From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Cc: ivan@vmfacility.fr, qemu-ppc@nongnu.org, david@gibson.dropbear.id.au
Subject: [PATCH v3 15/16] linux-user/ppc: Fix msr updates
Date: Sun, 14 Mar 2021 11:59:05 -0600 [thread overview]
Message-ID: <20210314175906.1733746-16-richard.henderson@linaro.org> (raw)
In-Reply-To: <20210314175906.1733746-1-richard.henderson@linaro.org>
In save_user_regs, there are two bugs where we OR in a bit number
instead of the bit, clobbering the low bits of MSR. However:
The MSR_VR and MSR_SPE bits control the availability of the insns.
If the bits were not already set in MSR, then any attempt to access
those registers would result in SIGILL.
For linux-user, we always initialize MSR to the capabilities
of the cpu. We *could* add checks vs MSR where we currently
check insn_flags and insn_flags2, but we know they match.
Also, there's a stray cut-and-paste comment in restore.
Then, do not force little-endian binaries into big-endian mode.
Finally, use ppc_store_msr for the update to affect hflags.
Which is the reason none of these bugs were previously noticed.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
linux-user/ppc/cpu_loop.c | 5 +++--
linux-user/ppc/signal.c | 23 +++++++++++------------
2 files changed, 14 insertions(+), 14 deletions(-)
diff --git a/linux-user/ppc/cpu_loop.c b/linux-user/ppc/cpu_loop.c
index df71e15a25..4a0f6c8dc2 100644
--- a/linux-user/ppc/cpu_loop.c
+++ b/linux-user/ppc/cpu_loop.c
@@ -492,11 +492,12 @@ void target_cpu_copy_regs(CPUArchState *env, struct target_pt_regs *regs)
#if defined(TARGET_PPC64)
int flag = (env->insns_flags2 & PPC2_BOOKE206) ? MSR_CM : MSR_SF;
#if defined(TARGET_ABI32)
- env->msr &= ~((target_ulong)1 << flag);
+ ppc_store_msr(env, env->msr & ~((target_ulong)1 << flag));
#else
- env->msr |= (target_ulong)1 << flag;
+ ppc_store_msr(env, env->msr | (target_ulong)1 << flag);
#endif
#endif
+
env->nip = regs->nip;
for(i = 0; i < 32; i++) {
env->gpr[i] = regs->gpr[i];
diff --git a/linux-user/ppc/signal.c b/linux-user/ppc/signal.c
index b78613f7c8..bad38f8ed9 100644
--- a/linux-user/ppc/signal.c
+++ b/linux-user/ppc/signal.c
@@ -261,9 +261,6 @@ static void save_user_regs(CPUPPCState *env, struct target_mcontext *frame)
__put_user(avr->u64[PPC_VEC_HI], &vreg->u64[0]);
__put_user(avr->u64[PPC_VEC_LO], &vreg->u64[1]);
}
- /* Set MSR_VR in the saved MSR value to indicate that
- frame->mc_vregs contains valid data. */
- msr |= MSR_VR;
#if defined(TARGET_PPC64)
vrsave = (uint32_t *)&frame->mc_vregs.altivec[33];
/* 64-bit needs to put a pointer to the vectors in the frame */
@@ -300,9 +297,6 @@ static void save_user_regs(CPUPPCState *env, struct target_mcontext *frame)
for (i = 0; i < ARRAY_SIZE(env->gprh); i++) {
__put_user(env->gprh[i], &frame->mc_vregs.spe[i]);
}
- /* Set MSR_SPE in the saved MSR value to indicate that
- frame->mc_vregs contains valid data. */
- msr |= MSR_SPE;
__put_user(env->spe_fscr, &frame->mc_vregs.spe[32]);
}
#endif
@@ -354,8 +348,10 @@ static void restore_user_regs(CPUPPCState *env,
__get_user(msr, &frame->mc_gregs[TARGET_PT_MSR]);
/* If doing signal return, restore the previous little-endian mode. */
- if (sig)
- env->msr = (env->msr & ~(1ull << MSR_LE)) | (msr & (1ull << MSR_LE));
+ if (sig) {
+ ppc_store_msr(env, ((env->msr & ~(1ull << MSR_LE)) |
+ (msr & (1ull << MSR_LE))));
+ }
