From: Peter Maydell Date: Thu, 3 Mar 2022 11:37:40 +0000 (+0000) Subject: target/arm/translate-neon: UNDEF if VLD1/VST1 stride bits are non-zero X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=c64ee036ac215f970a76e8c51cb1cfaaef70feb5;p=qemu.git target/arm/translate-neon: UNDEF if VLD1/VST1 stride bits are non-zero For VLD1/VST1 (single element to one lane) we are only accessing one register, and so the 'stride' is meaningless. The bits that would specify stride (insn bit [4] for size=1, bit [6] for size=2) are specified to be zero in the encoding (which would correspond to a stride of 1 for VLD2/VLD3/VLD4 etc), and we must UNDEF if they are not. We failed to make this check, which meant that we would incorrectly handle some instruction patterns as loads or stores instead of UNDEFing them. Enforce that stride == 1 for the nregs == 1 case. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/890 Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Tested-by: Richard Henderson Message-id: 20220303113741.2156877-2-peter.maydell@linaro.org --- diff --git a/target/arm/translate-neon.c b/target/arm/translate-neon.c index 3854dd3516..072fdc1e6e 100644 --- a/target/arm/translate-neon.c +++ b/target/arm/translate-neon.c @@ -657,6 +657,9 @@ static bool trans_VLDST_single(DisasContext *s, arg_VLDST_single *a) /* Catch the UNDEF cases. This is unavoidably a bit messy. */ switch (nregs) { case 1: + if (a->stride != 1) { + return false; + } if (((a->align & (1 << a->size)) != 0) || (a->size == 2 && (a->align == 1 || a->align == 2))) { return false;