From: David Hildenbrand <david@redhat.com>
To: qemu-devel@nongnu.org
Cc: Stefan Liebler <stli@linux.ibm.com>,
Thomas Huth <thuth@redhat.com>,
Denys Vlasenko <dvlasenk@redhat.com>,
Andreas Krebbel <Andreas.Krebbel@de.ibm.com>,
Cornelia Huck <cohuck@redhat.com>,
Richard Henderson <richard.henderson@linaro.org>,
Pino Toscano <ptoscano@redhat.com>,
Christian Borntraeger <borntraeger@de.ibm.com>,
qemu-s390x@nongnu.org, Richard Henderson <rth@twiddle.net>
Subject: Re: [Qemu-devel] [PATCH v2 01/22] s390x/tcg: Store only the necessary amount of doublewords for STFLE
Date: Mon, 3 Jun 2019 11:07:38 +0200 [thread overview]
Message-ID: <11d11210-0b4e-a019-71ed-2cc8bdff04ec@redhat.com> (raw)
In-Reply-To: <20190603090635.10631-2-david@redhat.com>
On 03.06.19 11:06, David Hildenbrand wrote:
> The PoP (z14, 7-382) says:
> Doublewords to the right of the doubleword in which the
> highest-numbered facility bit is assigned for a model
> may or may not be stored.
>
> However, stack protection in certain binaries can't deal with that.
> "gzip" example code:
>
> f1b4: a7 08 00 03 lhi %r0,3
> f1b8: b2 b0 f0 a0 stfle 160(%r15)
> f1bc: e3 20 f0 b2 00 90 llgc %r2,178(%r15)
> f1c2: c0 2b 00 00 00 01 nilf %r2,1
> f1c8: b2 4f 00 10 ear %r1,%a0
> f1cc: b9 14 00 22 lgfr %r2,%r2
> f1d0: eb 11 00 20 00 0d sllg %r1,%r1,32
> f1d6: b2 4f 00 11 ear %r1,%a1
> f1da: d5 07 f0 b8 10 28 clc 184(8,%r15),40(%r1)
> f1e0: a7 74 00 06 jne f1ec <file_read@@Base+0x1bc>
> f1e4: eb ef f1 30 00 04 lmg %r14,%r15,304(%r15)
> f1ea: 07 fe br %r14
> f1ec: c0 e5 ff ff 9d 6e brasl %r14,2cc8 <__stack_chk_fail@plt>
>
> In QEMU, we currently have:
> max_bytes = 24
> the code asks for (3 + 1) doublewords == 32 bytes.
>
> If we write 32 bytes instead of only 24, and return "2 + 1" doublewords
> ("one less than the number of doulewords needed to contain all of the
> facility bits"), the example code detects a stack corruption.
>
> In my opinion, the code is wrong. However, it seems to work fine on
> real machines. So let's limit storing to the minimum of the requested
> and the maximum doublewords.
>
> Cc: Stefan Liebler <stli@linux.ibm.com>
> Cc: Andreas Krebbel <Andreas.Krebbel@de.ibm.com>
> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
> Signed-off-by: David Hildenbrand <david@redhat.com>
> ---
> target/s390x/misc_helper.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/target/s390x/misc_helper.c b/target/s390x/misc_helper.c
> index 34476134a4..10aa617cf9 100644
> --- a/target/s390x/misc_helper.c
> +++ b/target/s390x/misc_helper.c
> @@ -678,7 +678,13 @@ uint32_t HELPER(stfle)(CPUS390XState *env, uint64_t addr)
>
> prepare_stfl();
> max_bytes = ROUND_UP(used_stfl_bytes, 8);
> - for (i = 0; i < count_bytes; ++i) {
> +
> + /*
> + * The PoP says that doublewords beyond the highest-numbered facility
> + * bit may or may not be stored. However, existing hardware appears to
> + * not store the words, and existing software depend on that.
