scsi: pvscsi: check command descriptor ring buffer size (CVE-2016-4952)
[qemu.git] / target-sparc / helper.c
1 /*
2 * Misc Sparc helpers
3 *
4 * Copyright (c) 2003-2005 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "qemu/osdep.h"
21 #include "cpu.h"
22 #include "exec/exec-all.h"
23 #include "qemu/host-utils.h"
24 #include "exec/helper-proto.h"
25 #include "sysemu/sysemu.h"
26
27 void helper_raise_exception(CPUSPARCState *env, int tt)
28 {
29 CPUState *cs = CPU(sparc_env_get_cpu(env));
30
31 cs->exception_index = tt;
32 cpu_loop_exit(cs);
33 }
34
35 void helper_debug(CPUSPARCState *env)
36 {
37 CPUState *cs = CPU(sparc_env_get_cpu(env));
38
39 cs->exception_index = EXCP_DEBUG;
40 cpu_loop_exit(cs);
41 }
42
43 #ifdef TARGET_SPARC64
44 target_ulong helper_popc(target_ulong val)
45 {
46 return ctpop64(val);
47 }
48
49 void helper_tick_set_count(void *opaque, uint64_t count)
50 {
51 #if !defined(CONFIG_USER_ONLY)
52 cpu_tick_set_count(opaque, count);
53 #endif
54 }
55
56 uint64_t helper_tick_get_count(CPUSPARCState *env, void *opaque, int mem_idx)
57 {
58 #if !defined(CONFIG_USER_ONLY)
59 CPUTimer *timer = opaque;
60
61 if (timer->npt && mem_idx < MMU_KERNEL_IDX) {
62 helper_raise_exception(env, TT_PRIV_INSN);
63 }
64
65 return cpu_tick_get_count(timer);
66 #else
67 return 0;
68 #endif
69 }
70
71 void helper_tick_set_limit(void *opaque, uint64_t limit)
72 {
73 #if !defined(CONFIG_USER_ONLY)
74 cpu_tick_set_limit(opaque, limit);
75 #endif
76 }
77 #endif
78
79 static target_ulong helper_udiv_common(CPUSPARCState *env, target_ulong a,
80 target_ulong b, int cc)
81 {
82 SPARCCPU *cpu = sparc_env_get_cpu(env);
83 int overflow = 0;
84 uint64_t x0;
85 uint32_t x1;
86
87 x0 = (a & 0xffffffff) | ((int64_t) (env->y) << 32);
88 x1 = (b & 0xffffffff);
89
90 if (x1 == 0) {
91 cpu_restore_state(CPU(cpu), GETPC());
92 helper_raise_exception(env, TT_DIV_ZERO);
93 }
94
95 x0 = x0 / x1;
96 if (x0 > UINT32_MAX) {
97 x0 = UINT32_MAX;
98 overflow = 1;
99 }
100
101 if (cc) {
102 env->cc_dst = x0;
103 env->cc_src2 = overflow;
104 env->cc_op = CC_OP_DIV;
105 }
106 return x0;
107 }
108
109 target_ulong helper_udiv(CPUSPARCState *env, target_ulong a, target_ulong b)
110 {
111 return helper_udiv_common(env, a, b, 0);
112 }
113
114 target_ulong helper_udiv_cc(CPUSPARCState *env, target_ulong a, target_ulong b)
115 {
116 return helper_udiv_common(env, a, b, 1);
117 }
118
119 static target_ulong helper_sdiv_common(CPUSPARCState *env, target_ulong a,
120 target_ulong b, int cc)
121 {
122 SPARCCPU *cpu = sparc_env_get_cpu(env);
123 int overflow = 0;
124 int64_t x0;
125 int32_t x1;
126
127 x0 = (a & 0xffffffff) | ((int64_t) (env->y) << 32);
128 x1 = (b & 0xffffffff);
129
130 if (x1 == 0) {
131 cpu_restore_state(CPU(cpu), GETPC());
132 helper_raise_exception(env, TT_DIV_ZERO);
133 } else if (x1 == -1 && x0 == INT64_MIN) {
134 x0 = INT32_MAX;
135 overflow = 1;
136 } else {
137 x0 = x0 / x1;
138 if ((int32_t) x0 != x0) {
139 x0 = x0 < 0 ? INT32_MIN : INT32_MAX;
140 overflow = 1;
