diff mbox series

[1/1] target/arm: Fix arithmetic underflow in SETM instruction

Message ID 20241025024909.799989-1-ido.plat1@ibm.com (mailing list archive)
State New
Headers show
Series [1/1] target/arm: Fix arithmetic underflow in SETM instruction | expand

Commit Message

Ido Plat Oct. 25, 2024, 2:48 a.m. UTC 
Pass the stage size to step function callback,
otherwise do_setm would hang when size is larger then page size because stage size would underflow.
This fix changes do_setm to be more inline with do_setp.

Fixes: 0e92818887dee ("target/arm: Implement the SET* instructions")
Signed-off-by: Ido Plat <ido.plat1@ibm.com>
---
 target/arm/tcg/helper-a64.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Richard Henderson Oct. 25, 2024, 3:13 p.m. UTC | #1 
On 10/25/24 03:48, Ido Plat wrote:
> Pass the stage size to step function callback,
> otherwise do_setm would hang when size is larger then page size because stage size would underflow.
> This fix changes do_setm to be more inline with do_setp.
> 
> Fixes: 0e92818887dee ("target/arm: Implement the SET* instructions")
> Signed-off-by: Ido Plat<ido.plat1@ibm.com>
> ---
>   target/arm/tcg/helper-a64.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)


Fixes: 0e92818887d ("target/arm: Implement the SET* instructions")
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>


r~
Michael Tokarev Oct. 25, 2024, 3:50 p.m. UTC | #2 
25.10.2024 05:48, Ido Plat wrote:
> Pass the stage size to step function callback,
> otherwise do_setm would hang when size is larger then page size because stage size would underflow.
> This fix changes do_setm to be more inline with do_setp.
> 
> Fixes: 0e92818887dee ("target/arm: Implement the SET* instructions")
> Signed-off-by: Ido Plat <ido.plat1@ibm.com>
> ---
>   target/arm/tcg/helper-a64.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/target/arm/tcg/helper-a64.c b/target/arm/tcg/helper-a64.c
> index 56b431faf5..8f42a28d07 100644
> --- a/target/arm/tcg/helper-a64.c
> +++ b/target/arm/tcg/helper-a64.c
> @@ -1348,7 +1348,7 @@ static void do_setm(CPUARMState *env, uint32_t syndrome, uint32_t mtedesc,
>       /* Do the actual memset: we leave the last partial page to SETE */
>       stagesetsize = setsize & TARGET_PAGE_MASK;
>       while (stagesetsize > 0) {
> -        step = stepfn(env, toaddr, setsize, data, memidx, &mtedesc, ra);
> +        step = stepfn(env, toaddr, stagesetsize, data, memidx, &mtedesc, ra);
>           toaddr += step;
>           setsize -= step;
>           stagesetsize -= step;
This also seems to be:

Cc: qemu-stable@nongnu.org

(Cc'ed now, there's no need to add it again).

Please let me know if it shouldn't.

Thanks,

/mjt
Peter Maydell Oct. 28, 2024, 3:32 p.m. UTC | #3 
On Fri, 25 Oct 2024 at 16:50, Michael Tokarev <mjt@tls.msk.ru> wrote:
>
> 25.10.2024 05:48, Ido Plat wrote:
> > Pass the stage size to step function callback,
> > otherwise do_setm would hang when size is larger then page size because stage size would underflow.
> > This fix changes do_setm to be more inline with do_setp.
> >
> > Fixes: 0e92818887dee ("target/arm: Implement the SET* instructions")
> > Signed-off-by: Ido Plat <ido.plat1@ibm.com>
> > ---
> >   target/arm/tcg/helper-a64.c | 2 +-
> >   1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/target/arm/tcg/helper-a64.c b/target/arm/tcg/helper-a64.c
> > index 56b431faf5..8f42a28d07 100644
> > --- a/target/arm/tcg/helper-a64.c
> > +++ b/target/arm/tcg/helper-a64.c
> > @@ -1348,7 +1348,7 @@ static void do_setm(CPUARMState *env, uint32_t syndrome, uint32_t mtedesc,
> >       /* Do the actual memset: we leave the last partial page to SETE */
> >       stagesetsize = setsize & TARGET_PAGE_MASK;
> >       while (stagesetsize > 0) {
> > -        step = stepfn(env, toaddr, setsize, data, memidx, &mtedesc, ra);
> > +        step = stepfn(env, toaddr, stagesetsize, data, memidx, &mtedesc, ra);
> >           toaddr += step;
> >           setsize -= step;
> >           stagesetsize -= step;
> This also seems to be:
>
> Cc: qemu-stable@nongnu.org
>
> (Cc'ed now, there's no need to add it again).
>
> Please let me know if it shouldn't.

Yes, I think it's stable material.



Applied to target-arm.next, thanks.

-- PMM
diff mbox series

Patch

diff --git a/target/arm/tcg/helper-a64.c b/target/arm/tcg/helper-a64.c
index 56b431faf5..8f42a28d07 100644
--- a/target/arm/tcg/helper-a64.c
+++ b/target/arm/tcg/helper-a64.c
@@ -1348,7 +1348,7 @@  static void do_setm(CPUARMState *env, uint32_t syndrome, uint32_t mtedesc,
     /* Do the actual memset: we leave the last partial page to SETE */
     stagesetsize = setsize & TARGET_PAGE_MASK;
     while (stagesetsize > 0) {
-        step = stepfn(env, toaddr, setsize, data, memidx, &mtedesc, ra);
+        step = stepfn(env, toaddr, stagesetsize, data, memidx, &mtedesc, ra);
         toaddr += step;
         setsize -= step;
         stagesetsize -= step;