qemu/target-hppa-Fix-PSW-V-bit-packaging-in-cpu_hppa_get-.patch

From b1a14fd9b59803a17626903c5fb54f1aa2655d00 Mon Sep 17 00:00:00 2001
From: Helge Deller <deller@gmx.de>
Date: Tue, 3 Sep 2024 17:22:10 +0200
Subject: [PATCH] target/hppa: Fix PSW V-bit packaging in cpu_hppa_get for
 hppa64

While adding hppa64 support, the psw_v variable got extended from 32 to 64
bits.  So, when packaging the PSW-V bit from the psw_v variable for interrupt
processing, check bit 31 instead the 63th (sign) bit.

This fixes a hard to find Linux kernel boot issue where the loss of the PSW-V
bit due to an ITLB interruption in the middle of a series of ds/addc
instructions (from the divU milicode library) generated the wrong division
result and thus triggered a Linux kernel crash.

Link: https://lore.kernel.org/lkml/718b8afe-222f-4b3a-96d3-93af0e4ceff1@roeck-us.net/
Reported-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Helge Deller <deller@gmx.de>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Fixes: 931adff31478 ("target/hppa: Update cpu_hppa_get/put_psw for hppa64")
Cc: qemu-stable@nongnu.org # v8.2+
(cherry picked from commit ead5078cf1a5f11d16e3e8462154c859620bcc7e)
Signed-off-by: zhujun2 <zhujun2_yewu@cmss.chinamobile.com>
---
 target/hppa/cpu.h    | 2 +-
 target/hppa/helper.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/hppa/cpu.h b/target/hppa/cpu.h
index 8be45c69c9..ba100c21a2 100644
--- a/target/hppa/cpu.h
+++ b/target/hppa/cpu.h
@@ -188,7 +188,7 @@ typedef struct CPUArchState {
 
     target_ulong psw;        /* All psw bits except the following:  */
     target_ulong psw_n;      /* boolean */
-    target_long psw_v;       /* in most significant bit */
+    target_long psw_v;       /* in bit 31 */
 
     /* Splitting the carry-borrow field into the MSB and "the rest", allows
      * for "the rest" to be deleted when it is unused, but the MSB is in use.
diff --git a/target/hppa/helper.c b/target/hppa/helper.c
index 859644c47a..9e35b65f29 100644
--- a/target/hppa/helper.c
+++ b/target/hppa/helper.c
@@ -53,7 +53,7 @@ target_ulong cpu_hppa_get_psw(CPUHPPAState *env)
     }
 
     psw |= env->psw_n * PSW_N;
-    psw |= (env->psw_v < 0) * PSW_V;
+    psw |= ((env->psw_v >> 31) & 1) * PSW_V;
     psw |= env->psw;
 
     return psw;
-- 
2.41.0.windows.1
QEMU update to version 8.2.0-24: - ppc/xive: Fix ESB length overflow on 32-bit hosts - target/hppa: Fix PSW V-bit packaging in cpu_hppa_get for hppa64 - target/ppc: Fix migration of CPUs with TLB_EMB TLB type - target/arm: Clear high SVE elements in handle_vec_simd_wshli - module: Prevent crash by resetting local_err in module_load_qom_all() - tests/docker: update debian i686 and mipsel images to bookworm - target/arm: Fix SVE SDOT/UDOT/USDOT (4-way, indexed) - docs/sphinx/depfile.py: Handle env.doc2path() returning a Path not a str - block/blkio: use FUA flag on write zeroes only if supported - virtio-pci: Fix the use of an uninitialized irqfd - hw/cxl: Ensure there is enough data to read the input header in cmd_get_physical_port_state() - intel_iommu: Send IQE event when setting reserved bit in IQT_TAIL - virtio-net: Avoid indirection_table_mask overflow - Fix calculation of minimum in colo_compare_tcp - target/riscv/csr.c: Fix an access to VXSAT - linux-user: Clean up unused header - raw-format: Fix error message for invalid offset/size - hw/loongarch/virt: Remove unnecessary 'cpu.h' inclusion - tests: Wait for migration completion on destination QEMU to avoid failures - acpi: ged: Add macro for acpi sleep control register - hw/intc/openpic: Improve errors for out of bounds property values - hw/pci-bridge: Add a Kconfig switch for the normal PCI bridge - docs/tools/qemu-img.rst: fix typo (sumarizes) - audio/pw: Report more accurate error when connecting to PipeWire fails - audio/pw: Report more accurate error when connecting to PipeWire fails - dma: Fix function names in documentation Ensure the function names match. - edu: fix DMA range upper bound check - platform-bus: fix refcount leak - hw/net/can/sja1000: fix bug for single acceptance filter and standard frame - tests/avocado: fix typo in replay_linux - util/userfaultfd: Remove unused uffd_poll_events - Consider discard option when writing zeros - crypto: factor out conversion of QAPI to gcrypt constants - crypto: drop gnutls debug logging support - crypto: use consistent error reporting pattern for unsupported cipher modes - hw/gpio/aspeed_gpio: Avoid shift into sign bit Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com> (cherry picked from commit b6e04df301d30895427ab41a1edff0f40149bdd9) 2024-11-30 08:36:49 +08:00			`From b1a14fd9b59803a17626903c5fb54f1aa2655d00 Mon Sep 17 00:00:00 2001`
			`From: Helge Deller <deller@gmx.de>`
			`Date: Tue, 3 Sep 2024 17:22:10 +0200`
			`Subject: [PATCH] target/hppa: Fix PSW V-bit packaging in cpu_hppa_get for`
			`hppa64`

