From: Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com>
To: Halil Pasic <pasic@linux.vnet.ibm.com>
Cc: Cornelia Huck <cohuck@redhat.com>,
Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com>,
Pierre Morel <pmorel@linux.vnet.ibm.com>,
qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH v3 4/5] 390x/css: introduce maximum data address checking
Date: Wed, 20 Sep 2017 15:47:51 +0800 [thread overview]
Message-ID: <20170920074751.GI11080@bjsdjshi@linux.vnet.ibm.com> (raw)
In-Reply-To: <20170919182745.90280-5-pasic@linux.vnet.ibm.com>
* Halil Pasic <pasic@linux.vnet.ibm.com> [2017-09-19 20:27:44 +0200]:
> The architecture mandates the addresses to be accessed on the first
> indirection level (that is, the data addresses without IDA, and the
> (M)IDAW addresses with (M)IDA) to be checked against an CCW format
> dependent limit maximum address. If a violation is detected, the storage
> access is not to be performed and a channel program check needs to be
> generated. As of today, we fail to do this check.
>
> Let us stick even closer to the architecture specification.
>
> Signed-off-by: Halil Pasic <pasic@linux.vnet.ibm.com>
> ---
> hw/s390x/css.c | 10 ++++++++++
> include/hw/s390x/css.h | 1 +
> 2 files changed, 11 insertions(+)
>
> diff --git a/hw/s390x/css.c b/hw/s390x/css.c
> index 6b0cd8861b..2d37a9ddde 100644
> --- a/hw/s390x/css.c
> +++ b/hw/s390x/css.c
> @@ -795,6 +795,11 @@ static inline int cds_check_len(CcwDataStream *cds, int len)
> return cds->flags & CDS_F_STREAM_BROKEN ? -EINVAL : len;
> }
>
> +static inline bool cds_ccw_addrs_ok(hwaddr addr, int len, bool ccw_fmt1)
> +{
> + return (addr + len) < (ccw_fmt1 ? (1UL << 31) : (1UL << 24));
> +}
> +
> static int ccw_dstream_rw_noflags(CcwDataStream *cds, void *buff, int len,
> CcwDataStreamOp op)
> {
> @@ -804,6 +809,9 @@ static int ccw_dstream_rw_noflags(CcwDataStream *cds, void *buff, int len,
> if (ret <= 0) {
> return ret;
> }
> + if (!cds_ccw_addrs_ok(cds->cda, len, cds->flags & CDS_F_FMT)) {
> + return -EINVAL; /* channel program check */
> + }
> if (op == CDS_OP_A) {
> goto incr;
> }
> @@ -828,7 +836,9 @@ void ccw_dstream_init(CcwDataStream *cds, CCW1 const *ccw, ORB const *orb)
> g_assert(!(orb->ctrl1 & ORB_CTRL1_MASK_MIDAW));
> cds->flags = (orb->ctrl0 & ORB_CTRL0_MASK_I2K ? CDS_F_I2K : 0) |
> (orb->ctrl0 & ORB_CTRL0_MASK_C64 ? CDS_F_C64 : 0) |
> + (orb->ctrl0 & ORB_CTRL0_MASK_FMT ? CDS_F_FMT : 0) |
This reminds me one more question:
Calling ccw_dsteram_init() after copy_ccw_from_guest() may lead to a
fmt-1 @ccw with an @orb that designates fmt-0 ccw. This sounds insane.
> (ccw->flags & CCW_FLAG_IDA ? CDS_F_IDA : 0);
> +
> cds->count = ccw->count;
> cds->cda_orig = ccw->cda;
> ccw_dstream_rewind(cds);
> diff --git a/include/hw/s390x/css.h b/include/hw/s390x/css.h
> index 078356e94c..69b374730e 100644
> --- a/include/hw/s390x/css.h
> +++ b/include/hw/s390x/css.h
> @@ -87,6 +87,7 @@ typedef struct CcwDataStream {
> #define CDS_F_MIDA 0x02
> #define CDS_F_I2K 0x04
> #define CDS_F_C64 0x08
> +#define CDS_F_FMT 0x10 /* CCW format-1 */
> #define CDS_F_STREAM_BROKEN 0x80
> uint8_t flags;
> uint8_t at_idaw;
> --
> 2.13.5
>
--
Dong Jia Shi
next prev parent reply other threads:[~2017-09-20 7:48 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-19 18:27 [Qemu-devel] [PATCH v3 0/5] add CCW indirect data access support Halil Pasic
2017-09-19 18:27 ` [Qemu-devel] [PATCH v3 1/5] s390x/css: introduce css data stream Halil Pasic
2017-09-20 6:44 ` Dong Jia Shi
2017-09-19 18:27 ` [Qemu-devel] [PATCH v3 2/5] s390x/css: use ccw " Halil Pasic
2017-09-21 9:40 ` Pierre Morel
2017-09-19 18:27 ` [Qemu-devel] [PATCH v3 3/5] virtio-ccw: " Halil Pasic
2017-09-20 6:47 ` Dong Jia Shi
2017-09-20 7:58 ` Cornelia Huck
2017-09-20 10:56 ` Halil Pasic
2017-09-20 10:57 ` Cornelia Huck
2017-09-21 9:44 ` Pierre Morel
2017-09-21 17:01 ` Halil Pasic
2017-09-19 18:27 ` [Qemu-devel] [PATCH v3 4/5] 390x/css: introduce maximum data address checking Halil Pasic
2017-09-20 7:47 ` Dong Jia Shi [this message]
2017-09-20 8:25 ` Cornelia Huck
2017-09-20 11:02 ` Halil Pasic
2017-09-21 0:39 ` Dong Jia Shi
2017-09-20 8:06 ` Cornelia Huck
2017-09-20 11:34 ` Halil Pasic
2017-09-20 11:43 ` Cornelia Huck
2017-09-19 18:27 ` [Qemu-devel] [PATCH v3 5/5] s390x/css: support ccw IDA Halil Pasic
2017-09-20 7:42 ` Dong Jia Shi
2017-09-20 8:33 ` Cornelia Huck
2017-09-20 11:13 ` Halil Pasic
2017-09-20 11:18 ` Cornelia Huck
2017-09-20 16:46 ` Halil Pasic
2017-09-21 0:50 ` Dong Jia Shi
2017-09-21 7:31 ` Cornelia Huck
2017-09-21 1:10 ` Dong Jia Shi
2017-09-20 8:11 ` Cornelia Huck
2017-09-20 11:01 ` Halil Pasic
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170920074751.GI11080@bjsdjshi@linux.vnet.ibm.com \
--to=bjsdjshi@linux.vnet.ibm.com \
--cc=cohuck@redhat.com \
--cc=pasic@linux.vnet.ibm.com \
--cc=pmorel@linux.vnet.ibm.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.