1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (C) 2003, 2004, 2007 Maciej W. Rozycki
4 */
5 #include <linux/context_tracking.h>
6 #include <linux/init.h>
7 #include <linux/kernel.h>
8 #include <linux/ptrace.h>
9 #include <linux/stddef.h>
10
11 #include <asm/bugs.h>
12 #include <asm/compiler.h>
13 #include <asm/cpu.h>
14 #include <asm/fpu.h>
15 #include <asm/mipsregs.h>
16 #include <asm/setup.h>
17
18 static char bug64hit[] __initdata =
19 "reliable operation impossible!\n%s";
20 static char nowar[] __initdata =
21 "Please report to <linux-mips@linux-mips.org>.";
22 static char r4kwar[] __initdata =
23 "Enable CPU_R4000_WORKAROUNDS to rectify.";
24 static char daddiwar[] __initdata =
25 "Enable CPU_DADDI_WORKAROUNDS to rectify.";
26
27 static __always_inline __init
align_mod(const int align,const int mod)28 void align_mod(const int align, const int mod)
29 {
30 asm volatile(
31 ".set push\n\t"
32 ".set noreorder\n\t"
33 ".balign %0\n\t"
34 ".rept %1\n\t"
35 "nop\n\t"
36 ".endr\n\t"
37 ".set pop"
38 :
39 : "n"(align), "n"(mod));
40 }
41
42 static __always_inline __init
mult_sh_align_mod(long * v1,long * v2,long * w,const int align,const int mod)43 void mult_sh_align_mod(long *v1, long *v2, long *w,
44 const int align, const int mod)
45 {
46 unsigned long flags;
47 int m1, m2;
48 long p, s, lv1, lv2, lw;
49
50 /*
51 * We want the multiply and the shift to be isolated from the
52 * rest of the code to disable gcc optimizations. Hence the
53 * asm statements that execute nothing, but make gcc not know
54 * what the values of m1, m2 and s are and what lv2 and p are
55 * used for.
56 */
57
58 local_irq_save(flags);
59 /*
60 * The following code leads to a wrong result of the first
61 * dsll32 when executed on R4000 rev. 2.2 or 3.0 (PRId
62 * 00000422 or 00000430, respectively).
63 *
64 * See "MIPS R4000PC/SC Errata, Processor Revision 2.2 and
65 * 3.0" by MIPS Technologies, Inc., errata #16 and #28 for
66 * details. I got no permission to duplicate them here,
67 * sigh... --macro
68 */
69 asm volatile(
70 ""
71 : "=r" (m1), "=r" (m2), "=r" (s)
72 : "0" (5), "1" (8), "2" (5));
73 align_mod(align, mod);
74 /*
75 * The trailing nop is needed to fulfill the two-instruction
76 * requirement between reading hi/lo and staring a mult/div.
77 * Leaving it out may cause gas insert a nop itself breaking
78 * the desired alignment of the next chunk.
79 */
80 asm volatile(
81 ".set push\n\t"
82 ".set noat\n\t"
83 ".set noreorder\n\t"
84 ".set nomacro\n\t"
85 "mult %2, %3\n\t"
86 "dsll32 %0, %4, %5\n\t"
87 "mflo $0\n\t"
88 "dsll32 %1, %4, %5\n\t"
89 "nop\n\t"
90 ".set pop"
91 : "=&r" (lv1), "=r" (lw)
92 : "r" (m1), "r" (m2), "r" (s), "I" (0)
93 : "hi", "lo", "$0");
94 /* We have to use single integers for m1 and m2 and a double
95 * one for p to be sure the mulsidi3 gcc's RTL multiplication
96 * instruction has the workaround applied. Older versions of
97 * gcc have correct umulsi3 and mulsi3, but other
98 * multiplication variants lack the workaround.
