From nobody Sat May 18 21:26:34 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1608243513; cv=none; d=zohomail.com; s=zohoarc; b=cfrF9Utuz4FEVjHU1cI8UB1ag0/gVbW2MIP4ei5zyKfMS3Fq1PlfWsyTAPAeEOezUjUYLb3Z1orRzHg6Yut25nuX6+5NAUp10g4+TwV6Gw7kdpS2qIuF1cl5LD9mNXR2cl5pycr/bmq2vXWn0pmDSh14UtMmncKCANyWzdJXa+g= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1608243513; h=Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:To; bh=QEIR9pogHombf8rr59M2NB/yM19mYZSwKConFwUYMG0=; b=IWx+Cnr51TEThxRNau21O7X9bn9JisrZ8JZEoaEdv9rayGXj9m5o60FHva2QfYpIie5eA85rN6+ecZzQFnjxG89aGmS4BpurZVUcZuo6qBfDqMo6FmucPg1EGdWVTM1W9FuOD4XdbpiHadf8iwS263q7b5QGFKjWQqMt1Gc/S7s= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1608243513506655.2839894054097; Thu, 17 Dec 2020 14:18:33 -0800 (PST) Received: from localhost ([::1]:45138 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kq1bS-0002QV-Nx for importer@patchew.org; Thu, 17 Dec 2020 17:18:30 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:52554) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kq1Zq-0001CO-Ow; Thu, 17 Dec 2020 17:16:50 -0500 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:31628 helo=mx0a-001b2d01.pphosted.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kq1Zn-00032F-Fy; Thu, 17 Dec 2020 17:16:50 -0500 Received: from pps.filterd (m0098413.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 0BHM1aVp084085; Thu, 17 Dec 2020 17:16:45 -0500 Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com with ESMTP id 35gfmwrjmg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 17 Dec 2020 17:16:45 -0500 Received: from m0098413.ppops.net (m0098413.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 0BHM1dBH084280; Thu, 17 Dec 2020 17:16:44 -0500 Received: from ppma01wdc.us.ibm.com (fd.55.37a9.ip4.static.sl-reverse.com [169.55.85.253]) by mx0b-001b2d01.pphosted.com with ESMTP id 35gfmwrjm8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 17 Dec 2020 17:16:44 -0500 Received: from pps.filterd (ppma01wdc.us.ibm.com [127.0.0.1]) by ppma01wdc.us.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 0BHM9jph025735; Thu, 17 Dec 2020 22:16:44 GMT Received: from b03cxnp07029.gho.boulder.ibm.com (b03cxnp07029.gho.boulder.ibm.com [9.17.130.16]) by ppma01wdc.us.ibm.com with ESMTP id 35cng9aj89-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 17 Dec 2020 22:16:44 +0000 Received: from b03ledav003.gho.boulder.ibm.com (b03ledav003.gho.boulder.ibm.com [9.17.130.234]) by b03cxnp07029.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 0BHMGg2l16187760 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 17 Dec 2020 22:16:43 GMT Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DA44C6A047; Thu, 17 Dec 2020 22:16:42 +0000 (GMT) Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C71BC6A061; Thu, 17 Dec 2020 22:16:41 +0000 (GMT) Received: from oc4221205838.ibm.com (unknown [9.211.143.229]) by b03ledav003.gho.boulder.ibm.com (Postfix) with ESMTP; Thu, 17 Dec 2020 22:16:41 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references; s=pp1; bh=QEIR9pogHombf8rr59M2NB/yM19mYZSwKConFwUYMG0=; b=Z83LwjvKZdtlto9VO1ETdyZ6kH5eXEKhPSnZ7JpGQavt8psdx39SwIkuQlzviLKmPUon U8+D9xBpyJSIbqtifBMRsk4dxZMCMTxnp8CD12N6K8cCODFWIM/JpfJoWSD+T+9ZGM8J Nenhw4o+uaPsYEYYZBuos+Fi39LjzvWJkdMZCCsYZfqsqDDPQ6tS8gfcLB7HyUgqVA/K 84SBloWdQIL8S/TCZmh8xmX8DrmRKaEn3u3xmIAEdTTI7OuikZR/cQTiVEis81/A1ntG d9xzfFIR4Iqao1djlQ+BVsmiL1i2n6tY4pH2l2l2kjQJjBfjIOJ/PQM/wQe3GFOi5fsG sQ== From: Matthew Rosato To: cohuck@redhat.com, thuth@redhat.com Subject: [PATCH v2 1/2] s390x/pci: fix pcistb length Date: Thu, 17 Dec 2020 17:16:36 -0500 Message-Id: <1608243397-29428-2-git-send-email-mjrosato@linux.ibm.