[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 09/64] target/xtensa: fix access ring in l32ex
From: |
Michael Roth |
Subject: |
[PATCH 09/64] target/xtensa: fix access ring in l32ex |
Date: |
Tue, 19 Oct 2021 09:08:49 -0500 |
From: Max Filippov <jcmvbkbc@gmail.com>
l32ex does memory access as all regular load/store operations at CRING
level. Fix apparent pasto from l32e that caused it to use RING instead.
This is a correctness issue, not a security issue, because in the worst
case the privilege level of memory access may be lowered, resulting in
an exception when the correct implementation would've succeeded.
In no case it would allow memory access that would've raised an
exception in the correct implementation.
Cc: qemu-stable@nongnu.org
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
(cherry picked from commit 735aa900e4bf57b777ac620bed7c88234ec4b601)
Signed-off-by: Michael Roth <michael.roth@amd.com>
---
target/xtensa/translate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/xtensa/translate.c b/target/xtensa/translate.c
index 0ae4efc48a..1678b65607 100644
--- a/target/xtensa/translate.c
+++ b/target/xtensa/translate.c
@@ -1817,7 +1817,7 @@ static void translate_l32ex(DisasContext *dc, const
OpcodeArg arg[],
tcg_gen_mov_i32(addr, arg[1].in);
gen_load_store_alignment(dc, 2, addr, true);
gen_check_exclusive(dc, addr, false);
- tcg_gen_qemu_ld_i32(arg[0].out, addr, dc->ring, MO_TEUL);
+ tcg_gen_qemu_ld_i32(arg[0].out, addr, dc->cring, MO_TEUL);
tcg_gen_mov_i32(cpu_exclusive_addr, addr);
tcg_gen_mov_i32(cpu_exclusive_val, arg[0].out);
tcg_temp_free(addr);
--
2.25.1
- [PATCH 00/64] Patch Round-up for stable 6.0.1, freeze on 2021-10-26, Michael Roth, 2021/10/19
- [PATCH 09/64] target/xtensa: fix access ring in l32ex,
Michael Roth <=
- [PATCH 10/64] qemu-option: support accept-any QemuOptsList in qemu_opts_absorb_qdict, Michael Roth, 2021/10/19
- [PATCH 11/64] qemu-config: load modules when instantiating option groups, Michael Roth, 2021/10/19
- [PATCH 12/64] qemu-config: parse configuration files to a QDict, Michael Roth, 2021/10/19
- [PATCH 13/64] vl: plumb keyval-based options into -readconfig, Michael Roth, 2021/10/19
- [PATCH 14/64] vl: plug -object back into -readconfig, Michael Roth, 2021/10/19
- [PATCH 15/64] sockets: update SOCKET_ADDRESS_TYPE_FD listen(2) backlog, Michael Roth, 2021/10/19
- [PATCH 16/64] hmp: Fix loadvm to resume the VM on success instead of failure, Michael Roth, 2021/10/19
- [PATCH 17/64] configure: fix detection of gdbus-codegen, Michael Roth, 2021/10/19
- [PATCH 18/64] vhost-vdpa: don't initialize backend_features, Michael Roth, 2021/10/19
- [PATCH 19/64] esp: only assert INTR_DC interrupt flag if selection fails, Michael Roth, 2021/10/19