From 6111a0c0eddf320a0702c3fde17c61bb3dd02963 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Mon, 23 Mar 2020 17:22:30 +0000 Subject: [PATCH 1/5] hw/arm/bcm283x: Correct the license text MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The license is the 'GNU General Public License v2.0 or later', not 'and': This program is free software; you can redistribute it and/ori modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. Fix the license comment. Signed-off-by: Philippe Mathieu-Daudé Message-id: 20200312213455.15854-1-philmd@redhat.com Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- hw/arm/bcm2835_peripherals.c | 3 ++- hw/arm/bcm2836.c | 3 ++- hw/arm/raspi.c | 3 ++- hw/display/bcm2835_fb.c | 1 - hw/dma/bcm2835_dma.c | 4 +++- hw/intc/bcm2835_ic.c | 4 ++-- hw/intc/bcm2836_control.c | 4 +++- hw/misc/bcm2835_mbox.c | 4 +++- hw/misc/bcm2835_property.c | 4 +++- include/hw/arm/bcm2835_peripherals.h | 3 ++- include/hw/arm/bcm2836.h | 3 ++- include/hw/char/bcm2835_aux.h | 3 ++- include/hw/display/bcm2835_fb.h | 3 ++- include/hw/dma/bcm2835_dma.h | 4 +++- include/hw/intc/bcm2835_ic.h | 4 +++- include/hw/intc/bcm2836_control.h | 3 ++- include/hw/misc/bcm2835_mbox.h | 4 +++- include/hw/misc/bcm2835_mbox_defs.h | 4 +++- include/hw/misc/bcm2835_property.h | 4 +++- 19 files changed, 45 insertions(+), 20 deletions(-) diff --git a/hw/arm/bcm2835_peripherals.c b/hw/arm/bcm2835_peripherals.c index 17207ae07e..edcaa4916d 100644 --- a/hw/arm/bcm2835_peripherals.c +++ b/hw/arm/bcm2835_peripherals.c @@ -5,7 +5,8 @@ * Rasperry Pi 2 emulation and refactoring Copyright (c) 2015, Microsoft * Written by Andrew Baumann * - * This code is licensed under the GNU GPLv2 and later. + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. */ #include "qemu/osdep.h" diff --git a/hw/arm/bcm2836.c b/hw/arm/bcm2836.c index 38e2941bab..43022b83f5 100644 --- a/hw/arm/bcm2836.c +++ b/hw/arm/bcm2836.c @@ -5,7 +5,8 @@ * Rasperry Pi 2 emulation and refactoring Copyright (c) 2015, Microsoft * Written by Andrew Baumann * - * This code is licensed under the GNU GPLv2 and later. + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. */ #include "qemu/osdep.h" diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c index acd2bb794d..fe3b9bc78b 100644 --- a/hw/arm/raspi.c +++ b/hw/arm/raspi.c @@ -8,7 +8,8 @@ * Raspberry Pi 3 emulation Copyright (c) 2018 Zoltán Baldaszti * Upstream code cleanup (c) 2018 Pekka Enberg * - * This code is licensed under the GNU GPLv2 and later. + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. */ #include "qemu/osdep.h" diff --git a/hw/display/bcm2835_fb.c b/hw/display/bcm2835_fb.c index d6bf3374a6..c6263808a2 100644 --- a/hw/display/bcm2835_fb.c +++ b/hw/display/bcm2835_fb.c @@ -1,7 +1,6 @@ /* * Raspberry Pi emulation (c) 2012 Gregory Estrade * Refactoring for Pi2 Copyright (c) 2015, Microsoft. Written by Andrew Baumann. - * This code is licensed under the GNU GPLv2 and later. * * Heavily based on milkymist-vgafb.c, copyright terms below: * QEMU model of the Milkymist VGA framebuffer. diff --git a/hw/dma/bcm2835_dma.c b/hw/dma/bcm2835_dma.c index ccff5ed55b..4cd9dab745 100644 --- a/hw/dma/bcm2835_dma.c +++ b/hw/dma/bcm2835_dma.c @@ -1,6 +1,8 @@ /* * Raspberry Pi emulation (c) 2012 Gregory Estrade - * This code is licensed under the GNU GPLv2 and later. + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. */ #include "qemu/osdep.h" diff --git a/hw/intc/bcm2835_ic.c b/hw/intc/bcm2835_ic.c index 05bd28e4f9..53ab8f5881 100644 --- a/hw/intc/bcm2835_ic.c +++ b/hw/intc/bcm2835_ic.c @@ -1,7 +1,6 @@ /* * Raspberry Pi emulation (c) 2012 Gregory Estrade * Refactoring for Pi2 Copyright (c) 2015, Microsoft. Written by Andrew Baumann. - * This code is licensed under the GNU GPLv2 and later. * Heavily based on pl190.c, copyright terms below: * * Arm PrimeCell PL190 Vector Interrupt Controller @@ -9,7 +8,8 @@ * Copyright (c) 2006 CodeSourcery. * Written by Paul Brook * - * This code is licensed under the GPL. + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. */ #include "qemu/osdep.h" diff --git a/hw/intc/bcm2836_control.c b/hw/intc/bcm2836_control.c index 61f884ff9e..53dba0080c 100644 --- a/hw/intc/bcm2836_control.c +++ b/hw/intc/bcm2836_control.c @@ -4,7 +4,6 @@ * Written by Andrew Baumann * * Based on bcm2835_ic.c (Raspberry Pi emulation) (c) 2012 Gregory Estrade - * This code is licensed under the GNU GPLv2 and later. * * At present, only implements interrupt routing, and mailboxes (i.e., * not PMU interrupt, or AXI counters). @@ -13,6 +12,9 @@ * * Ref: * https://www.raspberrypi.org/documentation/hardware/raspberrypi/bcm2836/QA7_rev3.4.pdf + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. */ #include "qemu/osdep.h" diff --git a/hw/misc/bcm2835_mbox.c b/hw/misc/bcm2835_mbox.c index 77d2d80706..2afa06a746 100644 --- a/hw/misc/bcm2835_mbox.c +++ b/hw/misc/bcm2835_mbox.c @@ -1,11 +1,13 @@ /* * Raspberry Pi emulation (c) 2012 Gregory Estrade - * This code is licensed under the GNU GPLv2 and later. * * This file models the system mailboxes, which are used for * communication with low-bandwidth GPU peripherals. Refs: * https://github.com/raspberrypi/firmware/wiki/Mailboxes * https://github.com/raspberrypi/firmware/wiki/Accessing-mailboxes + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. */ #include "qemu/osdep.h" diff --git a/hw/misc/bcm2835_property.c b/hw/misc/bcm2835_property.c index df91280dfc..3e228ca0ae 100644 --- a/hw/misc/bcm2835_property.c +++ b/hw/misc/bcm2835_property.c @@ -1,6 +1,8 @@ /* * Raspberry Pi emulation (c) 2012 Gregory Estrade - * This code is licensed under the GNU GPLv2 and later. + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. */ #include "qemu/osdep.h" diff --git a/include/hw/arm/bcm2835_peripherals.h b/include/hw/arm/bcm2835_peripherals.h index 7859281e11..2e8655a7c2 100644 --- a/include/hw/arm/bcm2835_peripherals.h +++ b/include/hw/arm/bcm2835_peripherals.h @@ -5,7 +5,8 @@ * Rasperry Pi 2 emulation and refactoring Copyright (c) 2015, Microsoft * Written by Andrew Baumann * - * This code is licensed under the GNU GPLv2 and later. + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. */ #ifndef BCM2835_PERIPHERALS_H diff --git a/include/hw/arm/bcm2836.h b/include/hw/arm/bcm2836.h index 92a6544816..024af8aae4 100644 --- a/include/hw/arm/bcm2836.h +++ b/include/hw/arm/bcm2836.h @@ -5,7 +5,8 @@ * Rasperry Pi 2 emulation and refactoring Copyright (c) 2015, Microsoft * Written by Andrew Baumann * - * This code is licensed under the GNU GPLv2 and later. + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. */ #ifndef BCM2836_H diff --git a/include/hw/char/bcm2835_aux.h b/include/hw/char/bcm2835_aux.h index cdbf7e3e37..934acf9c81 100644 --- a/include/hw/char/bcm2835_aux.h +++ b/include/hw/char/bcm2835_aux.h @@ -2,7 +2,8 @@ * Rasperry Pi 2 emulation and refactoring Copyright (c) 2015, Microsoft * Written by Andrew Baumann * - * This code is licensed under the GNU GPLv2 and later. + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. */ #ifndef BCM2835_AUX_H diff --git a/include/hw/display/bcm2835_fb.h b/include/hw/display/bcm2835_fb.h index 228988ba05..2246be74d8 100644 --- a/include/hw/display/bcm2835_fb.h +++ b/include/hw/display/bcm2835_fb.h @@ -5,7 +5,8 @@ * Rasperry