qemu/target-ppc-Set-ctx-opcode-for-decode_insn32.patch

From c65c24ba59c4a0442b81eaceec8bab1e5a0907cf Mon Sep 17 00:00:00 2001
From: Ilya Leoshkevich <iii@linux.ibm.com>
Date: Mon, 12 Aug 2024 10:53:08 +0200
Subject: [PATCH] target/ppc: Set ctx->opcode for decode_insn32()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

divdu (without a dot) sometimes updates cr0, even though it shouldn't.
The reason is that gen_op_arith_divd() checks Rc(ctx->opcode), which is
not initialized. This field is initialized only for instructions that
go through decode_legacy(), and not decodetree.

There already was a similar issue fixed in commit 86e6202a57b1
("target/ppc: Make divw[u] handler method decodetree compatible.").

It's not immediately clear what else may access the uninitialized
ctx->opcode, so instead of playing whack-a-mole and changing the check
to compute_rc0, simply initialize ctx->opcode.

Cc: qemu-stable@nongnu.org
Fixes: 99082815f17f ("target/ppc: Add infrastructure for prefixed insns")
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
(cherry picked from commit c9b8a13a8841e0e23901e57e24ea98eeef16cf91)
Signed-off-by: zhujun2 <zhujun2_yewu@cmss.chinamobile.com>
---
 target/ppc/translate.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index 153552ab50..a03bafadbc 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -8380,8 +8380,6 @@ static bool decode_legacy(PowerPCCPU *cpu, DisasContext *ctx, uint32_t insn)
     opc_handler_t **table, *handler;
     uint32_t inval;
 
-    ctx->opcode = insn;
-
     LOG_DISAS("translate opcode %08x (%02x %02x %02x %02x) (%s)\n",
               insn, opc1(insn), opc2(insn), opc3(insn), opc4(insn),
               ctx->le_mode ? "little" : "big");
@@ -8510,6 +8508,7 @@ static void ppc_tr_translate_insn(DisasContextBase *dcbase, CPUState *cs)
     ctx->base.pc_next = pc += 4;
 
     if (!is_prefix_insn(ctx, insn)) {
+        ctx->opcode = insn;
         ok = (decode_insn32(ctx, insn) ||
               decode_legacy(cpu, ctx, insn));
     } else if ((pc & 63) == 0) {
-- 
2.41.0.windows.1
QEMU update to version 6.2.0-106： - hw/nvme: Remove redundant dma_blk_write - tests/avocado/machine_s390_ccw_virtio: Adapt test to new default resolution - edid: set default resolution to 1280x800 (WXGA) - iotests/308: Fix for CAP_DAC_OVERRIDE - hvf: remove unused but set variable - vvfat: Fix vvfat_write() for writes before the root directory - hw/misc/nrf51_rng: Don't use BIT_MASK() when we mean BIT() - hw/pci: Remove unused pci_irq_pulse() method - ui/gtk: fix leaks found wtih fuzzing - target/i386: fix size of EBP writeback in gen_enter() - tests/qtest/fuzz: fix memleak in qos_fuzz.c - hw/core/loader: gunzip(): fix memory leak on error path - migration: fix a typo - scsi: fetch unit attention when creating the request - raw-format: Fix error message for invalid offset/size - tcg: Reset data_gen_ptr correctly - Fix calculation of minimum in colo_compare_tcp - hw/intc: Don't clear pending bits on IRQ lowering - target/arm: Drop user-only special case in sve_stN_r - usb-hub: Fix handling port power control messages - target/ppc: Set ctx->opcode for decode_insn32() - linux-user: Add proper strace format strings for getdents()/getdents64() - linux-user: Fix TARGET_PROT_SEM for XTENSA - linux-user/hppa: Set TASK_UNMAPPED_BASE to 0xfa000000 for hppa arch - linux-user/hppa: Dump IIR on register dump - tests: Fix typo in check-help output - qdev-core.h: Fix wrongly named reference to TYPE_SPLIT_IRQ - hw/scsi/megasas: Simplify using the ldst API - gqa-win: get_pci_info: Clean dev_info if handle is valid - target/ppc: Fix 7448 support - vvfat: Fix size of temporary qcow file - docs: Correct 'vhost-user-blk' spelling - jackaudio: use ifdefs to hide unavailable functions - simplebench: Fix Python syntax error (reported by LGTM) - python: update type hints for mypy 0.930 - Python/aqmp: fix type definitions for mypy 0.920 - tcg: Allow top bit of SIMD_DATA_BITS to be set in simd_desc() - hw/ppc/e500: Prefer QOM cast - hw/ppc/e500: Remove unused "irqs" parameter - hw/ppc/e500: Add missing device tree properties to i2c controller node - linux-user: Show timespec on strace for futex() - linux-user: Add strace for clock_nanosleep() - linux-user: Fix strace of chmod() if mode == 0 - linux-user: Log failing executable in EXCP_DUMP() - linux-user: Add pidfd_open(), pidfd_send_signal() and pidfd_getfd() syscalls Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com> (cherry picked from commit 87ebac5b5cfb97ddb7ac2af097703758fb0751c4) 2025-02-21 14:46:05 +08:00			`From c65c24ba59c4a0442b81eaceec8bab1e5a0907cf Mon Sep 17 00:00:00 2001`
			`From: Ilya Leoshkevich <iii@linux.ibm.com>`
			`Date: Mon, 12 Aug 2024 10:53:08 +0200`
			`Subject: [PATCH] target/ppc: Set ctx->opcode for decode_insn32()`
			`MIME-Version: 1.0`
			`Content-Type: text/plain; charset=UTF-8`
			`Content-Transfer-Encoding: 8bit`

