From nobody Mon May 6 19:37:41 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1566379498; cv=none; d=zoho.com; s=zohoarc; b=ETzZ0RBnlj0hkGBbKcG/1d29XJ2Au3dDUhnSRkL1nry63SYdxAsJZzptvh5wCclNz6pwCVA9+N34BwJPC6nD72rhRiRsu1C+gfzP7cQcO7VPglpLkYENdAWpxi2stTtGH7hgV2+sFFalbwXrxlG4ojrMaX3s50TmVFCSV/dbQHg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1566379498; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=YW+MDeMejLlBPlMAoSbG1eFUHVQOwsKPmLUzp8waVFI=; b=jTe/CIqiQWNH8eK7K1KAz122aj9YM0cMEEsWijfxYoDUOx24x1Rga7vhvN65fCRwv/CJleNMuV9MTJvOYXTDzmG0TO9nOkG7A/jR6eYGWsSxZZYdp5j5Gy23l2HXnt2Lrgpi+OX+L9qydHJIypv57GfvWrzZW2hj7Vi+Wa+gpMA= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1566379498966383.29938219293854; Wed, 21 Aug 2019 02:24:58 -0700 (PDT) Received: from localhost ([::1]:46388 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i0MrR-0008S4-7K for importer@patchew.org; Wed, 21 Aug 2019 05:24:57 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36831) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i0MpZ-000697-KH for qemu-devel@nongnu.org; Wed, 21 Aug 2019 05:23:02 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i0MpY-0001AF-Kq for qemu-devel@nongnu.org; Wed, 21 Aug 2019 05:23:01 -0400 Received: from mx1.redhat.com ([209.132.183.28]:56518) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1i0MpY-0001A3-FN; Wed, 21 Aug 2019 05:23:00 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B191889F38E; Wed, 21 Aug 2019 09:22:59 +0000 (UTC) Received: from t460s.redhat.com (unknown [10.36.118.29]) by smtp.corp.redhat.com (Postfix) with ESMTP id 00D7D5C686; Wed, 21 Aug 2019 09:22:57 +0000 (UTC) From: David Hildenbrand To: qemu-devel@nongnu.org Date: Wed, 21 Aug 2019 11:22:49 +0200 Message-Id: <20190821092252.26541-2-david@redhat.com> In-Reply-To: <20190821092252.26541-1-david@redhat.com> References: <20190821092252.26541-1-david@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (mx1.redhat.com [10.5.110.68]); Wed, 21 Aug 2019 09:22:59 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v1 1/4] s390x/tcg: Use guest_addr_valid() instead of h2g_valid() in probe_write_access() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Florian Weimer , Thomas Huth , David Hildenbrand , Cornelia Huck , Stefano Brivio , qemu-s390x@nongnu.org, Richard Henderson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" If I'm not completely wrong, we are dealing with guest addresses here and not with host addresses. Use the right check. Fixes: c5a7392cfb96 ("s390x/tcg: Provide probe_write_access helper") Signed-off-by: David Hildenbrand --- target/s390x/mem_helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c index 91ba2e03d9..7819aca15d 100644 --- a/target/s390x/mem_helper.c +++ b/target/s390x/mem_helper.c @@ -2616,7 +2616,7 @@ void probe_write_access(CPUS390XState *env, uint64_t = addr, uint64_t len, uintptr_t ra) { #ifdef CONFIG_USER_ONLY - if (!h2g_valid(addr) || !h2g_valid(addr + len - 1) || + if (!guest_addr_valid(addr) || !guest_addr_valid(addr + len - 1) || page_check_range(addr, len, PAGE_WRITE) < 0) { s390_program_interrupt(env, PGM_ADDRESSING, ILEN_AUTO, ra); } --=20 2.21.0 From nobody Mon May 6 19:37:41 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1566379512; cv=none; d=zoho.com; s=zohoarc; b=Myrs2DNVu3V0OEgxIY7Q9h+kFVcOBWRSDmuzzplUjRYcs3fypNW00Wnn+4At5GBMKdv9pfm5BKCkc8a5RzCB/BpK4R9z9fkmBofD3YQe06HQI9oJSjCyywPPpW/r9AuGhWqVBP/lgzXDfzdgxkKAWZOPqa6m+XzmRMmon8fOd6E= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1566379512; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=nyCSWmWwwzEc0TYK6kO+mPFp02LioDf7IEM7Xz4hd4k=; b=LL3X0wGu5G+31TAvb9ncZFdHTE18gPcdeEHNGx1OKXaUDZjQUGT1VCfLLIVwXx7JeCJwQ3hSRkX/1nYdSlWodt0OScBUKqMskpWH8r/Gw1k5LoC1imo9Yq2zAcm3jwY3YeFg60FBjhO1Mbib/nNK7DvLskzw0dVAMOkRAJc2HPA= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 15663795121459.755017426221457; Wed, 21 Aug 2019 02:25:12 -0700 (PDT) Received: from localhost ([::1]:46392 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i0Mrd-00009F-7C for importer@patchew.org; Wed, 21 Aug 2019 05:25:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36865) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i0Mpb-0006DT-U3 