From nobody Tue Feb 10 12:45:13 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 150728445638921.62022548225991; Fri, 6 Oct 2017 03:07:36 -0700 (PDT) Received: from localhost ([::1]:43901 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0PXL-0002km-UT for importer@patchew.org; Fri, 06 Oct 2017 06:07:19 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58713) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0PQz-0005sY-Vz for qemu-devel@nongnu.org; Fri, 06 Oct 2017 06:00:51 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e0PQw-0007al-46 for qemu-devel@nongnu.org; Fri, 06 Oct 2017 06:00:46 -0400 Received: from mx1.redhat.com ([209.132.183.28]:50946) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e0PQv-0007Zw-R9 for qemu-devel@nongnu.org; Fri, 06 Oct 2017 06:00:42 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 8DCCC7E381; Fri, 6 Oct 2017 10:00:40 +0000 (UTC) Received: from localhost (dhcp-192-215.str.redhat.com [10.33.192.215]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 33B936253C; Fri, 6 Oct 2017 10:00:37 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 8DCCC7E381 Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=cohuck@redhat.com From: Cornelia Huck To: peter.maydell@linaro.org Date: Fri, 6 Oct 2017 11:59:32 +0200 Message-Id: <20171006095956.27534-10-cohuck@redhat.com> In-Reply-To: <20171006095956.27534-1-cohuck@redhat.com> References: <20171006095956.27534-1-cohuck@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Fri, 06 Oct 2017 10:00:40 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL 09/33] 390x/css: introduce maximum data address checking X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: thuth@redhat.com, david@redhat.com, Cornelia Huck , agraf@suse.de, qemu-devel@nongnu.org, borntraeger@de.ibm.com, Halil Pasic , rth@twiddle.net Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Halil Pasic The architecture mandates the addresses to be accessed on the first indirection level (that is, the data addresses without IDA, and the (M)IDAW addresses with (M)IDA) to be checked against an CCW format dependent limit maximum address. If a violation is detected, the storage access is not to be performed and a channel program check needs to be generated. As of today, we fail to do this check. Let us stick even closer to the architecture specification. Signed-off-by: Halil Pasic Message-Id: <20170921180841.24490-5-pasic@linux.vnet.ibm.com> Reviewed-by: Pierre Morel Reviewed-by: Dong Jia Shi Signed-off-by: Cornelia Huck --- hw/s390x/css.c | 10 ++++++++++ include/hw/s390x/css.h | 1 + 2 files changed, 11 insertions(+) diff --git a/hw/s390x/css.c b/hw/s390x/css.c index 390c78f7d0..ab7333fde8 100644 --- a/hw/s390x/css.c +++ b/hw/s390x/css.c @@ -799,6 +799,11 @@ static inline int cds_check_len(CcwDataStream *cds, in= t len) return cds->flags & CDS_F_STREAM_BROKEN ? -EINVAL : len; } =20 +static inline bool cds_ccw_addrs_ok(hwaddr addr, int len, bool ccw_fmt1) +{ + return (addr + len) < (ccw_fmt1 ? (1UL << 31) : (1UL << 24)); +} + static int ccw_dstream_rw_noflags(CcwDataStream *cds, void *buff, int len, CcwDataStreamOp op) { @@ -808,6 +813,9 @@ static int ccw_dstream_rw_noflags(CcwDataStream *cds, v= oid *buff, int len, if (ret <=3D 0) { return ret; } + if (!cds_ccw_addrs_ok(cds->cda, len, cds->flags & CDS_F_FMT)) { + return -EINVAL; /* channel program check */ + } if (op =3D=3D CDS_OP_A) { goto incr; } @@ -832,7 +840,9 @@ void ccw_dstream_init(CcwDataStream *cds, CCW1 const *c= cw, ORB const *orb) g_assert(!(orb->ctrl1 & ORB_CTRL1_MASK_MIDAW)); cds->flags =3D (orb->ctrl0 & ORB_CTRL0_MASK_I2K ? CDS_F_I2K : 0) | (orb->ctrl0 & ORB_CTRL0_MASK_C64 ? CDS_F_C64 : 0) | + (orb->ctrl0 & ORB_CTRL0_MASK_FMT ? CDS_F_FMT : 0) | (ccw->flags & CCW_FLAG_IDA ? CDS_F_IDA : 0); + cds->count =3D ccw->count; cds->cda_orig =3D ccw->cda; ccw_dstream_rewind(cds); diff --git a/include/hw/s390x/css.h b/include/hw/s390x/css.h index 078356e94c..69b374730e 100644 --- a/include/hw/s390x/css.h +++ b/include/hw/s390x/css.h @@ -87,6 +87,7 @@ typedef struct CcwDataStream { #define CDS_F_MIDA 0x02 #define CDS_F_I2K 0x04 #define CDS_F_C64 0x08 +#define CDS_F_FMT 0x10 /* CCW format-1 */ #define CDS_F_STREAM_BROKEN 0x80 uint8_t flags; uint8_t at_idaw; --=20 2.13.6