141 }
142 }
143
144 if (cc) {
145 env->cc_dst = x0;
146 env->cc_src2 = overflow;
147 env->cc_op = CC_OP_DIV;
148 }
149 return x0;
150 }
151
152 target_ulong helper_sdiv(CPUSPARCState *env, target_ulong a, target_ulong b)
153 {
154 return helper_sdiv_common(env, a, b, 0);
155 }
156
157 target_ulong helper_sdiv_cc(CPUSPARCState *env, target_ulong a, target_ulong b)
158 {
159 return helper_sdiv_common(env, a, b, 1);
160 }
161
162 #ifdef TARGET_SPARC64
163 int64_t helper_sdivx(CPUSPARCState *env, int64_t a, int64_t b)
164 {
165 if (b == 0) {
166 /* Raise divide by zero trap. */
167 SPARCCPU *cpu = sparc_env_get_cpu(env);
168
169 cpu_restore_state(CPU(cpu), GETPC());
170 helper_raise_exception(env, TT_DIV_ZERO);
171 } else if (b == -1) {
172 /* Avoid overflow trap with i386 divide insn. */
173 return -a;
174 } else {
175 return a / b;
176 }
177 }
178
179 uint64_t helper_udivx(CPUSPARCState *env, uint64_t a, uint64_t b)
180 {
181 if (b == 0) {
182 /* Raise divide by zero trap. */
183 SPARCCPU *cpu = sparc_env_get_cpu(env);
184
185 cpu_restore_state(CPU(cpu), GETPC());
186 helper_raise_exception(env, TT_DIV_ZERO);
187 }
188 return a / b;
189 }
190 #endif
191
192 target_ulong helper_taddcctv(CPUSPARCState *env, target_ulong src1,
193 target_ulong src2)
194 {
195 SPARCCPU *cpu = sparc_env_get_cpu(env);
196 target_ulong dst;
197
198 /* Tag overflow occurs if either input has bits 0 or 1 set. */
199 if ((src1 | src2) & 3) {
200 goto tag_overflow;
201 }
202
203 dst = src1 + src2;
204
205 /* Tag overflow occurs if the addition overflows. */
206 if (~(src1 ^ src2) & (src1 ^ dst) & (1u << 31)) {
207 goto tag_overflow;
208 }
209
210 /* Only modify the CC after any exceptions have been generated. */
211 env->cc_op = CC_OP_TADDTV;
212 env->cc_src = src1;
213 env->cc_src2 = src2;
214 env->cc_dst = dst;
215 return dst;
216
217 tag_overflow:
218 cpu_restore_state(CPU(cpu), GETPC());
219 helper_raise_exception(env, TT_TOVF);
220 }
221
222 target_ulong helper_tsubcctv(CPUSPARCState *env, target_ulong src1,
223 target_ulong src2)
224 {
225 SPARCCPU *cpu = sparc_env_get_cpu(env);
226 target_ulong dst;
227
228 /* Tag overflow occurs if either input has bits 0 or 1 set. */
229 if ((src1 | src2) & 3) {
230 goto tag_overflow;
231 }
232
233 dst = src1 - src2;
234
235 /* Tag overflow occurs if the subtraction overflows. */
236 if ((src1 ^ src2) & (src1 ^ dst) & (1u << 31)) {
237 goto tag_overflow;
238 }
239
240 /* Only modify the CC after any exceptions have been generated. */
241 env->cc_op = CC_OP_TSUBTV;
242 env->cc_src = src1;
243 env->cc_src2 = src2;
244 env->cc_dst = dst;
245 return dst;
246
247 tag_overflow:
248 cpu_restore_state(CPU(cpu), GETPC());
249 helper_raise_exception(env, TT_TOVF);
250 }
251
252 #ifndef TARGET_SPARC64
253 void helper_power_down(CPUSPARCState *env)
254 {
255 CPUState *cs = CPU(sparc_env_get_cpu(env));
256
257 cs->halted = 1;
258 cs->exception_index = EXCP_HLT;
259 env->pc = env->npc;
260 env->npc = env->pc + 4;
261 cpu_loop_exit(cs);
262 }
263 #endif