From: Rob Gardner <rob.gardner@oracle.com>
Date: Sun, 1 Nov 2015 23:51:34 +0000 (-0700)
Subject: SPARC64: Fix bad FP register calculation
X-Git-Tag: v4.1.12-92~30^2~1
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=cd68ca8b0ced6bcbde8d37c59a5906457c7e8fac;p=users%2Fjedix%2Flinux-maple.git

SPARC64: Fix bad FP register calculation

An additional problem was found in handle_ldf_stq
after adding the fix for the SIGFPE on no-fault
load.  The calculation for freg is incorrect when
a single precision load is being handled. This
causes %f1 to be seen as %f32 etc, and the incorrect
register ends up being overwritten.  This code
sequence demonstrates the problem:
	ldd [%g1], %f32         ! g1 = valid address
	lda [%i3] ASI_PNF, %f1  ! i3 = invalid address
	std %f32, [%g1]		! %f32 is mangled
This is corrected by basing the freg calculation on
the load size.

Orabug: 24942761

Signed-off-by: Rob Gardner <rob.gardner@oracle.com>
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
---

diff --git a/arch/sparc/kernel/unaligned_64.c b/arch/sparc/kernel/unaligned_64.c
index d9f3f45f9e53..c89371481ae2 100644
--- a/arch/sparc/kernel/unaligned_64.c
+++ b/arch/sparc/kernel/unaligned_64.c
@@ -436,10 +436,10 @@ extern void sun4v_data_access_exception(struct pt_regs *regs,
 int handle_ldf_stq(u32 insn, struct pt_regs *regs)
 {
 	unsigned long addr = compute_effective_address(regs, insn, 0);
-	int freg = ((insn >> 25) & 0x1e) | ((insn >> 20) & 0x20);
+	int freg;
 	struct fpustate *f = FPUSTATE;
 	int asi = decode_asi(insn, regs);
-	int flag = (freg < 32) ? FPRS_DL : FPRS_DU;
+	int flag;
 
 	perf_sw_event(PERF_COUNT_SW_EMULATION_FAULTS, 1, regs, 0);
 
@@ -448,6 +448,8 @@ int handle_ldf_stq(u32 insn, struct pt_regs *regs)
 	if (insn & 0x200000) {
 		/* STQ */
 		u64 first = 0, second = 0;
+		freg = ((insn >> 25) & 0x1e) | ((insn >> 20) & 0x20);
+		flag = (freg < 32) ? FPRS_DL : FPRS_DU;
 		
 		if (freg & 3) {
 			current_thread_info()->xfsr[0] |= (6 << 14) /* invalid_fp_register */;
@@ -513,6 +515,12 @@ int handle_ldf_stq(u32 insn, struct pt_regs *regs)
 		case 0x100000: size = 4; break;
 		default: size = 2; break;
 		}
+		if (size == 1)
+			freg = (insn >> 25) & 0x1f;
+		else
+			freg = ((insn >> 25) & 0x1e) | ((insn >> 20) & 0x20);
+		flag = (freg < 32) ? FPRS_DL : FPRS_DU;
+
 		for (i = 0; i < size; i++)
 			data[i] = 0;