From: Cornelia Huck <cohuck@redhat.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: Stefan Liebler <stli@linux.ibm.com>,
David Hildenbrand <david@redhat.com>,
Andreas Krebbel <Andreas.Krebbel@de.ibm.com>,
Richard Henderson <richard.henderson@linaro.org>,
qemu-devel@nongnu.org, qemu-s390x@nongnu.org
Subject: [Qemu-devel] [PULL v2 10/34] s390x/tcg: Store only the necessary amount of doublewords for STFLE
Date: Fri, 7 Jun 2019 16:17:03 +0200 [thread overview]
Message-ID: <20190607141727.29018-11-cohuck@redhat.com> (raw)
In-Reply-To: <20190607141727.29018-1-cohuck@redhat.com>
From: David Hildenbrand <david@redhat.com>
The PoP (z14, 7-382) says:
Doublewords to the right of the doubleword in which the
highest-numbered facility bit is assigned for a model
may or may not be stored.
However, stack protection in certain binaries can't deal with that.
"gzip" example code:
f1b4: a7 08 00 03 lhi %r0,3
f1b8: b2 b0 f0 a0 stfle 160(%r15)
f1bc: e3 20 f0 b2 00 90 llgc %r2,178(%r15)
f1c2: c0 2b 00 00 00 01 nilf %r2,1
f1c8: b2 4f 00 10 ear %r1,%a0
f1cc: b9 14 00 22 lgfr %r2,%r2
f1d0: eb 11 00 20 00 0d sllg %r1,%r1,32
f1d6: b2 4f 00 11 ear %r1,%a1
f1da: d5 07 f0 b8 10 28 clc 184(8,%r15),40(%r1)
f1e0: a7 74 00 06 jne f1ec <file_read@@Base+0x1bc>
f1e4: eb ef f1 30 00 04 lmg %r14,%r15,304(%r15)
f1ea: 07 fe br %r14
f1ec: c0 e5 ff ff 9d 6e brasl %r14,2cc8 <__stack_chk_fail@plt>
In QEMU, we currently have:
max_bytes = 24
the code asks for (3 + 1) doublewords == 32 bytes.
If we write 32 bytes instead of only 24, and return "2 + 1" doublewords
("one less than the number of doulewords needed to contain all of the
facility bits"), the example code detects a stack corruption.
In my opinion, the code is wrong. However, it seems to work fine on
real machines. So let's limit storing to the minimum of the requested
and the maximum doublewords.
Cc: Stefan Liebler <stli@linux.ibm.com>
Cc: Andreas Krebbel <Andreas.Krebbel@de.ibm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Hildenbrand <david@redhat.com>
---
target/s390x/misc_helper.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/target/s390x/misc_helper.c b/target/s390x/misc_helper.c
index 34476134a407..10aa617cf9c5 100644
--- a/target/s390x/misc_helper.c
+++ b/target/s390x/misc_helper.c
@@ -678,7 +678,13 @@ uint32_t HELPER(stfle)(CPUS390XState *env, uint64_t addr)
prepare_stfl();
max_bytes = ROUND_UP(used_stfl_bytes, 8);
- for (i = 0; i < count_bytes; ++i) {
+
+ /*
+ * The PoP says that doublewords beyond the highest-numbered facility
+ * bit may or may not be stored. However, existing hardware appears to
+ * not store the words, and existing software depend on that.
+ */
+ for (i = 0; i < MIN(count_bytes, max_bytes); ++i) {
cpu_stb_data_ra(env, addr + i, stfl_bytes[i], ra);
}
--
2.20.1
next prev parent reply other threads:[~2019-06-07 14:52 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-07 14:16 [Qemu-devel] [PULL v2 00/34] s390x updates Cornelia Huck
2019-06-07 14:16 ` [Qemu-devel] [PULL v2 01/34] MAINTAINERS: cover tests/migration/s390x/ Cornelia Huck
2019-06-07 14:16 ` [Qemu-devel] [PULL v2 02/34] s390x/tcg: Implement VECTOR FIND ANY ELEMENT EQUAL Cornelia Huck
2019-06-07 14:16 ` [Qemu-devel] [PULL v2 03/34] s390x/tcg: Implement VECTOR FIND " Cornelia Huck
2019-06-07 14:16 ` [Qemu-devel] [PULL v2 04/34] s390x/tcg: Implement VECTOR FIND ELEMENT NOT EQUAL Cornelia Huck
2019-06-07 14:16 ` [Qemu-devel] [PULL v2 05/34] s390x/tcg: Implement VECTOR ISOLATE STRING Cornelia Huck
