From nobody Sun May 5 03:36:42 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1501022788617153.5527621392522; Tue, 25 Jul 2017 15:46:28 -0700 (PDT) Received: from localhost ([::1]:34942 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1da8au-0003Qg-LZ for importer@patchew.org; Tue, 25 Jul 2017 18:46:24 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:34504) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1da8ZU-0002Yi-TF for qemu-devel@nongnu.org; Tue, 25 Jul 2017 18:44:58 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1da8ZR-0003Ut-Qp for qemu-devel@nongnu.org; Tue, 25 Jul 2017 18:44:56 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:58078 helo=mx0a-001b2d01.pphosted.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1da8ZR-0003Tp-Lp for qemu-devel@nongnu.org; Tue, 25 Jul 2017 18:44:53 -0400 Received: from pps.filterd (m0098414.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id v6PMiLJU091550 for ; Tue, 25 Jul 2017 18:44:52 -0400 Received: from e06smtp14.uk.ibm.com (e06smtp14.uk.ibm.com [195.75.94.110]) by mx0b-001b2d01.pphosted.com with ESMTP id 2bxcaaycx0-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Tue, 25 Jul 2017 18:44:52 -0400 Received: from localhost by e06smtp14.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 25 Jul 2017 23:44:50 +0100 Received: from b06cxnps4076.portsmouth.uk.ibm.com (9.149.109.198) by e06smtp14.uk.ibm.com (192.168.101.144) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Tue, 25 Jul 2017 23:44:48 +0100 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06cxnps4076.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id v6PMimeN23134346; Tue, 25 Jul 2017 22:44:48 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9C94E11C050; Tue, 25 Jul 2017 23:42:02 +0100 (BST) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5F4BC11C04C; Tue, 25 Jul 2017 23:42:02 +0100 (BST) Received: from tuxmaker.boeblingen.de.ibm.com (unknown [9.152.85.9]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTPS; Tue, 25 Jul 2017 23:42:02 +0100 (BST) From: Halil Pasic To: Christian Borntraeger , Cornelia Huck , "Dong Jia Shi" Date: Wed, 26 Jul 2017 00:44:41 +0200 X-Mailer: git-send-email 2.11.2 In-Reply-To: <20170725224442.13383-1-pasic@linux.vnet.ibm.com> References: <20170725224442.13383-1-pasic@linux.vnet.ibm.com> X-TM-AS-GCONF: 00 x-cbid: 17072522-0016-0000-0000-000004DA2A74 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17072522-0017-0000-0000-00002810924A Message-Id: <20170725224442.13383-2-pasic@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-07-25_09:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1706020000 definitions=main-1707250351 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] [fuzzy] X-Received-From: 148.163.158.5 Subject: [Qemu-devel] [PATCH 1/2] s390x/css: check ccw address validity X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Halil Pasic , qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" According to the PoP channel command words (CCW) must be doubleword aligned and 31 bit addressable for format 1 and 24 bit addressable for format 0 CCWs. If the channel subsystem encounters ccw address which does not satisfy this alignment requirement a program-check condition is recognised. The situation with 31 bit addressable is a bit more complicated: both the ORB and a format 1 CCW TIC hold the address of the (rest of) the channel program, that is the address of the next CCW in a word, and the PoP mandates that bit 0 of that word shall be zero -- or a program-check condition is to be recognized -- and does not belong to the field holding the ccw address. Since in code the corresponding fields span across the whole word (unlike in PoP where these are defined as 31 bit wide) we can check this by applying a mask. The 24 addressable case isn't affecting TIC because the address is composed of a halfword and a byte portion (no additional zero bit requirements) and just slightly complicates the ORB case where also bits 1-7 need to be zero. Let's make our CSS implementation follow the AR more closely. Signed-off-by: Halil Pasic --- Note: Checking for 31 bit addressable ain't strictly necessary: According to the AR the all zero fields of the ORB may or may not be checked during the execution of SSCH. We do check the corresponding single bit field of the ORB and respond to it accordingly. Using the same mask for TIC and for ORB does not hurt. --- hw/s390x/css.