Bug 212631

Summary: Misaligned floating point loads and store occasionally fail
Product: Platform Specific/Hardware Reporter: Trevor Davenport (trevor_davenport)
Component: PPC-32Assignee: platform_ppc-32
Status: NEW ---    
Severity: normal    
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 5.4.110 Subsystem:
Regression: No Bisected commit-id:
Attachments: Floating point load test program

Description Trevor Davenport 2021-04-09 15:34:24 UTC
Created attachment 296311 [details]
Floating point load test program

On a 32-bit PPC, e300c1 CPU, I am occasionally seeing misaligned floating point loads/store occasionally fail.  It appears to happen when a process is preempted.  Reducing preemption cause the issue to be fare less likely to occur. 

When it fails(in the load case), I've traced it down to do_fp_load.  It fails when it takes the false branch while it works when taking the true branch (see https://elixir.bootlin.com/linux/v5.4.110/source/arch/powerpc/lib/sstep.c#L492).

The issue was originally seen on a preempt-rt kernel, but it can be reproduced on a regular kernel compiled for low latency desktop as well.

The issue can be reproduced with the attached program which just performs an unaligned FP load.  Eventually it will produce a zero and exit.  

Example output:
 11326b98
 22453191
 3357f78a
 446abd71
 557d70b6
 11326b98
 22453191
 3357f78a
 446abd71
 557d70b6
 11326b98
 22453191
 3357f78a
 00000000
 float-bug: float-bug.c:14: main: Assertion `b[0] != 00' failed.

This has been compiled with gcc 9.3.0.
Comment 1 Trevor Davenport 2021-04-09 15:47:26 UTC
I can also reproduce this with kernel version 5.11.12.
Comment 2 Trevor Davenport 2021-04-09 18:10:14 UTC
A git bisect found this has existed for quite a while. 

