Fix use after free on temporary.

Optmize branch to next insn via br r0. -----BEGIN PGP SIGNATURE----- iQEcBAABAgAGBQJcgcsMAAoJEGTfOOivfiFfJ88H/3jS/sFkYueBNjJM7lrUBzmJ s/Aba7gM2wEjxieaSntrVZ86JEbAWrR0dlP2RdGjTG5nI+2UM0OlF59oEpi68gyc sEK1APosshwmWeSNhg+vC7COI+q3wHbDFfoslf7oJM8t0ygyO0DWTm6UE9E8S9Ab 56lW8TYbNG860u7dCZyPO/++4Z88nKhue2/CWDaSW8mkAmqMcq+Tphs8CaYV2HTA yC88Znn6Md22cFJwUO/gpmbKspj759otOFs3MaAk92eLIgVbNF/B/fUoSovRxNX0 kqVChGSuGxJiOkfnqFBklkP46UFGRcYAKkTaz7G0bE1H3H5oyz364hhsIAMbscg= =ZjlD -----END PGP SIGNATURE----- Merge remote-tracking branch 'remotes/rth/tags/pull-hppa-20190307' into staging Fix use after free on temporary. Optmize branch to next insn via br r0. # gpg: Signature made Fri 08 Mar 2019 01:53:16 GMT # gpg: using RSA key 64DF38E8AF7E215F # gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full] # Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F * remotes/rth/tags/pull-hppa-20190307: target/hppa: Optimize blr r0,rn target/hppa: Do not return freed temporary Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2024-12-01 15:53:35 +08:00 · 2019-03-08 15:17:01 +00:00 · 2019-03-08 15:17:01 +00:00 · 62cfabb522
commit 62cfabb522
parent 06a1564fcc b35aec8597
1 changed files with 12 additions and 9 deletions
--- a/target/hppa/translate.c
+++ b/target/hppa/translate.c
@ -2007,16 +2007,15 @@ static TCGv_reg do_ibranch_priv(DisasContext *ctx, TCGv_reg offset)
        /* Privilege 0 is maximum and is allowed to decrease.  */
        return offset;
    case 3:
-        /* Privilege 3 is minimum and is never allowed increase.  */
+        /* Privilege 3 is minimum and is never allowed to increase.  */
        dest = get_temp(ctx);
        tcg_gen_ori_reg(dest, offset, 3);
        break;
    default:
-        dest = tcg_temp_new();
+        dest = get_temp(ctx);
        tcg_gen_andi_reg(dest, offset, -4);
        tcg_gen_ori_reg(dest, dest, ctx->privilege);
        tcg_gen_movcond_reg(TCG_COND_GTU, dest, dest, offset, dest, offset);
-        tcg_temp_free(dest);
        break;
    }
    return dest;
@ -3489,12 +3488,16 @@ static bool trans_b_gate(DisasContext *ctx, arg_b_gate *a)

 static bool trans_blr(DisasContext *ctx, arg_blr *a)
 {
-    TCGv_reg tmp = get_temp(ctx);
-
-    tcg_gen_shli_reg(tmp, load_gpr(ctx, a->x), 3);
-    tcg_gen_addi_reg(tmp, tmp, ctx->iaoq_f + 8);
-    /* The computation here never changes privilege level.  */
-    return do_ibranch(ctx, tmp, a->l, a->n);
+    if (a->x) {
+        TCGv_reg tmp = get_temp(ctx);
+        tcg_gen_shli_reg(tmp, load_gpr(ctx, a->x), 3);
+        tcg_gen_addi_reg(tmp, tmp, ctx->iaoq_f + 8);
+        /* The computation here never changes privilege level.  */
+        return do_ibranch(ctx, tmp, a->l, a->n);
+    } else {
+        /* BLR R0,RX is a good way to load PC+8 into RX.  */
+        return do_dbranch(ctx, ctx->iaoq_f + 8, a->l, a->n);
+    }
 }

 static bool trans_bv(DisasContext *ctx, arg_bv *a)