From nobody Tue Nov 26 20:32:46 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1704647213; cv=none;
	d=zohomail.com; s=zohoarc;
	b=b4C8sCn2wZAGY4oHH7ax7TDZRN1BqT4QCkgg76o+gyn8o+/JDsMOhqu363k+1DCbh4xcnzGmJlewZn3F2XIjatP1tQe9uAz1kApZ6WBkQyh7y8+VEF4v573t69F7EnZaefdNKzbkgUQat/TU4b3QFH6rdA02JbtfBWWGSpTrl2U=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1704647213;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=ktsLKK29f+/IeeDEKz0GGjKbLwJBswLySVd2HaxcMCQ=;
	b=Pxr3MxFhe7bCXlLt04Q/abDaG0WMb4q/oLxbuVcj+6y1kh10pNSR8HcsDQVPivphmG+ORLEJ3hfK8gU0i+bbldFSTr3xLMA5/ny6Zj25YC1mNtdD0mmhHv0SlntLJx2OvTrYDl7L8Cq9+L75jRaYay5ua/M2nC7SJx8036+UmJo=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<npiggin@gmail.com> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1704647213414762.6605316633359;
 Sun, 7 Jan 2024 09:06:53 -0800 (PST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1rMWbV-0001Cz-Qo; Sun, 07 Jan 2024 12:06:29 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <npiggin@gmail.com>)
 id 1rMWbQ-0001Bw-IG; Sun, 07 Jan 2024 12:06:25 -0500
Received: from mail-pl1-x636.google.com ([2607:f8b0:4864:20::636])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <npiggin@gmail.com>)
 id 1rMWbO-0008Q0-Lq; Sun, 07 Jan 2024 12:06:24 -0500
Received: by mail-pl1-x636.google.com with SMTP id
 d9443c01a7336-1d3ef33e68dso6871335ad.1;
 Sun, 07 Jan 2024 09:06:21 -0800 (PST)
Received: from wheely.local0.net ([203.87.79.144])
 by smtp.gmail.com with ESMTPSA id
 z1-20020a170902834100b001cff026df52sm4633203pln.221.2024.01.07.09.06.09
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sun, 07 Jan 2024 09:06:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1704647181; x=1705251981; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=ktsLKK29f+/IeeDEKz0GGjKbLwJBswLySVd2HaxcMCQ=;
 b=dGXk19ikIB4WeaA9AUP86cvgXYTSL004LxAUcMaswjckXzPwkBQNbhrA0SKWICEflO
 RxmGRasWLwjiPg2yBfdIbIfIqdTGwwptJD2df1xNdqxFpewSZGKhlYp8Vq4wkWX2azkl
 TfHMgoWnZ5bENmFgm7VsYoJrsimcWJHrgEogfPqFP8UmBSEPCJ4O5El4w4/iW238VGW/
 Kh2vQ6B5DCjEQnxcNs3YxW3O8PnD6FwzYjuQOnynZsyz2ciddEudedNMMHfZQc6ZBI7k
 o8Rayq0Vd2IN4l+s7G3g6LaeybDknHD71LetKLoJmXEra9HFftu12neUWn0l+kYlNA37
 b7Og==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1704647181; x=1705251981;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=ktsLKK29f+/IeeDEKz0GGjKbLwJBswLySVd2HaxcMCQ=;
 b=Il5slQrzuJEnkSNXtogeuHON/mtfXdXAdTaNzL+UJoZu/QzfwIKcu9x2kG4q08Pm+w
 uzCAqugHv8ARAoKgSPdwo0MdZq5zPYpMUMgw6EAuzP5CgJepTgQwTKo5nY0qJ7lO8Hqr
 YDQwCPSbAGf1XZWz0wsq/2J1ppWi2mE434U1UQHEQxu53+yE5OjrY8v+WNnQ3pPFotU8
 LFARyTquW3/8pjFEFjCSeGgLjMxvZAK4WUis9Y/zM474rUYBH1D8/ssYBdOC8pNK2tLF
 I73px42ugUIyAimDVRciqQgS5DVqzqtvmMNtljsysry4eEXkTrp6aA8Jo/Y2piHm05hM
 wcnQ==
X-Gm-Message-State: AOJu0Yz2Qdv2XKSigfEFs1YNf4sx+I+V1rXWQtyuoIcePpwQ3VYS+8tR
 G5U+5GikqPTwC4WxoubnnvZI3jKHmgM=
X-Google-Smtp-Source: 
 AGHT+IG5/Kxk51jBHHP6WfkkidzQ/WagyNMX8fAVZ+ilE3bIMUA8RcXKOVuX9dFc2GIwG6xeGQN6kw==
X-Received: by 2002:a17:903:11c5:b0:1d4:bd18:7c47 with SMTP id
 q5-20020a17090311c500b001d4bd187c47mr3334548plh.57.1704647180692;
 Sun, 07 Jan 2024 09:06:20 -0800 (PST)
From: Nicholas Piggin <npiggin@gmail.com>
To: qemu-ppc@nongnu.org
Cc: Nicholas Piggin <npiggin@gmail.com>,
 Daniel Henrique Barboza <danielhb413@gmail.com>,
 =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= <clg@kaod.org>, qemu-devel@nongnu.org
Subject: [PATCH] target/ppc: Fix crash on machine check caused by ifetch
Date: Mon,  8 Jan 2024 03:05:59 +1000
Message-ID: <20240107170559.82383-1-npiggin@gmail.com>
X-Mailer: git-send-email 2.42.0
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=2607:f8b0:4864:20::636;
 envelope-from=npiggin@gmail.com; helo=mail-pl1-x636.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @gmail.com)
X-ZM-MESSAGEID: 1704647215277100003
Content-Type: text/plain; charset="utf-8"

