[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PULL 09/20] target/tricore: Fix out-of-bounds index in imask instru
|
From: |
Bastian Koppelmann |
|
Subject: |
Re: [PULL 09/20] target/tricore: Fix out-of-bounds index in imask instruction |
|
Date: |
Thu, 22 Jun 2023 16:51:11 +0200 |
On Thu, Jun 22, 2023 at 10:43:16AM +0300, Michael Tokarev wrote:
> 21.06.2023 19:14, Bastian Koppelmann wrote:
> > From: Siqi Chen <coc.cyqh@gmail.com>
> >
> > When translating "imask" instruction of Tricore architecture, QEMU did not
> > check whether the register index was out of bounds, resulting in a
> > global-buffer-overflow.
> >
> > Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
> > Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1698
> > Reported-by: Siqi Chen <coc.cyqh@gmail.com>
> > Signed-off-by: Siqi Chen <coc.cyqh@gmail.com>
> > Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
> > Message-Id: <20230612065633.149152-1-coc.cyqh@gmail.com>
> > Message-Id: <20230612113245.56667-2-kbastian@mail.uni-paderborn.de>
> > ---
> > target/tricore/translate.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/target/tricore/translate.c b/target/tricore/translate.c
> > index 6712d98f6e..74faad4794 100644
> > --- a/target/tricore/translate.c
> > +++ b/target/tricore/translate.c
> > @@ -5339,6 +5339,7 @@ static void decode_rcrw_insert(DisasContext *ctx)
> > switch (op2) {
> > case OPC2_32_RCRW_IMASK:
> > + CHECK_REG_PAIR(r4);
> > tcg_gen_andi_tl(temp, cpu_gpr_d[r3], 0x1f);
> > tcg_gen_movi_tl(temp2, (1 << width) - 1);
> > tcg_gen_shl_tl(cpu_gpr_d[r4 + 1], temp2, temp);
>
> Is it a -stable material?
Yes. If you pick this up, make sure you also pick up
20230621161422.1652151-1-kbastian@mail.uni-paderborn.de/T/#md18391dd165c4fc2e60ddefb886f3522e715f487">https://lore.kernel.org/qemu-devel/20230621161422.1652151-1-kbastian@mail.uni-paderborn.de/T/#md18391dd165c4fc2e60ddefb886f3522e715f487
which applies the same fix to other instructions.
Cheers,
Bastian
- [PULL 01/20] target/tricore: Introduce ISA 1.6.2 feature, (continued)
- [PULL 01/20] target/tricore: Introduce ISA 1.6.2 feature, Bastian Koppelmann, 2023/06/21
- [PULL 02/20] target/tricore: Add popcnt.w insn, Bastian Koppelmann, 2023/06/21
- [PULL 03/20] target/tricore: Add LHA insn, Bastian Koppelmann, 2023/06/21
- [PULL 04/20] target/tricore: Add crc32l.w insn, Bastian Koppelmann, 2023/06/21
- [PULL 05/20] target/tricore: Add crc32.b insn, Bastian Koppelmann, 2023/06/21
- [PULL 06/20] target/tricore: Add shuffle insn, Bastian Koppelmann, 2023/06/21
- [PULL 07/20] target/tricore: Implement SYCSCALL insn, Bastian Koppelmann, 2023/06/21
- [PULL 08/20] target/tricore: Add DISABLE insn variant, Bastian Koppelmann, 2023/06/21
- [PULL 09/20] target/tricore: Fix out-of-bounds index in imask instruction, Bastian Koppelmann, 2023/06/21
[PULL 10/20] target/tricore: Correctly fix saving PSW.CDE to CSA on call, Bastian Koppelmann, 2023/06/21
[PULL 11/20] target/tricore: Add CHECK_REG_PAIR() for insn accessing 64 bit regs, Bastian Koppelmann, 2023/06/21
[PULL 12/20] target/tricore: Fix helper_ret() not correctly restoring PSW, Bastian Koppelmann, 2023/06/21
[PULL 13/20] target/tricore: Fix RR_JLI clobbering reg A[11], Bastian Koppelmann, 2023/06/21
[PULL 14/20] target/tricore: Introduce DISAS_TARGET_EXIT, Bastian Koppelmann, 2023/06/21
[PULL 15/20] target/tricore: ENABLE exit to main-loop, Bastian Koppelmann, 2023/06/21