b17ab4705c
For both ldnt1 and stnt1, the meaning of the Rn and Rm are different from ld1 and st1: the vector and integer registers are reversed, and the integer register 31 refers to XZR instead of SP. Secondly, the 64-bit version of ldnt1 was being interpreted as 32-bit unpacked unscaled offset instead of 64-bit unscaled offset, which discarded the upper 32 bits of the address coming from the vector argument. Thirdly, validate that the memory element size is in range for the vector element size for ldnt1. For ld1, we do this via independent decode patterns, but for ldnt1 we need to do it manually. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/826 Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20220308031655.240710-1-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
51 lines
1009 B
C
51 lines
1009 B
C
#include <sys/mman.h>
|
|
#include <unistd.h>
|
|
#include <signal.h>
|
|
#include <stdlib.h>
|
|
#include <stdio.h>
|
|
#include <assert.h>
|
|
|
|
static void *expected;
|
|
|
|
void sigsegv(int sig, siginfo_t *info, void *vuc)
|
|
{
|
|
ucontext_t *uc = vuc;
|
|
|
|
assert(info->si_addr == expected);
|
|
uc->uc_mcontext.pc += 4;
|
|
}
|
|
|
|
int main()
|
|
{
|
|
struct sigaction sa = {
|
|
.sa_sigaction = sigsegv,
|
|
.sa_flags = SA_SIGINFO
|
|
};
|
|
|
|
void *page;
|
|
long ofs;
|
|
|
|
if (sigaction(SIGSEGV, &sa, NULL) < 0) {
|
|
perror("sigaction");
|
|
return EXIT_FAILURE;
|
|
}
|
|
|
|
page = mmap(0, getpagesize(), PROT_NONE, MAP_PRIVATE | MAP_ANON, -1, 0);
|
|
if (page == MAP_FAILED) {
|
|
perror("mmap");
|
|
return EXIT_FAILURE;
|
|
}
|
|
|
|
ofs = 0x124;
|
|
expected = page + ofs;
|
|
|
|
asm("ptrue p0.d, vl1\n\t"
|
|
"dup z0.d, %0\n\t"
|
|
"ldnt1h {z1.d}, p0/z, [z0.d, %1]\n\t"
|
|
"dup z1.d, %1\n\t"
|
|
"ldnt1h {z0.d}, p0/z, [z1.d, %0]"
|
|
: : "r"(page), "r"(ofs) : "v0", "v1");
|
|
|
|
return EXIT_SUCCESS;
|
|
}
|