99 */
100 asm volatile(
101 ""
102 : "=r" (m1), "=r" (m2), "=r" (s)
103 : "0" (m1), "1" (m2), "2" (s));
104 align_mod(align, mod);
105 p = m1 * m2;
106 lv2 = s << 32;
107 asm volatile(
108 ""
109 : "=r" (lv2)
110 : "0" (lv2), "r" (p));
111 local_irq_restore(flags);
112
113 *v1 = lv1;
114 *v2 = lv2;
115 *w = lw;
116 }
117
check_mult_sh(void)118 static __always_inline __init void check_mult_sh(void)
119 {
120 long v1[8], v2[8], w[8];
121 int bug, fix, i;
122
123 printk("Checking for the multiply/shift bug... ");
124
125 /*
126 * Testing discovered false negatives for certain code offsets
127 * into cache lines. Hence we test all possible offsets for
128 * the worst assumption of an R4000 I-cache line width of 32
129 * bytes.
130 *
131 * We can't use a loop as alignment directives need to be
132 * immediates.
133 */
134 mult_sh_align_mod(&v1[0], &v2[0], &w[0], 32, 0);
135 mult_sh_align_mod(&v1[1], &v2[1], &w[1], 32, 1);
136 mult_sh_align_mod(&v1[2], &v2[2], &w[2], 32, 2);
137 mult_sh_align_mod(&v1[3], &v2[3], &w[3], 32, 3);
138 mult_sh_align_mod(&v1[4], &v2[4], &w[4], 32, 4);
139 mult_sh_align_mod(&v1[5], &v2[5], &w[5], 32, 5);
140 mult_sh_align_mod(&v1[6], &v2[6], &w[6], 32, 6);
141 mult_sh_align_mod(&v1[7], &v2[7], &w[7], 32, 7);
142
143 bug = 0;
144 for (i = 0; i < 8; i++)
145 if (v1[i] != w[i])
146 bug = 1;
147
148 if (bug == 0) {
149 pr_cont("no.\n");
150 return;
151 }
152
153 pr_cont("yes, workaround... ");
154
155 fix = 1;
156 for (i = 0; i < 8; i++)
157 if (v2[i] != w[i])
158 fix = 0;
159
160 if (fix == 1) {
161 pr_cont("yes.\n");
162 return;
163 }
164
165 pr_cont("no.\n");
166 panic(bug64hit, !R4000_WAR ? r4kwar : nowar);
167 }
168
169 static volatile int daddi_ov;
170
do_daddi_ov(struct pt_regs * regs)171 asmlinkage void __init do_daddi_ov(struct pt_regs *regs)
172 {
173 enum ctx_state prev_state;
174
175 prev_state = exception_enter();
176 daddi_ov = 1;
177 regs->cp0_epc += 4;
178 exception_exit(prev_state);
179 }
180
check_daddi(void)181 static __init void check_daddi(void)
182 {
183 extern asmlinkage void handle_daddi_ov(void);
184 unsigned long flags;
185 void *handler;
186 long v, tmp;
187
188 printk("Checking for the daddi bug... ");
189
190 local_irq_save(flags);
191 handler = set_except_vector(EXCCODE_OV, handle_daddi_ov);
192 /*
193 * The following code fails to trigger an overflow exception
194 * when executed on R4000 rev. 2.2 or 3.0 (PRId 00000422 or
195 * 00000430, respectively).
196 *
197 * See "MIPS R4000PC/SC Errata, Processor Revision 2.2 and
198 * 3.0" by MIPS Technologies, Inc., erratum #23 for details.
