vitalif
/
mirror_qemu
mirror of https://github.com/proxmox/mirror_qemu
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror_qemu/target
History
Max Filippov ecc23c6e95 target/xtensa: fix OOB TLB entry access 
r[id]tlb[01], [iw][id]tlb opcodes use TLB way index passed in a register
by the guest. The host uses 3 bits of the index for ITLB indexing and 4
bits for DTLB, but there's only 7 entries in the ITLB array and 10 in
the DTLB array, so a malicious guest may trigger out-of-bound access to
these arrays.

Change split_tlb_entry_spec return type to bool to indicate whether TLB
way passed to it is valid. Change get_tlb_entry to return NULL in case
invalid TLB way is requested. Add assertion to xtensa_tlb_get_entry that
requested TLB way and entry indices are valid. Add checks to the
[rwi]tlb helpers that requested TLB way is valid and return 0 or do
nothing when it's not.

Cc: qemu-stable@nongnu.org
Fixes: b67ea0cd74 ("target-xtensa: implement memory protection options")
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20231215120307.545381-1-jcmvbkbc@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 604927e357)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
 		2024-01-27 18:05:30 +03:00
..
alpha accel/tcg: Remove will_exit argument from cpu_restore_state 2022-11-01 08:31:41 +11:00
arm target/arm/helper: Propagate MDCR_EL2.HPMN into PMCR_EL0.N 2023-12-20 19:11:11 +03:00
avr target/avr: Convert to tcg_ops restore_state_to_opc 2022-10-26 11:11:28 +10:00
cris accel/tcg: Remove will_exit argument from cpu_restore_state 2022-11-01 08:31:41 +11:00
hexagon target/hexagon: Convert to tcg_ops restore_state_to_opc 2022-10-26 11:11:28 +10:00
hppa target/hppa: Move iaoq registers and thus reduce generated code size 2023-08-04 07:33:49 +03:00
i386 target/i386: pcrel: store low bits of physical address in data[0] 2024-01-20 17:41:47 +03:00
loongarch target/loongarch: Fix the CSRRD CPUID instruction on big endian hosts 2023-07-31 09:12:06 +03:00
m68k target/m68k: Fix semihost lseek offset computation 2023-08-03 08:26:26 +03:00
microblaze accel/tcg: Remove will_exit argument from cpu_restore_state 2022-11-01 08:31:41 +11:00
mips target/mips: Fix TX79 LQ/SQ opcodes 2023-11-19 21:15:23 +03:00
nios2 target/nios2: Fix semihost lseek offset computation 2023-08-03 08:26:26 +03:00
openrisc accel/tcg: Remove will_exit argument from cpu_restore_state 2022-11-01 08:31:41 +11:00
ppc target/ppc: Flush inputs to zero with NJ in ppc_store_vscr 2023-09-11 10:53:50 +03:00
riscv target/riscv: Fix mcycle/minstret increment behavior 2024-01-08 19:24:44 +03:00
rx Revert incorrect cflags initialization. 2022-10-26 10:53:41 -04:00
s390x target/s390x: Fix LAE setting a wrong access register 2024-01-13 11:28:02 +03:00
sh4 target/sh4: Mask restore of env->flags from tb->flags 2023-03-29 10:20:04 +03:00
sparc target/sparc: Convert to tcg_ops restore_state_to_opc 2022-10-26 11:11:28 +10:00
tricore target/tricore: Rename tricore_feature 2023-11-19 21:15:23 +03:00
xtensa target/xtensa: fix OOB TLB entry access 2024-01-27 18:05:30 +03:00
Kconfig hw/loongarch: Add support loongson3 virt machine type. 2022-06-06 18:09:03 +00:00
meson.build target/loongarch: Add target build suport 2022-06-06 18:09:03 +00:00