is_prefix_insn_excp() loads the first word of the instruction address
which caused an exception, to determine whether or not it was prefixed
so the prefix bit can be set in [H]SRR1.

In case it was the instruction fetch itself that caused the exception,
the [H]SRR1 prefix bit is not required to be set, because it is not the
instruction itself that causes the interrupt. If the load is attempted,
t could cause a recursive exception.

Instruction storage interrupts, HDSIs caused by ifetch are excluded from
the prefix check. Machine checks caused by ifetch are not, and these
can cause bugs. For example fetching from an unmapped physical address
can result in:

  ERROR:../system/cpus.c:504:qemu_mutex_lock_iothread_impl:
      assertion failed: (!qemu_mutex_iothread_locked())
  #0  __pthread_kill_implementation
      (threadid=3D<optimized out>, signo=3Dsigno@entry=3D6, no_tid=3Dno_tid=
@entry=3D0)
      at ./nptl/pthread_kill.c:44
  #1  0x00007ffff705a15f in __pthread_kill_internal
      (signo=3D6, threadid=3D<optimized out>) at ./nptl/pthread_kill.c:78
  #2  0x00007ffff700c472 in __GI_raise (sig=3Dsig@entry=3D6)
      at ../sysdeps/posix/raise.c:26
  #3  0x00007ffff6ff64b2 in __GI_abort () at ./stdlib/abort.c:79
  #4  0x00007ffff73def08 in  () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
  #5  0x00007ffff7445e4e in g_assertion_message_expr ()
      at /lib/x86_64-linux-gnu/libglib-2.0.so.0
  #6  0x0000555555a833f1 in qemu_mutex_lock_iothread_impl
      (file=3D0x555555efda6e "../accel/tcg/cputlb.c", line=3D2033)
      at ../system/cpus.c:504
  #7  qemu_mutex_lock_iothread_impl
      (file=3Dfile@entry=3D0x555555efda6e "../accel/tcg/cputlb.c", line=3Dl=
ine@entry=3D2033) at ../system/cpus.c:500
  #8  0x0000555555cbf786 in do_ld_mmio_beN
      (cpu=3Dcpu@entry=3D0x555556b72010, full=3D0x7fff5408e010, ret_be=3Dre=
t_be@entry=3D0, addr=3D2310065133864353792, size=3Dsize@entry=3D4, mmu_idx=
=3D7, type=3DMMU_INST_FETCH, ra=3D0) at ../accel/tcg/cputlb.c:2033
  #9  0x0000555555cc2ec6 in do_ld_4
      (ra=3D0, memop=3DMO_BEUL, type=3DMMU_INST_FETCH, mmu_idx=3D<optimized=
 out>, p=3D0x7fff67dfc660, cpu=3D0x555556b72010) at ../accel/tcg/cputlb.c:2=
336
  #10 do_ld4_mmu
      (cpu=3Dcpu@entry=3D0x555556b72010, addr=3D<optimized out>, oi=3D<opti=
mized out>, ra=3Dra@entry=3D0, access_type=3Daccess_type@entry=3DMMU_INST_F=
ETCH)
      at ../accel/tcg/cputlb.c:2418
  #11 0x0000555555ccbaf6 in cpu_ldl_code
      (env=3Denv@entry=3D0x555556b747d0, addr=3D<optimized out>)
      at ../accel/tcg/cputlb.c:2975
  #12 0x0000555555b7a47c in ppc_ldl_code
      (addr=3D<optimized out>, env=3D0x555556b747d0)
      at ../target/ppc/excp_helper.c:147
  #13 is_prefix_insn_excp (excp=3D1, cpu=3D0x555556b72010)
      at ../target/ppc/excp_helper.c:1350
  #14 powerpc_excp_books (excp=3D1, cpu=3D0x555556b72010)
      at ../target/ppc/excp_helper.c:1415
  #15 powerpc_excp (cpu=3D0x555556b72010, excp=3D<optimized out>)
      at ../target/ppc/excp_helper.c:1733
  #16 0x0000555555cb1c74 in cpu_handle_exception
      (ret=3D<synthetic pointer>, cpu=3D<optimized out>)