			`While adding hppa64 support, the psw_v variable got extended from 32 to 64`
			`bits. So, when packaging the PSW-V bit from the psw_v variable for interrupt`
			`processing, check bit 31 instead the 63th (sign) bit.`

			`This fixes a hard to find Linux kernel boot issue where the loss of the PSW-V`
			`bit due to an ITLB interruption in the middle of a series of ds/addc`
			`instructions (from the divU milicode library) generated the wrong division`
			`result and thus triggered a Linux kernel crash.`

			`Link: https://lore.kernel.org/lkml/718b8afe-222f-4b3a-96d3-93af0e4ceff1@roeck-us.net/`
			`Reported-by: Guenter Roeck <linux@roeck-us.net>`
			`Signed-off-by: Helge Deller <deller@gmx.de>`
			`Reviewed-by: Richard Henderson <richard.henderson@linaro.org>`
			`Tested-by: Guenter Roeck <linux@roeck-us.net>`
			`Fixes: 931adff31478 ("target/hppa: Update cpu_hppa_get/put_psw for hppa64")`
			`Cc: qemu-stable@nongnu.org # v8.2+`
			`(cherry picked from commit ead5078cf1a5f11d16e3e8462154c859620bcc7e)`
			`Signed-off-by: zhujun2 <zhujun2_yewu@cmss.chinamobile.com>`
			`---`
			`target/hppa/cpu.h \| 2 +-`
			`target/hppa/helper.c \| 2 +-`
			`2 files changed, 2 insertions(+), 2 deletions(-)`

			`diff --git a/target/hppa/cpu.h b/target/hppa/cpu.h`
			`index 8be45c69c9..ba100c21a2 100644`
			`--- a/target/hppa/cpu.h`
			`+++ b/target/hppa/cpu.h`
			`@@ -188,7 +188,7 @@ typedef struct CPUArchState {`

			`target_ulong psw; /* All psw bits except the following: */`
			`target_ulong psw_n; /* boolean */`
			`- target_long psw_v; /* in most significant bit */`
			`+ target_long psw_v; /* in bit 31 */`

			`/* Splitting the carry-borrow field into the MSB and "the rest", allows`
			`* for "the rest" to be deleted when it is unused, but the MSB is in use.`
			`diff --git a/target/hppa/helper.c b/target/hppa/helper.c`
			`index 859644c47a..9e35b65f29 100644`
			`--- a/target/hppa/helper.c`
			`+++ b/target/hppa/helper.c`
			`@@ -53,7 +53,7 @@ target_ulong cpu_hppa_get_psw(CPUHPPAState *env)`
			`}`

			`psw \|= env->psw_n * PSW_N;`
			`- psw \|= (env->psw_v < 0) * PSW_V;`
			`+ psw \|= ((env->psw_v >> 31) & 1) * PSW_V;`
			`psw \|= env->psw;`

			`return psw;`
			`--`
			`2.41.0.windows.1`