From: Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com>
To: Halil Pasic <pasic@linux.vnet.ibm.com>
Cc: Cornelia Huck <cohuck@redhat.com>,
Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com>,
Pierre Morel <pmorel@linux.vnet.ibm.com>,
qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH v3 4/5] 390x/css: introduce maximum data address checking
Date: Wed, 20 Sep 2017 15:47:51 +0800 [thread overview]
Message-ID: <20170920074751.GI11080@bjsdjshi@linux.vnet.ibm.com> (raw)
In-Reply-To: <20170919182745.90280-5-pasic@linux.vnet.ibm.com>
* Halil Pasic <pasic@linux.vnet.ibm.com> [2017-09-19 20:27:44 +0200]:
> The architecture mandates the addresses to be accessed on the first
> indirection level (that is, the data addresses without IDA, and the
> (M)IDAW addresses with (M)IDA) to be checked against an CCW format
> dependent limit maximum address. If a violation is detected, the storage
> access is not to be performed and a channel program check needs to be
> generated. As of today, we fail to do this check.
>
> Let us stick even closer to the architecture specification.
>
> Signed-off-by: Halil Pasic <pasic@linux.vnet.ibm.com>
> ---
> hw/s390x/css.c | 10 ++++++++++
> include/hw/s390x/css.h | 1 +
> 2 files changed, 11 insertions(+)
>
> diff --git a/hw/s390x/css.c b/hw/s390x/css.c
> index 6b0cd8861b..2d37a9ddde 100644
> --- a/hw/s390x/css.c
> +++ b/hw/s390x/css.c
> @@ -795,6 +795,11 @@ static inline int cds_check_len(CcwDataStream *cds, int len)
> return cds->flags & CDS_F_STREAM_BROKEN ? -EINVAL : len;
> }
>
> +static inline bool cds_ccw_addrs_ok(hwaddr addr, int len, bool ccw_fmt1)
> +{
> + return (addr + len) < (ccw_fmt1 ? (1UL << 31) : (1UL << 24));
> +}
> +
> static int ccw_dstream_rw_noflags(CcwDataStream *cds, void *buff, int len,
> CcwDataStreamOp op)
> {
> @@ -804,6 +809,9 @@ static int ccw_dstream_rw_noflags(CcwDataStream *cds, void *buff, int len,
> if (ret <= 0) {
> return ret;
> }
> + if (!cds_ccw_addrs_ok(cds->cda, len, cds->flags & CDS_F_FMT)) {
> + return -EINVAL; /* channel program check */
> + }
> if (op == CDS_OP_A) {
> goto incr;
> }
> @@ -828,7 +836,9 @@ void ccw_dstream_init(CcwDataStream *cds, CCW1 const *ccw, ORB const *orb)
> g_assert(!(orb->ctrl1 & ORB_CTRL1_MASK_MIDAW));
> cds->flags = (orb->ctrl0 & ORB_CTRL0_MASK_I2K ? CDS_F_I2K : 0) |
> (orb->ctrl0 & ORB_CTRL0_MASK_C64 ? CDS_F_C64 : 0) |
> + (orb->ctrl0 & ORB_CTRL0_MASK_FMT ? CDS_F_FMT : 0) |
This reminds me one more question:
Calling ccw_dsteram_init() after copy_ccw_from_guest() may lead to a
fmt-1 @ccw with an @orb that designates fmt-0 ccw. This sounds insane.
> (ccw->flags & CCW_FLAG_IDA ? CDS_F_IDA : 0);
> +
> cds->count = ccw->count;
> cds->cda_orig = ccw->cda;
> ccw_dstream_rewind(cds);
> diff --git a/include/hw/s390x/css.h b/include/hw/s390x/css.h
> index 078356e94c..69b374730e 100644
> --- a/include/hw/s390x/css.h
> +++ b/include/hw/s390x/css.h
> @@ -87,6 +87,7 @@ typedef struct CcwDataStream {
> #define CDS_F_MIDA 0x02
> #define CDS_F_I2K 0x04
> #define CDS_F_C64 0x08
> +#define CDS_F_FMT 0x10 /* CCW format-1 */
> #define CDS_F_STREAM_BROKEN 0x80
> uint8_t flags;
> uint8_t at_idaw;
> --
> 2.13.5
>
--
Dong Jia Shi
next prev parent reply other threads:[~2017-09-20 7:48 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-19 18:27 [Qemu-devel] [PATCH v3 0/5] add CCW indirect data access support Halil Pasic
2017-09-19 18:27 ` [Qemu-devel] [PATCH v3 1/5] s390x/css: introduce css data stream Halil Pasic
2017-09-20 6:44 ` Dong Jia Shi
2017-09-19 18:27 ` [Qemu-devel] [PATCH v3 2/5] s390x/css: use ccw " Halil Pasic
2017-09-21 9:40 ` Pierre Morel
2017-09-19 18:27 ` [Qemu-devel] [PATCH v3 3/5] virtio-ccw: " Halil Pasic
2017-09-20 6:47 ` Dong Jia Shi
2017-09-20 7:58 ` Cornelia Huck
2017-09-20 10:56 ` Halil Pasic
2017-09-20 10:57 ` Cornelia Huck
2017-09-21 9:44 ` Pierre Morel
2017-09-21 17:01 ` Halil Pasic
2017-09-19 18:27 ` [Qemu-devel] [PATCH v3 4/5] 390x/css: introduce maximum data address checking Halil Pasic
2017-09-20 7:47 ` Dong Jia Shi [this message]
2017-09-20 8:25 ` Cornelia Huck
2017-09-20 11:02 ` Halil Pasic
2017-09-21 0:39 ` Dong Jia Shi
2017-09-20 8:06 ` Cornelia Huck
2017-09-20 11:34 ` Halil Pasic
2017-09-20 11:43 ` Cornelia Huck
2017-09-19 18:27 ` [Qemu-devel] [PATCH v3 5/5] s390x/css: support ccw IDA Halil Pasic
2017-09-20 7:42 ` Dong Jia Shi
2017-09-20 8:33 ` Cornelia Huck
2017-09-20 11:13 ` Halil Pasic
2017-09-20 11:18 ` Cornelia Huck
2017-09-20 16:46 ` Halil Pasic
2017-09-21 0:50 ` Dong Jia Shi
2017-09-21 7:31 ` Cornelia Huck
2017-09-21 1:10 ` Dong Jia Shi
2017-09-20 8:11 ` Cornelia Huck
2017-09-20 11:01 ` Halil Pasic
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170920074751.GI11080@bjsdjshi@linux.vnet.ibm.com \
--to=bjsdjshi@linux.vnet.ibm.com \
--cc=cohuck@redhat.com \
--cc=pasic@linux.vnet.ibm.com \
--cc=pmorel@linux.vnet.ibm.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).