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1608243397-29428-1-git-send-email-mjrosato@linux.ibm.com> References: <1608243397-29428-1-git-send-email-mjrosato@linux.ibm.com> X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.343, 18.0.737 definitions=2020-12-17_14:2020-12-17, 2020-12-17 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 impostorscore=0 priorityscore=1501 mlxscore=0 malwarescore=0 suspectscore=0 bulkscore=0 mlxlogscore=982 spamscore=0 clxscore=1015 adultscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2012170142 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=mjrosato@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: pmorel@linux.ibm.com, david@redhat.com, richard.henderson@linaro.org, qemu-devel@nongnu.org, pasic@linux.ibm.com, borntraeger@de.ibm.com, qemu-s390x@nongnu.org Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" In pcistb_service_call, we are grabbing 8 bits from a guest register to indicate the length of the store operation -- but per the architecture the length is actually defined by 13 bits of the guest register. Fixes: 863f6f52b7 ("s390: implement pci instructions") Signed-off-by: Matthew Rosato Reviewed-by: Pierre Morel Reviewed-by: Christian Borntraeger --- hw/s390x/s390-pci-inst.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/s390x/s390-pci-inst.c b/hw/s390x/s390-pci-inst.c index d9e1e29..e230293 100644 --- a/hw/s390x/s390-pci-inst.c +++ b/hw/s390x/s390-pci-inst.c @@ -755,7 +755,7 @@ int pcistb_service_call(S390CPU *cpu, uint8_t r1, uint8= _t r3, uint64_t gaddr, int i; uint32_t fh; uint8_t pcias; - uint8_t len; + uint16_t len; uint8_t buffer[128]; =20 if (env->psw.mask & PSW_MASK_PSTATE) { @@ -765,7 +765,7 @@ int pcistb_service_call(S390CPU *cpu, uint8_t r1, uint8= _t r3, uint64_t gaddr, =20 fh =3D env->regs[r1] >> 32; pcias =3D (env->regs[r1] >> 16) & 0xf; - len =3D env->regs[r1] & 0xff; + len =3D env->regs[r1] & 0x1fff; offset =3D env->regs[r3]; =20 if (!(fh & FH_MASK_ENABLE)) { --=20 1.8.3.1 From nobody Sat May 18 21:26:34 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1608243516; cv=none; d=zohomail.com; s=zohoarc; b=XiMS515H4RwaZtZry+MZM/59k4FdaOlwZzfcji3b6veBjXoevi9wt2tXB2lLTSmX1s2LN0va5U0oWUVQDpvwvbiecWJfDtD/0blOfBphv/EgqmsXDqxwRIsfH6Q6E9tJ7OZeh4mnbNh8RWj7r0x3XOOgxUg6lLzEPvwi547FW6k= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1608243516; h=Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:To; bh=NqV8Pq1HUKwZb/iAteyrlOi5/s2o5CEqSRp1v53RnTI=; b=e7h++WBSsWSZBn6ORpgd5k8mJycfuDr0//A4q6a5SV2V/ge4WSmnyuB7nMELhmro105iZcTE3boVJ+nQC/fLBtdMBu7pnc5/RgrPQwFsYQ3RZpN6C8Epfq02mEigPI6eZrAQrR0B7JL+kKcc/paZ2japxw1UZ7g60AIoMs/F6ho= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1608243516591703.8104896249237; Thu, 17 Dec 2020 14:18:36 -0800 (PST) Received: from localhost ([::1]:45398 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kq1bW-0002X1-7s for importer@patchew.org; Thu, 17 Dec 2020 17:18:34 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:52566) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kq1Zu-0001Ds-PJ; Thu, 17 Dec 2020 17:16:56 -0500 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:6662) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kq1Zo-00032R-3b; Thu, 17 Dec 2020 17:16:54 -0500 Received: from pps.filterd (m0098421.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 0BHMBTH8035504; Thu, 17 Dec 2020 17:16:46 -0500 Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 35gfwfg37v-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 17 Dec 2020 17:16:46 -0500 Received: from m0098421.ppops.net (m0098421.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 0BHMBeiu035788; Thu, 17 Dec 2020 17:16:46 -0500 Received: from ppma01wdc.us.ibm.com (fd.55.37a9.ip4.static.sl-reverse.com [169.55.85.253]) by mx0a-001b2d01.pphosted.com with ESMTP id 35gfwfg37n-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 17 Dec 2020 17:16:46 -0500 Received: from pps.filterd (ppma01wdc.us.ibm.com [127.0.0.1]) by ppma01wdc.us.