From: David Hildenbrand <david@redhat.com>
To: Thomas Huth <thuth@redhat.com>, qemu-devel@nongnu.org
Cc: "Jason J . Herne" <jjherne@linux.ibm.com>,
Janosch Frank <frankja@linux.ibm.com>,
Cornelia Huck <cohuck@redhat.com>,
Richard Henderson <richard.henderson@linaro.org>,
Halil Pasic <pasic@linux.ibm.com>,
Christian Borntraeger <borntraeger@de.ibm.com>,
qemu-s390x@nongnu.org, Claudio Imbrenda <imbrenda@linux.ibm.com>
Subject: Re: [PATCH v1 07/12] s390x/mmu_helper: move address validation into mmu_translate*()
Date: Fri, 6 Aug 2021 10:23:48 +0200 [thread overview]
Message-ID: <cbf6ca90-7309-6dc4-0ff5-c10c93d9ca9a@redhat.com> (raw)
In-Reply-To: <653d280b-98db-91d1-d21a-e6c07aacc972@redhat.com>
On 06.08.21 10:22, Thomas Huth wrote:
> On 06/08/2021 10.20, David Hildenbrand wrote:
>> On 06.08.21 10:18, Thomas Huth wrote:
>>> On 05/08/2021 17.27, David Hildenbrand wrote:
>>>> Let's move address validation into mmu_translate() and
>>>> mmu_translate_real(). This allows for checking whether an absolute
>>>> address is valid before looking up the storage key. We can now get rid of
>>>> the ram_size check.
>>>>
>>>> Interestingly, we're already handling LOAD REAL ADDRESS wrong, because
>>>> a) We're not supposed to touch storage keys
>>>> b) We're not supposed to convert to an absolute address
>>>>
>>>> Let's use a fake, negative MMUAccessType to teach mmu_translate() to
>>>> fix that handling and to not perform address validation.
>>>>
>>>> Signed-off-by: David Hildenbrand <david@redhat.com>
>>>> ---
>>>> target/s390x/mmu_helper.c | 36 ++++++++++++++++++++--------------
>>>> target/s390x/tcg/excp_helper.c | 13 ------------
>>>> target/s390x/tcg/mem_helper.c | 2 +-
>>>> 3 files changed, 22 insertions(+), 29 deletions(-)
>>>>
>>>> diff --git a/target/s390x/mmu_helper.c b/target/s390x/mmu_helper.c
>>>> index ca25dadb5b..36ab4e9c81 100644
>>>> --- a/target/s390x/mmu_helper.c
>>>> +++ b/target/s390x/mmu_helper.c
>>>> @@ -301,14 +301,13 @@ static void mmu_handle_skey(target_ulong addr, int
>>>> rw, int *flags)
>>>> {
>>>> static S390SKeysClass *skeyclass;
>>>> static S390SKeysState *ss;
>>>> - MachineState *ms = MACHINE(qdev_get_machine());
>>>> uint8_t key;
>>>> int rc;
>>>> - if (unlikely(addr >= ms->ram_size)) {
>>>> - return;
>>>> - }
>>>> -
>>>> + /*
>>>> + * We excpect to be called with an absolute address that has already
>>>> been
>>>> + * validated, such that we can reliably use it to lookup the storage
>>>> key.
>>>> + */
>>>> if (unlikely(!ss)) {
>>>> ss = s390_get_skeys_device();
>>>> skeyclass = S390_SKEYS_GET_CLASS(ss);
>>>> @@ -370,7 +369,7 @@ static void mmu_handle_skey(target_ulong addr, int
>>>> rw, int *flags)
>>>> /**
>>>> * Translate a virtual (logical) address into a physical (absolute)
>>>> address.
