From 94d6f121d65190ad920bd5e811ca604f0ac08967 Mon Sep 17 00:00:00 2001
From: Cole Robinson <crobinso@redhat.com>
Date: Tue, 22 Sep 2015 09:16:29 -0400
Subject: [PATCH] Fix emulation of various instructions, required by libm in
 F22 ppc64 guests Re-add patches accidentally dropped in last build

---
 ...cipher-vcipherlast-vncipherlast-and-.patch | 94 +++++++++++++++++++
 ...c-fix-xscmpodp-and-xscmpudp-decoding.patch | 49 ++++++++++
 qemu.spec                                     | 10 +-
 3 files changed, 152 insertions(+), 1 deletion(-)
 create mode 100644 0014-target-ppc-fix-vcipher-vcipherlast-vncipherlast-and-.patch
 create mode 100644 0015-target-ppc-fix-xscmpodp-and-xscmpudp-decoding.patch

diff --git a/0014-target-ppc-fix-vcipher-vcipherlast-vncipherlast-and-.patch b/0014-target-ppc-fix-vcipher-vcipherlast-vncipherlast-and-.patch
new file mode 100644
index 0000000..386bb37
--- /dev/null
+++ b/0014-target-ppc-fix-vcipher-vcipherlast-vncipherlast-and-.patch
@@ -0,0 +1,94 @@
+From: Aurelien Jarno <aurelien@aurel32.net>
+Date: Sun, 13 Sep 2015 23:03:44 +0200
+Subject: [PATCH] target-ppc: fix vcipher, vcipherlast, vncipherlast and
+ vpermxor
+
+For vector instructions, the helpers get pointers to the vector register
+in arguments. Some operands might point to the same register, including
+the operand holding the result.
+
+When emulating instructions which access the vector elements in a
+non-linear way, we need to store the result in an temporary variable.
+
+This fixes openssl when emulating a POWER8 CPU.
+
+Cc: Tom Musta <tommusta@gmail.com>
+Cc: Alexander Graf <agraf@suse.de>
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
+---
+ target-ppc/int_helper.c | 19 ++++++++++++++-----
+ 1 file changed, 14 insertions(+), 5 deletions(-)
+
+diff --git a/target-ppc/int_helper.c b/target-ppc/int_helper.c
+index 4c2b71c..b1f6abd 100644
+--- a/target-ppc/int_helper.c
++++ b/target-ppc/int_helper.c
+@@ -2327,24 +2327,28 @@ void helper_vsbox(ppc_avr_t *r, ppc_avr_t *a)
+ 
+ void helper_vcipher(ppc_avr_t *r, ppc_avr_t *a, ppc_avr_t *b)
+ {
++    ppc_avr_t result;
+     int i;
+ 
+     VECTOR_FOR_INORDER_I(i, u32) {
+-        r->AVRW(i) = b->AVRW(i) ^
++        result.AVRW(i) = b->AVRW(i) ^
+             (AES_Te0[a->AVRB(AES_shifts[4*i + 0])] ^
+              AES_Te1[a->AVRB(AES_shifts[4*i + 1])] ^
+              AES_Te2[a->AVRB(AES_shifts[4*i + 2])] ^