for qemu-devel@nongnu.org; Wed, 21 Aug 2019 05:23:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i0Mpa-0001BU-Jz for qemu-devel@nongnu.org; Wed, 21 Aug 2019 05:23:03 -0400 Received: from mx1.redhat.com ([209.132.183.28]:39420) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1i0Mpa-0001B0-Bn; Wed, 21 Aug 2019 05:23:02 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id AA571106BB20; Wed, 21 Aug 2019 09:23:01 +0000 (UTC) Received: from t460s.redhat.com (unknown [10.36.118.29]) by smtp.corp.redhat.com (Postfix) with ESMTP id 069C25C22C; Wed, 21 Aug 2019 09:22:59 +0000 (UTC) From: David Hildenbrand To: qemu-devel@nongnu.org Date: Wed, 21 Aug 2019 11:22:50 +0200 Message-Id: <20190821092252.26541-3-david@redhat.com> In-Reply-To: <20190821092252.26541-1-david@redhat.com> References: <20190821092252.26541-1-david@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (mx1.redhat.com [10.5.110.64]); Wed, 21 Aug 2019 09:23:01 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v1 2/4] s390x/tcg: Introduce probe_read_access() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Florian Weimer , Thomas Huth , David Hildenbrand , Cornelia Huck , Stefano Brivio , qemu-s390x@nongnu.org, Richard Henderson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" Let's introduce a helper to probe read access (by actually reading a piece of data of every page) and add a comment why this might not be 100% safe in all scenarios. Once we actually run into that issue, we'll have to think of something else. Signed-off-by: David Hildenbrand --- target/s390x/internal.h | 2 ++ target/s390x/mem_helper.c | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/target/s390x/internal.h b/target/s390x/internal.h index c243fa725b..bdb833c525 100644 --- a/target/s390x/internal.h +++ b/target/s390x/internal.h @@ -354,6 +354,8 @@ void ioinst_handle_sal(S390CPU *cpu, uint64_t reg1, uin= tptr_t ra); =20 /* mem_helper.c */ target_ulong mmu_real2abs(CPUS390XState *env, target_ulong raddr); +void probe_read_access(CPUS390XState *env, uint64_t addr, uint64_t len, + uintptr_t ra); void probe_write_access(CPUS390XState *env, uint64_t addr, uint64_t len, uintptr_t ra); =20 diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c index 7819aca15d..4e9d126e2c 100644 --- a/target/s390x/mem_helper.c +++ b/target/s390x/mem_helper.c @@ -2612,6 +2612,40 @@ uint32_t HELPER(cu42)(CPUS390XState *env, uint32_t r= 1, uint32_t r2, uint32_t m3) decode_utf32, encode_utf16); } =20 +/* + * Make sure the read access is permitted and TLB entries are created. In + * very rare cases it might happen that the actual accesses might need + * new MMU translations. If the page tables were changed in between, we + * might still trigger a fault. However, this seems to barely happen, so we + * can ignore this for now. + */ +void probe_read_access(CPUS390XState *env, uint64_t addr, uint64_t len, + uintptr_t ra) +{ +#ifdef CONFIG_USER_ONLY + if (!guest_addr_valid(addr) || !guest_addr_valid(addr + len - 1) || + page_check_range(addr, len, PAGE_READ) < 0) { + s390_program_interrupt(env, PGM_ADDRESSING, ILEN_AUTO, ra); + } +#else + while (len) { + const uint64_t pagelen =3D -(addr | -TARGET_PAGE_MASK); + const uint64_t curlen =3D MIN(pagelen, len); + + cpu_ldub_data_ra(env, addr, ra); + addr =3D wrap_address(env, addr + curlen); + len -=3D curlen; + } +#endif +} + +/* + * Make sure the write access is permitted and TLB entries are created. In + * very rare cases it might happen that the actual accesses might need + * new MMU translations - especially, on LAP protected pages. If the page + * tables were changed in between, we might still trigger a fault. However, + * this seems to barely happen, so we can ignore this for now. + */ void probe_write_access(CPUS390XState *env, uint64_t addr, uint64_t len, uintptr_t ra) { --=20 2.21.0 From nobody Mon May 6 19:37:41 