On 6/10/26 08:25, Matt Turner wrote:
+ {
+ abi_ulong xtregs_addr;
+
+ __get_user(xtregs_addr, &sc->sc_xtregs);
+ if (xtregs_addr) {
+ if (xtensa_option_enabled(env->config,
+ XTENSA_OPTION_DFP_COPROCESSOR)) {
+ uint32_t fcr, fsr;
+
+ for (i = 0; i < 16; ++i) {
+ __get_user(env->fregs[i].f64, &frame->xtregs.dfp.f[i]);
+ }
+ __get_user(fcr, &frame->xtregs.dfp.fcr);
+ __get_user(fsr, &frame->xtregs.dfp.fsr);
+ cpu_set_fcr(env, fcr);
+ cpu_set_fsr(env, fsr);
+ } else if (xtensa_option_enabled(env->config,
+ XTENSA_OPTION_FP_COPROCESSOR)) {
+ uint32_t fcr, fsr;
+
+ for (i = 0; i < 16; ++i) {
+ __get_user(env->fregs[i].f32[FP_F32_LOW],
&frame->xtregs.fp.f[i]);
+ }
+ __get_user(fcr, &frame->xtregs.fp.fcr);
+ __get_user(fsr, &frame->xtregs.fp.fsr);
+ cpu_set_fcr(env, fcr);
+ cpu_set_fsr(env, fsr);
+ }
+ }
+ }
Unlike setup_sigcontext, where you know you're writing into target_rt_sigframe, here
you're reading from an arbitrary address. You need to lock the new region.
r~