Pi 2 emulation and refactoring Copyright (c) 2015, Microsoft * Written by Andrew Baumann * - * This code is licensed under the GNU GPLv2 and later. + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. */ #ifndef BCM2835_FB_H diff --git a/include/hw/dma/bcm2835_dma.h b/include/hw/dma/bcm2835_dma.h index 91ed8d05d1..a6747842b7 100644 --- a/include/hw/dma/bcm2835_dma.h +++ b/include/hw/dma/bcm2835_dma.h @@ -1,6 +1,8 @@ /* * Raspberry Pi emulation (c) 2012 Gregory Estrade - * This code is licensed under the GNU GPLv2 and later. + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. */ #ifndef BCM2835_DMA_H diff --git a/include/hw/intc/bcm2835_ic.h b/include/hw/intc/bcm2835_ic.h index fb75fa0064..392ded1cb3 100644 --- a/include/hw/intc/bcm2835_ic.h +++ b/include/hw/intc/bcm2835_ic.h @@ -1,6 +1,8 @@ /* * Raspberry Pi emulation (c) 2012 Gregory Estrade - * This code is licensed under the GNU GPLv2 and later. + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. */ #ifndef BCM2835_IC_H diff --git a/include/hw/intc/bcm2836_control.h b/include/hw/intc/bcm2836_control.h index de061b8929..2c22405686 100644 --- a/include/hw/intc/bcm2836_control.h +++ b/include/hw/intc/bcm2836_control.h @@ -8,7 +8,8 @@ * ARM Local Timer IRQ Copyright (c) 2019. Zoltán Baldaszti * Added basic IRQ_TIMER interrupt support * - * This code is licensed under the GNU GPLv2 and later. + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. */ #ifndef BCM2836_CONTROL_H diff --git a/include/hw/misc/bcm2835_mbox.h b/include/hw/misc/bcm2835_mbox.h index 7e8f3ce86d..57f95cc35e 100644 --- a/include/hw/misc/bcm2835_mbox.h +++ b/include/hw/misc/bcm2835_mbox.h @@ -1,6 +1,8 @@ /* * Raspberry Pi emulation (c) 2012 Gregory Estrade - * This code is licensed under the GNU GPLv2 and later. + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. */ #ifndef BCM2835_MBOX_H diff --git a/include/hw/misc/bcm2835_mbox_defs.h b/include/hw/misc/bcm2835_mbox_defs.h index a18e520b22..9670bf33a0 100644 --- a/include/hw/misc/bcm2835_mbox_defs.h +++ b/include/hw/misc/bcm2835_mbox_defs.h @@ -1,6 +1,8 @@ /* * Raspberry Pi emulation (c) 2012 Gregory Estrade - * This code is licensed under the GNU GPLv2 and later. + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. */ #ifndef BCM2835_MBOX_DEFS_H diff --git a/include/hw/misc/bcm2835_property.h b/include/hw/misc/bcm2835_property.h index 11be0dbeac..b321f22499 100644 --- a/include/hw/misc/bcm2835_property.h +++ b/include/hw/misc/bcm2835_property.h @@ -1,6 +1,8 @@ /* * Raspberry Pi emulation (c) 2012 Gregory Estrade - * This code is licensed under the GNU GPLv2 and later. + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. */ #ifndef BCM2835_PROPERTY_H From 4dabf39592e92d692c6f2a1633571114ae25d843 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= Date: Mon, 23 Mar 2020 17:22:30 +0000 Subject: [PATCH 2/5] aspeed/smc: Fix DMA support for AST2600 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Recent firmwares uses SPI DMA transfers in U-Boot to load the different images (kernel, initrd, dtb) in the SoC DRAM. The AST2600 FMC model is missing the masks to be applied on the DMA registers which resulted in incorrect values. Fix that and wire the SPI controllers which have DMA support on the AST2600. Fixes: bcaa8ddd081c ("aspeed/smc: Add AST2600 support") Signed-off-by: Cédric Le Goater Reviewed-by: Joel Stanley Message-id: 20200320053923.20565-1-clg@kaod.org Signed-off-by: Peter Maydell --- hw/arm/aspeed_ast2600.c | 6 ++++++ hw/ssi/aspeed_smc.c | 15 +++++++++++++-- hw/ssi/trace-events | 1 + 3 files changed, 20 insertions(+), 2 deletions(-) diff --git