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1566379502; cv=none; d=zoho.com; s=zohoarc; b=EM2UcF0/3fxBWb6xwPLE5r3vwORK1PRZoFeiZsfIjbVmxzF1QmtcNzTYBz3yoFYI9t4mLKi4jgiZqa3KB1qz0/KDefcN12P4gXahOk/UEQKEIW0E/Foj8Ihsi15GWmmAhs2iUxQhMK7h7o/+o2dlKWNNwQqk6R1YKodq7rskZws= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1566379502; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=mMoEXZBe2c85RpC+di4S3/83oiqTCiWfUw9wWmyBJmc=; b=lz4Mohj4mLvNAxQiTvUQCcW1Wn0wy9iI0e8Cac9qsPpz2AZaZk+vVmAQ8wU9uMuEsGS/TihoUykecln9UX/E3ff9tJChbrKxDCoKmCMTrEBLSFVJdPmbefKP6xXYhAQcZWeo0BV2QO3lPqDE6i99iOEc+412Mppxc92zNakP5xk= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1566379502003419.23749753706556; Wed, 21 Aug 2019 02:25:02 -0700 (PDT) Received: from localhost ([::1]:46390 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i0MrU-00008o-Qw for importer@patchew.org; Wed, 21 Aug 2019 05:25:00 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36883) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i0Mpd-0006GR-Ie for qemu-devel@nongnu.org; Wed, 21 Aug 2019 05:23:06 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i0Mpc-0001Cn-Gh for qemu-devel@nongnu.org; Wed, 21 Aug 2019 05:23:05 -0400 Received: from mx1.redhat.com ([209.132.183.28]:57198) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1i0Mpc-0001CO-B3; Wed, 21 Aug 2019 05:23:04 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 9BEDE307D88D; Wed, 21 Aug 2019 09:23:03 +0000 (UTC) Received: from t460s.redhat.com (unknown [10.36.118.29]) by smtp.corp.redhat.com (Postfix) with ESMTP id F0FC05C890; Wed, 21 Aug 2019 09:23:01 +0000 (UTC) From: David Hildenbrand To: qemu-devel@nongnu.org Date: Wed, 21 Aug 2019 11:22:51 +0200 Message-Id: <20190821092252.26541-4-david@redhat.com> In-Reply-To: <20190821092252.26541-1-david@redhat.com> References: <20190821092252.26541-1-david@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.48]); Wed, 21 Aug 2019 09:23:03 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v1 3/4] s390x/tcg: MOVE (MVC): Increment the length once X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Florian Weimer , Thomas Huth , David Hildenbrand , Cornelia Huck , Stefano Brivio , qemu-s390x@nongnu.org, Richard Henderson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" Let's increment the length once. While at it, cleanup the comment. The memset() example is given as a programming note in the PoP, so drop the description. Signed-off-by: David Hildenbrand Reviewed-by: Richard Henderson --- target/s390x/mem_helper.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c index 4e9d126e2c..bf7dfcdc7a 100644 --- a/target/s390x/mem_helper.c +++ b/target/s390x/mem_helper.c @@ -307,16 +307,20 @@ static uint32_t do_helper_mvc(CPUS390XState *env, uin= t32_t l, uint64_t dest, HELPER_LOG("%s l %d dest %" PRIx64 " src %" PRIx64 "\n", __func__, l, dest, src); =20 - /* mvc and memmove do not behave the same when areas overlap! */ - /* mvc with source pointing to the byte after the destination is the - same as memset with the first source byte */ + /* MVC always copies one more byte than specified - maximum is 256 */ + l++; + + /* + * "When the operands overlap, the result is obtained as if the operan= ds + * were processed one byte at a time". Only non-overlapping or forward + * moves behave like memmove(). + */ if (dest =3D=3D src + 1) { - fast_memset(env, dest, cpu_ldub_data_ra(env, src, ra), l + 1, ra); - } else if (dest < src || src + l < dest) { - fast_memmove(env, dest, src, l + 1, ra); + fast_memset(env, dest, cpu_ldub_data_ra(env, src, ra), l, ra); + } else if (dest < src || src + l <=3D dest) { + fast_memmove(env, dest, src, l, ra); } else { - /* slow version with byte accesses which always work */ - for (i =3D 0; i <=3D l; i++) { + for (i =3D 0; i < l; i++) { uint8_t x =3D cpu_ldub_data_ra(env, src + i, ra); cpu_stb_data_ra(env, dest + i, x, ra); } --=20 2.21.0 From nobody Mon May 6 19:37:41 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1566379602; cv=none; d=zoho.com; s=zohoarc; b=maGSlH2DGCJTSgE6toDsvUF8sYelTISOy4nlwPWNXl9lhqp6fd2P6nRYyTPvTVeqj3847Tst4mp9XR5x+1WNhqJ5hjmbt6w15vNge6CaVgq4DW+gRsP/t1MQ0BlQH/JsyxaJy1OnXB7xQKtn2tQqhiXdbk24Po1VOrRX2lTMolA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1566379602; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=I/ZOSv4zgUXbhjqZ8mhyY+6ZZZBTkirJTd3K2Q7WLug=; b=VHoAH7Yj58H/A+CBAwpiusqcrfELzPgZ8Y2fZNzYvW31OC2Ipki7bd4YHhypH8H6TAgSzKSDjxQxfqt45h5RkUJDgpYT0wKtZXeuMJKiVQOm6x+WPWNKMb9J82vpl+28Sg4LrUur/Yu0/6M5YGl9BOi9yhAUZM80jLrXqjZWggs= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1566379602660746.0093896837124; Wed, 