From: Cornelia Huck <cohuck@redhat.com>
To: peter.maydell@linaro.org
Cc: qemu-devel@nongnu.org, rth@twiddle.net, agraf@suse.de,
thuth@redhat.com, borntraeger@de.ibm.com, david@redhat.com,
Halil Pasic <pasic@linux.vnet.ibm.com>,
Cornelia Huck <cohuck@redhat.com>
Subject: [Qemu-devel] [PULL 09/33] 390x/css: introduce maximum data address checking
Date: Fri, 6 Oct 2017 11:59:32 +0200 [thread overview]
Message-ID: <20171006095956.27534-10-cohuck@redhat.com> (raw)
In-Reply-To: <20171006095956.27534-1-cohuck@redhat.com>
From: Halil Pasic <pasic@linux.vnet.ibm.com>
The architecture mandates the addresses to be accessed on the first
indirection level (that is, the data addresses without IDA, and the
(M)IDAW addresses with (M)IDA) to be checked against an CCW format
dependent limit maximum address. If a violation is detected, the storage
access is not to be performed and a channel program check needs to be
generated. As of today, we fail to do this check.
Let us stick even closer to the architecture specification.
Signed-off-by: Halil Pasic <pasic@linux.vnet.ibm.com>
Message-Id: <20170921180841.24490-5-pasic@linux.vnet.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Reviewed-by: Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
---
hw/s390x/css.c | 10 ++++++++++
include/hw/s390x/css.h | 1 +
2 files changed, 11 insertions(+)
diff --git a/hw/s390x/css.c b/hw/s390x/css.c
index 390c78f7d0..ab7333fde8 100644
--- a/hw/s390x/css.c
+++ b/hw/s390x/css.c
@@ -799,6 +799,11 @@ static inline int cds_check_len(CcwDataStream *cds, int len)
return cds->flags & CDS_F_STREAM_BROKEN ? -EINVAL : len;
}
+static inline bool cds_ccw_addrs_ok(hwaddr addr, int len, bool ccw_fmt1)
+{
+ return (addr + len) < (ccw_fmt1 ? (1UL << 31) : (1UL << 24));
+}
+
static int ccw_dstream_rw_noflags(CcwDataStream *cds, void *buff, int len,
CcwDataStreamOp op)
{
@@ -808,6 +813,9 @@ static int ccw_dstream_rw_noflags(CcwDataStream *cds, void *buff, int len,
if (ret <= 0) {
return ret;
}
+ if (!cds_ccw_addrs_ok(cds->cda, len, cds->flags & CDS_F_FMT)) {
+ return -EINVAL; /* channel program check */
+ }
if (op == CDS_OP_A) {
goto incr;
}
@@ -832,7 +840,9 @@ void ccw_dstream_init(CcwDataStream *cds, CCW1 const *ccw, ORB const *orb)
g_assert(!(orb->ctrl1 & ORB_CTRL1_MASK_MIDAW));
cds->flags = (orb->ctrl0 & ORB_CTRL0_MASK_I2K ? CDS_F_I2K : 0) |
(orb->ctrl0 & ORB_CTRL0_MASK_C64 ? CDS_F_C64 : 0) |
+ (orb->ctrl0 & ORB_CTRL0_MASK_FMT ? CDS_F_FMT : 0) |
(ccw->flags & CCW_FLAG_IDA ? CDS_F_IDA : 0);
+
cds->count = ccw->count;
cds->cda_orig = ccw->cda;
ccw_dstream_rewind(cds);
diff --git a/include/hw/s390x/css.h b/include/hw/s390x/css.h
index 078356e94c..69b374730e 100644
--- a/include/hw/s390x/css.h
+++ b/include/hw/s390x/css.h
@@ -87,6 +87,7 @@ typedef struct CcwDataStream {
#define CDS_F_MIDA 0x02
#define CDS_F_I2K 0x04
#define CDS_F_C64 0x08
+#define CDS_F_FMT 0x10 /* CCW format-1 */
#define CDS_F_STREAM_BROKEN 0x80
uint8_t flags;
uint8_t at_idaw;
--
2.13.6
next prev parent reply other threads:[~2017-10-06 10:00 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-06 9:59 [Qemu-devel] [PULL 00/33] next batch of s390x patches Cornelia Huck
2017-10-06 9:59 ` [Qemu-devel] [PULL 01/33] s390x/tcg: implement spm (SET PROGRAM MASK) Cornelia Huck
2017-10-06 9:59 ` [Qemu-devel] [PULL 02/33] s390x/tcg: move wrap_address() to internal.h Cornelia Huck
2017-10-06 9:59 ` [Qemu-devel] [PULL 03/33] s390x/tcg: add basic MSA features Cornelia Huck
