From: David Hildenbrand <david@redhat.com>
To: qemu-devel@nongnu.org
Cc: Thomas Huth <thuth@redhat.com>,
Janosch Frank <frankja@linux.ibm.com>,
David Hildenbrand <david@redhat.com>,
Cornelia Huck <cohuck@redhat.com>,
Halil Pasic <pasic@linux.ibm.com>,
Christian Borntraeger <borntraeger@de.ibm.com>,
qemu-s390x@nongnu.org, Richard Henderson <rth@twiddle.net>
Subject: [PATCH v2 4/7] s390x/mmu: Inject PGM_ADDRESSING on boguous table addresses
Date: Wed, 25 Sep 2019 14:52:33 +0200 [thread overview]
Message-ID: <20190925125236.4043-5-david@redhat.com> (raw)
In-Reply-To: <20190925125236.4043-1-david@redhat.com>
Let's document how it works and inject PGM_ADDRESSING if reading of
table entries fails.
Signed-off-by: David Hildenbrand <david@redhat.com>
---
target/s390x/mmu_helper.c | 28 ++++++++++++++++++++++++----
1 file changed, 24 insertions(+), 4 deletions(-)
diff --git a/target/s390x/mmu_helper.c b/target/s390x/mmu_helper.c
index f6ae444655..c9fde78614 100644
--- a/target/s390x/mmu_helper.c
+++ b/target/s390x/mmu_helper.c
@@ -93,6 +93,24 @@ target_ulong mmu_real2abs(CPUS390XState *env, target_ulong raddr)
return raddr;
}
+static inline int read_table_entry(hwaddr gaddr, uint64_t *entry)
+{
+ /*
+ * According to the PoP, these table addresses are "unpredictably real
+ * or absolute". Also, "it is unpredictable whether the address wraps
+ * or an addressing exception is recognized".
+ *
+ * We treat them as absolute addresses and don't wrap them.
+ */
+ if (unlikely(address_space_read(&address_space_memory, gaddr,
+ MEMTXATTRS_UNSPECIFIED, (uint8_t *)entry, sizeof(*entry)) !=
+ MEMTX_OK)) {
+ return -EFAULT;
+ }
+ *entry = be64_to_cpu(*entry);
+ return 0;
+}
+
/* Decode page table entry (normal 4KB page) */
static int mmu_translate_pte(CPUS390XState *env, target_ulong vaddr,
uint64_t asc, uint64_t pt_entry,
@@ -118,7 +136,6 @@ static int mmu_translate_segment(CPUS390XState *env, target_ulong vaddr,
target_ulong *raddr, int *flags, int rw,
bool exc)
{
- CPUState *cs = env_cpu(env);
uint64_t origin, offs, pt_entry;
if (st_entry & SEGMENT_ENTRY_RO) {
@@ -134,7 +151,9 @@ static int mmu_translate_segment(CPUS390XState *env, target_ulong vaddr,
/* Look up 4KB page entry */
origin = st_entry & SEGMENT_ENTRY_ORIGIN;
offs = (vaddr & VADDR_PX) >> 9;
- pt_entry = ldq_phys(cs->as, origin + offs);
+ if (read_table_entry(origin + offs, &pt_entry)) {
+ return PGM_ADDRESSING;
+ }
return mmu_translate_pte(env, vaddr, asc, pt_entry, raddr, flags, rw, exc);
}
@@ -144,7 +163,6 @@ static int mmu_translate_region(CPUS390XState *env, target_ulong vaddr,
target_ulong *raddr, int *flags, int rw,
bool exc)
{
- CPUState *cs = env_cpu(env);
uint64_t origin, offs, new_entry;
const int pchks[4] = {
PGM_SEGMENT_TRANS, PGM_REG_THIRD_TRANS,
@@ -154,7 +172,9 @@ static int mmu_translate_region(CPUS390XState *env, target_ulong vaddr,
origin = entry & REGION_ENTRY_ORIGIN;
offs = (vaddr >> (17 + 11 * level / 4)) & 0x3ff8;
- new_entry = ldq_phys(cs->as, origin + offs);
+ if (read_table_entry(origin + offs, &new_entry)) {
+ return PGM_ADDRESSING;
+ }
if ((new_entry & REGION_ENTRY_INV) != 0) {
return pchks[level / 4];
--
2.21.0
next prev parent reply other threads:[~2019-09-25 13:27 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-25 12:52 [PATCH v2 0/7] s390x/mmu: DAT translation rewrite David Hildenbrand
2019-09-25 12:52 ` [PATCH v2 1/7] s390x/mmu: Drop debug logging from MMU code David Hildenbrand
2019-09-25 13:28 ` Thomas Huth
2019-09-25 19:11 ` Richard Henderson
2019-09-25 12:52 ` [PATCH v2 2/7] s390x/mmu: Move DAT protection handling out of mmu_translate_asce() David Hildenbrand
2019-09-25 17:01 ` Thomas Huth
2019-09-25 19:14 ` Richard Henderson
2019-09-25 12:52 ` [PATCH v2 3/7] s390x/mmu: Inject DAT exceptions from a single place David Hildenbrand
2019-09-25 17:05 ` Thomas Huth
2019-09-25 19:14 ` Richard Henderson
2019-09-25 12:52 ` David Hildenbrand [this message]
2019-09-25 17:12 ` [PATCH v2 4/7] s390x/mmu: Inject PGM_ADDRESSING on boguous table addresses Thomas Huth
2019-09-25 19:25 ` Richard Henderson
2019-09-25 19:36 ` David Hildenbrand
2019-09-25 12:52 ` [PATCH v2 5/7] s390x/mmu: Use TARGET_PAGE_MASK in mmu_translate_pte() David Hildenbrand
2019-09-25 17:15 ` Thomas Huth
2019-09-25 19:26 ` Richard Henderson
2019-09-25 12:52 ` [PATCH v2 6/7] s390x/mmu: DAT table definition overhaul David Hildenbrand
2019-09-26 7:35 ` Thomas Huth
2019-09-26 7:38 ` David Hildenbrand
2019-09-26 7:52 ` Thomas Huth
2019-09-26 7:59 ` David Hildenbrand
2019-09-26 8:07 ` Thomas Huth
2019-09-25 12:52 ` [PATCH v2 7/7] s390x/mmu: Convert to non-recursive page table walk David Hildenbrand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190925125236.4043-5-david@redhat.com \
--to=david@redhat.com \
--cc=borntraeger@de.ibm.com \
--cc=cohuck@redhat.com \
--cc=frankja@linux.ibm.com \
--cc=pasic@linux.ibm.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=rth@twiddle.net \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.