From: Daniel Henrique Barboza <danielhb413@gmail.com>
To: qemu-devel@nongnu.org
Cc: qemu-ppc@nongnu.org, danielhb413@gmail.com,
peter.maydell@linaro.org, richard.henderson@linaro.org,
Leandro Lupori <leandro.lupori@eldorado.org.br>,
Fabiano Rosas <farosas@linux.ibm.com>
Subject: [PULL 28/30] ppc: Check partition and process table alignment
Date: Mon, 18 Jul 2022 14:22:06 -0300 [thread overview]
Message-ID: <20220718172208.1247624-29-danielhb413@gmail.com> (raw)
In-Reply-To: <20220718172208.1247624-1-danielhb413@gmail.com>
From: Leandro Lupori <leandro.lupori@eldorado.org.br>
Check if partition and process tables are properly aligned, in
their size, according to PowerISA 3.1B, Book III 6.7.6 programming
note. Hardware and KVM also raise an exception in these cases.
Signed-off-by: Leandro Lupori <leandro.lupori@eldorado.org.br>
Reviewed-by: Fabiano Rosas <farosas@linux.ibm.com>
Message-Id: <20220628133959.15131-2-leandro.lupori@eldorado.org.br>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
---
hw/ppc/spapr.c | 5 +++++
hw/ppc/spapr_hcall.c | 9 +++++++++
target/ppc/mmu-book3s-v3.c | 5 +++++
target/ppc/mmu-radix64.c | 17 +++++++++++++----
4 files changed, 32 insertions(+), 4 deletions(-)
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 3a5112899e..bc9ba6e6dc 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1336,6 +1336,11 @@ static bool spapr_get_pate(PPCVirtualHypervisor *vhyp, PowerPCCPU *cpu,
patb = spapr->nested_ptcr & PTCR_PATB;
pats = spapr->nested_ptcr & PTCR_PATS;
+ /* Check if partition table is properly aligned */
+ if (patb & MAKE_64BIT_MASK(0, pats + 12)) {
+ return false;
+ }
+
/* Calculate number of entries */
pats = 1ull << (pats + 12 - 4);
if (pats <= lpid) {
diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
index d761a7d0c3..a8d4a6bcf0 100644
--- a/hw/ppc/spapr_hcall.c
+++ b/hw/ppc/spapr_hcall.c
@@ -920,6 +920,7 @@ static target_ulong h_register_process_table(PowerPCCPU *cpu,
target_ulong page_size = args[2];
target_ulong table_size = args[3];
target_ulong update_lpcr = 0;
+ target_ulong table_byte_size;
uint64_t cproc;
if (flags & ~FLAGS_MASK) { /* Check no reserved bits are set */
@@ -927,6 +928,14 @@ static target_ulong h_register_process_table(PowerPCCPU *cpu,
}
if (flags & FLAG_MODIFY) {
if (flags & FLAG_REGISTER) {
+ /* Check process table alignment */
+ table_byte_size = 1ULL << (table_size + 12);
+ if (proc_tbl & (table_byte_size - 1)) {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "%s: process table not properly aligned: proc_tbl 0x"
+ TARGET_FMT_lx" proc_tbl_size 0x"TARGET_FMT_lx"\n",
+ __func__, proc_tbl, table_byte_size);
+ }
if (flags & FLAG_RADIX) { /* Register new RADIX process table */
if (proc_tbl & 0xfff || proc_tbl >> 60) {
return H_P2;
diff --git a/target/ppc/mmu-book3s-v3.c b/target/ppc/mmu-book3s-v3.c
index f4985bae78..c8f69b3df9 100644
--- a/target/ppc/mmu-book3s-v3.c
+++ b/target/ppc/mmu-book3s-v3.c
@@ -28,6 +28,11 @@ bool ppc64_v3_get_pate(PowerPCCPU *cpu, target_ulong lpid, ppc_v3_pate_t *entry)
uint64_t patb = cpu->env.spr[SPR_PTCR] & PTCR_PATB;
uint64_t pats = cpu->env.spr[SPR_PTCR] & PTCR_PATS;
+ /* Check if partition table is properly aligned */
+ if (patb & MAKE_64BIT_MASK(0, pats + 12)) {
+ return false;
+ }
+
/* Calculate number of entries */
pats = 1ull << (pats + 12 - 4);
if (pats <= lpid) {
diff --git a/target/ppc/mmu-radix64.c b/target/ppc/mmu-radix64.c
index 21ac958e48..9a8a2e2875 100644
--- a/target/ppc/mmu-radix64.c
+++ b/target/ppc/mmu-radix64.c
@@ -383,7 +383,7 @@ static int ppc_radix64_process_scoped_xlate(PowerPCCPU *cpu,
{
CPUState *cs = CPU(cpu);
CPUPPCState *env = &cpu->env;
- uint64_t offset, size, prtbe_addr, prtbe0, base_addr, nls, index, pte;
+ uint64_t offset, size, prtb, prtbe_addr, prtbe0, base_addr, nls, index, pte;
int fault_cause = 0, h_page_size, h_prot;
hwaddr h_raddr, pte_addr;
int ret;
@@ -393,9 +393,18 @@ static int ppc_radix64_process_scoped_xlate(PowerPCCPU *cpu,
__func__, access_str(access_type),
eaddr, mmu_idx, pid);
+ prtb = (pate.dw1 & PATE1_R_PRTB);
+ size = 1ULL << ((pate.dw1 & PATE1_R_PRTS) + 12);
+ if (prtb & (size - 1)) {
+ /* Process Table not properly aligned */
+ if (guest_visible) {
+ ppc_radix64_raise_si(cpu, access_type, eaddr, DSISR_R_BADCONFIG);