2017-10-06 9:59 ` [Qemu-devel] [PULL 04/33] s390x: use generic cpu_model parsing Cornelia Huck
2017-10-06 9:59 ` [Qemu-devel] [PULL 05/33] s390x/kvm: fix and cleanup storing CPU status Cornelia Huck
2017-10-06 9:59 ` [Qemu-devel] [PULL 06/33] s390x/css: introduce css data stream Cornelia Huck
2017-10-06 9:59 ` [Qemu-devel] [PULL 07/33] s390x/css: use ccw " Cornelia Huck
2017-10-06 9:59 ` [Qemu-devel] [PULL 08/33] virtio-ccw: " Cornelia Huck
2017-10-06 9:59 ` Cornelia Huck [this message]
2017-10-06 9:59 ` [Qemu-devel] [PULL 10/33] s390x/css: support ccw IDA Cornelia Huck
2017-10-06 9:59 ` [Qemu-devel] [PULL 11/33] s390x/tcg: fix checking for invalid memory check Cornelia Huck
2017-10-06 9:59 ` [Qemu-devel] [PULL 12/33] s390x/tcg: add MMU for real addresses Cornelia Huck
2017-10-06 9:59 ` [Qemu-devel] [PULL 13/33] s390x/tcg: make lura(g) use the new _real mmu Cornelia Huck
2017-10-06 9:59 ` [Qemu-devel] [PULL 14/33] s390x/tcg: make stora(g) " Cornelia Huck
2017-10-06 9:59 ` [Qemu-devel] [PULL 15/33] s390x/tcg: make testblock " Cornelia Huck
2017-10-06 9:59 ` [Qemu-devel] [PULL 16/33] s390x/tcg: make idte/ipte " Cornelia Huck
2017-10-06 9:59 ` [Qemu-devel] [PULL 17/33] Revert "s390x/ccw: create s390 phb conditionally" Cornelia Huck
2017-10-06 9:59 ` [Qemu-devel] [PULL 18/33] s390x/3270: IDA support for 3270 via CcwDataStream Cornelia Huck
2017-10-06 9:59 ` [Qemu-devel] [PULL 19/33] s390x/3270: handle writes of arbitrary length Cornelia Huck
2017-10-06 9:59 ` [Qemu-devel] [PULL 20/33] MAINTAINERS: use KVM s390x maintainers for kvm-stubs.c and kvm_s390x.h Cornelia Huck
2017-10-06 9:59 ` [Qemu-devel] [PULL 21/33] s390x: raise CPU hotplug irq after really hotplugged Cornelia Huck
2017-10-06 9:59 ` [Qemu-devel] [PULL 22/33] s390x/cpumodel: fix max STFL(E) bit number Cornelia Huck
2017-10-06 9:59 ` [Qemu-devel] [PULL 23/33] target/s390x: get rid of next_core_id Cornelia Huck
2017-10-06 9:59 ` [Qemu-devel] [PULL 24/33] s390x: introduce and use S390_MAX_CPUS Cornelia Huck
2017-10-06 9:59 ` [Qemu-devel] [PULL 25/33] s390x/tcg: make STFL store into the lowcore Cornelia Huck
2017-10-06 9:59 ` [Qemu-devel] [PULL 26/33] s390x: sort some devices into categories Cornelia Huck
2017-10-06 9:59 ` [Qemu-devel] [PULL 27/33] s390x/css: fix css migration compat handling Cornelia Huck
2017-10-06 9:59 ` [Qemu-devel] [PULL 28/33] s390/kvm: Support for get/set of extended TOD-Clock for guest Cornelia Huck
2017-10-06 9:59 ` [Qemu-devel] [PULL 29/33] s390/kvm: make TOD setting failures fatal for migration Cornelia Huck
2017-10-06 9:59 ` [Qemu-devel] [PULL 30/33] s390x/sclp: Mark the sclp device with user_creatable = false Cornelia Huck
2017-10-06 9:59 ` [Qemu-devel] [PULL 31/33] s390x/sclp: mark sclp-cpu-hotplug as non-usercreatable Cornelia Huck
2017-10-06 9:59 ` [Qemu-devel] [PULL 32/33] s390x/tcg: initialize machine check queue Cornelia Huck
2017-10-06 9:59 ` [Qemu-devel] [PULL 33/33] hw/s390x: Mark the "sclpquiesce" device with user_creatable = false Cornelia Huck
2017-10-06 16:00 ` [Qemu-devel] [PULL 00/33] next batch of s390x patches Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171006095956.27534-10-cohuck@redhat.com \
--to=cohuck@redhat.com \
--cc=agraf@suse.de \
--cc=borntraeger@de.ibm.com \
--cc=david@redhat.com \
--cc=pasic@linux.vnet.ibm.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=rth@twiddle.net \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).