diff mbox series

[mickledore,32/35] qemu: Add fix for powerpc instruction fallback issue

Message ID 6a19b4a5f6eb7138ec6e79acf5c85c5d38f22d8f.1683299764.git.steve@sakoman.com
State New
Headers show
Series [mickledore,01/35] connman: backport fix for CVE-2023-28488 | expand

Commit Message

Steve Sakoman May 5, 2023, 3:19 p.m. UTC 
From: Richard Purdie <richard.purdie@linuxfoundation.org>

See the patch for more details, fixes a regression in qemu causing
illegal instructions in libm on powerpc, triggered by a libinput
upgrade.

https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=f1c56cdff09f650ad721fae026eb6a3651631f3d
was the glibc code generating the instruction and triggering the issue.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/qemu/qemu.inc       |  1 +
 meta/recipes-devtools/qemu/qemu/ppc.patch | 70 +++++++++++++++++++++++
 2 files changed, 71 insertions(+)
 create mode 100644 meta/recipes-devtools/qemu/qemu/ppc.patch
diff mbox series

Patch

diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index e2453dd8bc..29bc34d743 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -35,6 +35,7 @@  SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
            file://0001-tracetool-use-relative-paths-for-line-preprocessor-d.patch \
            file://qemu-guest-agent.init \
            file://qemu-guest-agent.udev \
+           file://ppc.patch \
            "
 UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
 
diff --git a/meta/recipes-devtools/qemu/qemu/ppc.patch b/meta/recipes-devtools/qemu/qemu/ppc.patch
new file mode 100644
index 0000000000..395cdb814f
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/ppc.patch
@@ -0,0 +1,70 @@ 
+target/ppc: Fix fallback to MFSS for MFFSCRN, MFFSCRNI, MFFSCE and MFFSL
+
+The following commits changed the code such that these instructions became invalid
+on pre 3.0 ISAs:
+
+  bf8adfd88b547680aa857c46098f3a1e94373160 - target/ppc: Move mffscrn[i] to decodetree 
+  394c2e2fda70da722f20fb60412d6c0ca4bfaa03 - target/ppc: Move mffsce to decodetree
+  3e5bce70efe6bd1f684efbb21fd2a316cbf0657e - target/ppc: Move mffsl to decodetree 
+
+The hardware will handle them as a MFFS instruction as the code did previously.
+Restore that behaviour. This means applications that were segfaulting under qemu 
+when encountering these instructions now operate correctly. The instruction
+is used in glibc libm functions for example.
+
+Upstream-Status: Submitted [https://lore.kernel.org/qemu-devel/20230504110150.3044402-1-richard.purdie@linuxfoundation.org/]
+
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Index: qemu-8.0.0/target/ppc/translate/fp-impl.c.inc
+===================================================================
+--- qemu-8.0.0.orig/target/ppc/translate/fp-impl.c.inc
++++ qemu-8.0.0/target/ppc/translate/fp-impl.c.inc
+@@ -584,7 +584,10 @@ static bool trans_MFFSCE(DisasContext *c
+ {
+     TCGv_i64 fpscr;
+ 
+-    REQUIRE_INSNS_FLAGS2(ctx, ISA300);
++    if (unlikely(!(ctx->insns_flags2 & PPC2_ISA300))) {
++        return trans_MFFS(ctx, a);
++    }
++
+     REQUIRE_FPU(ctx);
+ 
+     gen_reset_fpstatus();
+@@ -597,7 +600,10 @@ static bool trans_MFFSCRN(DisasContext *
+ {
+     TCGv_i64 t1, fpscr;
+ 
+-    REQUIRE_INSNS_FLAGS2(ctx, ISA300);
++    if (unlikely(!(ctx->insns_flags2 & PPC2_ISA300))) {
++        return trans_MFFS(ctx, a);
++    }
++
+     REQUIRE_FPU(ctx);
+ 
+     t1 = tcg_temp_new_i64();
+@@ -631,7 +637,10 @@ static bool trans_MFFSCRNI(DisasContext
+ {
+     TCGv_i64 t1, fpscr;
+ 
+-    REQUIRE_INSNS_FLAGS2(ctx, ISA300);
++    if (unlikely(!(ctx->insns_flags2 & PPC2_ISA300))) {
++        return trans_MFFS(ctx, a);
++    }
++
+     REQUIRE_FPU(ctx);
+ 
+     t1 = tcg_temp_new_i64();
+@@ -661,7 +670,10 @@ static bool trans_MFFSCDRNI(DisasContext
+ {
+     TCGv_i64 fpscr;
+ 
+-    REQUIRE_INSNS_FLAGS2(ctx, ISA300);
++    if (unlikely(!(ctx->insns_flags2 & PPC2_ISA300))) {
++        return trans_MFFS(ctx, a);
++    }
++
+     REQUIRE_FPU(ctx);
+ 
+     gen_reset_fpstatus();