mirror of
https://github.com/Motorhead1991/qemu.git
synced 2025-12-30 03:00:29 -07:00
35e5688153
In simd_desc() we create a SIMD descriptor from various pieces including an arbitrary data value from the caller. We try to sanitize these to make sure everything will fit: the 'data' value needs to fit in the SIMD_DATA_BITS (== 22) sized field. However we do that sanitizing with: tcg_debug_assert(data == sextract32(data, 0, SIMD_DATA_BITS)); This works for the case where the data is supposed to be considered as a signed integer (which can then be returned via simd_data()). However, some callers want to treat the data value as unsigned. Specifically, for the Arm SVE operations, make_svemte_desc() assembles a data value as a collection of fields, and it needs to use all 22 bits. Currently if MTE is enabled then its MTEDESC SIZEM1 field may have the most significant bit set, and then it will trip this assertion. Loosen the assertion so that we only check that the data value will fit into the field in some way, either as a signed or as an unsigned value. This means we will fail to detect some kinds of bug in the callers, but we won't spuriously assert for intentional use of the data field as unsigned. Cc: qemu-stable@nongnu.org Fixes: |
||
|---|---|---|
| .. | ||
| aarch64 | ||
| arm | ||
| i386 | ||
| loongarch64 | ||
| mips | ||
| ppc | ||
| riscv | ||
| s390x | ||
| sparc64 | ||
| tci | ||
| debuginfo.c | ||
| meson.build | ||
| optimize.c | ||
| perf.c | ||
| region.c | ||
| tcg-common.c | ||
| tcg-internal.h | ||
| tcg-ldst.c.inc | ||
| tcg-op-gvec.c | ||
| tcg-op-ldst.c | ||
| tcg-op-vec.c | ||
| tcg-op.c | ||
| tcg-pool.c.inc | ||
| tcg.c | ||
| tci.c | ||