From: "Philippe Mathieu-Daudé" <f4bug@amsat.org>
To: Fredrik Noring <noring@nocrew.org>, linux-mips@vger.kernel.org
Cc: "Maciej W. Rozycki" <macro@linux-mips.org>,
"Andreas Jaeger" <aj@suse.de>, "Nick Clifton" <nickc@redhat.com>,
"Jürgen Urban" <JuergenUrban@gmx.de>,
libc-help@sourceware.org
Subject: Re: [PATCH 002/120] MIPS: R5900: Trap the RDHWR instruction as an SQ address exception
Date: Thu, 19 Nov 2020 08:15:11 +0100 [thread overview]
Message-ID: <2767f5c3-4e89-6543-34f7-6cd1a1be8c23@amsat.org> (raw)
In-Reply-To: <4f856a5ea2c039c6639df875d11b5bff1bf7ecd2.1567326213.git.noring@nocrew.org>
Hi Fredrik,
Cc'ing glibc folks in case...
On 9/1/19 5:36 PM, Fredrik Noring wrote:
> On the R5900, the RDHWR instruction is interpreted as the R5900 specific
> SQ instruction[1] that traps into a zero page address exception. Hence
> RDHWR can be emulated by emulate_load_store_insn().
Please bare with me because this is not my area, but this does
not look the correct way to fix this problem to me.
The R5900 is a MIPS-III, so I don't understand why we have to care
about RDHWR.
IIRC MIPS TLS support has been added in glibc with MIPS32 ISA in
mind in 2005:
https://sourceware.org/git/?p=glibc.git;a=commit;h=f850220be6
MIPS16 is handled differently:
https://sourceware.org/git/?p=glibc.git;a=blobdiff;f=ports/sysdeps/mips/tls-macros.h;h=3e87e42ea;hp=8fe2e4a150d;hb=43301bd3c2;hpb=85bd816a60
Shouldn't we have a similar set of macros for the R5900?
The problem I have is this break running the binaries built
by the Sony Linux Toolkit for Playstation 2 which use the
LQ/SQ instruction:
1b00d5c: 0c6c00d4 jal 0x1b00350
1b00d60: 7fa90020 sq t1,32(sp)
1b00d64: a2710000 sb s1,0(s3)
1b00d68: 26730001 addiu s3,s3,1
1b00d6c: 10000004 b 0x1b00d80
1b00d70: 7ba90020 lq t1,32(sp)
1b00d74: 00000000 nop
1b00d78: 2617ffff addiu s7,s0,-1
1b00d7c: 25360001 addiu s6,t1,1
1b00d80: 91220000 lbu v0,0(t1)
1b00d84: 02e0802d move s0,s7
1b00d88: 02c0482d move t1,s6
1b00d8c: a2620000 sb v0,0(s3)
1b00d90: 1600fff9 bnez s0,0x1b00d78
1b00d94: 26730001 addiu s3,s3,1
1b00d98: 10000003 b 0x1b00da8
1b00d9c: 01342026 xor a0,t1,s4
1b00da0: 253e0003 addiu s8,t1,3
1b00da4: 01342026 xor a0,t1,s4
1b00da8: 7fa90020 sq t1,32(sp)
1b00dac: 2c840001 sltiu a0,a0,1
1b00db0: 0c6c00d4 jal 0x1b00350
What do you think?
Regards,
Phil.
> CONFIG_DEFAULT_MMAP_MIN_ADDR must not be less than PAGE_SIZE to reliably
> trap and emulate RDHWR, so this is made a BUILD_BUG_ON for the R5900.
>
> References:
>
> [1] "TX System RISC TX79 Core Architecture" manual, revision 2.0,
> Toshiba Corporation, p. B-162, https://wiki.qemu.org/File:C790.pdf
>
> Signed-off-by: Fredrik Noring <noring@nocrew.org>
> ---
> arch/mips/include/asm/traps.h | 2 ++
> arch/mips/kernel/traps.c | 2 +-
> arch/mips/kernel/unaligned.c | 36 ++++++++++++++++++++++++++++++++++-
> 3 files changed, 38 insertions(+), 2 deletions(-)
>
> diff --git a/arch/mips/include/asm/traps.h b/arch/mips/include/asm/traps.h
> index 6a0864bb604d..ed6449f2967b 100644
> --- a/arch/mips/include/asm/traps.h
> +++ b/arch/mips/include/asm/traps.h
> @@ -35,4 +35,6 @@ extern int register_nmi_notifier(struct notifier_block *nb);
> register_nmi_notifier(&fn##_nb); \
> })
>
> +int simulate_rdhwr(struct pt_regs *regs, int rd, int rt);
> +
> #endif /* _ASM_TRAPS_H */
> diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c
> index 342e41de9d64..9423b9a2eb67 100644
> --- a/arch/mips/kernel/traps.c
> +++ b/arch/mips/kernel/traps.c
> @@ -625,7 +625,7 @@ static int simulate_llsc(struct pt_regs *regs, unsigned int opcode)
> * Simulate trapping 'rdhwr' instructions to provide user accessible
> * registers not implemented in hardware.
