Received: by 10.213.65.68 with SMTP id h4csp1762162imn; Mon, 19 Mar 2018 12:32:58 -0700 (PDT) X-Google-Smtp-Source: AG47ELudVf8IqlpF//SPYwYM6qSfCseif2E8B4XPaAtO/nZzQ21g+dm9nj8pEoEmyFc0yrQExVa4 X-Received: by 2002:a17:902:3283:: with SMTP id z3-v6mr13435052plb.118.1521487978244; Mon, 19 Mar 2018 12:32:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521487978; cv=none; d=google.com; s=arc-20160816; b=n4Tnpzj4iUzrAxRqNPW/ZckoRVYPVQ/Z7Z0cyuI1G0vyNFM0pBEx1GfkdHJ+EekWWC oBlRbnw51ZrfNpqyxlHGesFS63QIPnrzt5Q1EdS3Yvcz27qQ9Ut9yu7qqW8TPXmLdqyV lsRf+LIZj6/JpwRGG0tU663eIl1WgzymJHQ0vwQK7JkRKdbOgnyMiTL/QTmpWF1xr2jZ 3PsVsOd2hH8TJ+KYdLnOlJfYw0qa2E9yjjGaTfK+DePkFVW5ae0lPa7/c/zZzsgYFrK0 z255LDKrxjnYTY1XNa9V+MITVV/1S96jmdDvGapDw4gGxEuTEnCkGZYZbq1dE6n9hnu/ 42eg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=223BhW3CMHUMzckFxFVKRYufz9+TH/WQODvlfl6k1Wk=; b=IcwAK9/G0qVfNeNju5yoQ4nYaUP+peqr5uQPbW/wMgrv+Qx33RozQYttpy8AhR5Skd WCsPpVb3WXDnUFF99DXfsWR0/KXsiOr/wU7JEis/kBPBWTVwLHbY1rSr09uFIDyMwXl1 hCxYlRzL8GP73dfhWb2t4GX2UzxT/pCrkEwJWAbs4KOKagDCwCFtJkS2UwO350L6zacc yESJ2l8ySo6SMOF5DvppFSDIKhkpsIQDU18mcHnokK+ESWtaOGoaiPv3WvRiKaRbbj01 Y3RCOczaVyear/5UAb07+I5g+OBSg06E0pCG06yBijsCm9DeGciZ7v6aYpNAa4eN2raT Sj6Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u2-v6si482220plm.476.2018.03.19.12.32.43; Mon, 19 Mar 2018 12:32:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S936028AbeCST3k (ORCPT + 99 others); Mon, 19 Mar 2018 15:29:40 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:49646 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1031486AbeCSSXt (ORCPT ); Mon, 19 Mar 2018 14:23:49 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id BE38DE72; Mon, 19 Mar 2018 18:23:48 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Leonid Yegoshin , Miodrag Dinic , Aleksandar Markovic , Douglas Leung , Paul Burton , james.hogan@imgtec.com, petar.jovanovic@imgtec.com, goran.ferenc@imgtec.com, linux-mips@linux-mips.org, Ralf Baechle , Sasha Levin Subject: [PATCH 4.9 131/241] MIPS: r2-on-r6-emu: Fix BLEZL and BGTZL identification Date: Mon, 19 Mar 2018 19:06:36 +0100 Message-Id: <20180319180756.617770996@linuxfoundation.org> X-Mailer: git-send-email 2.16.2 In-Reply-To: <20180319180751.172155436@linuxfoundation.org> References: <20180319180751.172155436@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.9-stable review patch. If anyone has any objections, please let me know. ------------------ From: Leonid Yegoshin [ Upstream commit 5bba7aa4958e271c3ffceb70d47d3206524cf489 ] Fix the problem of inaccurate identification of instructions BLEZL and BGTZL in R2 emulation code by making sure all necessary encoding specifications are met. Previously, certain R6 instructions could be identified as BLEZL or BGTZL. R2 emulation routine didn't take into account that both BLEZL and BGTZL instructions require their rt field (bits 20 to 16 of instruction encoding) to be 0, and that, at same time, if the value in that field is not 0, the encoding may represent a legitimate MIPS R6 instruction. This means that a problem could occur after emulation optimization, when emulation routine tried to pipeline emulation, picked up a next candidate, and subsequently misrecognized an R6 instruction as BLEZL or BGTZL. It should be said that for single pass strategy, the problem does not happen because CPU doesn't trap on branch-compacts which share opcode space with BLEZL/BGTZL (but have rt field != 0, of course). Signed-off-by: Leonid Yegoshin Signed-off-by: Miodrag Dinic Signed-off-by: Aleksandar Markovic Reported-by: Douglas Leung Reviewed-by: Paul Burton Cc: james.hogan@imgtec.com Cc: petar.jovanovic@imgtec.com Cc: goran.ferenc@imgtec.com Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/15456/ Signed-off-by: Ralf Baechle Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- arch/mips/kernel/mips-r2-to-r6-emul.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) --- a/arch/mips/kernel/mips-r2-to-r6-emul.c +++ b/arch/mips/kernel/mips-r2-to-r6-emul.c @@ -1096,10 +1096,20 @@ repeat: } break; - case beql_op: - case bnel_op: case blezl_op: case bgtzl_op: + /* + * For BLEZL and BGTZL, rt field must be set to 0. If this + * is not the case, this may be an encoding of a MIPS R6 + * instruction, so return to CPU execution if this occurs + */ + if (MIPSInst_RT(inst)) { + err = SIGILL; + break; + } + /* fall through */ + case beql_op: + case bnel_op: if (delay_slot(regs)) { err = SIGILL; break;