qemu/target/arm
Peter Maydell c410772351 target/arm: Avoid over-length shift in arm_cpu_sve_finalize() error case
If you build QEMU with the clang sanitizer enabled, you can see it
fire when running the arm-cpu-features test:

$ QTEST_QEMU_BINARY=./build/arm-clang/qemu-system-aarch64 ./build/arm-clang/tests/qtest/arm-cpu-features
[...]
../../target/arm/cpu64.c:125:19: runtime error: shift exponent 64 is too large for 64-bit type 'unsigned long long'
[...]

This happens because the user can specify some incorrect SVE
properties that result in our calculating a max_vq of 0.  We catch
this and error out, but before we do that we calculate

 vq_mask = MAKE_64BIT_MASK(0, max_vq);$

and the MAKE_64BIT_MASK() call is only valid for lengths that are
greater than zero, so we hit the undefined behaviour.

Change the logic so that if max_vq is 0 we specifically set vq_mask
to 0 without going via MAKE_64BIT_MASK().  This lets us drop the
max_vq check from the error-exit logic, because if max_vq is 0 then
vq_map must now be 0.

The UB only happens in the case where the user passed us an incorrect
set of SVE properties, so it's not a big problem in practice.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230704154332.3014896-1-peter.maydell@linaro.org
2023-07-06 13:36:51 +01:00
..
hvf accel: Rename HVF 'struct hvf_vcpu_state' -> AccelCPUState 2023-06-28 14:14:22 +02:00
tcg target/arm: Define neoverse-v1 2023-07-06 13:30:10 +01:00
arch_dump.c dump: Replace opaque DumpState pointer with a typed one 2022-10-06 19:30:43 +04:00
arm-powerctl.c target/arm: Wrap arm_rebuild_hflags calls with tcg_enabled 2023-02-27 13:27:04 +00:00
arm-powerctl.h
arm-qmp-cmds.c target/arm: Restrict 'qapi-commands-machine.h' to system emulation 2023-03-02 07:51:06 +01:00
common-semi-target.h semihosting: Split out common-semi-target.h 2022-06-28 04:35:07 +05:30
cortex-regs.c target/arm: Saturate L2CTLR_EL1 core count field rather than overflowing 2023-05-18 11:39:33 +01:00
cpregs.h accel/tcg: Introduce translator_io_start 2023-06-05 12:04:29 -07:00
cpu64.c target/arm: Avoid over-length shift in arm_cpu_sve_finalize() error case 2023-07-06 13:36:51 +01:00
cpu-param.h target/arm: Remove NB_MMU_MODES define 2023-03-13 06:44:37 -07:00
cpu-qom.h target/arm: Convert to 3-phase reset 2022-12-16 15:58:15 +00:00
cpu.c target/arm: Suppress more TCG unimplemented features in ID registers 2023-07-06 13:28:08 +01:00
cpu.h target/arm: Restrict KVM-specific fields from ArchCPU 2023-06-28 14:27:59 +02:00
debug_helper.c target/arm: trap DCC access in user mode emulation 2023-06-06 10:19:40 +01:00
gdbstub64.c target/arm: Correct AArch64.S2MinTxSZ 32-bit EL1 input size check 2023-05-12 16:01:25 +01:00
gdbstub.c target/arm: gdbstub: Guard M-profile code with CONFIG_TCG 2023-07-06 13:26:43 +01:00
helper.c target/arm: Handle IC IVAU to improve compatibility with JITs 2023-07-06 12:58:42 +01:00
helper.h target/arm: Move helper-{a64,mve,sme,sve}.h to tcg/ 2023-05-12 15:43:37 +01:00
hvf_arm.h hvf: add guest debugging handlers for Apple Silicon hosts 2023-06-06 10:19:30 +01:00
hyp_gdbstub.c arm: move KVM breakpoints helpers 2023-06-06 10:19:29 +01:00
idau.h
internals.h target/arm: Implement GPC exceptions 2023-06-23 11:15:48 +01:00
Kconfig target/arm: Explain why we need to select ARM_V7M 2023-05-30 15:50:17 +01:00
kvm64.c arm: move KVM breakpoints helpers 2023-06-06 10:19:29 +01:00
kvm_arm.h hw/intc/arm_gic: Un-inline GIC*/ITS class_name() helpers 2023-06-28 14:27:59 +02:00
kvm-consts.h target/arm: Remove KVM AArch32 CPU definitions 2023-04-20 10:21:15 +01:00
kvm-stub.c target/arm: Avoid bare abort() or assert(0) 2022-05-05 09:35:51 +01:00
kvm.c exec/memory: Add symbol for the min value of memory listener priority 2023-06-28 14:27:59 +02:00
machine.c target/arm: Wrap arm_rebuild_hflags calls with tcg_enabled 2023-02-27 13:27:04 +00:00
meson.build meson: Replace softmmu_ss -> system_ss 2023-06-20 10:01:30 +02:00
op_addsub.h
ptw.c plugins: force slow path when plugins instrument memory ops 2023-07-03 12:51:58 +01:00
syndrome.h target/arm: Add GPC syndrome 2023-06-23 11:15:47 +01:00
tcg-stubs.c target/arm: Move hflags code into the tcg directory 2023-02-27 13:27:04 +00:00
trace-events docs: fix references to docs/devel/tracing.rst 2021-06-02 06:51:09 +02:00
trace.h
vfp_helper.c target/arm: Use float64_to_int32_modulo for FJCVTZS 2023-07-01 08:26:54 +02:00