From mboxrd@z Thu Jan  1 00:00:00 1970
From: Thomas Huth <thuth@redhat.com>
Date: Thu, 14 Apr 2016 11:02:07 +0000
Subject: Re: [kvm-unit-tests PATCH] powerpc: Add emulator test for the lswi instruction
Message-Id: <570F78AF.2060102@redhat.com>
List-Id: <kvm-ppc.vger.kernel.org>
References: <1460575886-12569-1-git-send-email-thuth@redhat.com>
In-Reply-To: <1460575886-12569-1-git-send-email-thuth@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: kvm@vger.kernel.org, lvivier@redhat.com
Cc: kvm-ppc@vger.kernel.org, pbonzini@redhat.com, drjones@redhat.com

On 13.04.2016 21:31, Thomas Huth wrote:
> This test checks some special cases of the lswi instruction. Test
> works fine on real hardware, but in QEMU, this reveals a bug with
> the final "don't overwrite RA" test (RA gets destroyed since the
> check in QEMU is still wrong).
> The code is based on the lswx test by Laurent Vivier.
> 
> Signed-off-by: Thomas Huth <thuth@redhat.com>
> ---
>  powerpc/emulator.c | 128 +++++++++++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 128 insertions(+)
...
> +	/* check wrap around doesn't break RA */
> +	asm volatile ("mr r28,r1\n"
> +		      "mr r29,r2\n"
> +		      "li r31,-1\n"
> +		      "mr r2,r31\n"

Ugh, I just had to discover that overwriting r2 is a bad idea here: The
exception vector code in cstart64.S depends on r2 pointing to the GOT
(when doing the "LOAD_REG_ADDR(r0, call_handler)"), so when an
(expected) exception occurs during lswi, the handler crashes in an
endless loop :-/

So please ignore this patch, I'll send a new version.

> +		      "mr r0,r31\n"
> +		      "mr r1, %[addr]\n"
> +		      ".long 0x7fe184aa\n"       /* lswi r31, r1, 16 */
> +		      "std r31, 0*8(%[regs])\n"
> +		      "std r0, 1*8(%[regs])\n"
> +		      "std r1, 2*8(%[regs])\n"
> +		      "std r2, 3*8(%[regs])\n"
> +		      "mr r1,r28\n"
> +		      "mr r2,r29\n"
> +		      ::
> +		      [addr] "r" (addr),
> +		      [regs] "r" (regs)
> +		      :
> +		      /* loading four registers from r31 wraps around to r2,
> +		       * r1 is saved to r29, as adding it to the clobber
> +		       * list doesn't protect it
> +		       */
> +		      "r31", "r0", "r28", "r29", "memory");
> +
> +	/* doc says it is invalid, real proc stops when it comes to
> +	 * overwrite the register.
> +	 * In all the cases, the register must stay untouched
> +	 */
> +	report("Don't overwrite RA", regs[2] = (uint64_t)addr);
> +
> +	report_prefix_pop();
> +}
> +
>  /*
>   * lswx: Load String Word Indexed X-form
>   *
> @@ -234,6 +361,7 @@ int main(int argc, char **argv)
>  
>  	test_64bit();
>  	test_illegal();
> +	test_lswi();
>  	test_lswx();
>  
>  	report_prefix_pop();
> 


From mboxrd@z Thu Jan  1 00:00:00 1970
From: Thomas Huth <thuth@redhat.com>
Subject: Re: [kvm-unit-tests PATCH] powerpc: Add emulator test for the lswi
 instruction
Date: Thu, 14 Apr 2016 13:02:07 +0200
Message-ID: <570F78AF.2060102@redhat.com>
References: <1460575886-12569-1-git-send-email-thuth@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Cc: kvm-ppc@vger.kernel.org, pbonzini@redhat.com, drjones@redhat.com
To: kvm@vger.kernel.org, lvivier@redhat.com
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:44607 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1753786AbcDNLCK (ORCPT <rfc822;kvm@vger.kernel.org>);
	Thu, 14 Apr 2016 07:02:10 -0400
In-Reply-To: <1460575886-12569-1-git-send-email-thuth@redhat.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On 13.04.2016 21:31, Thomas Huth wrote:
> This test checks some special cases of the lswi instruction. Test
> works fine on real hardware, but in QEMU, this reveals a bug with
> the final "don't overwrite RA" test (RA gets destroyed since the
> check in QEMU is still wrong).
> The code is based on the lswx test by Laurent Vivier.
> 
> Signed-off-by: Thomas Huth <thuth@redhat.com>
> ---
>  powerpc/emulator.c | 128 +++++++++++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 128 insertions(+)
...
> +	/* check wrap around doesn't break RA */
> +	asm volatile ("mr r28,r1\n"
> +		      "mr r29,r2\n"
> +		      "li r31,-1\n"
> +		      "mr r2,r31\n"

Ugh, I just had to discover that overwriting r2 is a bad idea here: The
exception vector code in cstart64.S depends on r2 pointing to the GOT
(when doing the "LOAD_REG_ADDR(r0, call_handler)"), so when an
(expected) exception occurs during lswi, the handler crashes in an
endless loop :-/

So please ignore this patch, I'll send a new version.

> +		      "mr r0,r31\n"
> +		      "mr r1, %[addr]\n"
> +		      ".long 0x7fe184aa\n"       /* lswi r31, r1, 16 */
> +		      "std r31, 0*8(%[regs])\n"
> +		      "std r0, 1*8(%[regs])\n"
> +		      "std r1, 2*8(%[regs])\n"
> +		      "std r2, 3*8(%[regs])\n"
> +		      "mr r1,r28\n"
> +		      "mr r2,r29\n"
> +		      ::
> +		      [addr] "r" (addr),
> +		      [regs] "r" (regs)
> +		      :
> +		      /* loading four registers from r31 wraps around to r2,
> +		       * r1 is saved to r29, as adding it to the clobber
> +		       * list doesn't protect it
> +		       */
> +		      "r31", "r0", "r28", "r29", "memory");
> +
> +	/* doc says it is invalid, real proc stops when it comes to
> +	 * overwrite the register.
> +	 * In all the cases, the register must stay untouched
> +	 */
> +	report("Don't overwrite RA", regs[2] == (uint64_t)addr);
> +
> +	report_prefix_pop();
> +}
> +
>  /*
>   * lswx: Load String Word Indexed X-form
>   *
> @@ -234,6 +361,7 @@ int main(int argc, char **argv)
>  
>  	test_64bit();
>  	test_illegal();
> +	test_lswi();
>  	test_lswx();
>  
>  	report_prefix_pop();
>