+ }
+ return 1;
+ }
+
/* Index Process Table by PID to Find Corresponding Process Table Entry */
offset = pid * sizeof(struct prtb_entry);
- size = 1ULL << ((pate.dw1 & PATE1_R_PRTS) + 12);
if (offset >= size) {
/* offset exceeds size of the process table */
if (guest_visible) {
@@ -403,7 +412,7 @@ static int ppc_radix64_process_scoped_xlate(PowerPCCPU *cpu,
}
return 1;
}
- prtbe_addr = (pate.dw1 & PATE1_R_PRTB) + offset;
+ prtbe_addr = prtb + offset;
if (vhyp_flat_addressing(cpu)) {
prtbe0 = ldq_phys(cs->as, prtbe_addr);
@@ -568,7 +577,7 @@ static bool ppc_radix64_xlate_impl(PowerPCCPU *cpu, vaddr eaddr,
return false;
}
- /* Get Process Table */
+ /* Get Partition Table */
if (cpu->vhyp) {
PPCVirtualHypervisorClass *vhc;
vhc = PPC_VIRTUAL_HYPERVISOR_GET_CLASS(cpu->vhyp);
--
2.36.1
next prev parent reply other threads:[~2022-07-18 17:59 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-18 17:21 [PULL 00/30] ppc queue Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 01/30] ppc64: Allocate IRQ lines with qdev_init_gpio_in() Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 02/30] ppc/40x: " Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 03/30] ppc/6xx: " Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 04/30] ppc/e500: " Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 05/30] ppc: Remove unused irq_inputs Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 06/30] hw/ppc: pass random seed to fdt Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 07/30] target/ppc/kvm: Skip current and parent directories in kvmppc_find_cpu_dt Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 08/30] target/ppc: Fix gen_priv_exception error value in mfspr/mtspr Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 09/30] target/ppc: fix exception error value in slbfee Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 10/30] target/ppc: remove mfdcrux and mtdcrux Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 11/30] target/ppc: fix exception error code in helper_{load, store}_dcr Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 12/30] target/ppc: fix PMU Group A register read/write exceptions Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 13/30] target/ppc: fix exception error code in spr_write_excp_vector Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 14/30] target/ppc: Move tlbie[l] to decode tree Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 15/30] target/ppc: Implement ISA 3.00 tlbie[l] Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 16/30] target/ppc: receive DisasContext explicitly in GEN_PRIV Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 17/30] target/ppc: add macros to check privilege level Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 18/30] target/ppc: Move slbie to decodetree Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 19/30] target/ppc: Move slbieg " Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 20/30] target/ppc: Move slbia " Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 21/30] target/ppc: Move slbmte " Daniel Henrique Barboza
2022-07-18 17:22 ` [PULL 22/30] target/ppc: Move slbmfev " Daniel Henrique Barboza
2022-07-18 17:22 ` [PULL 23/30] target/ppc: Move slbmfee " Daniel Henrique Barboza
2022-07-18 17:22 ` [PULL 24/30] target/ppc: Move slbfee " Daniel Henrique Barboza
2022-07-18 17:22 ` [PULL 25/30] target/ppc: Move slbsync " Daniel Henrique Barboza
2022-07-18 17:22 ` [PULL 26/30] target/ppc: Implement slbiag Daniel Henrique Barboza
2022-07-18 17:22 ` [PULL 27/30] target/ppc: check tb_env != 0 before printing TBU/TBL/DECR Daniel Henrique Barboza
2022-07-18 17:22 ` Daniel Henrique Barboza [this message]
2022-07-18 17:22 ` [PULL 29/30] target/ppc: Improve Radix xlate level validation Daniel Henrique Barboza
2022-07-18 17:22 ` [PULL 30/30] target/ppc: Check page dir/table base alignment Daniel Henrique Barboza
2022-07-19 8:56 ` [PULL 00/30] ppc queue Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220718172208.1247624-29-danielhb413@gmail.com \
--to=danielhb413@gmail.com \
--cc=farosas@linux.ibm.com \
--cc=leandro.lupori@eldorado.org.br \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
--cc=richard.henderson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).