Fix this by excluding machine checks caused by ifetch from the prefix
check.

Fixes: 55a7fa34f89 ("target/ppc: Machine check on invalid real address acce=
ss on POWER9/10")
Fixes: 5a5d3b23cb2 ("target/ppc: Add SRR1 prefix indication to interrupt ha=
ndlers")
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
 target/ppc/excp_helper.c | 32 +++++++++++++++++++++-----------
 1 file changed, 21 insertions(+), 11 deletions(-)

diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
index a42743a3e0..34c307b572 100644
--- a/target/ppc/excp_helper.c
+++ b/target/ppc/excp_helper.c
@@ -1322,6 +1322,15 @@ static bool is_prefix_insn_excp(PowerPCCPU *cpu, int=
 excp)
     }
=20
     switch (excp) {
+    case POWERPC_EXCP_MCHECK:
+        if (!(env->error_code & PPC_BIT(42))) {
+            /*
+             * Fetch attempt caused a machine check, so attempting to fetch
+             * again would cause a recursive machine check.
+             */
+            return false;
+        }
+        break;
     case POWERPC_EXCP_HDSI:
         /* HDSI PRTABLE_FAULT has the originating access type in error_cod=
e */
         if ((env->spr[SPR_HDSISR] & DSISR_PRTABLE_FAULT) &&
@@ -1332,10 +1341,10 @@ static bool is_prefix_insn_excp(PowerPCCPU *cpu, in=
t excp)
              * instruction at NIP would cause recursive faults with the sa=
me
              * translation).
              */
-            break;
+            return false;
         }
-        /* fall through */
-    case POWERPC_EXCP_MCHECK:
+        break;
+
     case POWERPC_EXCP_DSI:
     case POWERPC_EXCP_DSEG:
     case POWERPC_EXCP_ALIGN:
@@ -1346,17 +1355,14 @@ static bool is_prefix_insn_excp(PowerPCCPU *cpu, in=
t excp)
     case POWERPC_EXCP_VPU:
     case POWERPC_EXCP_VSXU:
     case POWERPC_EXCP_FU:
-    case POWERPC_EXCP_HV_FU: {
-        uint32_t insn =3D ppc_ldl_code(env, env->nip);
-        if (is_prefix_insn(env, insn)) {
-            return true;
-        }
+    case POWERPC_EXCP_HV_FU:
         break;
-    }
     default:
-        break;
+        return false;
     }
-    return false;
+
+
+    return is_prefix_insn(env, ppc_ldl_code(env, env->nip));
 }
 #else
 static bool is_prefix_insn_excp(PowerPCCPU *cpu, int excp)
@@ -3245,6 +3251,10 @@ void ppc_cpu_do_transaction_failed(CPUState *cs, hwa=
ddr physaddr,
             env->error_code |=3D PPC_BIT(42);
=20
         } else { /* Fetch */
+            /*
+             * is_prefix_insn_excp() tests !PPC_BIT(42) to avoid fetching
+             * the instruction, so that must always be clear for fetches.
+             */
             env->error_code =3D PPC_BIT(36) | PPC_BIT(44) | PPC_BIT(45);
         }
         break;
--=20
2.42.0