powerpc: Fix emulation of mcrf in emulate_step()

commit 87c4b83e0fe234a1f0eed131ab6fa232036860d5 upstream.

The mcrf emulation code was using the CR field number directly as the shift
value, without taking into account that CR fields are numbered from 0-7 starting
at the high bits. That meant it was looking at the CR fields in the reverse
order.

Fixes: cf87c3f6b647 ("powerpc: Emulate icbi, mcrf and conditional-trap instructions")
Signed-off-by: Anton Blanchard <anton@samba.org>
Acked-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/arch/powerpc/lib/sstep.c b/arch/powerpc/lib/sstep.c
index 4014881e9843cc360125643043645c5187a3b136..8bf5c0bf97953f38de981e2f8d62b3f54dacc5cb 100644 (file)
--- a/arch/powerpc/lib/sstep.c
+++ b/arch/powerpc/lib/sstep.c
@@ -687,8 +687,10 @@ int __kprobes analyse_instr(struct instruction_op *op, struct pt_regs *regs,
        case 19:
                switch ((instr >> 1) & 0x3ff) {
                case 0:         /* mcrf */
-                       rd = (instr >> 21) & 0x1c;
-                       ra = (instr >> 16) & 0x1c;
+                       rd = 7 - ((instr >> 23) & 0x7);
+                       ra = 7 - ((instr >> 18) & 0x7);
+                       rd *= 4;
+                       ra *= 4;
                        val = (regs->ccr >> ra) & 0xf;
                        regs->ccr = (regs->ccr & ~(0xfUL << rd)) | (val << rd);
                        goto instr_done;