+              AES_Te3[a->AVRB(AES_shifts[4*i + 3])]);
+     }
++    *r = result;
+ }
+ 
+ void helper_vcipherlast(ppc_avr_t *r, ppc_avr_t *a, ppc_avr_t *b)
+ {
++    ppc_avr_t result;
+     int i;
+ 
+     VECTOR_FOR_INORDER_I(i, u8) {
+-        r->AVRB(i) = b->AVRB(i) ^ (AES_sbox[a->AVRB(AES_shifts[i])]);
++        result.AVRB(i) = b->AVRB(i) ^ (AES_sbox[a->AVRB(AES_shifts[i])]);
+     }
++    *r = result;
+ }
+ 
+ void helper_vncipher(ppc_avr_t *r, ppc_avr_t *a, ppc_avr_t *b)
+@@ -2369,11 +2373,13 @@ void helper_vncipher(ppc_avr_t *r, ppc_avr_t *a, ppc_avr_t *b)
+ 
+ void helper_vncipherlast(ppc_avr_t *r, ppc_avr_t *a, ppc_avr_t *b)
+ {
++    ppc_avr_t result;
+     int i;
+ 
+     VECTOR_FOR_INORDER_I(i, u8) {
+-        r->AVRB(i) = b->AVRB(i) ^ (AES_isbox[a->AVRB(AES_ishifts[i])]);
++        result.AVRB(i) = b->AVRB(i) ^ (AES_isbox[a->AVRB(AES_ishifts[i])]);
+     }
++    *r = result;
+ }
+ 
+ #define ROTRu32(v, n) (((v) >> (n)) | ((v) << (32-n)))
+@@ -2460,16 +2466,19 @@ void helper_vshasigmad(ppc_avr_t *r,  ppc_avr_t *a, uint32_t st_six)
+ 
+ void helper_vpermxor(ppc_avr_t *r,  ppc_avr_t *a, ppc_avr_t *b, ppc_avr_t *c)
+ {
++    ppc_avr_t result;
+     int i;
++
+     VECTOR_FOR_INORDER_I(i, u8) {
+         int indexA = c->u8[i] >> 4;
+         int indexB = c->u8[i] & 0xF;
+ #if defined(HOST_WORDS_BIGENDIAN)
+-        r->u8[i] = a->u8[indexA] ^ b->u8[indexB];
++        result.u8[i] = a->u8[indexA] ^ b->u8[indexB];
+ #else
+-        r->u8[i] = a->u8[15-indexA] ^ b->u8[15-indexB];
++        result.u8[i] = a->u8[15-indexA] ^ b->u8[15-indexB];
+ #endif
+     }
++    *r = result;
+ }
+ 
+ #undef VECTOR_FOR_INORDER_I
diff --git a/0015-target-ppc-fix-xscmpodp-and-xscmpudp-decoding.patch b/0015-target-ppc-fix-xscmpodp-and-xscmpudp-decoding.patch
new file mode 100644
index 0000000..ed89680
--- /dev/null
+++ b/0015-target-ppc-fix-xscmpodp-and-xscmpudp-decoding.patch
@@ -0,0 +1,49 @@
+From: Aurelien Jarno <aurelien@aurel32.net>
+Date: Sun, 13 Sep 2015 23:03:45 +0200
+Subject: [PATCH] target-ppc: fix xscmpodp and xscmpudp decoding
+
+The xscmpodp and xscmpudp instructions only have the AX, BX bits in
+there encoding, the lowest bit (usually TX) is marked as an invalid
+bit. We therefore can't decode them with GEN_XX2FORM, which decodes
+the two lowest bit.
+
+Introduce a new form GEN_XX2FORM, which decodes AX and BX and mark
+the lowest bit as invalid.
