From patchwork Mon Jun 12 11:32:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastian Koppelmann X-Patchwork-Id: 13276380 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id A31B2C7EE23 for ; Mon, 12 Jun 2023 11:34:03 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1q8fo2-0000PN-TU; Mon, 12 Jun 2023 07:33:54 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q8fnw-0000OO-54 for qemu-devel@nongnu.org; Mon, 12 Jun 2023 07:33:48 -0400 Received: from hoth.uni-paderborn.de ([2001:638:502:c003::19]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q8fnu-0006qV-E8 for qemu-devel@nongnu.org; Mon, 12 Jun 2023 07:33:47 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.uni-paderborn.de; s=20170601; h=Content-Transfer-Encoding:MIME-Version :References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=hm3vwkpzwmMhCiQiPbgq2KR+H9G/vRqoxZasMqy5Xlk=; b=bAYKJxCJQX/0/BHJmdl40kxpQ/ 4zdEI5hhArsZvhPmDpF+h4xPwcsukGbkn/NekuNiBw3O21sacGnrLImal+/6XWmby3bvsCZEirE+i GG2qdBp2M83QfXIXzeaxZSnZWtZF7gxAxdNXHIdAHvz1/2I46g/EP3x0ogtEHTujHS5U=; X-Envelope-From: From: Bastian Koppelmann To: qemu-devel@nongnu.org Cc: kbastian@mail.uni-paderborn.de, Siqi Chen Subject: [PATCH 1/4] target/tricore: Fix out-of-bounds index in imask instruction Date: Mon, 12 Jun 2023 13:32:42 +0200 Message-Id: <20230612113245.56667-2-kbastian@mail.uni-paderborn.de> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230612113245.56667-1-kbastian@mail.uni-paderborn.de> References: <20230612113245.56667-1-kbastian@mail.uni-paderborn.de> MIME-Version: 1.0 X-PMX-Version: 6.4.9.2830568, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2023.6.12.112716, AntiVirus-Engine: 6.0.0, AntiVirus-Data: 2023.6.6.600001 X-Sophos-SenderHistory: ip=79.202.219.6, fs=414515, da=174178688, mc=45, sc=0, hc=45, sp=0, fso=414515, re=0, sd=0, hd=0 X-IMT-Source: Intern X-IMT-Spam-Score: 0.0 () X-IMT-Authenticated-Sender: uid=kbastian,ou=People,o=upb,c=de Received-SPF: pass client-ip=2001:638:502:c003::19; envelope-from=kbastian@mail.uni-paderborn.de; helo=hoth.uni-paderborn.de X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Siqi Chen When translating "imask" instruction of Tricore architecture, QEMU did not check whether the register index was out of bounds, resulting in a global-buffer-overflow. Reviewed-by: Bastian Koppelmann Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1698 Reported-by: Siqi Chen Signed-off-by: Siqi Chen Message-Id: <20230612065633.149152-1-coc.cyqh@gmail.com> --- target/tricore/translate.c | 1 + 1 file changed, 1 insertion(+) diff --git a/target/tricore/translate.c b/target/tricore/translate.c index cd33a1dcdd..3b8d3f53ee 100644 --- a/target/tricore/translate.c +++ b/target/tricore/translate.c @@ -5331,6 +5331,7 @@ static void decode_rcrw_insert(DisasContext *ctx) switch (op2) { case OPC2_32_RCRW_IMASK: + CHECK_REG_PAIR(r4); tcg_gen_andi_tl(temp, cpu_gpr_d[r3], 0x1f); tcg_gen_movi_tl(temp2, (1 << width) - 1); tcg_gen_shl_tl(cpu_gpr_d[r4 + 1], temp2, temp); From patchwork Mon Jun 12 11:32:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastian Koppelmann X-Patchwork-Id: 13276383 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id EB25FC7EE25 for ; Mon, 12 Jun 2023 11:34:29 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1q8fo4-0000Pv-Lk; Mon, 12 Jun 2023 07:33:56 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q8fo3-0000Pb-Ba for qemu-devel@nongnu.org; Mon, 12 Jun 2023 07:33:55 -0400 Received: from hoth.uni-paderborn.de ([2001:638:502:c003::19]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q8fo1-0006rj-Ah