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 0BHM9jBF025740; Thu, 17 Dec 2020 22:16:45 GMT Received: from b03cxnp07028.gho.boulder.ibm.com (b03cxnp07028.gho.boulder.ibm.com [9.17.130.15]) by ppma01wdc.us.ibm.com with ESMTP id 35cng9aj8c-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 17 Dec 2020 22:16:45 +0000 Received: from b03ledav003.gho.boulder.ibm.com (b03ledav003.gho.boulder.ibm.com [9.17.130.234]) by b03cxnp07028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 0BHMGib530933492 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 17 Dec 2020 22:16:44 GMT Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 290836A047; Thu, 17 Dec 2020 22:16:44 +0000 (GMT) Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 09C4F6A07C; Thu, 17 Dec 2020 22:16:43 +0000 (GMT) Received: from oc4221205838.ibm.com (unknown [9.211.143.229]) by b03ledav003.gho.boulder.ibm.com (Postfix) with ESMTP; Thu, 17 Dec 2020 22:16:42 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references; s=pp1; bh=NqV8Pq1HUKwZb/iAteyrlOi5/s2o5CEqSRp1v53RnTI=; b=AdrbU7finpj5PPhYz4DSa8H1E5QIWh8UV0j3Up6gB+OHgmjSbkfeQib/852IRKJCUdgk th4wDWzUQMDsKe0giBYU/RCOgaJ5yEQMvTlxoSi9quW5Pw6BO5y8VXG0xnpuTMmgV6vK bIB7gbGwtcpanIBC3T5+zc8q3phJcz+VN7LsxILOTRndZdF9w9zDDg+UIzO1TdFM4IBu zRmXDiW10wWKiRe3ySj8UgJamYmXUs29rMH+966JYUYrkef17GC0m9jBO5BCXVNp87ni q/MQBo6NdcwVD0mIkMBA2flBSSXs+ZfurDnR//6yXBeazVJQSdAh6YZInsBSUjF2wh+q aQ== From: Matthew Rosato To: cohuck@redhat.com, thuth@redhat.com Subject: [PATCH v2 2/2] s390x/pci: Fix memory_region_access_valid call Date: Thu, 17 Dec 2020 17:16:37 -0500 Message-Id: <1608243397-29428-3-git-send-email-mjrosato@linux.ibm.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1608243397-29428-1-git-send-email-mjrosato@linux.ibm.com> References: <1608243397-29428-1-git-send-email-mjrosato@linux.ibm.com> X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.343, 18.0.737 definitions=2020-12-17_14:2020-12-17, 2020-12-17 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 malwarescore=0 phishscore=0 priorityscore=1501 impostorscore=0 suspectscore=0 spamscore=0 adultscore=0 mlxlogscore=903 mlxscore=0 bulkscore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2012170142 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=mjrosato@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: pmorel@linux.ibm.com, david@redhat.com, richard.henderson@linaro.org, qemu-devel@nongnu.org, pasic@linux.ibm.com, borntraeger@de.ibm.com, qemu-s390x@nongnu.org Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" In pcistb_service_handler, a call is made to validate that the memory region can be accessed. However, the call is made using the entire length of the pcistb operation, which can be larger than the allowed memory access size (8). Since we already know that the provided buffer is a multiple of 8, fix the call to memory_region_access_valid to iterate over the memory region in the same way as the subsequent call to memory_region_dispatch_write. Fixes: 863f6f52b7 ("s390: implement pci instructions") Signed-off-by: Matthew Rosato Acked-by: Pierre Morel Reviewed-by: Thomas Huth --- hw/s390x/s390-pci-inst.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/hw/s390x/s390-pci-inst.c b/hw/s390x/s390-pci-inst.c index e230293..76b08a3 100644 --- a/hw/s390x/s390-pci-inst.c +++ b/hw/s390x/s390-pci-inst.c @@ -821,10 +821,12 @@ int pcistb_service_call(S390CPU *cpu, uint8_t r1, uin= t8_t r3, uint64_t gaddr, mr =3D s390_get_subregion(mr, offset, len); offset -=3D mr->addr; =20 - if (!memory_region_access_valid(mr, offset, len, true, - MEMTXATTRS_UNSPECIFIED)) { - s390_program_interrupt(env, PGM_OPERAND, ra); - return 0; + for (i =3D 0; i < len; i +=3D 8) { + if (!memory_region_access_valid(mr, offset + i, 8, true, + MEMTXATTRS_UNSPECIFIED)) { + s390_program_interrupt(env, PGM_OPERAND, ra); + return 0; + } } =20 if (s390_cpu_virt_mem_read(cpu, gaddr, ar, buffer, len)) { --=20 1.8.3.1