diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2022-08-22 14:23:50 +0100 |
|---|---|---|
| committer | Richard Henderson <richard.henderson@linaro.org> | 2022-09-14 11:19:40 +0100 |
| commit | c117c0649ce4022f518a7f0bc14bf7b036c89de3 (patch) | |
| tree | 203e23bcef614822e2f2b8b8c955f98f45d80c04 /target | |
| parent | 76e25d41d44c49eb0fe399064a719702a3023102 (diff) | |
| download | qemu-c117c0649ce4022f518a7f0bc14bf7b036c89de3.zip qemu-c117c0649ce4022f518a7f0bc14bf7b036c89de3.tar.gz qemu-c117c0649ce4022f518a7f0bc14bf7b036c89de3.tar.bz2 | |
target/arm: Correct value returned by pmu_counter_mask()
pmu_counter_mask() accidentally returns a value with bits [63:32]
set, because the expression it returns is evaluated as a signed value
that gets sign-extended to 64 bits. Force the whole expression to be
evaluated with 64-bit arithmetic with ULL suffixes.
The main effect of this bug was that a guest could write to the bits
in the high half of registers like PMCNTENSET_EL0 that are supposed
to be RES0.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220822132358.3524971-3-peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Diffstat (limited to 'target')
| -rw-r--r-- | target/arm/internals.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/target/arm/internals.h b/target/arm/internals.h index b8fefdf..8352616 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -1296,7 +1296,7 @@ static inline uint32_t pmu_num_counters(CPUARMState *env) /* Bits allowed to be set/cleared for PMCNTEN* and PMINTEN* */ static inline uint64_t pmu_counter_mask(CPUARMState *env) { - return (1 << 31) | ((1 << pmu_num_counters(env)) - 1); + return (1ULL << 31) | ((1ULL << pmu_num_counters(env)) - 1); } #ifdef TARGET_AARCH64 |