From: "Markus F.X.J. Oberhumer" <markus@oberhumer.com>
To: Helge Deller <deller@gmx.de>, Laurent Vivier <laurent@vivier.eu>,
Richard Henderson <richard.henderson@linaro.org>,
qemu-devel@nongnu.org
Cc: Peter Maydell <peter.maydell@linaro.org>,
John Reiser <jreiser@bitwagon.com>
Subject: Re: [PATCH v2] linux-user/armeb: Fix __kernel_cmpxchg() for armeb
Date: Fri, 28 Jul 2023 07:17:07 +0200 [thread overview]
Message-ID: <64C34F53.6050800@oberhumer.com> (raw)
In-Reply-To: <ZMNJ+Ga7A4zDXjAg@p100>
Nitpick: the bug was introduced between 6.2.0 and 7.0.0, so "qemu >= v7.0.0"
~Markus
On 2023-07-28 06:54, Helge Deller wrote:
> Commit 7f4f0d9ea870 ("linux-user/arm: Implement __kernel_cmpxchg with host
> atomics") switched to use qatomic_cmpxchg() to swap a word with the memory
> content, but missed to endianess-swap the oldval and newval values when
> emulating an armeb CPU, which expects words to be stored in big endian in
> the guest memory.
>
> The bug can be verified with qemu >= v7.2 on any little-endian host, when
> starting the armeb binary of the upx program, which just hangs without
> this patch.
>
> Signed-off-by: Helge Deller <deller@gmx.de>
> Cc: Richard Henderson <richard.henderson@linaro.org>
> Cc: Peter Maydell <peter.maydell@linaro.org>
> Cc: qemu-stable@nongnu.org
> Reported-by: "Markus F.X.J. Oberhumer" <markus@oberhumer.com>
> Reported-by: John Reiser <jreiser@BitWagon.com>
> Closes: https://github.com/upx/upx/issues/687
>
> --
> v2:
> - add tswap32() in arm_kernel_cmpxchg64_helper()
>
>
> diff --git a/linux-user/arm/cpu_loop.c b/linux-user/arm/cpu_loop.c
> index a992423257..0907cd8c15 100644
> --- a/linux-user/arm/cpu_loop.c
> +++ b/linux-user/arm/cpu_loop.c
> @@ -117,8 +117,9 @@ static void arm_kernel_cmpxchg32_helper(CPUARMState *env)
> {
> uint32_t oldval, newval, val, addr, cpsr, *host_addr;
>
> - oldval = env->regs[0];
> - newval = env->regs[1];
> + /* endianess-swap if emulating armeb */
> + oldval = tswap32(env->regs[0]);
> + newval = tswap32(env->regs[1]);
> addr = env->regs[2];
>
> mmap_lock();
> @@ -174,6 +175,10 @@ static void arm_kernel_cmpxchg64_helper(CPUARMState *env)
> return;
> }
>
> + /* endianess-swap if emulating armeb */
> + oldval = tswap32(oldval);
> + newval = tswap32(newval);
> +
> #ifdef CONFIG_ATOMIC64
> val = qatomic_cmpxchg__nocheck(host_addr, oldval, newval);
> cpsr = (val == oldval) * CPSR_C;
>
--
Markus Oberhumer, <markus@oberhumer.com>, http://www.oberhumer.com/
next prev parent reply other threads:[~2023-07-28 14:42 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-28 4:54 [PATCH v2] linux-user/armeb: Fix __kernel_cmpxchg() for armeb Helge Deller
2023-07-28 5:17 ` Markus F.X.J. Oberhumer [this message]
2023-07-28 5:45 ` Markus F.X.J. Oberhumer
2023-07-28 15:35 ` Richard Henderson
2023-07-28 19:16 ` Helge Deller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=64C34F53.6050800@oberhumer.com \
--to=markus@oberhumer.com \
--cc=deller@gmx.de \
--cc=jreiser@bitwagon.com \
--cc=laurent@vivier.eu \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.