> + */
> + for (i = 0; i < MIN(count_bytes, max_bytes); ++i) {
> cpu_stb_data_ra(env, addr + i, stfl_bytes[i], ra);
> }
>
>
Not intended to be included in this series, please ignore :)
--
Thanks,
David / dhildenb
next prev parent reply other threads:[~2019-06-03 9:28 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-03 9:06 [Qemu-devel] [PATCH v2 00/22] s390x/tcg: Vector Instruction Support Part 4 David Hildenbrand
2019-06-03 9:06 ` [Qemu-devel] [PATCH v2 01/22] s390x/tcg: Store only the necessary amount of doublewords for STFLE David Hildenbrand
2019-06-03 9:07 ` David Hildenbrand [this message]
2019-06-03 9:06 ` [Qemu-devel] [PATCH v2 02/22] s390x/tcg: Introduce tcg_s390_vector_exception() David Hildenbrand
2019-06-03 9:06 ` [Qemu-devel] [PATCH v2 03/22] s390x/tcg: Export float_comp_to_cc() and float(32|64|128)_dcmask() David Hildenbrand
2019-06-03 16:17 ` Richard Henderson
2019-06-03 9:06 ` [Qemu-devel] [PATCH v2 04/22] s390x/tcg: Implement VECTOR FP ADD David Hildenbrand
2019-06-03 9:06 ` [Qemu-devel] [PATCH v2 05/22] s390x/tcg: Implement VECTOR FP COMPARE (AND SIGNAL) SCALAR David Hildenbrand
2019-06-03 9:06 ` [Qemu-devel] [PATCH v2 06/22] s390x/tcg: Implement VECTOR FP COMPARE (EQUAL|HIGH|HIGH OR EQUAL) David Hildenbrand
2019-06-05 9:19 ` David Hildenbrand
2019-06-05 14:47 ` Richard Henderson
2019-06-03 9:06 ` [Qemu-devel] [PATCH v2 07/22] s390x/tcg: Implement VECTOR FP CONVERT FROM FIXED 64-BIT David Hildenbrand
2019-06-03 9:06 ` [Qemu-devel] [PATCH v2 08/22] s390x/tcg: Implement VECTOR FP CONVERT FROM LOGICAL 64-BIT David Hildenbrand
2019-06-03 9:06 ` [Qemu-devel] [PATCH v2 09/22] s390x/tcg: Implement VECTOR FP CONVERT TO FIXED 64-BIT David Hildenbrand
2019-06-03 9:06 ` [Qemu-devel] [PATCH v2 10/22] s390x/tcg: Implement VECTOR FP CONVERT TO LOGICAL 64-BIT David Hildenbrand
2019-06-03 9:06 ` [Qemu-devel] [PATCH v2 11/22] s390x/tcg: Implement VECTOR FP DIVIDE David Hildenbrand
2019-06-03 9:06 ` [Qemu-devel] [PATCH v2 12/22] s390x/tcg: Implement VECTOR LOAD FP INTEGER David Hildenbrand
2019-06-03 9:06 ` [Qemu-devel] [PATCH v2 13/22] s390x/tcg: Implement VECTOR LOAD LENGTHENED David Hildenbrand
2019-06-03 9:06 ` [Qemu-devel] [PATCH v2 14/22] s390x/tcg: Implement VECTOR LOAD ROUNDED David Hildenbrand
2019-06-03 9:06 ` [Qemu-devel] [PATCH v2 15/22] s390x/tcg: Implement VECTOR FP MULTIPLY David Hildenbrand
2019-06-03 9:06 ` [Qemu-devel] [PATCH v2 16/22] s390x/tcg: Implement VECTOR FP MULTIPLY AND (ADD|SUBTRACT) David Hildenbrand
2019-06-03 16:16 ` Richard Henderson
2019-06-03 9:06 ` [Qemu-devel] [PATCH v2 17/22] s390x/tcg: Implement VECTOR FP PERFORM SIGN OPERATION David Hildenbrand
2019-06-03 16:18 ` Richard Henderson
2019-06-03 9:06 ` [Qemu-devel] [PATCH v2 18/22] s390x/tcg: Implement VECTOR FP SQUARE ROOT David Hildenbrand
2019-06-03 9:06 ` [Qemu-devel] [PATCH v2 19/22] s390x/tcg: Implement VECTOR FP SUBTRACT David Hildenbrand
2019-06-03 9:06 ` [Qemu-devel] [PATCH v2 20/22] s390x/tcg: Implement VECTOR FP TEST DATA CLASS IMMEDIATE David Hildenbrand
2019-06-03 9:06 ` [Qemu-devel] [PATCH v2 21/22] s390x/tcg: Allow linux-user to use vector instructions David Hildenbrand
2019-06-04 7:45 ` Laurent Vivier
2019-06-04 8:50 ` Laurent Vivier
2019-06-04 8:56 ` David Hildenbrand
2019-06-03 9:06 ` [Qemu-devel] [PATCH v2 22/22] s390x/tcg: We support the Vector Facility David Hildenbrand
2019-06-03 9:09 ` [Qemu-devel] [PATCH v2 00/22] s390x/tcg: Vector Instruction Support Part 4 David Hildenbrand
2019-06-03 9:17 ` [Qemu-devel] [PATCH v2 23/22] s390x: Bump the "qemu" CPU model up to a stripped-down z13 David Hildenbrand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=11d11210-0b4e-a019-71ed-2cc8bdff04ec@redhat.com \
--to=david@redhat.com \
--cc=Andreas.Krebbel@de.ibm.com \
--cc=borntraeger@de.ibm.com \
--cc=cohuck@redhat.com \
--cc=dvlasenk@redhat.com \
--cc=ptoscano@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=rth@twiddle.net \
--cc=stli@linux.ibm.com \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).