+
+Cc: Tom Musta <tommusta@gmail.com>
+Cc: Alexander Graf <agraf@suse.de>
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
+---
+ target-ppc/translate.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/target-ppc/translate.c b/target-ppc/translate.c
+index 8f255ea..13866b9 100644
+--- a/target-ppc/translate.c
++++ b/target-ppc/translate.c
+@@ -10670,6 +10670,13 @@ GEN_HANDLER2_E(name, #name, 0x3C, opc2 | 1, opc3, 0, PPC_NONE, fl2), \
+ GEN_HANDLER2_E(name, #name, 0x3C, opc2 | 2, opc3, 0, PPC_NONE, fl2), \
+ GEN_HANDLER2_E(name, #name, 0x3C, opc2 | 3, opc3, 0, PPC_NONE, fl2)
+ 
++#undef GEN_XX2IFORM
++#define GEN_XX2IFORM(name, opc2, opc3, fl2)                           \
++GEN_HANDLER2_E(name, #name, 0x3C, opc2 | 0, opc3, 1, PPC_NONE, fl2), \
++GEN_HANDLER2_E(name, #name, 0x3C, opc2 | 1, opc3, 1, PPC_NONE, fl2), \
++GEN_HANDLER2_E(name, #name, 0x3C, opc2 | 2, opc3, 1, PPC_NONE, fl2), \
++GEN_HANDLER2_E(name, #name, 0x3C, opc2 | 3, opc3, 1, PPC_NONE, fl2)
++
+ #undef GEN_XX3_RC_FORM
+ #define GEN_XX3_RC_FORM(name, opc2, opc3, fl2)                          \
+ GEN_HANDLER2_E(name, #name, 0x3C, opc2 | 0x00, opc3 | 0x00, 0, PPC_NONE, fl2), \
+@@ -10731,8 +10738,8 @@ GEN_XX3FORM(xsnmaddadp, 0x04, 0x14, PPC2_VSX),
+ GEN_XX3FORM(xsnmaddmdp, 0x04, 0x15, PPC2_VSX),
+ GEN_XX3FORM(xsnmsubadp, 0x04, 0x16, PPC2_VSX),
+ GEN_XX3FORM(xsnmsubmdp, 0x04, 0x17, PPC2_VSX),
+-GEN_XX2FORM(xscmpodp,  0x0C, 0x05, PPC2_VSX),
+-GEN_XX2FORM(xscmpudp,  0x0C, 0x04, PPC2_VSX),
++GEN_XX2IFORM(xscmpodp,  0x0C, 0x05, PPC2_VSX),
++GEN_XX2IFORM(xscmpudp,  0x0C, 0x04, PPC2_VSX),
+ GEN_XX3FORM(xsmaxdp, 0x00, 0x14, PPC2_VSX),
+ GEN_XX3FORM(xsmindp, 0x00, 0x15, PPC2_VSX),
+ GEN_XX2FORM(xscvdpsp, 0x12, 0x10, PPC2_VSX),
diff --git a/qemu.spec b/qemu.spec
index 5c415ab..ec5c584 100644
--- a/qemu.spec
+++ b/qemu.spec
@@ -43,7 +43,7 @@
 Summary: QEMU is a FAST! processor emulator
 Name: qemu
 Version: 2.3.1
-Release: 5%{?dist}
+Release: 6%{?dist}
 Epoch: 2
 License: GPLv2+ and LGPLv2+ and BSD
 Group: Development/Tools
@@ -102,6 +102,10 @@ Patch0011: 0011-net-add-checks-to-validate-ring-buffer-pointers-CVE-.patch
 Patch0012: 0012-block-mirror-limit-qiov-to-IOV_MAX-elements.patch
 # Fix hang at start of live merge for large images (bz #1262901)
 Patch0013: 0013-block-mirror-Sleep-periodically-during-bitmap-scanni.patch
+# Fix emulation of various instructions, required by libm in F22 ppc64
+# guests
+Patch0014: 0014-target-ppc-fix-vcipher-vcipherlast-vncipherlast-and-.patch
+Patch0015: 0015-target-ppc-fix-xscmpodp-and-xscmpudp-decoding.patch
 
 BuildRequires: SDL2-devel
 BuildRequires: zlib-devel
@@ -1204,6 +1208,10 @@ getent passwd qemu >/dev/null || \
 
 
 %changelog
+* Tue Sep 22 2015 Cole Robinson <crobinso@redhat.com> - 2:2.3.1-6
+- Fix emulation of various instructions, required by libm in F22 ppc64 guests
+- Re-add patches accidentally dropped in last build
+
 * Mon Sep 21 2015 Cole Robinson <crobinso@redhat.com> - 2:2.3.1-5
 - Fix typo causing qemu-img to link against entire world (bz #1260996)
 - CVE-2015-6815: net: e1000: infinite loop issue (bz #1260225)