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/hw/s390x/css.c b/hw/s390x/css.c index 6a42b95cee..d17e21b7af 100644 --- a/hw/s390x/css.c +++ b/hw/s390x/css.c @@ -24,6 +24,9 @@ #include "hw/s390x/s390_flic.h" #include "hw/s390x/s390-virtio-ccw.h" =20 +/* CCWs are doubleword aligned and addressable by 31 bit */ +#define CCW1_ADDR_MASK 0x80000007 + typedef struct CrwContainer { CRW crw; QTAILQ_ENTRY(CrwContainer) sibling; @@ -885,6 +888,10 @@ static int css_interpret_ccw(SubchDev *sch, hwaddr ccw= _addr, ret =3D -EINVAL; break; } + if (ccw.cda & CCW1_ADDR_MASK) { + ret =3D -EINVAL; + break; + } sch->channel_prog =3D ccw.cda; ret =3D -EAGAIN; break; @@ -946,6 +953,17 @@ static void sch_handle_start_func_virtual(SubchDev *sc= h) suspend_allowed =3D true; } sch->last_cmd_valid =3D false; + if (sch->channel_prog & (CCW1_ADDR_MASK | + sch->ccw_fmt_1 ? 0 : 0xff000000)) { + /* generate channel program check */ + s->ctrl &=3D ~SCSW_ACTL_START_PEND; + s->cstat =3D SCSW_CSTAT_PROG_CHECK; + s->ctrl &=3D ~SCSW_CTRL_MASK_STCTL; + s->ctrl |=3D SCSW_STCTL_PRIMARY | SCSW_STCTL_SECONDARY | + SCSW_STCTL_ALERT | SCSW_STCTL_STATUS_PEND; + s->cpa =3D sch->channel_prog + 8; + return; + } do { ret =3D css_interpret_ccw(sch, sch->channel_prog, suspend_allowed); switch (ret) { --=20 2.11.2 From nobody Sun May 5 03:36:42 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1501022792167833.1557061875367; Tue, 25 Jul 2017 15:46:32 -0700 (PDT) Received: from localhost ([::1]:34944 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1da8b0-0003VR-KH for importer@patchew.org; Tue, 25 Jul 2017 18:46:30 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:34524) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1da8ZY-0002ZZ-AU for qemu-devel@nongnu.org; Tue, 25 Jul 2017 18:45:01 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1da8ZV-0003Yn-9e for qemu-devel@nongnu.org; Tue, 25 Jul 2017 18:45:00 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:47444) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1da8ZU-0003XL-WB for qemu-devel@nongnu.org; Tue, 25 Jul 2017 18:44:57 -0400 Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id v6PMiqXA033562 for ; Tue, 25 Jul 2017 18:44:54 -0400 Received: from e06smtp15.uk.ibm.com (e06smtp15.uk.ibm.com [195.75.94.111]) by mx0a-001b2d01.pphosted.com with ESMTP id 2bxavfubnq-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Tue, 25 Jul 2017 18:44:54 -0400 Received: from localhost by e06smtp15.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 25 Jul 2017 23:44:51 +0100 Received: from b06cxnps4074.portsmouth.uk.ibm.com (9.149.109.196) by e06smtp15.uk.ibm.com (192.168.101.145) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Tue, 25 Jul 2017 23:44:50 +0100 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06cxnps4074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id v6PMin6m28049654; Tue, 25 Jul 2017 22:44:49 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E7CF011C04C; Tue, 25 Jul 2017 23:42:03 +0100 (BST) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AABAD11C04A; Tue, 25 Jul 2017 23:42:03 +0100 (BST) Received: from tuxmaker.boeblingen.de.ibm.com (unknown [9.152.85.9]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTPS; Tue, 25 Jul 2017 23:42:03 +0100 (BST) From: Halil Pasic To: Christian Borntraeger , Cornelia Huck , "Dong Jia Shi" Date: Wed, 26 Jul 2017 00:44:42 +0200 X-Mailer: git-send-email 2.11.2 In-Reply-To: <20170725224442.13383-1-pasic@linux.vnet.ibm.com> References: <20170725224442.13383-1-pasic@linux.vnet.ibm.com> X-TM-AS-GCONF: 00 x-cbid: 17072522-0020-0000-0000-000003A51D82 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17072522-0021-0000-0000-0000422E82D2 Message-Id: <20170725224442.13383-3-pasic@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-07-25_09:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1706020000 definitions=main-1707250351 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] [fuzzy] X-Received-From: 148.163.156.1 Subject: [Qemu-devel] [PATCH 2/2] s390x/css: fix bits must be zero check for TIC X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Halil Pasic , qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" According to the PoP bit positions 0-3 and 8-32 of the format-1 CCW must contain zeros. Bits 0-3 are already covered by cmd_code validity checking, and bit 32 is covered by the CCW address checking. Bits 8-31 correspond to CCW1.flags and CCW1.count. Currently we only check for the absence of certain flags. Let's fix this. Signed-off-by: Halil Pasic Reviewed-by: Dong Jia Shi --- hw/s390x/css.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/s390x/css.c b/hw/s390x/css.c index d17e21b7af..1f04ce4a1b 100644 --- a/hw/s390x/css.c +++ b/hw/s390x/css.c @@ -884,7 +884,8 @@ static int css_interpret_ccw(SubchDev *sch, hwaddr ccw_= addr, ret =3D -EINVAL; break; } - if (ccw.flags & (CCW_FLAG_CC | CCW_FLAG_DC)) { + if (ccw.flags || ccw.count) { + /* We have already sanitized these if fmt 0. */ ret =3D -EINVAL; break; } --=20 2.11.2