> */
> -static int simulate_rdhwr(struct pt_regs *regs, int rd, int rt)
> +int simulate_rdhwr(struct pt_regs *regs, int rd, int rt)
> {
> struct thread_info *ti = task_thread_info(current);
>
> diff --git a/arch/mips/kernel/unaligned.c b/arch/mips/kernel/unaligned.c
> index 92bd2b0f0548..f490944d73cf 100644
> --- a/arch/mips/kernel/unaligned.c
> +++ b/arch/mips/kernel/unaligned.c
> @@ -90,6 +90,7 @@
> #include <asm/fpu_emulator.h>
> #include <asm/inst.h>
> #include <asm/mmu_context.h>
> +#include <asm/traps.h>
> #include <linux/uaccess.h>
>
> #define STR(x) __STR(x)
> @@ -934,7 +935,39 @@ static void emulate_load_store_insn(struct pt_regs *regs,
> * interest.
> */
> case spec3_op:
> - if (insn.dsp_format.func == lx_op) {
> + if (IS_ENABLED(CONFIG_CPU_R5900)) {
> + /*
> + * On the R5900, the RDHWR instruction
> + *
> + * +--------+-------+----+----+-------+--------+
> + * | 011111 | 00000 | rt | rd | 00000 | 111011 |
> + * +--------+-------+----+----+-------+--------+
> + * 6 5 5 5 5 6
> + *
> + * is interpreted as the R5900 specific SQ instruction
> + *
> + * +--------+-------+----+---------------------+
> + * | 011111 | base | rt | offset |
> + * +--------+-------+----+---------------------+
> + * 6 5 5 16
> + *
> + * that asserts a zero page address exception. Hence
> + * RDHWR can be trapped and emulated here, provided
> + * DEFAULT_MMAP_MIN_ADDR isn't zero.
> + */
> + BUILD_BUG_ON(IS_ENABLED(CONFIG_CPU_R5900) &&
> + CONFIG_DEFAULT_MMAP_MIN_ADDR < PAGE_SIZE);
> + if (insn.r_format.func == rdhwr_op &&
> + insn.r_format.rs == 0 &&
> + insn.r_format.re == 0) {
> + if (compute_return_epc(regs) < 0 ||
> + simulate_rdhwr(regs, insn.r_format.rd,
> + insn.r_format.rt) < 0)
> + goto sigill;
> + return;
> + }
> + goto sigbus;
> + } else if (insn.dsp_format.func == lx_op) {
> switch (insn.dsp_format.op) {
> case lwx_op:
> if (!access_ok(addr, 4))
> @@ -1342,6 +1375,7 @@ static void emulate_load_store_insn(struct pt_regs *regs,
> cu2_notifier_call_chain(CU2_SDC2_OP, regs);
> break;
> #endif
> +
> default:
> /*
> * Pheeee... We encountered an yet unknown instruction or
>
next parent reply other threads:[~2020-11-19 7:15 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <cover.1567326213.git.noring@nocrew.org>
[not found] ` <4f856a5ea2c039c6639df875d11b5bff1bf7ecd2.1567326213.git.noring@nocrew.org>
2020-11-19 7:15 ` Philippe Mathieu-Daudé [this message]
2020-11-19 13:28 ` Maciej W. Rozycki
2020-11-19 13:42 ` Maciej W. Rozycki
2020-12-12 10:58 ` Fredrik Noring
2020-12-12 11:36 ` Maciej W. Rozycki
2020-12-12 12:14 ` Fredrik Noring
2020-12-13 11:43 ` Fredrik Noring
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2767f5c3-4e89-6543-34f7-6cd1a1be8c23@amsat.org \
--to=f4bug@amsat.org \
--cc=JuergenUrban@gmx.de \
--cc=aj@suse.de \
--cc=libc-help@sourceware.org \
--cc=linux-mips@vger.kernel.org \
--cc=macro@linux-mips.org \
--cc=nickc@redhat.com \
--cc=noring@nocrew.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).