too short packets early - target/ppc: Fix lxv/stxv MSR facility check - target/ppc: Fix lxvx/stxvx facility check - virtio-snd: add max size bounds check in input cb(CVE-2024-7730) Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com> (cherry picked from commit e2eb79f1867bb8d8d870e758f06d2a32b3a4fc8a)
50 lines
1.9 KiB
Diff
50 lines
1.9 KiB
Diff
From a8b171a0e5be721ee173a533f98594f62b0f0250 Mon Sep 17 00:00:00 2001
|
|
From: qihao_yewu <qihao_yewu@cmss.chinamobile.com>
|
|
Date: Sun, 29 Sep 2024 07:07:36 -0400
|
|
Subject: [PATCH] target/ppc: Fix lxv/stxv MSR facility check
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
cheery-pick from 2cc0e449d17310877fb28a942d4627ad22bb68ea
|
|
|
|
The move to decodetree flipped the inequality test for the VEC / VSX
|
|
MSR facility check.
|
|
|
|
This caused application crashes under Linux, where these facility
|
|
unavailable interrupts are used for lazy-switching of VEC/VSX register
|
|
sets. Getting the incorrect interrupt would result in wrong registers
|
|
being loaded, potentially overwriting live values and/or exposing
|
|
stale ones.
|
|
|
|
Cc: qemu-stable@nongnu.org
|
|
Reported-by: Joel Stanley <joel@jms.id.au>
|
|
Fixes: 70426b5bb738 ("target/ppc: moved stxvx and lxvx from legacy to decodtree")
|
|
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1769
|
|
Reviewed-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
|
|
Tested-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
|
|
Reviewed-by: Cédric Le Goater <clg@kaod.org>
|
|
Tested-by: Cédric Le Goater <clg@kaod.org>
|
|
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
|
|
Signed-off-by: qihao_yewu <qihao_yewu@cmss.chinamobile.com>
|
|
---
|
|
target/ppc/translate/vsx-impl.c.inc | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/target/ppc/translate/vsx-impl.c.inc b/target/ppc/translate/vsx-impl.c.inc
|
|
index 6db87ab336..0266f09119 100644
|
|
--- a/target/ppc/translate/vsx-impl.c.inc
|
|
+++ b/target/ppc/translate/vsx-impl.c.inc
|
|
@@ -2268,7 +2268,7 @@ static bool do_lstxv(DisasContext *ctx, int ra, TCGv displ,
|
|
|
|
static bool do_lstxv_D(DisasContext *ctx, arg_D *a, bool store, bool paired)
|
|
{
|
|
- if (paired || a->rt >= 32) {
|
|
+ if (paired || a->rt < 32) {
|
|
REQUIRE_VSX(ctx);
|
|
} else {
|
|
REQUIRE_VECTOR(ctx);
|
|
--
|
|
2.41.0.windows.1
|
|
|