21 Aug 2019 02:26:42 -0700 (PDT) Received: from localhost ([::1]:46418 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i0Mt0-00035R-11 for importer@patchew.org; Wed, 21 Aug 2019 05:26:34 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36928) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i0Mpf-0006LA-PD for qemu-devel@nongnu.org; Wed, 21 Aug 2019 05:23:10 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i0Mpe-0001ED-EW for qemu-devel@nongnu.org; Wed, 21 Aug 2019 05:23:07 -0400 Received: from mx1.redhat.com ([209.132.183.28]:42472) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1i0Mpe-0001DZ-8q; Wed, 21 Aug 2019 05:23:06 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 8C62B1801172; Wed, 21 Aug 2019 09:23:05 +0000 (UTC) Received: from t460s.redhat.com (unknown [10.36.118.29]) by smtp.corp.redhat.com (Postfix) with ESMTP id E5B895C22C; Wed, 21 Aug 2019 09:23:03 +0000 (UTC) From: David Hildenbrand To: qemu-devel@nongnu.org Date: Wed, 21 Aug 2019 11:22:52 +0200 Message-Id: <20190821092252.26541-5-david@redhat.com> In-Reply-To: <20190821092252.26541-1-david@redhat.com> References: <20190821092252.26541-1-david@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (mx1.redhat.com [10.5.110.62]); Wed, 21 Aug 2019 09:23:05 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v1 4/4] s390x/tcg: MOVE (MVC): Fault-safe handling X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Florian Weimer , Thomas Huth , David Hildenbrand , Cornelia Huck , Stefano Brivio , qemu-s390x@nongnu.org, Richard Henderson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" MVC can cross page boundaries. In case we fault on the second page, we already partially copied data. If we have overlaps, we would trigger a fault after having partially moved data, eventually having our original data already overwritten. When continuing after the fault, we would try to move already modified data, not the original data - very bad. glibc started to use MVC for forward memmove() and is able to trigger exectly this corruption (via rpmbuild and rpm). Fedora 31 (rawhide) currently fails to install as we trigger rpm database corruptions due to this bug. Let's properly probe for read/write access in case we cross page boundaries. In case we don't cross boundaries, the first accesses will trigger the fault. We'll have to do the same for other instructions (like MVCLE), too. But the more I look at the other MOVE variantes the more issues I find, so let's handle MVC for now only. Signed-off-by: David Hildenbrand --- target/s390x/mem_helper.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c index bf7dfcdc7a..44001ec21a 100644 --- a/target/s390x/mem_helper.c +++ b/target/s390x/mem_helper.c @@ -104,6 +104,11 @@ static inline void cpu_stsize_data_ra(CPUS390XState *e= nv, uint64_t addr, } } =20 +static inline bool is_single_page_access(uint64_t addr, uint32_t size) +{ + return (addr & TARGET_PAGE_MASK) =3D=3D ((addr + size - 1) & TARGET_PA= GE_MASK); +} + static void fast_memset(CPUS390XState *env, uint64_t dest, uint8_t byte, uint32_t l, uintptr_t ra) { @@ -310,6 +315,10 @@ static uint32_t do_helper_mvc(CPUS390XState *env, uint= 32_t l, uint64_t dest, /* MVC always copies one more byte than specified - maximum is 256 */ l++; =20 + if (unlikely(!is_single_page_access(dest, l))) { + probe_write_access(env, dest, l, ra); + } + /* * "When the operands overlap, the result is obtained as if the operan= ds * were processed one byte at a time". Only non-overlapping or forward @@ -317,7 +326,14 @@ static uint32_t do_helper_mvc(CPUS390XState *env, uint= 32_t l, uint64_t dest, */ if (dest =3D=3D src + 1) { fast_memset(env, dest, cpu_ldub_data_ra(env, src, ra), l, ra); - } else if (dest < src || src + l <=3D dest) { + return env->cc_op; + } + + if (unlikely(!is_single_page_access(src, l))) { + probe_read_access(env, src, l, ra); + } + + if (dest < src || src + l <=3D dest) { fast_memmove(env, dest, src, l, ra); } else { for (i =3D 0; i < l; i++) { --=20 2.21.0