>>>> * @param vaddr the virtual address
>>>> - * @param rw 0 = read, 1 = write, 2 = code fetch
>>>> + * @param rw 0 = read, 1 = write, 2 = code fetch, < 0 = load real
>>>> address
>>>> * @param asc address space control (one of the PSW_ASC_* modes)
>>>> * @param raddr the translated address is stored to this pointer
>>>> * @param flags the PAGE_READ/WRITE/EXEC flags are stored to this
>>>> pointer
>>>> @@ -449,10 +448,17 @@ int mmu_translate(CPUS390XState *env, target_ulong
>>>> vaddr, int rw, uint64_t asc,
>>>> }
>>>> nodat:
>>>> - /* Convert real address -> absolute address */
>>>> - *raddr = mmu_real2abs(env, *raddr);
>>>> + if (rw >= 0) {
>>>> + /* Convert real address -> absolute address */
>>>> + *raddr = mmu_real2abs(env, *raddr);
>>>> - mmu_handle_skey(*raddr, rw, flags);
>>>> + if (!mmu_absolute_addr_valid(*raddr, rw == MMU_DATA_STORE)) {
>>>> + *tec = 0; /* unused */
>>>> + return PGM_ADDRESSING;
>>>> + }
>>>> +
>>>> + mmu_handle_skey(*raddr, rw, flags);
>>>> + }
>>>> return 0;
>>>> }
>>>> @@ -473,12 +479,6 @@ static int translate_pages(S390CPU *cpu, vaddr addr,
>>>> int nr_pages,
>>>> if (ret) {
>>>> return ret;
>>>> }
>>>> - if (!address_space_access_valid(&address_space_memory, pages[i],
>>>> - TARGET_PAGE_SIZE, is_write,
>>>> - MEMTXATTRS_UNSPECIFIED)) {
>>>> - *tec = 0; /* unused */
>>>> - return PGM_ADDRESSING;
>>>> - }
>>>> addr += TARGET_PAGE_SIZE;
>>>> }
>>>> @@ -588,6 +588,12 @@ int mmu_translate_real(CPUS390XState *env,
>>>> target_ulong raddr, int rw,
>>>> *addr = mmu_real2abs(env, raddr & TARGET_PAGE_MASK);
>>>> + if (!mmu_absolute_addr_valid(*addr, rw == MMU_DATA_STORE)) {
>>>> + /* unused */
>>>> + *tec = 0;
>>>> + return PGM_ADDRESSING;
>>>> + }
>>>> +
>>>> mmu_handle_skey(*addr, rw, flags);
>>>> return 0;
>>>> }
>>>> diff --git a/target/s390x/tcg/excp_helper.c b/target/s390x/tcg/excp_helper.c
>>>> index a61917d04f..3d6662a53c 100644
>>>> --- a/target/s390x/tcg/excp_helper.c
>>>> +++ b/target/s390x/tcg/excp_helper.c
>>>> @@ -150,19 +150,6 @@ bool s390_cpu_tlb_fill(CPUState *cs, vaddr address,
>>>> int size,
>>>> g_assert_not_reached();
>>>> }
>>>> - /* check out of RAM access */
>>>> - if (!excp &&
>>>> - !address_space_access_valid(&address_space_memory, raddr,
>>>> - TARGET_PAGE_SIZE, access_type,
>>>> - MEMTXATTRS_UNSPECIFIED)) {
>>>> - MachineState *ms = MACHINE(qdev_get_machine());
>>>> - qemu_log_mask(CPU_LOG_MMU,
>>>> - "%s: raddr %" PRIx64 " > ram_size %" PRIx64 "\n",
>>>> - __func__, (uint64_t)raddr, (uint64_t)ms->ram_size);
>>>> - excp = PGM_ADDRESSING;
>>>> - tec = 0; /* unused */
>>>> - }
>>>> -
>>>> env->tlb_fill_exc = excp;
>>>> env->tlb_fill_tec = tec;
>>>> diff --git a/target/s390x/tcg/mem_helper.c b/target/s390x/tcg/mem_helper.c
>>>> index a84795cfa3..9c1b9c7d06 100644
>>>> --- a/target/s390x/tcg/mem_helper.c
>>>> +++ b/target/s390x/tcg/mem_helper.c
>>>> @@ -2456,7 +2456,7 @@ uint64_t HELPER(lra)(CPUS390XState *env, uint64_t
>>>> addr)
>>>> tcg_s390_program_interrupt(env, PGM_SPECIAL_OP, GETPC());
>>>> }
>>>> - exc = mmu_translate(env, addr, 0, asc, &ret, &flags, &tec);
>>>> + exc = mmu_translate(env, addr, -1, asc, &ret, &flags, &tec);
>>>
>>> Do we maybe want a #define for this -1 instead? OTOH, you've added a proper
>>> comment to the function description, so that should be ok, too.
>>
>> Ideally, I'd have used a completely new MMU_* type. But affecting all users
>> in QEMU for one special case and having to handle it consequently
>> accordingly all over the place feels wrong.
>>
>> Where would you put the define?
