diff options
author | Max Filippov <jcmvbkbc@gmail.com> | 2021-05-19 03:40:00 -0700 |
---|---|---|
committer | Max Filippov <jcmvbkbc@gmail.com> | 2021-05-20 13:02:58 -0700 |
commit | 735aa900e4bf57b777ac620bed7c88234ec4b601 (patch) | |
tree | 475a9040b184c4c1291ff11cb725941ff0447b87 | |
parent | cb2d627a00a6bf686bc221b05f136545639a1c37 (diff) | |
download | qemu-735aa900e4bf57b777ac620bed7c88234ec4b601.zip qemu-735aa900e4bf57b777ac620bed7c88234ec4b601.tar.gz qemu-735aa900e4bf57b777ac620bed7c88234ec4b601.tar.bz2 |
target/xtensa: fix access ring in l32ex
l32ex does memory access as all regular load/store operations at CRING
level. Fix apparent pasto from l32e that caused it to use RING instead.
This is a correctness issue, not a security issue, because in the worst
case the privilege level of memory access may be lowered, resulting in
an exception when the correct implementation would've succeeded.
In no case it would allow memory access that would've raised an
exception in the correct implementation.
Cc: qemu-stable@nongnu.org
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
-rw-r--r-- | target/xtensa/translate.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/target/xtensa/translate.c b/target/xtensa/translate.c index f93df87..95f6b21 100644 --- a/target/xtensa/translate.c +++ b/target/xtensa/translate.c @@ -1814,7 +1814,7 @@ static void translate_l32ex(DisasContext *dc, const OpcodeArg arg[], tcg_gen_mov_i32(addr, arg[1].in); gen_load_store_alignment(dc, 2, addr, true); gen_check_exclusive(dc, addr, false); - tcg_gen_qemu_ld_i32(arg[0].out, addr, dc->ring, MO_TEUL); + tcg_gen_qemu_ld_i32(arg[0].out, addr, dc->cring, MO_TEUL); tcg_gen_mov_i32(cpu_exclusive_addr, addr); tcg_gen_mov_i32(cpu_exclusive_val, arg[0].out); tcg_temp_free(addr); |