[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Stable-8.0.1 47/59] target/arm: Fix vd == vm overlap in sve_ldff1_z
From: |
Michael Tokarev |
Subject: |
[Stable-8.0.1 47/59] target/arm: Fix vd == vm overlap in sve_ldff1_z |
Date: |
Tue, 23 May 2023 13:15:07 +0300 |
From: Richard Henderson <richard.henderson@linaro.org>
If vd == vm, copy vm to scratch, so that we can pre-zero
the output and still access the gather indicies.
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1612
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230504104232.1877774-1-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit a6771f2f5cbfbf312e2fb5b1627f38a6bf6321d0)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/target/arm/tcg/sve_helper.c b/target/arm/tcg/sve_helper.c
index ccf5e5beca..0097522470 100644
--- a/target/arm/tcg/sve_helper.c
+++ b/target/arm/tcg/sve_helper.c
@@ -6727,6 +6727,7 @@ void sve_ldff1_z(CPUARMState *env, void *vd, uint64_t
*vg, void *vm,
intptr_t reg_off;
SVEHostPage info;
target_ulong addr, in_page;
+ ARMVectorReg scratch;
/* Skip to the first true predicate. */
reg_off = find_next_active(vg, 0, reg_max, esz);
@@ -6736,6 +6737,11 @@ void sve_ldff1_z(CPUARMState *env, void *vd, uint64_t
*vg, void *vm,
return;
}
+ /* Protect against overlap between vd and vm. */
+ if (unlikely(vd == vm)) {
+ vm = memcpy(&scratch, vm, reg_max);
+ }
+
/*
* Probe the first element, allowing faults.
*/
--
2.39.2
- [Stable-8.0.1 38/59] s390x/pv: Fix spurious warning with asynchronous teardown, (continued)
- [Stable-8.0.1 38/59] s390x/pv: Fix spurious warning with asynchronous teardown, Michael Tokarev, 2023/05/23
- [Stable-8.0.1 35/59] s390x/tcg: Fix LDER instruction format, Michael Tokarev, 2023/05/23
- [Stable-8.0.1 42/59] linux-user: Fix mips fp64 executables loading, Michael Tokarev, 2023/05/23
- [Stable-8.0.1 39/59] util/async-teardown: wire up query-command-line-options, Michael Tokarev, 2023/05/23
- [Stable-8.0.1 40/59] docs/about/emulation: fix typo, Michael Tokarev, 2023/05/23
- [Stable-8.0.1 45/59] migration: Minor control flow simplification, Michael Tokarev, 2023/05/23
- [Stable-8.0.1 41/59] tests/docker: bump the xtensa base to debian:11-slim, Michael Tokarev, 2023/05/23
- [Stable-8.0.1 43/59] linux-user: fix getgroups/setgroups allocations, Michael Tokarev, 2023/05/23
- [Stable-8.0.1 44/59] migration: Handle block device inactivation failures better, Michael Tokarev, 2023/05/23
- [Stable-8.0.1 46/59] migration: Attempt disk reactivation in more failure scenarios, Michael Tokarev, 2023/05/23
- [Stable-8.0.1 47/59] target/arm: Fix vd == vm overlap in sve_ldff1_z,
Michael Tokarev <=
- [Stable-8.0.1 48/59] scsi-generic: fix buffer overflow on block limits inquiry, Michael Tokarev, 2023/05/23
- [Stable-8.0.1 50/59] target/i386: fix avx2 instructions vzeroall and vpermdq, Michael Tokarev, 2023/05/23
- [Stable-8.0.1 51/59] vhost: fix possible wrap in SVQ descriptor ring, Michael Tokarev, 2023/05/23
- [Stable-8.0.1 52/59] hw/pci: Disable PCI_ERR_UNCOR_MASK register for machine type < 8.0, Michael Tokarev, 2023/05/23
- [Stable-8.0.1 49/59] target/i386: fix operand size for VCOMI/VUCOMI instructions, Michael Tokarev, 2023/05/23
- [Stable-8.0.1 53/59] virtio-net: not enable vq reset feature unconditionally, Michael Tokarev, 2023/05/23
- [Stable-8.0.1 54/59] virtio-crypto: fix NULL pointer dereference in virtio_crypto_free_request, Michael Tokarev, 2023/05/23
- [Stable-8.0.1 55/59] aio-posix: do not nest poll handlers, Michael Tokarev, 2023/05/23
- [Stable-8.0.1 56/59] tested: add test for nested aio_poll() in poll handlers, Michael Tokarev, 2023/05/23
- [Stable-8.0.1 57/59] block: compile out assert_bdrv_graph_readable() by default, Michael Tokarev, 2023/05/23