sparc-softmmu uninitialized memory read?

Message ID	alpine.LNX.2.00.1205062325170.2923@linmac
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> Date: Sun, 6 May 2012 23:27:24 +0400 (MSK) From: malc <av1474@comtv.ru> To: =?ISO-8859-15?Q?Andreas_F=E4rber?= <afaerber@suse.de> In-Reply-To: <4FA6CF58.6050201@suse.de> Message-ID: <alpine.LNX.2.00.1205062325170.2923@linmac> References: <4FA54951.90908@suse.de> <CAAu8pHtfhHOH0fCpKLYFer2JO3Ws8nTJMNQjRR6W+T-TCbmSVA@mail.gmail.com> <4FA68483.8090805@suse.de> <CAAu8pHvE9kc25WobGO0eE10MnB21ksMOyP2TSG+ZXZa9SLV4OA@mail.gmail.com> <4FA6CF58.6050201@suse.de> User-Agent: Alpine 2.00 (LNX 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: Blue Swirl <blauwirbel@gmail.com>, The OpenBIOS Mailinglist <openbios@openbios.org>, Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>, Alexander Graf <agraf@suse.de>, qemu-devel <qemu-devel@nongnu.org> Subject: Re: [Qemu-devel] sparc-softmmu uninitialized memory read? Precedence: list Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Message ID

alpine.LNX.2.00.1205062325170.2923@linmac

State

New

Headers

Date: Sun, 6 May 2012 23:27:24 +0400 (MSK)
From: malc <av1474@comtv.ru>
To: =?ISO-8859-15?Q?Andreas_F=E4rber?= <afaerber@suse.de>
In-Reply-To: <4FA6CF58.6050201@suse.de>
Message-ID: <alpine.LNX.2.00.1205062325170.2923@linmac>
References: <4FA54951.90908@suse.de>
	<CAAu8pHtfhHOH0fCpKLYFer2JO3Ws8nTJMNQjRR6W+T-TCbmSVA@mail.gmail.com>
	<4FA68483.8090805@suse.de>
	<CAAu8pHvE9kc25WobGO0eE10MnB21ksMOyP2TSG+ZXZa9SLV4OA@mail.gmail.com>
	<4FA6CF58.6050201@suse.de>
User-Agent: Alpine 2.00 (LNX 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Cc: Blue Swirl <blauwirbel@gmail.com>,
	The OpenBIOS Mailinglist <openbios@openbios.org>,
	Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>,
	Alexander Graf <agraf@suse.de>, qemu-devel <qemu-devel@nongnu.org>
Subject: Re: [Qemu-devel] sparc-softmmu uninitialized memory read?
Precedence: list
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Commit Message

malc May 6, 2012, 7:27 p.m. UTC

On Sun, 6 May 2012, Andreas F?rber wrote:

> Am 06.05.2012 18:44, schrieb Blue Swirl:
> > On Sun, May 6, 2012 at 2:02 PM, Andreas F?rber <afaerber@suse.de> wrote:
> >> Am 06.05.2012 13:32, schrieb Blue Swirl:
> >>> On Sat, May 5, 2012 at 3:37 PM, Andreas F?rber <afaerber@suse.de> wrote:
> >>>> Hello Blue,

[..snip..]

> Great! I have tested the following workaround:
> 
> diff --git a/hw/sun4m.c b/hw/sun4m.c
> index 34088ad..55d5bdc 100644
> --- a/hw/sun4m.c
> +++ b/hw/sun4m.c
> @@ -755,6 +755,7 @@ static int ram_init1(SysBusDevice *dev)
>      RamDevice *d = FROM_SYSBUS(RamDevice, dev);
> 
>      memory_region_init_ram(&d->ram, "sun4m.ram", d->size);
> +    memset(memory_region_get_ram_ptr(&d->ram), 0, d->size);
>      vmstate_register_ram_global(&d->ram);
>      sysbus_init_mmio(dev, &d->ram);
>      return 0;
> 
> This makes sparc32 work on ppc with malc's attached patch (and doesn't
> break on x86_64).
> 

The attached patch is broken for non SysV calling conventions, would be
nice if you could test things on Darwin (and, if your power5 box still has
AIX, on AIX)

Comments

Andreas Färber May 7, 2012, 12:02 a.m. UTC | #1

Am 06.05.2012 21:27, schrieb malc:
> The attached patch is broken for non SysV calling conventions, would be
> nice if you could test things on Darwin (and, if your power5 box still has
> AIX, on AIX)

I replaced AIX 5.x with openSUSE, sorry. :)

> diff --git a/tcg/ppc/tcg-target.c b/tcg/ppc/tcg-target.c
> index dc40716..311af18 100644
> --- a/tcg/ppc/tcg-target.c
> +++ b/tcg/ppc/tcg-target.c
[...]
> @@ -810,6 +829,17 @@ static void tcg_out_qemu_st (TCGContext *s, const TCGArg *args, int opc)
>  #endif
>  
>      /* slow path */
> +#ifdef CONFIG_TCG_PASS_AREG0
> +    tcg_out_mov (s, TCG_TYPE_I32, 3, TCG_AREG0);
> +#if TARGET_LONG_BITS == 32
> +    tcg_out_mov (s, TCG_TYPE_I32, 4, addr_reg);
> +    ir = 5;
> +#else
> +    tcg_out_mov (s, TCG_TYPE_I32, 5, addr_reg2);
> +    tcg_out_mov (s, TCG_TYPE_I32, 6, addr_reg);

Here we should be using r4 + r5 for non-aligned targets. Alternative
patch sent that hopefully avoids such issues and the code duplication.

