On Wed, Dec 29, 2021 at 01:57:48PM -0300, Fabiano Rosas wrote: > The next patch will start accessing the excp_vectors array earlier in > the function, so add a bounds check as first thing here. > > This converts the empty return on POWERPC_EXCP_NONE to an error. This > exception number never reaches this function and if it does it > probably means something else went wrong up the line. > > Signed-off-by: Fabiano Rosas <faro...@linux.ibm.com>
Reviewed-by: David Gibson <da...@gibson.dropbear.id.au> > --- > target/ppc/excp_helper.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c > index 8b9c6bc5a8..9a03e4b896 100644 > --- a/target/ppc/excp_helper.c > +++ b/target/ppc/excp_helper.c > @@ -300,6 +300,10 @@ static inline void powerpc_excp(PowerPCCPU *cpu, int > excp_model, int excp) > target_ulong msr, new_msr, vector; > int srr0, srr1, lev = -1; > > + if (excp <= POWERPC_EXCP_NONE || excp >= POWERPC_EXCP_NB) { > + cpu_abort(cs, "Invalid PowerPC exception %d. Aborting\n", excp); > + } > + > qemu_log_mask(CPU_LOG_INT, "Raise exception at " TARGET_FMT_lx > " => %08x (%02x)\n", env->nip, excp, env->error_code); > > @@ -353,9 +357,6 @@ static inline void powerpc_excp(PowerPCCPU *cpu, int > excp_model, int excp) > #endif > > switch (excp) { > - case POWERPC_EXCP_NONE: > - /* Should never happen */ > - return; > case POWERPC_EXCP_CRITICAL: /* Critical input > */ > switch (excp_model) { > case POWERPC_EXCP_40x: -- David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson
signature.asc
Description: PGP signature