/* Restore Altivec registers if necessary. */
if (env->insns_flags & PPC_ALTIVEC) {
@@ -376,8 +372,6 @@ static void restore_user_regs(CPUPPCState *env,
__get_user(avr->u64[PPC_VEC_HI], &vreg->u64[0]);
__get_user(avr->u64[PPC_VEC_LO], &vreg->u64[1]);
}
- /* Set MSR_VEC in the saved MSR value to indicate that
- frame->mc_vregs contains valid data. */
#if defined(TARGET_PPC64)
vrsave = (uint32_t *)&v_regs[33];
#else
@@ -468,7 +462,7 @@ void setup_frame(int sig, struct target_sigaction *ka,
env->nip = (target_ulong) ka->_sa_handler;
/* Signal handlers are entered in big-endian mode. */
- env->msr &= ~(1ull << MSR_LE);
+ ppc_store_msr(env, env->msr & ~(1ull << MSR_LE));
unlock_user_struct(frame, frame_addr, 1);
return;
@@ -563,8 +557,13 @@ void setup_rt_frame(int sig, struct target_sigaction *ka,
env->nip = (target_ulong) ka->_sa_handler;
#endif
+#ifdef TARGET_WORDS_BIGENDIAN
/* Signal handlers are entered in big-endian mode. */
- env->msr &= ~(1ull << MSR_LE);
+ ppc_store_msr(env, env->msr & ~(1ull << MSR_LE));
+#else
+ /* Signal handlers are entered in little-endian mode. */
+ ppc_store_msr(env, env->msr | (1ull << MSR_LE));
+#endif
unlock_user_struct(rt_sf, rt_sf_addr, 1);
return;
--
2.25.1
next prev parent reply other threads:[~2021-03-14 18:16 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-14 17:58 [PATCH v3 00/16] target/ppc: Fix truncation of env->hflags Richard Henderson
2021-03-14 17:58 ` [PATCH v3 01/16] target/ppc: Move helper_regs.h functions out-of-line Richard Henderson
2021-03-14 17:58 ` [PATCH v3 02/16] target/ppc: Move 601 hflags adjustment to hreg_compute_hflags Richard Henderson
2021-03-14 17:58 ` [PATCH v3 03/16] target/ppc: Properly sync cpu state with new msr in cpu_load_old Richard Henderson
2021-03-14 17:58 ` [PATCH v3 04/16] target/ppc: Do not call hreg_compute_mem_idx after ppc_store_msr Richard Henderson
2021-03-14 17:58 ` [PATCH v3 05/16] target/ppc: Retain hflags_nmsr only for migration Richard Henderson
2021-03-14 17:58 ` [PATCH v3 06/16] target/ppc: Fix comment for MSR_FE{0,1} Richard Henderson
2021-03-14 17:58 ` [PATCH v3 07/16] target/ppc: Disconnect hflags from MSR Richard Henderson
2021-03-14 17:58 ` [PATCH v3 08/16] target/ppc: Reduce env->hflags to uint32_t Richard Henderson
2021-03-14 17:58 ` [PATCH v3 09/16] target/ppc: Put dbcr0 single-step bits into hflags Richard Henderson
2021-03-14 17:59 ` [PATCH v3 10/16] target/ppc: Create helper_scv Richard Henderson
2021-03-14 17:59 ` [PATCH v3 11/16] target/ppc: Put LPCR[GTSE] in hflags Richard Henderson
2021-03-14 17:59 ` [PATCH v3 12/16] target/ppc: Remove MSR_SA and MSR_AP from hflags Richard Henderson
2021-03-14 17:59 ` [PATCH v3 13/16] target/ppc: Remove env->immu_idx and env->dmmu_idx Richard Henderson
2021-03-14 17:59 ` [PATCH v3 14/16] hw/ppc: Use hreg_store_msr for msr updates Richard Henderson
2021-03-15 10:23 ` Cédric Le Goater
2021-03-15 13:47 ` Richard Henderson
2021-03-15 13:55 ` Cédric Le Goater
2021-03-14 17:59 ` Richard Henderson [this message]
2021-03-14 17:59 ` [PATCH v3 16/16] target/ppc: Validate hflags with CONFIG_DEBUG_TCG Richard Henderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210314175906.1733746-16-richard.henderson@linaro.org \
--to=richard.henderson@linaro.org \
--cc=david@gibson.dropbear.id.au \
--cc=ivan@vmfacility.fr \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.