If you prefer two separate code paths for some reason, please at least
consider using a fool-proof alignment macro such as proposed.

/-F

> +    ir = 7;
> +#endif
> +#else
>  #if TARGET_LONG_BITS == 32
>      tcg_out_mov (s, TCG_TYPE_I32, 3, addr_reg);
>      ir = 4;
[snip]

diff --git a/tcg/ppc/tcg-target.c b/tcg/ppc/tcg-target.c
index dc40716..311af18 100644
--- a/tcg/ppc/tcg-target.c
+++ b/tcg/ppc/tcg-target.c
@@ -509,7 +509,7 @@  static void tcg_out_call (TCGContext *s, tcg_target_long arg, int const_arg)
 #include "../../softmmu_defs.h"
 
 #ifdef CONFIG_TCG_PASS_AREG0
-#error CONFIG_TCG_PASS_AREG0 is not supported
+/* #error CONFIG_TCG_PASS_AREG0 is not supported */
 /* helper signature: helper_ld_mmu(CPUState *env, target_ulong addr,
    int mmu_idx) */
 static const void * const qemu_ld_helpers[4] = {
@@ -614,6 +614,24 @@  static void tcg_out_qemu_ld (TCGContext *s, const TCGArg *args, int opc)
 #endif
 
     /* slow path */
+#ifdef CONFIG_TCG_PASS_AREG0
+    tcg_out_mov (s, TCG_TYPE_I32, 3, TCG_AREG0);
+#if TARGET_LONG_BITS == 32
+    tcg_out_mov (s, TCG_TYPE_I32, 4, addr_reg);
+    tcg_out_movi (s, TCG_TYPE_I32, 5, mem_index);
+#else
+    {
+#ifdef TCG_TARGET_CALL_ALIGN_ARGS
+        int ir = 5;
+#else
+        int ir = 4;
+#endif
+        tcg_out_mov (s, TCG_TYPE_I32, ir, addr_reg2);
+        tcg_out_mov (s, TCG_TYPE_I32, ir + 1, addr_reg);
+        tcg_out_movi (s, TCG_TYPE_I32, ir + 2, mem_index);
+    }
+#endif
+#else
 #if TARGET_LONG_BITS == 32
     tcg_out_mov (s, TCG_TYPE_I32, 3, addr_reg);
     tcg_out_movi (s, TCG_TYPE_I32, 4, mem_index);
@@ -622,6 +640,7 @@  static void tcg_out_qemu_ld (TCGContext *s, const TCGArg *args, int opc)
     tcg_out_mov (s, TCG_TYPE_I32, 4, addr_reg);
     tcg_out_movi (s, TCG_TYPE_I32, 5, mem_index);
 #endif
+#endif
 
     tcg_out_call (s, (tcg_target_long) qemu_ld_helpers[s_bits], 1);
     switch (opc) {
@@ -810,6 +829,17 @@  static void tcg_out_qemu_st (TCGContext *s, const TCGArg *args, int opc)
 #endif
 
     /* slow path */
+#ifdef CONFIG_TCG_PASS_AREG0
+    tcg_out_mov (s, TCG_TYPE_I32, 3, TCG_AREG0);
+#if TARGET_LONG_BITS == 32
+    tcg_out_mov (s, TCG_TYPE_I32, 4, addr_reg);
+    ir = 5;
+#else
+    tcg_out_mov (s, TCG_TYPE_I32, 5, addr_reg2);
+    tcg_out_mov (s, TCG_TYPE_I32, 6, addr_reg);
+    ir = 7;
+#endif
+#else
 #if TARGET_LONG_BITS == 32
     tcg_out_mov (s, TCG_TYPE_I32, 3, addr_reg);
     ir = 4;
@@ -822,6 +852,7 @@  static void tcg_out_qemu_st (TCGContext *s, const TCGArg *args, int opc)
     ir = 4;
 #endif
 #endif
+#endif
 
     switch (opc) {
     case 0:
@@ -844,7 +875,7 @@  static void tcg_out_qemu_st (TCGContext *s, const TCGArg *args, int opc)
         tcg_out_mov (s, TCG_TYPE_I32, ir, data_reg);
         break;
     case 3:
-#ifdef TCG_TARGET_CALL_ALIGN_ARGS
+#if defined TCG_TARGET_CALL_ALIGN_ARGS && !defined CONFIG_TCG_PASS_AREG0
         ir = 5;
 #endif
         tcg_out_mov (s, TCG_TYPE_I32, ir++, data_reg2);

sparc-softmmu uninitialized memory read?

Commit Message

Comments

Patch