>
> I agree that this should not go into the common header ... so maybe into
> s390x-internal.h ?
Maybe calling it MMU_S390_LRA ?
--
Thanks,
David / dhildenb
next prev parent reply other threads:[~2021-08-06 8:24 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-05 15:27 [PATCH v1 00/12] s390x: skey related fixes, cleanups, and memory device preparations David Hildenbrand
2021-08-05 15:27 ` [PATCH v1 01/12] s390x/tcg: wrap address for RRBE David Hildenbrand
2021-08-06 5:39 ` Thomas Huth
2021-08-05 15:27 ` [PATCH v1 02/12] s390x/tcg: fix ignoring bit 63 when setting the storage key in SSKE David Hildenbrand
2021-08-06 6:19 ` Thomas Huth
2021-08-06 6:25 ` Thomas Huth
2021-08-06 6:31 ` David Hildenbrand
2021-08-05 15:27 ` [PATCH v1 03/12] s390x/tcg: convert real to absolute address for RRBE, SSKE and ISKE David Hildenbrand
2021-08-06 6:50 ` Thomas Huth
2021-08-06 6:52 ` David Hildenbrand
2021-08-06 7:11 ` Thomas Huth
2021-08-06 7:17 ` David Hildenbrand
2021-08-06 11:25 ` Cornelia Huck
2021-08-06 11:32 ` David Hildenbrand
2021-08-05 15:27 ` [PATCH v1 04/12] s390x/tcg: check for addressing exceptions for " David Hildenbrand
2021-08-05 17:33 ` David Hildenbrand
2021-08-05 15:27 ` [PATCH v1 05/12] s390x/mmu_helper: no need to pass access type to mmu_translate_asce() David Hildenbrand
2021-08-06 7:30 ` Thomas Huth
2021-08-06 7:34 ` David Hildenbrand
2021-08-06 7:36 ` Thomas Huth
2021-08-06 7:36 ` David Hildenbrand
2021-08-05 15:27 ` [PATCH v1 06/12] s390x/mmu_helper: fixup mmu_translate() documentation David Hildenbrand
2021-08-06 7:32 ` Thomas Huth
2021-08-05 15:27 ` [PATCH v1 07/12] s390x/mmu_helper: move address validation into mmu_translate*() David Hildenbrand
2021-08-06 8:18 ` Thomas Huth
2021-08-06 8:20 ` David Hildenbrand
2021-08-06 8:22 ` Thomas Huth
2021-08-06 8:23 ` David Hildenbrand [this message]
2021-08-06 8:24 ` Thomas Huth
2021-08-06 8:20 ` Thomas Huth
2021-08-05 15:28 ` [PATCH v1 08/12] s390x/mmu_helper: avoid setting the storage key if nothing changed David Hildenbrand
2021-08-06 8:24 ` Thomas Huth
2021-08-05 15:28 ` [PATCH v1 09/12] hw/s390x/s390-skeys: use memory mapping to detect which storage keys to migrate David Hildenbrand
2021-08-06 8:47 ` Thomas Huth
2021-08-05 15:28 ` [PATCH v1 10/12] hw/s390x/s390-skeys: use memory mapping to detect which storage keys to dump David Hildenbrand
2021-08-06 8:51 ` Thomas Huth
2021-08-05 15:28 ` [PATCH v1 11/12] hw/s390x/s390-skeys: check if an address is valid before dumping the key David Hildenbrand
2021-08-06 8:53 ` Thomas Huth
2021-08-06 8:54 ` David Hildenbrand
2021-08-05 15:28 ` [PATCH v1 12/12] hw/s390x/s390-skeys: lazy storage key enablement under TCG David Hildenbrand
2021-08-06 9:42 ` Thomas Huth
2021-08-06 13:18 ` David Hildenbrand
2021-08-06 13:52 ` Thomas Huth
2021-08-11 8:43 ` David Hildenbrand
2021-08-06 14:13 ` Cornelia Huck
2021-08-06 14:17 ` Thomas Huth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cbf6ca90-7309-6dc4-0ff5-c10c93d9ca9a@redhat.com \
--to=david@redhat.com \
--cc=borntraeger@de.ibm.com \
--cc=cohuck@redhat.com \
--cc=frankja@linux.ibm.com \
--cc=imbrenda@linux.ibm.com \
--cc=jjherne@linux.ibm.com \
--cc=pasic@linux.ibm.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).