From bbda4b6c7d7c7f79da71f95c92a5d76be22c3efd Mon Sep 17 00:00:00 2001

From: Sandipan Das <sandipan@linux.ibm.com>

Date: Thu, 4 Feb 2021 13:37:43 +0530

Subject: [PATCH] powerpc/sstep: Fix load-store and update emulation

References: bsc#1156395

Patch-mainline: v5.12-rc1

Git-commit: bbda4b6c7d7c7f79da71f95c92a5d76be22c3efd

The Power ISA says that the fixed-point load and update instructions

must neither use R0 for the base address (RA) nor have the

destination (RT) and the base address (RA) as the same register.

Similarly, for fixed-point stores and floating-point loads and stores,

the instruction is invalid when R0 is used as the base address (RA).

This is applicable to the following instructions.

  * Load Byte and Zero with Update (lbzu)

  * Load Byte and Zero with Update Indexed (lbzux)

  * Load Halfword and Zero with Update (lhzu)

  * Load Halfword and Zero with Update Indexed (lhzux)

  * Load Halfword Algebraic with Update (lhau)

  * Load Halfword Algebraic with Update Indexed (lhaux)

  * Load Word and Zero with Update (lwzu)

  * Load Word and Zero with Update Indexed (lwzux)

  * Load Word Algebraic with Update Indexed (lwaux)

  * Load Doubleword with Update (ldu)

  * Load Doubleword with Update Indexed (ldux)

  * Load Floating Single with Update (lfsu)

  * Load Floating Single with Update Indexed (lfsux)

  * Load Floating Double with Update (lfdu)

  * Load Floating Double with Update Indexed (lfdux)

  * Store Byte with Update (stbu)

  * Store Byte with Update Indexed (stbux)

  * Store Halfword with Update (sthu)

  * Store Halfword with Update Indexed (sthux)

  * Store Word with Update (stwu)

  * Store Word with Update Indexed (stwux)

  * Store Doubleword with Update (stdu)

  * Store Doubleword with Update Indexed (stdux)

  * Store Floating Single with Update (stfsu)

  * Store Floating Single with Update Indexed (stfsux)

  * Store Floating Double with Update (stfdu)

  * Store Floating Double with Update Indexed (stfdux)

E.g. the following behaviour is observed for an invalid load and

update instruction having RA = RT.

While a userspace program having an instruction word like 0xe9ce0001,

i.e. ldu r14, 0(r14), runs without getting receiving a SIGILL on a

Power system (observed on P8 and P9), the outcome of executing that

instruction word varies and its behaviour can be considered to be

undefined.

Attaching an uprobe at that instruction's address results in emulation

which currently performs the load as well as writes the effective

address back to the base register. This might not match the outcome

from hardware.

To remove any inconsistencies, this adds additional checks for the

aforementioned instructions to make sure that the emulation

infrastructure treats them as unknown. The kernel can then fallback to

executing such instructions on hardware.

Fixes: 0016a4cf5582 ("powerpc: Emulate most Book I instructions in emulate_step()")

Signed-off-by: Sandipan Das <sandipan@linux.ibm.com>

Reviewed-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>

Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>

Link: https://lore.kernel.org/r/20210204080744.135785-1-sandipan@linux.ibm.com

Acked-by: Michal Suchanek <msuchanek@suse.de>

---

 arch/powerpc/lib/sstep.c | 14 ++++++++++++++

 1 file changed, 14 insertions(+)

diff --git a/arch/powerpc/lib/sstep.c b/arch/powerpc/lib/sstep.c

index e96cff845ef7..11f14b209d7f 100644

--- a/arch/powerpc/lib/sstep.c

+++ b/arch/powerpc/lib/sstep.c

@@ -3017,6 +3017,20 @@ int analyse_instr(struct instruction_op *op, const struct pt_regs *regs,

 	}

+	if (OP_IS_LOAD_STORE(op->type) && (op->type & UPDATE)) {

+		switch (GETTYPE(op->type)) {

+		case LOAD:

+			if (ra == rd)

+				goto unknown_opcode;

+			fallthrough;

+		case STORE:

+		case LOAD_FP:

+		case STORE_FP:

+			if (ra == 0)

+				goto unknown_opcode;

+		}

+	}

+

 #ifdef CONFIG_VSX

 	if ((GETTYPE(op->type) == LOAD_VSX ||

 	     GETTYPE(op->type) == STORE_VSX) &&

-- 

2.26.2