a/hw/arm/aspeed_ast2600.c b/hw/arm/aspeed_ast2600.c index 446b44d31c..1a869e09b9 100644 --- a/hw/arm/aspeed_ast2600.c +++ b/hw/arm/aspeed_ast2600.c @@ -411,6 +411,12 @@ static void aspeed_soc_ast2600_realize(DeviceState *dev, Error **errp) /* SPI */ for (i = 0; i < sc->spis_num; i++) { + object_property_set_link(OBJECT(&s->spi[i]), OBJECT(s->dram_mr), + "dram", &err); + if (err) { + error_propagate(errp, err); + return; + } object_property_set_int(OBJECT(&s->spi[i]), 1, "num-cs", &err); object_property_set_bool(OBJECT(&s->spi[i]), true, "realized", &local_err); diff --git a/hw/ssi/aspeed_smc.c b/hw/ssi/aspeed_smc.c index 9d5c696d5a..2edccef2d5 100644 --- a/hw/ssi/aspeed_smc.c +++ b/hw/ssi/aspeed_smc.c @@ -364,6 +364,8 @@ static const AspeedSMCController controllers[] = { .flash_window_base = ASPEED26_SOC_FMC_FLASH_BASE, .flash_window_size = 0x10000000, .has_dma = true, + .dma_flash_mask = 0x0FFFFFFC, + .dma_dram_mask = 0x3FFFFFFC, .nregs = ASPEED_SMC_R_MAX, .segment_to_reg = aspeed_2600_smc_segment_to_reg, .reg_to_segment = aspeed_2600_smc_reg_to_segment, @@ -379,7 +381,9 @@ static const AspeedSMCController controllers[] = { .segments = aspeed_segments_ast2600_spi1, .flash_window_base = ASPEED26_SOC_SPI_FLASH_BASE, .flash_window_size = 0x10000000, - .has_dma = false, + .has_dma = true, + .dma_flash_mask = 0x0FFFFFFC, + .dma_dram_mask = 0x3FFFFFFC, .nregs = ASPEED_SMC_R_MAX, .segment_to_reg = aspeed_2600_smc_segment_to_reg, .reg_to_segment = aspeed_2600_smc_reg_to_segment, @@ -395,7 +399,9 @@ static const AspeedSMCController controllers[] = { .segments = aspeed_segments_ast2600_spi2, .flash_window_base = ASPEED26_SOC_SPI2_FLASH_BASE, .flash_window_size = 0x10000000, - .has_dma = false, + .has_dma = true, + .dma_flash_mask = 0x0FFFFFFC, + .dma_dram_mask = 0x3FFFFFFC, .nregs = ASPEED_SMC_R_MAX, .segment_to_reg = aspeed_2600_smc_segment_to_reg, .reg_to_segment = aspeed_2600_smc_reg_to_segment, @@ -1135,6 +1141,11 @@ static void aspeed_smc_dma_rw(AspeedSMCState *s) MemTxResult result; uint32_t data; + trace_aspeed_smc_dma_rw(s->regs[R_DMA_CTRL] & DMA_CTRL_WRITE ? + "write" : "read", + s->regs[R_DMA_FLASH_ADDR], + s->regs[R_DMA_DRAM_ADDR], + s->regs[R_DMA_LEN]); while (s->regs[R_DMA_LEN]) { if (s->regs[R_DMA_CTRL] & DMA_CTRL_WRITE) { data = address_space_ldl_le(&s->dram_as, s->regs[R_DMA_DRAM_ADDR], diff --git a/hw/ssi/trace-events b/hw/ssi/trace-events index 0a70629801..0ea498de91 100644 --- a/hw/ssi/trace-events +++ b/hw/ssi/trace-events @@ -6,5 +6,6 @@ aspeed_smc_do_snoop(int cs, int index, int dummies, int data) "CS%d index:0x%x d aspeed_smc_flash_write(int cs, uint64_t addr, uint32_t size, uint64_t data, int mode) "CS%d @0x%" PRIx64 " size %u: 0x%" PRIx64" mode:%d" aspeed_smc_read(uint64_t addr, uint32_t size, uint64_t data) "@0x%" PRIx64 " size %u: 0x%" PRIx64 aspeed_smc_dma_checksum(uint32_t addr, uint32_t data) "0x%08x: 0x%08x" +aspeed_smc_dma_rw(const char *dir, uint32_t flash_addr, uint32_t dram_addr, uint32_t size) "%s flash:@0x%08x dram:@0x%08x size:0x%08x" aspeed_smc_write(uint64_t addr, uint32_t size, uint64_t data) "@0x%" PRIx64 " size %u: 0x%" PRIx64 aspeed_smc_flash_select(int cs, const char *prefix) "CS%d %sselect" From ae1111d4def40c6f592c3a307c599272b778eb65 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Mon, 23 Mar 2020 17:22:30 +0000 Subject: [PATCH 3/5] target/arm: Rearrange disabled check for watchpoints MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Coverity rightly notes that ctz32(bas) on 0 will return 32, which makes the len calculation a BAD_SHIFT. A value of 0 in DBGWCR_EL1.BAS is reserved. Simply move the existing check we have for this case. Reported-by: Coverity (CID 1421964) Signed-off-by: Richard Henderson Reviewed-by: Philippe Mathieu-Daudé Message-id: 20200320160622.8040-2-richard.henderson@linaro.org Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- target/arm/helper.