2019-06-07 14:16 ` [Qemu-devel] [PULL v2 06/34] s390x/tcg: Implement VECTOR STRING RANGE COMPARE Cornelia Huck
2019-06-07 14:17 ` [Qemu-devel] [PULL v2 07/34] s390x: Align vector registers to 16 bytes Cornelia Huck
2019-06-07 14:17 ` [Qemu-devel] [PULL v2 08/34] s390x: Use uint64_t for vector registers Cornelia Huck
2019-06-07 14:17 ` [Qemu-devel] [PULL v2 09/34] s390x/tcg: Fix max_byte detection for stfle Cornelia Huck
2019-06-07 14:17 ` Cornelia Huck [this message]
2019-06-07 14:17 ` [Qemu-devel] [PULL v2 11/34] s390x/tcg: Introduce tcg_s390_vector_exception() Cornelia Huck
2019-06-07 14:17 ` [Qemu-devel] [PULL v2 12/34] s390x/tcg: Export float_comp_to_cc() and float(32|64|128)_dcmask() Cornelia Huck
2019-06-07 14:17 ` [Qemu-devel] [PULL v2 13/34] s390x/tcg: Implement VECTOR FP ADD Cornelia Huck
2019-06-07 14:17 ` [Qemu-devel] [PULL v2 14/34] s390x/tcg: Implement VECTOR FP COMPARE (AND SIGNAL) SCALAR Cornelia Huck
2019-06-07 14:17 ` [Qemu-devel] [PULL v2 15/34] s390x/tcg: Implement VECTOR FP COMPARE (EQUAL|HIGH|HIGH OR EQUAL) Cornelia Huck
2019-06-07 14:17 ` [Qemu-devel] [PULL v2 16/34] s390x/tcg: Implement VECTOR FP CONVERT FROM FIXED 64-BIT Cornelia Huck
2019-06-07 14:17 ` [Qemu-devel] [PULL v2 17/34] s390x/tcg: Implement VECTOR FP CONVERT FROM LOGICAL 64-BIT Cornelia Huck
2019-06-07 14:17 ` [Qemu-devel] [PULL v2 18/34] s390x/tcg: Implement VECTOR FP CONVERT TO FIXED 64-BIT Cornelia Huck
2019-06-07 14:17 ` [Qemu-devel] [PULL v2 19/34] s390x/tcg: Implement VECTOR FP CONVERT TO LOGICAL 64-BIT Cornelia Huck
2019-06-07 14:17 ` [Qemu-devel] [PULL v2 20/34] s390x/tcg: Implement VECTOR FP DIVIDE Cornelia Huck
2019-06-07 14:17 ` [Qemu-devel] [PULL v2 21/34] s390x/tcg: Implement VECTOR LOAD FP INTEGER Cornelia Huck
2019-06-07 14:17 ` [Qemu-devel] [PULL v2 22/34] s390x/tcg: Implement VECTOR LOAD LENGTHENED Cornelia Huck
2019-06-07 14:17 ` [Qemu-devel] [PULL v2 23/34] s390x/tcg: Implement VECTOR LOAD ROUNDED Cornelia Huck
2019-06-07 14:17 ` [Qemu-devel] [PULL v2 24/34] s390x/tcg: Implement VECTOR FP MULTIPLY Cornelia Huck
2019-06-07 14:17 ` [Qemu-devel] [PULL v2 25/34] s390x/tcg: Implement VECTOR FP MULTIPLY AND (ADD|SUBTRACT) Cornelia Huck
2019-06-07 14:17 ` [Qemu-devel] [PULL v2 26/34] s390x/tcg: Implement VECTOR FP PERFORM SIGN OPERATION Cornelia Huck
2019-06-07 14:17 ` [Qemu-devel] [PULL v2 27/34] s390x/tcg: Implement VECTOR FP SQUARE ROOT Cornelia Huck
2019-06-07 14:17 ` [Qemu-devel] [PULL v2 28/34] s390x/tcg: Implement VECTOR FP SUBTRACT Cornelia Huck
2019-06-07 14:17 ` [Qemu-devel] [PULL v2 29/34] s390x/tcg: Implement VECTOR FP TEST DATA CLASS IMMEDIATE Cornelia Huck
2019-06-07 14:17 ` [Qemu-devel] [PULL v2 30/34] s390x/tcg: Allow linux-user to use vector instructions Cornelia Huck
2019-06-07 14:17 ` [Qemu-devel] [PULL v2 31/34] s390x/tcg: We support the Vector Facility Cornelia Huck
2019-06-07 14:17 ` [Qemu-devel] [PULL v2 32/34] s390x: Bump the "qemu" CPU model up to a stripped-down z13 Cornelia Huck
2019-06-07 14:17 ` [Qemu-devel] [PULL v2 33/34] s390x/tcg: Use tcg_gen_gvec_bitsel for VECTOR SELECT Cornelia Huck
2019-06-07 14:17 ` [Qemu-devel] [PULL v2 34/34] linux-user: elf: ELF_HWCAP for s390x Cornelia Huck
2019-06-07 15:14 ` [Qemu-devel] [PULL v2 00/34] s390x updates Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190607141727.29018-11-cohuck@redhat.com \
--to=cohuck@redhat.com \
--cc=Andreas.Krebbel@de.ibm.com \
--cc=david@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=stli@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).