From: Christian Borntraeger <borntraeger@de.ibm.com>
To: Anthony Liguori <anthony@codemonkey.ws>,
Peter Maydell <peter.maydell@linaro.org>
Cc: Thomas Huth <thuth@linux.vnet.ibm.com>,
qemu-devel <qemu-devel@nongnu.org>,
Alexander Graf <agraf@suse.de>,
Christian Borntraeger <borntraeger@de.ibm.com>,
Jens Freimann <jfrei@linux.vnet.ibm.com>,
Cornelia Huck <cornelia.huck@de.ibm.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Richard Henderson <rth@twiddle.net>
Subject: [Qemu-devel] [PATCH 09/17] s390x/sclp: Add missing checks to SCLP handler
Date: Tue, 25 Feb 2014 11:05:27 +0100 [thread overview]
Message-ID: <1393322735-31277-10-git-send-email-borntraeger@de.ibm.com> (raw)
In-Reply-To: <1393322735-31277-1-git-send-email-borntraeger@de.ibm.com>
From: Thomas Huth <thuth@linux.vnet.ibm.com>
If the 51 most significant bits of the SCCB address are zero or equal to
the prefix, we should throw an specification exception, too.
Also moved the check for privileged mode to sclp_service_call() to have
all program checks in one place now.
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
hw/s390x/sclp.c | 9 +++++++--
target-s390x/cpu.h | 2 +-
target-s390x/kvm.c | 6 +-----
target-s390x/misc_helper.c | 2 +-
4 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/hw/s390x/sclp.c b/hw/s390x/sclp.c
index 6134d4f..9880977 100644
--- a/hw/s390x/sclp.c
+++ b/hw/s390x/sclp.c
@@ -107,7 +107,7 @@ static void sclp_execute(SCCB *sccb, uint32_t code)
}
}
-int sclp_service_call(uint64_t sccb, uint32_t code)
+int sclp_service_call(CPUS390XState *env, uint64_t sccb, uint32_t code)
{
int r = 0;
SCCB work_sccb;
@@ -115,11 +115,16 @@ int sclp_service_call(uint64_t sccb, uint32_t code)
hwaddr sccb_len = sizeof(SCCB);
/* first some basic checks on program checks */
+ if (env->psw.mask & PSW_MASK_PSTATE) {
+ r = -PGM_PRIVILEGED;
+ goto out;
+ }
if (cpu_physical_memory_is_io(sccb)) {
r = -PGM_ADDRESSING;
goto out;
}
- if (sccb & ~0x7ffffff8ul) {
+ if ((sccb & ~0x1fffUL) == 0 || (sccb & ~0x1fffUL) == env->psa
+ || (sccb & ~0x7ffffff8UL) != 0) {
r = -PGM_SPECIFICATION;
goto out;
}
diff --git a/target-s390x/cpu.h b/target-s390x/cpu.h
index 373c115..9673838 100644
--- a/target-s390x/cpu.h
+++ b/target-s390x/cpu.h
@@ -963,7 +963,7 @@ struct sysib_322 {
void load_psw(CPUS390XState *env, uint64_t mask, uint64_t addr);
int mmu_translate(CPUS390XState *env, target_ulong vaddr, int rw, uint64_t asc,
target_ulong *raddr, int *flags);
-int sclp_service_call(uint64_t sccb, uint32_t code);
+int sclp_service_call(CPUS390XState *env, uint64_t sccb, uint32_t code);
uint32_t calc_cc(CPUS390XState *env, uint32_t cc_op, uint64_t src, uint64_t dst,
uint64_t vr);
diff --git a/target-s390x/kvm.c b/target-s390x/kvm.c
index 9e1083e..e7b3b13 100644
--- a/target-s390x/kvm.c
+++ b/target-s390x/kvm.c
@@ -445,14 +445,10 @@ static int kvm_sclp_service_call(S390CPU *cpu, struct kvm_run *run,
int r = 0;
cpu_synchronize_state(CPU(cpu));
- if (env->psw.mask & PSW_MASK_PSTATE) {
- enter_pgmcheck(cpu, PGM_PRIVILEGED);
- return 0;
- }
sccb = env->regs[ipbh0 & 0xf];
code = env->regs[(ipbh0 & 0xf0) >> 4];
- r = sclp_service_call(sccb, code);