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index d2ec2c5351..b7b6887241 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -6340,17 +6340,18 @@ void hw_watchpoint_update(ARMCPU *cpu, int n) int bas = extract64(wcr, 5, 8); int basstart; - if (bas == 0) { - /* This must act as if the watchpoint is disabled */ - return; - } - if (extract64(wvr, 2, 1)) { /* Deprecated case of an only 4-aligned address. BAS[7:4] are * ignored, and BAS[3:0] define which bytes to watch. */ bas &= 0xf; } + + if (bas == 0) { + /* This must act as if the watchpoint is disabled */ + return; + } + /* The BAS bits are supposed to be programmed to indicate a contiguous * range of bytes. Otherwise it is CONSTRAINED UNPREDICTABLE whether * we fire for each byte in the word/doubleword addressed by the WVR. From 3944d58db3fc5bf131345a21a44013bc13849a12 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Mon, 23 Mar 2020 17:22:30 +0000 Subject: [PATCH 4/5] target/arm: Assert immh != 0 in disas_simd_shift_imm MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Coverity raised a shed-load of errors cascading from inferring that clz32(immh) might yield 32, from immh might be 0. While immh cannot be 0 from encoding, it is not obvious even to a human how we've checked that: via the filtering provided by data_proc_simd[]. Reported-by: Coverity (CID 1421923, and more) Signed-off-by: Richard Henderson Reviewed-by: Philippe Mathieu-Daudé Message-id: 20200320160622.8040-3-richard.henderson@linaro.org Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- target/arm/translate-a64.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index 8fffb52203..032478614c 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -10405,6 +10405,9 @@ static void disas_simd_shift_imm(DisasContext *s, uint32_t insn) bool is_u = extract32(insn, 29, 1); bool is_q = extract32(insn, 30, 1); + /* data_proc_simd[] has sent immh == 0 to disas_simd_mod_imm. */ + assert(immh != 0); + switch (opcode) { case 0x08: /* SRI */ if (!is_u) { From 550a04893c2bd4442211b353680b9a6408d94dba Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Mon, 23 Mar 2020 17:22:30 +0000 Subject: [PATCH 5/5] target/arm: Move computation of index in handle_simd_dupe MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Coverity reports a BAD_SHIFT with ctz32(imm5), with imm5 == 0. This is an invalid encoding, but we diagnose that just below by rejecting size > 3. Avoid the warning by sinking the computation of index below the check. Reported-by: Coverity (CID 1421965) Signed-off-by: Richard Henderson Reviewed-by: Philippe Mathieu-Daudé Message-id: 20200320160622.8040-4-richard.henderson@linaro.org Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- target/arm/translate-a64.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index 032478614c..7580e46367 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -7422,7 +7422,7 @@ static void handle_simd_dupe(DisasContext *s, int is_q, int rd, int rn, int imm5) { int size = ctz32(imm5); - int index = imm5 >> (size + 1); + int index; if (size > 3 || (size == 3 && !is_q)) { unallocated_encoding(s); @@ -7433,6 +7433,7 @@ static void handle_simd_dupe(DisasContext *s, int is_q, int rd, int rn, return; } + index = imm5 >> (size + 1); tcg_gen_gvec_dup_mem(size, vec_full_reg_offset(s, rd), vec_reg_offset(s, rn, index, size), is_q ? 16 : 8, vec_full_reg_size(s));