for qemu-devel@nongnu.org; Mon, 12 Jun 2023 07:33:55 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.uni-paderborn.de; s=20170601; h=Content-Transfer-Encoding:MIME-Version :References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=zvWGuccmfDF/BFNxmZxGjWdxLXMle9AUlWSWqEAquYg=; b=Bg34g7+lRAuVByMshlWkx2u9/H A4NjB32UYPDuu5iWWq6MpyTl7dixx+FmJTQLFgTiOSRIEXDov6h1m4xRLw9X+0VCKQNYb3Nz9V7sh K6U2aVBhdoFshu6s/xbFKfSaJUvVLepE8LRZzl2ThJdx0deILBFM/Yr0vifJXQd2EOOs=; X-Envelope-From: From: Bastian Koppelmann To: qemu-devel@nongnu.org Cc: kbastian@mail.uni-paderborn.de Subject: [PATCH 2/4] target/tricore: Correctly fix saving PSW.CDE to CSA on call Date: Mon, 12 Jun 2023 13:32:43 +0200 Message-Id: <20230612113245.56667-3-kbastian@mail.uni-paderborn.de> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230612113245.56667-1-kbastian@mail.uni-paderborn.de> References: <20230612113245.56667-1-kbastian@mail.uni-paderborn.de> MIME-Version: 1.0 X-PMX-Version: 6.4.9.2830568, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2023.6.12.112716, AntiVirus-Engine: 6.0.0, AntiVirus-Data: 2023.6.6.600001 X-Sophos-SenderHistory: ip=79.202.219.6, fs=414521, da=174178694, mc=47, sc=0, hc=47, sp=0, fso=414521, re=0, sd=0, hd=0 X-IMT-Source: Intern X-IMT-Spam-Score: 0.0 () X-IMT-Authenticated-Sender: uid=kbastian,ou=People,o=upb,c=de Received-SPF: pass client-ip=2001:638:502:c003::19; envelope-from=kbastian@mail.uni-paderborn.de; helo=hoth.uni-paderborn.de X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org we don't want to save PSW.CDC to the CSA, but PSW.CDE must be saved. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1699 Signed-off-by: Bastian Koppelmann --- target/tricore/op_helper.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/target/tricore/op_helper.c b/target/tricore/op_helper.c index 54f54811d9..d3c836ecd9 100644 --- a/target/tricore/op_helper.c +++ b/target/tricore/op_helper.c @@ -2447,7 +2447,12 @@ void helper_call(CPUTriCoreState *env, uint32_t next_pc) } /* PSW.CDE = 1;*/ psw |= MASK_PSW_CDE; - psw_write(env, psw); + /* + * we need to save PSW.CDE and not PSW.CDC into the CSAs. psw already + * contains the CDC from cdc_increment(), so we cannot call psw_write() + * here. + */ + env->PSW |= MASK_PSW_CDE; /* tmp_FCX = FCX; */ tmp_FCX = env->FCX; From patchwork Mon Jun 12 11:32:44 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastian Koppelmann X-Patchwork-Id: 13276381 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 921EFC7EE23 for ; Mon, 12 Jun 2023 11:34:09 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1q8fo8-0000QM-QF; Mon, 12 Jun 2023 07:34:00 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q8fo7-0000QA-Jg for qemu-devel@nongnu.org; Mon, 12 Jun 2023 07:33:59 -0400 Received: from hoth.uni-paderborn.de ([2001:638:502:c003::19]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q8fo5-0006s8-T1 for qemu-devel@nongnu.org; Mon, 12 Jun 2023 07:33:59 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.uni-paderborn.de; s=20170601; h=Content-Transfer-Encoding:MIME-Version :References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=GEvRYU1CuroKRaAfeXOGUElYYVyWSGJQz9WSKG0SJ2s=; b=YOYg834bcyGEbcYg3bEkvg/TLj rfBAu/cdqEg/K3xn72JcJwvtBQtuidn/F8Yeun6mXsQ7Yu5R+9/Z0LWwqYLsZLl5x6Sbfni9NlTTE djSTrSK7g3kMNnYCFuH1pGaEXfmw7peGleTL1XW9sw4JY/zl4WX7ayByJ2TDs1bsjCmw=; X-Envelope-From: From: Bastian Koppelmann To: qemu-devel@nongnu.org Cc: kbastian@mail.uni-paderborn.de, Siqi Chen Subject: [PATCH 3/4] target/tricore: Add CHECK_REG_PAIR() for insn accessing 64 bit regs Date: Mon, 12 Jun 2023 13:32:44 +0200 Message-Id: <20230612113245.56667-4-kbastian@mail.uni-paderborn.de> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230612113245.56667-1-kbastian@mail.uni-paderborn.de> References: <20230612113245.56667-1-kbastian@mail.uni-paderborn.de> MIME-Version: 1.0 X-PMX-Version: 6.4.9.2830568, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2023.6.12.112716, AntiVirus-Engine: 6.0.0, AntiVirus-Data: 2023.6.6.600001 X-Sophos-SenderHistory: ip=79.202.219.6, fs=414527, da=174178700, mc=49, sc=0, hc=49, sp=0, fso=414527, re=0, sd=0, hd=0 X-IMT-Source: Intern X-IMT-Spam-Score: 0.0 () X-IMT-Authenticated-Sender: uid=kbastian,ou=People,o=upb,c=de Received-SPF: pass client-ip=2001:638:502:c003::19; envelope-from=kbastian@mail.uni-paderborn.de; helo=hoth.uni-paderborn.de X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org some insns were not checking if an even index was used to access a 64 bit register. In the worst case that could lead to a buffer overflow as reported in https://gitlab.com/qemu-project/qemu/-/issues/1698. Reported-by: Siqi Chen Signed-off-by: Bastian Koppelmann --- target/tricore/translate.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/target/tricore/translate.c b/target/tricore/translate.c index 3b8d3f53ee..2a947e9bd5 100644 --- a/target/tricore/translate.c +++ b/target/tricore/translate.c @@ -309,6 +309,7 @@ static void gen_cmpswap(DisasContext *ctx, int reg, TCGv ea) { TCGv temp = tcg_temp_new(); TCGv temp2 = tcg_temp_new(); + CHECK_REG_PAIR(reg); tcg_gen_qemu_ld_tl(temp, ea, ctx->mem_idx, MO_LEUL); tcg_gen_movcond_tl(TCG_COND_EQ, temp2, cpu_gpr_d[reg+1], temp, cpu_gpr_d[reg], temp); @@ -321,7 +322,7 @@ static void gen_swapmsk(DisasContext *ctx, int reg, TCGv ea) TCGv temp = tcg_temp_new(); TCGv temp2 = tcg_temp_new(); TCGv temp3 = tcg_temp_new(); - + CHECK_REG_PAIR(reg); tcg_gen_qemu_ld_tl(temp, ea, ctx->mem_idx, MO_LEUL); tcg_gen_and_tl(temp2, cpu_gpr_d[reg], cpu_gpr_d[reg+1]); tcg_gen_andc_tl(temp3, temp, cpu_gpr_d[reg+1]); @@ -3219,6 +3220,7 @@ static void decode_src_opc(DisasContext *ctx, int op1) break; case OPC1_16_SRC_MOV_E: if (has_feature(ctx, TRICORE_FEATURE_16)) { + CHECK_REG_PAIR(r1); tcg_gen_movi_tl(cpu_gpr_d[r1], const4); tcg_gen_sari_tl(cpu_gpr_d[r1+1], cpu_gpr_d[r1], 31); } else { @@ -6172,6 +6174,7 @@ static void decode_rr_divide(DisasContext *ctx) tcg_gen_sari_tl(cpu_gpr_d[r3+1], cpu_gpr_d[r1], 31); break; case OPC2_32_RR_DVINIT_U: + CHECK_REG_PAIR(r3); /* overflow = (D[b] == 0) */ tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_PSW_V, cpu_gpr_d[r2], 0); tcg_gen_shli_tl(cpu_PSW_V, cpu_PSW_V, 31); @@ -6200,6 +6203,7 @@ static void decode_rr_divide(DisasContext *ctx) break; case OPC2_32_RR_DIV: if (has_feature(ctx, TRICORE_FEATURE_16)) { + CHECK_REG_PAIR(r3); GEN_HELPER_RR(divide, cpu_gpr_d[r3], cpu_gpr_d[r3+1], cpu_gpr_d[r1], cpu_gpr_d[r2]); } else { @@ -6208,6 +6212,7 @@ static void decode_rr_divide(DisasContext *ctx) break; case OPC2_32_RR_DIV_U: if (has_feature(ctx, TRICORE_FEATURE_16)) { + CHECK_REG_PAIR(r3); GEN_HELPER_RR(divide_u, cpu_gpr_d[r3], cpu_gpr_d[r3+1], cpu_gpr_d[r1], cpu_gpr_d[r2]); } else { @@ -6734,6 +6739,8 @@ static void decode_rrr2_msub(DisasContext *ctx) cpu_gpr_d[r3], cpu_gpr_d[r3+1], cpu_gpr_d[r2]); break; case OPC2_32_RRR2_MSUB_U_64: + CHECK_REG_PAIR(r4); + CHECK_REG_PAIR(r3); gen_msubu64_d(cpu_gpr_d[r4], cpu_gpr_d[r4+1], cpu_gpr_d[r1], cpu_gpr_d[r3], cpu_gpr_d[r3+1], cpu_gpr_d[r2]); break; @@ -7817,7 +7824,7 @@ static void decode_rrrw_extract_insert(DisasContext *ctx) break; case OPC2_32_RRRW_IMASK: temp2 = tcg_temp_new(); - + CHECK_REG_PAIR(r4); tcg_gen_andi_tl(temp, cpu_gpr_d[r3], 0x1f); tcg_gen_movi_tl(temp2, (1 << width) - 1); tcg_gen_shl_tl(temp2, temp2, temp); From patchwork Mon Jun 12 11:32:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastian Koppelmann X-Patchwork-Id: 13276384 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id D9116C7EE43 for ; Mon, 12 Jun 2023 11:34:42 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1q8foH-0000lf-SQ; Mon, 12 Jun 2023 07:34:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q8foG-0000hG-1z for qemu-devel@nongnu.org; Mon, 12 Jun 2023 07:34:08 -0400 Received: from zuban.uni-paderborn.de ([2001:638:502:c003::17]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q8foE-0006sV-46 for qemu-devel@nongnu.org; Mon, 12 Jun 2023 07:34:07 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.uni-paderborn.de; s=20170601; h=Content-Transfer-Encoding:MIME-Version :References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=YVftmQToCRNb71WxrBVkNdgWzdYO7ofSPJ6DpBau990=; b=Ur00b7BAl5ufe9JjX+OAk7ikou feHQMTdziJUcDSBFrSVUSWMSMQmb86WCLkylHGA8fYUhNA3t3fPAvMhls2p5sk2cru5IA1J2/2V7m MJGKrWR1xNEbDxODORZPv3wMO/Rwy/VNIfJTW+nZL3AGl9RZ5XjaUDcUXPg9hJEaS5LY=; X-Envelope-From: From: Bastian Koppelmann To: qemu-devel@nongnu.org Cc: kbastian@mail.uni-paderborn.de Subject: [PATCH 4/4] target/tricore: Fix helper_ret() not correctly restoring PSW Date: Mon, 12 Jun 2023 13:32:45 +0200 Message-Id: <20230612113245.56667-5-kbastian@mail.uni-paderborn.de> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230612113245.56667-1-kbastian@mail.uni-paderborn.de> References: <20230612113245.56667-1-kbastian@mail.uni-paderborn.de> MIME-Version: 1.0 X-PMX-Version: 6.4.9.2830568, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2023.6.12.112120, AntiVirus-Engine: 6.0.0, AntiVirus-Data: 2023.6.6.600001 X-Sophos-SenderHistory: ip=79.202.219.6, fs=414533, da=174178706, mc=51, sc=0, hc=51, sp=0, fso=414533, re=0, sd=0, hd=0 X-IMT-Source: Intern X-IMT-Spam-Score: 0.0 () X-IMT-Authenticated-Sender: uid=kbastian,ou=People,o=upb,c=de Received-SPF: pass client-ip=2001:638:502:c003::17; envelope-from=kbastian@mail.uni-paderborn.de; helo=zuban.uni-paderborn.de X-Spam_score_int: -42 X-Spam_score: -4.3 X-Spam_bar: ---- X-Spam_report: (-4.3 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org We are always taking the TRICORE_FEATURE_13 branch as every CPU has TRICORE_FEATURE_13. For CPUs with ISA > 1.3 we have to take the else branch. We fix this by inverting the condition. We check for TRICORE_FEATURE_131, which every CPU except TRICORE_FEATURE_13 CPUs have. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1700 Signed-off-by: Bastian Koppelmann --- target/tricore/op_helper.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/target/tricore/op_helper.c b/target/tricore/op_helper.c index d3c836ecd9..cbc46b2a5f 100644 --- a/target/tricore/op_helper.c +++ b/target/tricore/op_helper.c @@ -2532,12 +2532,12 @@ void helper_ret(CPUTriCoreState *env) /* PCXI = new_PCXI; */ env->PCXI = new_PCXI; - if (tricore_feature(env, TRICORE_FEATURE_13)) { - /* PSW = new_PSW */ - psw_write(env, new_PSW); - } else { + if (tricore_feature(env, TRICORE_FEATURE_131)) { /* PSW = {new_PSW[31:26], PSW[25:24], new_PSW[23:0]}; */ psw_write(env, (new_PSW & ~(0x3000000)) + (psw & (0x3000000))); + } else { /* TRICORE_FEATURE_13 only */ + /* PSW = new_PSW */ + psw_write(env, new_PSW); } }