git bisect start
# bad: [0cc244011f40280b78fc344d5c2aac5a0c659f77] Linux 4.14.229
git bisect bad 0cc244011f40280b78fc344d5c2aac5a0c659f77
# good: [a0c646821e9dedc5368abd2f71f50ebe2c351d19] Linux 4.4.265
git bisect good a0c646821e9dedc5368abd2f71f50ebe2c351d19
# good: [afd2ff9b7e1b367172f18ba7f693dfb62bdcb2dc] Linux 4.4
git bisect good afd2ff9b7e1b367172f18ba7f693dfb62bdcb2dc
# good: [786a72d79140028537382fa63bea63d5640c27d6] Merge tag 'armsoc-dt' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
git bisect good 786a72d79140028537382fa63bea63d5640c27d6
# good: [e0f25a3f2d052e36ff67a9b4db835c3e27e950d8] Merge tag 'hwlock-v4.13' of git://github.com/andersson/remoteproc
git bisect good e0f25a3f2d052e36ff67a9b4db835c3e27e950d8
# bad: [dd9d064e34a1b1c96d631cca73e2a6efc5834f4a] Merge tag 'staging-4.14-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
git bisect bad dd9d064e34a1b1c96d631cca73e2a6efc5834f4a
# good: [b88f55774f20c0c306e0a95d22ca9ab5f08187c7] Merge tag 'spi-v4.14' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi
git bisect good b88f55774f20c0c306e0a95d22ca9ab5f08187c7
# good: [b88f55774f20c0c306e0a95d22ca9ab5f08187c7] Merge tag 'spi-v4.14' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi
git bisect good b88f55774f20c0c306e0a95d22ca9ab5f08187c7
# bad: [cef5d0f952a03d42051141742632078d488b0c6b] Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk
git bisect bad cef5d0f952a03d42051141742632078d488b0c6b
# good: [aae3dbb4776e7916b6cd442d00159bea27a695c1] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
git bisect good aae3dbb4776e7916b6cd442d00159bea27a695c1
# good: [aae3dbb4776e7916b6cd442d00159bea27a695c1] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
git bisect good aae3dbb4776e7916b6cd442d00159bea27a695c1
# bad: [3645e6d0dc80be4376f87acc9ee527768387c909] Merge tag 'md/4.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md
git bisect bad 3645e6d0dc80be4376f87acc9ee527768387c909
# bad: [bac65d9d87b383471d8d29128319508d71b74180] Merge tag 'powerpc-4.14-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux
git bisect bad bac65d9d87b383471d8d29128319508d71b74180
# good: [57e88b43b81301d9b28f124a5576ac43a1cf9e8d] Merge branch 'x86-platform-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect good 57e88b43b81301d9b28f124a5576ac43a1cf9e8d
# good: [f9065c83ccf4a6c1ff5419d216ad8276e99bee6c] powerpc/configs: Explicitly drop CONFIG_INPUT_MOUSEDEV
git bisect good f9065c83ccf4a6c1ff5419d216ad8276e99bee6c
# good: [d1e1b351f50f9e5941f436f6c63949731979e00c] powerpc/xmon: Add ISA v3.0 SPRs to SPR dump
git bisect good d1e1b351f50f9e5941f436f6c63949731979e00c
# bad: [146e9f1b65478643f2729a97ccb8be60bb4492e5] crypto/nx: Add P9 NX specific error codes for 842 engine
git bisect bad 146e9f1b65478643f2729a97ccb8be60bb4492e5
# good: [5762e08344bd7c5bfc41030f74c4ab6ce6e461d0] powerpc: Don't update CR0 in emulation of popcnt, prty, bpermd instructions
git bisect good 5762e08344bd7c5bfc41030f74c4ab6ce6e461d0
# bad: [d2b65ac6526a82965212b632d42687251e122a36] powerpc: Emulate load/store floating point as integer word instructions
git bisect bad d2b65ac6526a82965212b632d42687251e122a36
# good: [1f41fb790460acf432f826f4aeeff6f7da891ff7] powerpc: Emulate load/store floating double pair instructions
git bisect good 1f41fb790460acf432f826f4aeeff6f7da891ff7
# good: [d955189ae42796621fb439e5e778ccaeebc2a1e7] powerpc: Handle opposite-endian processes in emulation code
git bisect good d955189ae42796621fb439e5e778ccaeebc2a1e7
# bad: [31bfdb036f1281831db2532178f0da41f4dc9bed] powerpc: Use instruction emulation infrastructure to handle alignment faults
git bisect bad 31bfdb036f1281831db2532178f0da41f4dc9bed
# good: [a53d5182e24c22986ad0e99e52f8fe343ee7d7ac] powerpc: Separate out load/store emulation into its own function
git bisect good a53d5182e24c22986ad0e99e52f8fe343ee7d7ac
# first bad commit: [31bfdb036f1281831db2532178f0da41f4dc9bed] powerpc: Use instruction emulation infrastructure to handle alignment faults


31bfdb036f1281831db2532178f0da41f4dc9bed is the first bad commit
commit 31bfdb036f1281831db2532178f0da41f4dc9bed
Author: Paul Mackerras <paulus@ozlabs.org>
Date:   Wed Aug 30 14:12:40 2017 +1000

    powerpc: Use instruction emulation infrastructure to handle alignment faults
    
    This replaces almost all of the instruction emulation code in
    fix_alignment() with calls to analyse_instr(), emulate_loadstore()
    and emulate_dcbz().  The only emulation code left is the SPE
    emulation code; analyse_instr() etc. do not handle SPE instructions
    at present.
    
    One result of this is that we can now handle alignment faults on
    all the new VSX load and store instructions that were added in POWER9.
    VSX loads/stores will take alignment faults for unaligned accesses
    to cache-inhibited memory.
    
    Another effect is that we no longer rely on the DAR and DSISR values
    set by the processor.
    
    With this, we now need to include the instruction emulation code
    unconditionally.
    
    Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
    Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>

 arch/powerpc/Kconfig        |   4 -
 arch/powerpc/kernel/align.c | 803 ++------------------------------------------
 arch/powerpc/lib/Makefile   |   4 +-
 3 files changed, 34 insertions(+), 777 deletions(-)