From: Christian Borntraeger <borntraeger@de.ibm.com>
To: Alexander Graf <agraf@suse.de>
Cc: "Cornelia Huck" <cornelia.huck@de.ibm.com>,
"Christian Borntraeger" <borntraeger@de.ibm.com>,
"Thomas Huth" <thuth@linux.vnet.ibm.com>,
"Andreas Färber" <afaerber@suse.de>,
qemu-devel <qemu-devel@nongnu.org>
Subject: [Qemu-devel] [PATCH 2/7] s390x/ioinst: Add missing alignment checks for IO instructions
Date: Mon, 15 Jul 2013 21:57:40 +0200 [thread overview]
Message-ID: <1373918265-20172-3-git-send-email-borntraeger@de.ibm.com> (raw)
In-Reply-To: <1373918265-20172-1-git-send-email-borntraeger@de.ibm.com>
From: Thomas Huth <thuth@linux.vnet.ibm.com>
The IO instructions MSCH, SSCH, STSCH, TSCH, STCRW and TPI require
that the second operand address must be aligned on a word boundary.
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
target-s390x/ioinst.c | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)
diff --git a/target-s390x/ioinst.c b/target-s390x/ioinst.c
index 28c508d..91cc41b 100644
--- a/target-s390x/ioinst.c
+++ b/target-s390x/ioinst.c
@@ -157,6 +157,10 @@ int ioinst_handle_msch(CPUS390XState *env, uint64_t reg1, uint32_t ipb)
}
trace_ioinst_sch_id("msch", cssid, ssid, schid);
addr = decode_basedisp_s(env, ipb);
+ if (addr & 3) {
+ program_interrupt(env, PGM_SPECIFICATION, 2);
+ return -EIO;
+ }
schib = s390_cpu_physical_memory_map(env, addr, &len, 0);
if (!schib || len != sizeof(*schib)) {
program_interrupt(env, PGM_SPECIFICATION, 2);
@@ -228,6 +232,10 @@ int ioinst_handle_ssch(CPUS390XState *env, uint64_t reg1, uint32_t ipb)
}
trace_ioinst_sch_id("ssch", cssid, ssid, schid);
addr = decode_basedisp_s(env, ipb);
+ if (addr & 3) {
+ program_interrupt(env, PGM_SPECIFICATION, 2);
+ return -EIO;
+ }
orig_orb = s390_cpu_physical_memory_map(env, addr, &len, 0);
if (!orig_orb || len != sizeof(*orig_orb)) {
program_interrupt(env, PGM_SPECIFICATION, 2);
@@ -272,6 +280,10 @@ int ioinst_handle_stcrw(CPUS390XState *env, uint32_t ipb)
hwaddr len = sizeof(*crw);
addr = decode_basedisp_s(env, ipb);
+ if (addr & 3) {
+ program_interrupt(env, PGM_SPECIFICATION, 2);
+ return -EIO;
+ }
crw = s390_cpu_physical_memory_map(env, addr, &len, 1);
if (!crw || len != sizeof(*crw)) {
program_interrupt(env, PGM_SPECIFICATION, 2);
@@ -300,6 +312,10 @@ int ioinst_handle_stsch(CPUS390XState *env, uint64_t reg1, uint32_t ipb)
}
trace_ioinst_sch_id("stsch", cssid, ssid, schid);
addr = decode_basedisp_s(env, ipb);
+ if (addr & 3) {
+ program_interrupt(env, PGM_SPECIFICATION, 2);
+ return -EIO;
+ }
schib = s390_cpu_physical_memory_map(env, addr, &len, 1);
if (!schib || len != sizeof(*schib)) {
program_interrupt(env, PGM_SPECIFICATION, 2);
@@ -345,6 +361,10 @@ int ioinst_handle_tsch(CPUS390XState *env, uint64_t reg1, uint32_t ipb)
}
trace_ioinst_sch_id("tsch", cssid, ssid, schid);
addr = decode_basedisp_s(env, ipb);
+ if (addr & 3) {
+ program_interrupt(env, PGM_SPECIFICATION, 2);
+ return -EIO;
+ }
irb = s390_cpu_physical_memory_map(env, addr, &len, 1);
if (!irb || len != sizeof(*irb)) {
program_interrupt(env, PGM_SPECIFICATION, 2);
@@ -625,6 +645,11 @@ int ioinst_handle_tpi(CPUS390XState *env, uint32_t ipb)
trace_ioinst("tpi");
addr = decode_basedisp_s(env, ipb);
+ if (addr & 3) {
+ program_interrupt(env, PGM_SPECIFICATION, 2);
+ return -EIO;
+ }
+
lowcore = addr ? 0 : 1;
len = lowcore ? 8 /* two words */ : 12 /* three words */;
orig_len = len;
--
1.8.1.4
next prev parent reply other threads:[~2013-07-15 19:57 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-15 19:57 [Qemu-devel] [PATCH 0/7] s390 fixes Christian Borntraeger
2013-07-15 19:57 ` [Qemu-devel] [PATCH 1/7] s390/sclpconsole: handle char layer busy conditions Christian Borntraeger
2013-07-15 19:57 ` Christian Borntraeger [this message]
2013-07-15 19:57 ` [Qemu-devel] [PATCH 3/7] s390x/ioinst: Throw addressing exception when memory_map failed Christian Borntraeger
2013-07-15 19:57 ` [Qemu-devel] [PATCH 4/7] s390x/ioinst: Fixed alignment check in SCHM instruction Christian Borntraeger
2013-07-15 19:57 ` [Qemu-devel] [PATCH 5/7] s390x/ioinst: Fixed priority of operand exceptions Christian Borntraeger
2013-07-15 19:57 ` [Qemu-devel] [PATCH 6/7] s390x/kvm: Reworked/fixed handling of cc3 in kvm_handle_css_inst() Christian Borntraeger
2013-07-15 19:57 ` [Qemu-devel] [PATCH 7/7] s390x/kvm: Remove redundant return code Christian Borntraeger
2013-07-23 11:48 ` [Qemu-devel] [PATCH 0/7] s390 fixes Christian Borntraeger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1373918265-20172-3-git-send-email-borntraeger@de.ibm.com \
--to=borntraeger@de.ibm.com \
--cc=afaerber@suse.de \
--cc=agraf@suse.de \
--cc=cornelia.huck@de.ibm.com \
--cc=qemu-devel@nongnu.org \
--cc=thuth@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).