			`divdu (without a dot) sometimes updates cr0, even though it shouldn't.`
			`The reason is that gen_op_arith_divd() checks Rc(ctx->opcode), which is`
			`not initialized. This field is initialized only for instructions that`
			`go through decode_legacy(), and not decodetree.`

			`There already was a similar issue fixed in commit 86e6202a57b1`
			`("target/ppc: Make divw[u] handler method decodetree compatible.").`

			`It's not immediately clear what else may access the uninitialized`
			`ctx->opcode, so instead of playing whack-a-mole and changing the check`
			`to compute_rc0, simply initialize ctx->opcode.`

			`Cc: qemu-stable@nongnu.org`
			`Fixes: 99082815f17f ("target/ppc: Add infrastructure for prefixed insns")`
			`Reviewed-by: Richard Henderson <richard.henderson@linaro.org>`
			`Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>`
			`Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>`
			`Signed-off-by: Nicholas Piggin <npiggin@gmail.com>`
			`(cherry picked from commit c9b8a13a8841e0e23901e57e24ea98eeef16cf91)`
			`Signed-off-by: zhujun2 <zhujun2_yewu@cmss.chinamobile.com>`
			`---`
			`target/ppc/translate.c \| 3 +--`
			`1 file changed, 1 insertion(+), 2 deletions(-)`

			`diff --git a/target/ppc/translate.c b/target/ppc/translate.c`
			`index 153552ab50..a03bafadbc 100644`
			`--- a/target/ppc/translate.c`
			`+++ b/target/ppc/translate.c`
			`@@ -8380,8 +8380,6 @@ static bool decode_legacy(PowerPCCPU cpu, DisasContext ctx, uint32_t insn)`
			`opc_handler_t *table, handler;`
			`uint32_t inval;`

			`- ctx->opcode = insn;`
			`-`
			`LOG_DISAS("translate opcode %08x (%02x %02x %02x %02x) (%s)\n",`
			`insn, opc1(insn), opc2(insn), opc3(insn), opc4(insn),`
			`ctx->le_mode ? "little" : "big");`
			`@@ -8510,6 +8508,7 @@ static void ppc_tr_translate_insn(DisasContextBase dcbase, CPUState cs)`
			`ctx->base.pc_next = pc += 4;`

			`if (!is_prefix_insn(ctx, insn)) {`
			`+ ctx->opcode = insn;`
			`ok = (decode_insn32(ctx, insn) \|\|`
			`decode_legacy(cpu, ctx, insn));`
			`} else if ((pc & 63) == 0) {`
			`--`
			`2.41.0.windows.1`