target/xtensa: fix access ring in l32ex

l32ex does memory access as all regular load/store operations at CRING level. Fix apparent pasto from l32e that caused it to use RING instead. This is a correctness issue, not a security issue, because in the worst case the privilege level of memory access may be lowered, resulting in an exception when the correct implementation would've succeeded. In no case it would allow memory access that would've raised an exception in the correct implementation. Cc: qemu-stable@nongnu.org Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
author: Max Filippov <jcmvbkbc@gmail.com> 2021-05-19 03:40:00 -0700
committer: Max Filippov <jcmvbkbc@gmail.com> 2021-05-20 13:02:58 -0700
commit: 735aa900e4bf57b777ac620bed7c88234ec4b601 (patch)
tree: 475a9040b184c4c1291ff11cb725941ff0447b87 /target/xtensa/translate.c
parent: cb2d627a00a6bf686bc221b05f136545639a1c37 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/target/xtensa/translate.c b/target/xtensa/translate.c
index f93df87ec4..95f6b21c2a 100644
--- a/target/xtensa/translate.c
+++ b/target/xtensa/translate.c
@@ -1814,7 +1814,7 @@ static void translate_l32ex(DisasContext *dc, const OpcodeArg arg[],
     tcg_gen_mov_i32(addr, arg[1].in);
     gen_load_store_alignment(dc, 2, addr, true);
     gen_check_exclusive(dc, addr, false);
-    tcg_gen_qemu_ld_i32(arg[0].out, addr, dc->ring, MO_TEUL);
+    tcg_gen_qemu_ld_i32(arg[0].out, addr, dc->cring, MO_TEUL);
     tcg_gen_mov_i32(cpu_exclusive_addr, addr);
     tcg_gen_mov_i32(cpu_exclusive_val, arg[0].out);
     tcg_temp_free(addr);
author	Max Filippov <jcmvbkbc@gmail.com>	2021-05-19 03:40:00 -0700
committer	Max Filippov <jcmvbkbc@gmail.com>	2021-05-20 13:02:58 -0700
commit	735aa900e4bf57b777ac620bed7c88234ec4b601 (patch)
tree	475a9040b184c4c1291ff11cb725941ff0447b87 /target/xtensa/translate.c
parent	cb2d627a00a6bf686bc221b05f136545639a1c37 (diff)