git.ipfire.org Git - thirdparty/qemu.git/commit

author	Peter Maydell <peter.maydell@linaro.org>
	Mon, 24 Apr 2023 15:39:08 +0000 (16:39 +0100)
committer	Michael Tokarev <mjt@tls.msk.ru>
	Thu, 18 May 2023 18:09:59 +0000 (21:09 +0300)
commit	e4e79c8e00753a317adbd69f89c79072b5bb397a
tree	0273a43980c463e80dae7693853666bb299b491b	tree
parent	5eb742fce562dc7f364337a5bbd08bc200ddc0e6	commit \| diff

target/arm: Define and use new load_cpu_field_low32()

In several places in the 32-bit Arm translate.c, we try to use
load_cpu_field() to load from a CPUARMState field into a TCGv_i32
where the field is actually 64-bit. This works on little-endian
hosts, but gives the wrong half of the register on big-endian.

Add a new load_cpu_field_low32() which loads the low 32 bits
of a 64-bit field into a TCGv_i32. The new macro includes a
compile-time check against accidentally using it on a field
of the wrong size. Use it to fix the two places in the code
where we were using load_cpu_field() on a 64-bit field.

This fixes a bug where on big-endian hosts the guest would
crash after executing an ERET instruction, and a more corner
case one where some UNDEFs for attempted accesses to MSR
banked registers from Secure EL1 might go to the wrong EL.

Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230424153909.1419369-2-peter.maydell@linaro.org
(cherry picked from commit 7f3a3d3dc433dc06c0adb480729af80f9c8e3739)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

target/arm/translate-a32.h		diff \| blob \| blame \| history
target/arm/translate.c		diff \| blob \| blame \| history