From 553334393edc2f20b47d4019972e31e62cd4fca5 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 28 Mar 2025 12:55:25 -0500 Subject: [PATCH] target/mips: Require even maskbits in update_pagemask MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The number of bits set in PageMask must be even. Fixes: d40b55bc1b86 ("target/mips: Fix PageMask with variable page size") Signed-off-by: Richard Henderson Reviewed-by: Philippe Mathieu-Daudé Message-ID: <20250328175526.368121-3-richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé Cc: qemu-stable@nongnu.org (cherry picked from commit d89b9899babcc01d7ee75f2917da861dc2afbc27) Signed-off-by: Michael Tokarev --- target/mips/tcg/sysemu/cp0_helper.c | 23 ++++++++--------------- 1 file changed, 8 insertions(+), 15 deletions(-) diff --git a/target/mips/tcg/sysemu/cp0_helper.c b/target/mips/tcg/sysemu/cp0_helper.c index bd5047bd94..a0ce15bb1a 100644 --- a/target/mips/tcg/sysemu/cp0_helper.c +++ b/target/mips/tcg/sysemu/cp0_helper.c @@ -890,24 +890,17 @@ void helper_mtc0_memorymapid(CPUMIPSState *env, target_ulong arg1) void update_pagemask(CPUMIPSState *env, target_ulong arg1, int32_t *pagemask) { - uint32_t mask; - int maskbits; - /* Don't care MASKX as we don't support 1KB page */ - mask = extract32((uint32_t)arg1, CP0PM_MASK, 16); - maskbits = cto32(mask); + uint32_t mask = extract32((uint32_t)arg1, CP0PM_MASK, 16); + int maskbits = cto32(mask); - /* Ensure no more set bit after first zero */ - if ((mask >> maskbits) != 0) { - goto invalid; + /* Ensure no more set bit after first zero, and maskbits even. */ + if ((mask >> maskbits) == 0 && maskbits % 2 == 0) { + env->CP0_PageMask = mask << CP0PM_MASK; + } else { + /* When invalid, set to default target page size. */ + env->CP0_PageMask = 0; } - env->CP0_PageMask = mask << CP0PM_MASK; - - return; - -invalid: - /* When invalid, set to default target page size. */ - env->CP0_PageMask = 0; } void helper_mtc0_pagemask(CPUMIPSState *env, target_ulong arg1) -- 2.39.5