199 * I got no permission to duplicate it here, sigh... --macro
200 */
201 asm volatile(
202 ".set push\n\t"
203 ".set noat\n\t"
204 ".set noreorder\n\t"
205 ".set nomacro\n\t"
206 "addiu %1, $0, %2\n\t"
207 "dsrl %1, %1, 1\n\t"
208 #ifdef HAVE_AS_SET_DADDI
209 ".set daddi\n\t"
210 #endif
211 "daddi %0, %1, %3\n\t"
212 ".set pop"
213 : "=r" (v), "=&r" (tmp)
214 : "I" (0xffffffffffffdb9aUL), "I" (0x1234));
215 set_except_vector(EXCCODE_OV, handler);
216 local_irq_restore(flags);
217
218 if (daddi_ov) {
219 pr_cont("no.\n");
220 return;
221 }
222
223 pr_cont("yes, workaround... ");
224
225 local_irq_save(flags);
226 handler = set_except_vector(EXCCODE_OV, handle_daddi_ov);
227 asm volatile(
228 "addiu %1, $0, %2\n\t"
229 "dsrl %1, %1, 1\n\t"
230 "daddi %0, %1, %3"
231 : "=r" (v), "=&r" (tmp)
232 : "I" (0xffffffffffffdb9aUL), "I" (0x1234));
233 set_except_vector(EXCCODE_OV, handler);
234 local_irq_restore(flags);
235
236 if (daddi_ov) {
237 pr_cont("yes.\n");
238 return;
239 }
240
241 pr_cont("no.\n");
242 panic(bug64hit, !DADDI_WAR ? daddiwar : nowar);
243 }
244
245 int daddiu_bug = IS_ENABLED(CONFIG_CPU_MIPSR6) ? 0 : -1;
246
check_daddiu(void)247 static __init void check_daddiu(void)
248 {
249 long v, w, tmp;
250
251 printk("Checking for the daddiu bug... ");
252
253 /*
254 * The following code leads to a wrong result of daddiu when
255 * executed on R4400 rev. 1.0 (PRId 00000440).
256 *
257 * See "MIPS R4400PC/SC Errata, Processor Revision 1.0" by
258 * MIPS Technologies, Inc., erratum #7 for details.
259 *
260 * According to "MIPS R4000PC/SC Errata, Processor Revision
261 * 2.2 and 3.0" by MIPS Technologies, Inc., erratum #41 this
262 * problem affects R4000 rev. 2.2 and 3.0 (PRId 00000422 and
263 * 00000430, respectively), too. Testing failed to trigger it
264 * so far.
265 *
266 * I got no permission to duplicate the errata here, sigh...
267 * --macro
268 */
269 asm volatile(
270 ".set push\n\t"
271 ".set noat\n\t"
272 ".set noreorder\n\t"
273 ".set nomacro\n\t"
274 "addiu %2, $0, %3\n\t"
275 "dsrl %2, %2, 1\n\t"
276 #ifdef HAVE_AS_SET_DADDI
277 ".set daddi\n\t"
278 #endif
279 "daddiu %0, %2, %4\n\t"
280 "addiu %1, $0, %4\n\t"
281 "daddu %1, %2\n\t"
282 ".set pop"
283 : "=&r" (v), "=&r" (w), "=&r" (tmp)
284 : "I" (0xffffffffffffdb9aUL), "I" (0x1234));
285
286 daddiu_bug = v != w;
287
288 if (!daddiu_bug) {
289 pr_cont("no.\n");
290 return;
291 }
292
293 pr_cont("yes, workaround... ");
294
295 asm volatile(
296 "addiu %2, $0, %3\n\t"
297 "dsrl %2, %2, 1\n\t"
298 "daddiu %0, %2, %4\n\t"
299 "addiu %1, $0, %4\n\t"
300 "daddu %1, %2"
301 : "=&r" (v), "=&r" (w), "=&r" (tmp)
302 : "I" (0xffffffffffffdb9aUL), "I" (0x1234));
303
304 if (v == w) {
305 pr_cont("yes.\n");
306 return;
307 }
308
309 pr_cont("no.\n");
310 panic(bug64hit, !DADDI_WAR ? daddiwar : nowar);
311 }
312
check_bugs64_early(void)313 void __init check_bugs64_early(void)
314 {
315 if (!IS_ENABLED(CONFIG_CPU_MIPSR6)) {
316 check_mult_sh();
317 check_daddiu();
318 }
319 }
320
check_bugs64(void)321 void __init check_bugs64(void)
322 {
323 if (!IS_ENABLED(CONFIG_CPU_MIPSR6))
324 check_daddi();
325 }
326