From nobody Mon Nov 10 20:57:26 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1559314827; cv=none; d=zoho.com; s=zohoarc; b=XUgk9sjJusfS2vI9NX7Tq3wyJrZfgK58kjUx8mf3zgRSgpWlYD+wI8pfLCbo5UUrjNlW7g4dJm0mbmQA5+bM5fHiMNWx7WXpesm8GdK2J7Wr1NwjWfcTExAlgmfbNbudXVr+Z/qqTWLUWi6jJmbbYdJaK96Hby2m8dmOAuwOZ4w= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1559314827; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=rbLvRArPawVnqtv8Pfu1j4urs7rIuhpnik6uj/VBUQw=; b=MlHld396bNIqFgjUPM/HDZ4oIcDczP5EXyYTdc+6scC25NwdBkkUHcjl1B++Si9fVznlaul10lh2Tfvk/eVmlszpr1yriNVTMxAmdmx/b026X5onsrSB1FaDmnOWYL3MUXfS0QuG9cxW3Cz42aOMgB/oaTh7tbkFM/MK64bOjW4= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1559314827200933.4701951802303; Fri, 31 May 2019 08:00:27 -0700 (PDT) Received: from localhost ([127.0.0.1]:44896 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hWj12-0005Z5-6Z for importer@patchew.org; Fri, 31 May 2019 11:00:20 -0400 Received: from eggs.gnu.org ([209.51.188.92]:50871) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hWixL-0002hL-Tk for qemu-devel@nongnu.org; Fri, 31 May 2019 10:56:32 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hWixK-0004ZJ-NC for qemu-devel@nongnu.org; Fri, 31 May 2019 10:56:31 -0400 Received: from mx1.redhat.com ([209.132.183.28]:51164) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hWixK-0004UX-FD; Fri, 31 May 2019 10:56:30 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 5AFC26EB9A; Fri, 31 May 2019 14:56:17 +0000 (UTC) Received: from t460s.redhat.com (ovpn-116-233.ams2.redhat.com [10.36.116.233]) by smtp.corp.redhat.com (Postfix) with ESMTP id E418917C2D; Fri, 31 May 2019 14:56:14 +0000 (UTC) From: David Hildenbrand To: qemu-devel@nongnu.org Date: Fri, 31 May 2019 16:56:07 +0200 Message-Id: <20190531145608.28183-2-david@redhat.com> In-Reply-To: <20190531145608.28183-1-david@redhat.com> References: <20190531145608.28183-1-david@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Fri, 31 May 2019 14:56:17 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v1 1/2] s390x/tcg: Fix max_byte detection for stfle X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-s390x@nongnu.org, Cornelia Huck , David Hildenbrand , Thomas Huth , Richard Henderson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" used_stfl_bytes() is 0, before initialized via prepare_stfl() on the first invocation. We have to move the calculation of max_bytes after prepare_stfl(). Signed-off-by: David Hildenbrand Reviewed-by: Richard Henderson --- target/s390x/misc_helper.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/target/s390x/misc_helper.c b/target/s390x/misc_helper.c index ee67c1fa0c..34476134a4 100644 --- a/target/s390x/misc_helper.c +++ b/target/s390x/misc_helper.c @@ -669,7 +669,7 @@ uint32_t HELPER(stfle)(CPUS390XState *env, uint64_t add= r) { const uintptr_t ra =3D GETPC(); const int count_bytes =3D ((env->regs[0] & 0xff) + 1) * 8; - const int max_bytes =3D ROUND_UP(used_stfl_bytes, 8); + int max_bytes; int i; =20 if (addr & 0x7) { @@ -677,6 +677,7 @@ uint32_t HELPER(stfle)(CPUS390XState *env, uint64_t add= r) } =20 prepare_stfl(); + max_bytes =3D ROUND_UP(used_stfl_bytes, 8); for (i =3D 0; i < count_bytes; ++i) { cpu_stb_data_ra(env, addr + i, stfl_bytes[i], ra); } --=20 2.20.1 From nobody Mon Nov 10 20:57:26 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1559314726; cv=none; d=zoho.com; s=zohoarc; b=ctbF8aVd3/R9wN4kuSfQHDKRyrCoqJybdII8xD4wKuicFihGIoY4aX8vKoKix3oQXpqaPcXs+c6pyT+LgieaAo1MaCb+47RUuISgKaK5nEWaYWMKMPvSVDX+lRGqf1hGdY7akeXsw/VrnWZ/2Vm2SVSdtGUr6Ou6KPW8aWja/ME= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1559314726; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=mbIl58Yp8jsa641u6pAQB0YFORKnTh14ra6eULK3L78=; b=cbwXdmL1HSU01sskZ7E+IGG5RzHMtGyHYxrO+Xvsw13py50a5JfMbl69SrRt1Bp4lNXM/ANjnEmMTc6JEoMDPIpPQj9B/M1WEPXoQTEn9lcGNPuqZ/73m/PDqNNuvssIm6Z+wXHdyVSlJLNN72IvWOJWzJgY6bXrwESZgFLlLNM= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (209.51.188.17 [209.51.188.17]) by mx.zohomail.com with SMTPS id 1559314726480197.5797109652092; Fri, 31 May 2019 07:58:46 -0700 (PDT) Received: from localhost ([127.0.0.1]:44871 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hWiyv-0003pr-7W for importer@patchew.org; Fri, 31 May 2019 10:58:09 -0400 Received: from eggs.gnu.org ([209.51.188.92]:50892) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hWixM-0002iA-Lf for qemu-devel@nongnu.org; Fri, 31 May 2019 10:56:33 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hWixL-0004aI-El for qemu-devel@nongnu.org; Fri, 31 May 2019 10:56:32 -0400 Received: from mx1.redhat.com ([209.132.183.28]:60154) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hWixL-0004ZD-8u; Fri, 31 May 2019 10:56:31 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 6433530C5846; Fri, 31 May 2019 14:56:20 +0000 (UTC) Received: from t460s.redhat.com (ovpn-116-233.ams2.redhat.com [10.36.116.233]) by smtp.corp.redhat.com (Postfix) with ESMTP id A6EA01759D; Fri, 31 May 2019 14:56:17 +0000 (UTC) From: David Hildenbrand To: qemu-devel@nongnu.org Date: Fri, 31 May 2019 16:56:08 +0200 Message-Id: <20190531145608.28183-3-david@redhat.com> In-Reply-To: <20190531145608.28183-1-david@redhat.com> References: <20190531145608.28183-1-david@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]); Fri, 31 May 2019 14:56:25 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v1 2/2] s390x/tcg: Store only the necessary amount of doublewords for STFLE X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Stefan Liebler , Thomas Huth , David Hildenbrand , Andreas Krebbel , Cornelia Huck , qemu-s390x@nongnu.org, Richard Henderson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" The PoP (z14, 7-382) says: Doublewords to the right of the doubleword in which the highest-numbered facility bit is assigned for a model may or may not be stored. However, stack protection in certain binaries can't deal with that. "gzip" example code: f1b4: a7 08 00 03 lhi %r0,3 f1b8: b2 b0 f0 a0 stfle 160(%r15) f1bc: e3 20 f0 b2 00 90 llgc %r2,178(%r15) f1c2: c0 2b 00 00 00 01 nilf %r2,1 f1c8: b2 4f 00 10 ear %r1,%a0 f1cc: b9 14 00 22 lgfr %r2,%r2 f1d0: eb 11 00 20 00 0d sllg %r1,%r1,32 f1d6: b2 4f 00 11 ear %r1,%a1 f1da: d5 07 f0 b8 10 28 clc 184(8,%r15),40(%r1) f1e0: a7 74 00 06 jne f1ec f1e4: eb ef f1 30 00 04 lmg %r14,%r15,304(%r15) f1ea: 07 fe br %r14 f1ec: c0 e5 ff ff 9d 6e brasl %r14,2cc8 <__stack_chk_fail@plt> In QEMU, we currently have: max_bytes =3D 24 the code asks for (3 + 1) doublewords =3D=3D 32 bytes. If we write 32 bytes instead of only 24, and return "2 + 1" doublewords ("one less than the number of doulewords needed to contain all of the facility bits"), the example code detects a stack corruption. In my opinion, the code is wrong. However, it seems to work fine on real machines. So let's limit storing to the minimum of the requested and the maximum doublewords. Cc: Stefan Liebler Cc: Andreas Krebbel Signed-off-by: David Hildenbrand Reviewed-by: Richard Henderson --- target/s390x/misc_helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/s390x/misc_helper.c b/target/s390x/misc_helper.c index 34476134a4..b561c5781b 100644 --- a/target/s390x/misc_helper.c +++ b/target/s390x/misc_helper.c @@ -678,7 +678,7 @@ uint32_t HELPER(stfle)(CPUS390XState *env, uint64_t add= r) =20 prepare_stfl(); max_bytes =3D ROUND_UP(used_stfl_bytes, 8); - for (i =3D 0; i < count_bytes; ++i) { + for (i =3D 0; i < MIN(count_bytes, max_bytes); ++i) { cpu_stb_data_ra(env, addr + i, stfl_bytes[i], ra); } =20 --=20 2.20.1