+ r = sclp_service_call(env, sccb, code);
if (r < 0) {
enter_pgmcheck(cpu, -r);
}
diff --git a/target-s390x/misc_helper.c b/target-s390x/misc_helper.c
index 10d0425..728456f 100644
--- a/target-s390x/misc_helper.c
+++ b/target-s390x/misc_helper.c
@@ -93,7 +93,7 @@ void program_interrupt(CPUS390XState *env, uint32_t code, int ilen)
/* SCLP service call */
uint32_t HELPER(servc)(CPUS390XState *env, uint64_t r1, uint64_t r2)
{
- int r = sclp_service_call(r1, r2);
+ int r = sclp_service_call(env, r1, r2);
if (r < 0) {
program_interrupt(env, -r, 4);
return 0;
--
1.8.4.2
next prev parent reply other threads:[~2014-02-25 10:05 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-25 10:05 [Qemu-devel] [PATCH 00/17] s390x/kvm: pending patches Christian Borntraeger
2014-02-25 10:05 ` [Qemu-devel] [PATCH 01/17] update linux headers to kvm/queue Christian Borntraeger
2014-02-25 10:05 ` [Qemu-devel] [PATCH 02/17] s390x/kvm: implement floating-interrupt controller device Christian Borntraeger
2014-02-25 10:05 ` [Qemu-devel] [PATCH 03/17] s390x/async_pf: Check for apf extension and enable pfault Christian Borntraeger
2014-02-25 10:05 ` [Qemu-devel] [PATCH 04/17] s390x/kvm: Fixed bad SIGP SET-ARCHITECTURE handler Christian Borntraeger
2014-02-25 10:05 ` [Qemu-devel] [PATCH 05/17] s390x/virtio-hcall: Add range check for hypervisor call Christian Borntraeger
2014-02-25 10:05 ` [Qemu-devel] [PATCH 06/17] s390x/virtio-hcall: Specification exception for illegal subcodes Christian Borntraeger
2014-02-25 10:05 ` [Qemu-devel] [PATCH 07/17] s390x/eventfacility: mask out commands Christian Borntraeger
2014-02-25 10:05 ` [Qemu-devel] [PATCH 08/17] s390x/sclp: Fixed the size of sccb and code parameter Christian Borntraeger
2014-02-25 10:05 ` Christian Borntraeger [this message]
2014-02-25 10:05 ` [Qemu-devel] [PATCH 10/17] s390x/sclp: Fixed setting of condition code register Christian Borntraeger
2014-02-25 10:05 ` [Qemu-devel] [PATCH 11/17] s390x/event-facility: some renaming Christian Borntraeger
2014-02-25 10:05 ` [Qemu-devel] [PATCH 12/17] s390x/event-facility: code restructure Christian Borntraeger
2014-02-25 10:05 ` [Qemu-devel] [PATCH 13/17] s390x/event-facility: add support for live migration Christian Borntraeger
2014-02-25 10:05 ` [Qemu-devel] [PATCH 14/17] s390x/event-facility: exploit realize/unrealize Christian Borntraeger
2014-02-25 10:05 ` [Qemu-devel] [PATCH 15/17] s390-ccw.img: Fix sporadic reboot hangs: Initialize next_idx Christian Borntraeger
2014-02-25 10:05 ` [Qemu-devel] [PATCH 16/17] s390-ccw.img: Fix sporadic errors with ccw boot image - initialize css Christian Borntraeger
2014-02-25 10:05 ` [Qemu-devel] [PATCH 17/17] s390-ccw.img: new binary rom to match latest fixes Christian Borntraeger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1393322735-31277-10-git-send-email-borntraeger@de.ibm.com \
--to=borntraeger@de.ibm.com \
--cc=agraf@suse.de \
--cc=anthony@codemonkey.ws \
--cc=cornelia.huck@de.ibm.com \
--cc=jfrei@linux.vnet.ibm.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=rth@twiddle.net \
--cc=thuth@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).