[OpenBIOS] sparc-softmmu uninitialized memory read?

malc av1474 at comtv.ru
Sun May 6 21:27:24 CEST 2012


On Sun, 6 May 2012, Andreas F?rber wrote:

> Am 06.05.2012 18:44, schrieb Blue Swirl:
> > On Sun, May 6, 2012 at 2:02 PM, Andreas F?rber <afaerber at suse.de> wrote:
> >> Am 06.05.2012 13:32, schrieb Blue Swirl:
> >>> On Sat, May 5, 2012 at 3:37 PM, Andreas F?rber <afaerber at suse.de> wrote:
> >>>> Hello Blue,

[..snip..]

> Great! I have tested the following workaround:
> 
> diff --git a/hw/sun4m.c b/hw/sun4m.c
> index 34088ad..55d5bdc 100644
> --- a/hw/sun4m.c
> +++ b/hw/sun4m.c
> @@ -755,6 +755,7 @@ static int ram_init1(SysBusDevice *dev)
>      RamDevice *d = FROM_SYSBUS(RamDevice, dev);
> 
>      memory_region_init_ram(&d->ram, "sun4m.ram", d->size);
> +    memset(memory_region_get_ram_ptr(&d->ram), 0, d->size);
>      vmstate_register_ram_global(&d->ram);
>      sysbus_init_mmio(dev, &d->ram);
>      return 0;
> 
> This makes sparc32 work on ppc with malc's attached patch (and doesn't
> break on x86_64).
> 

The attached patch is broken for non SysV calling conventions, would be
nice if you could test things on Darwin (and, if your power5 box still has
AIX, on AIX)

diff --git a/tcg/ppc/tcg-target.c b/tcg/ppc/tcg-target.c
index dc40716..311af18 100644
--- a/tcg/ppc/tcg-target.c
+++ b/tcg/ppc/tcg-target.c
@@ -509,7 +509,7 @@ static void tcg_out_call (TCGContext *s, tcg_target_long arg, int const_arg)
 #include "../../softmmu_defs.h"
 
 #ifdef CONFIG_TCG_PASS_AREG0
-#error CONFIG_TCG_PASS_AREG0 is not supported
+/* #error CONFIG_TCG_PASS_AREG0 is not supported */
 /* helper signature: helper_ld_mmu(CPUState *env, target_ulong addr,
    int mmu_idx) */
 static const void * const qemu_ld_helpers[4] = {
@@ -614,6 +614,24 @@ static void tcg_out_qemu_ld (TCGContext *s, const TCGArg *args, int opc)
 #endif
 
     /* slow path */
+#ifdef CONFIG_TCG_PASS_AREG0
+    tcg_out_mov (s, TCG_TYPE_I32, 3, TCG_AREG0);
+#if TARGET_LONG_BITS == 32
+    tcg_out_mov (s, TCG_TYPE_I32, 4, addr_reg);
+    tcg_out_movi (s, TCG_TYPE_I32, 5, mem_index);
+#else
+    {
+#ifdef TCG_TARGET_CALL_ALIGN_ARGS
+        int ir = 5;
+#else
+        int ir = 4;
+#endif
+        tcg_out_mov (s, TCG_TYPE_I32, ir, addr_reg2);
+        tcg_out_mov (s, TCG_TYPE_I32, ir + 1, addr_reg);
+        tcg_out_movi (s, TCG_TYPE_I32, ir + 2, mem_index);
+    }
+#endif
+#else
 #if TARGET_LONG_BITS == 32
     tcg_out_mov (s, TCG_TYPE_I32, 3, addr_reg);
     tcg_out_movi (s, TCG_TYPE_I32, 4, mem_index);
@@ -622,6 +640,7 @@ static void tcg_out_qemu_ld (TCGContext *s, const TCGArg *args, int opc)
     tcg_out_mov (s, TCG_TYPE_I32, 4, addr_reg);
     tcg_out_movi (s, TCG_TYPE_I32, 5, mem_index);
 #endif
+#endif
 
     tcg_out_call (s, (tcg_target_long) qemu_ld_helpers[s_bits], 1);
     switch (opc) {
@@ -810,6 +829,17 @@ static void tcg_out_qemu_st (TCGContext *s, const TCGArg *args, int opc)
 #endif
 
     /* slow path */
+#ifdef CONFIG_TCG_PASS_AREG0
+    tcg_out_mov (s, TCG_TYPE_I32, 3, TCG_AREG0);
+#if TARGET_LONG_BITS == 32
+    tcg_out_mov (s, TCG_TYPE_I32, 4, addr_reg);
+    ir = 5;
+#else
+    tcg_out_mov (s, TCG_TYPE_I32, 5, addr_reg2);
+    tcg_out_mov (s, TCG_TYPE_I32, 6, addr_reg);
+    ir = 7;
+#endif
+#else
 #if TARGET_LONG_BITS == 32
     tcg_out_mov (s, TCG_TYPE_I32, 3, addr_reg);
     ir = 4;
@@ -822,6 +852,7 @@ static void tcg_out_qemu_st (TCGContext *s, const TCGArg *args, int opc)
     ir = 4;
 #endif
 #endif
+#endif
 
     switch (opc) {
     case 0:
@@ -844,7 +875,7 @@ static void tcg_out_qemu_st (TCGContext *s, const TCGArg *args, int opc)
         tcg_out_mov (s, TCG_TYPE_I32, ir, data_reg);
         break;
     case 3:
-#ifdef TCG_TARGET_CALL_ALIGN_ARGS
+#if defined TCG_TARGET_CALL_ALIGN_ARGS && !defined CONFIG_TCG_PASS_AREG0
         ir = 5;
 #endif
         tcg_out_mov (s, TCG_TYPE_I32, ir++, data_reg2);

-- 
mailto:av1474 at comtv.ru



More information about the OpenBIOS mailing list