From nobody Mon Feb  9 11:28:54 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1631021999; cv=none;
	d=zohomail.com; s=zohoarc;
	b=B1eEQfceNK7YO9YEckaeSknNflQo6vcZ8IpB5GmGfCOeO1jEiuT766mxYtIiKxWeiA1+g2K++HjYUnUK/LcoQ+Svkb2GiiU32KzZQrE+EeihjMxbfXAToxt1+1O5AEdpQFMxgTVYGYipIvBksVkNrdM/KCSUyFriOzTaTyIBMTs=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1631021999;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=E+i2SUVw5T/UjbuJURGFHkx/Lk7LedjKvi+jlxOA1RQ=;
	b=kMg2gOhRkgr7ETZAvaIOLzIbTKMZCYiSX7sm5VuVen/Vy+yEBdiFgzCA0LcGUoJdNuYlIeI6GhNeAfNqhePRqm9o8kw3+09OU4xYar2nu3ME6LF03hJQH9EA83H3YEKApKL6N7x6yJc7S0fkws/7q+regH9akMKNRh9lLEDJ8Zk=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<thuth@redhat.com> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1631021999638782.2469622457163;
 Tue, 7 Sep 2021 06:39:59 -0700 (PDT)
Received: from localhost ([::1]:38420 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1mNbKQ-0004xE-I5
	for importer@patchew.org; Tue, 07 Sep 2021 09:39:58 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:38530)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <thuth@redhat.com>) id 1mNawx-0003Nz-4r
 for qemu-devel@nongnu.org; Tue, 07 Sep 2021 09:15:43 -0400
Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:40266)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <thuth@redhat.com>) id 1mNawt-0002c7-Tj
 for qemu-devel@nongnu.org; Tue, 07 Sep 2021 09:15:42 -0400
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-146-cxHDIRYFOVGBufJlS2uBPg-1; Tue, 07 Sep 2021 09:15:37 -0400
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
 [10.5.11.16])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E418A8145E7;
 Tue,  7 Sep 2021 13:15:36 +0000 (UTC)
Received: from thuth.com (unknown [10.39.194.18])
 by smtp.corp.redhat.com (Postfix) with ESMTP id DD28E5C1B4;
 Tue,  7 Sep 2021 13:15:32 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1631020539;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=E+i2SUVw5T/UjbuJURGFHkx/Lk7LedjKvi+jlxOA1RQ=;
 b=I3kvdzC8li7os4qDlfb7nfID+UIakV1uFDmBCw840q6Vl6AHR+HTSVBmrj3yPunZPI+dyX
 uMJH5TDx9rtyAhunG5bBJnLIq0dBBjTMiVkGXyHfb6OvVOJ9hp2Ek4x7Sz7QI0c5RbSVgH
 02zgjHVV2NYtfbEzbMkKys6Vi5G2cro=
X-MC-Unique: cxHDIRYFOVGBufJlS2uBPg-1
From: Thomas Huth <thuth@redhat.com>
To: Peter Maydell <peter.maydell@linaro.org>,
	qemu-devel@nongnu.org
Subject: [PULL 12/20] s390x/mmu_helper: move address validation into
 mmu_translate*()
Date: Tue,  7 Sep 2021 15:14:41 +0200
Message-Id: <20210907131449.493875-13-thuth@redhat.com>
In-Reply-To: <20210907131449.493875-1-thuth@redhat.com>
References: <20210907131449.493875-1-thuth@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
Authentication-Results: relay.mimecast.com;
 auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=thuth@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=170.10.133.124; envelope-from=thuth@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com
X-Spam_score_int: -31
X-Spam_score: -3.2
X-Spam_bar: ---
X-Spam_report: (-3.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.391,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: qemu-s390x@nongnu.org, David Hildenbrand <david@redhat.com>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1631022001431100001
Content-Type: text/plain; charset="utf-8"

From: David Hildenbrand <david@redhat.com>

Let's move address validation into mmu_translate() and
mmu_translate_real(). This allows for checking whether an absolute
address is valid before looking up the storage key. We can now get rid of
the ram_size check.

Interestingly, we're already handling LOAD REAL ADDRESS wrong, because
a) We're not supposed to touch storage keys
b) We're not supposed to convert to an absolute address

Let's use a fake, negative MMUAccessType to teach mmu_translate() to
fix that handling and to not perform address validation.

Signed-off-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210903155514.44772-8-david@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
---
 target/s390x/mmu_helper.c      | 36 ++++++++++++++++++++--------------
 target/s390x/s390x-internal.h  |  2 ++
 target/s390x/tcg/excp_helper.c | 13 ------------
 target/s390x/tcg/mem_helper.c  |  2 +-
 4 files changed, 24 insertions(+), 29 deletions(-)

diff --git a/target/s390x/mmu_helper.c b/target/s390x/mmu_helper.c
index ca25dadb5b..de6df928d2 100644
--- a/target/s390x/mmu_helper.c
+++ b/target/s390x/mmu_helper.c
@@ -301,14 +301,13 @@ static void mmu_handle_skey(target_ulong addr, int rw=
, int *flags)
 {
     static S390SKeysClass *skeyclass;
     static S390SKeysState *ss;
-    MachineState *ms =3D MACHINE(qdev_get_machine());
     uint8_t key;
     int rc;
=20
-    if (unlikely(addr >=3D ms->ram_size)) {
-        return;
-    }
-
+    /*
+     * We expect to be called with an absolute address that has already be=
en
+     * validated, such that we can reliably use it to lookup the storage k=
ey.
+     */
     if (unlikely(!ss)) {
         ss =3D s390_get_skeys_device();
         skeyclass =3D S390_SKEYS_GET_CLASS(ss);
@@ -370,7 +369,7 @@ static void mmu_handle_skey(target_ulong addr, int rw, =
int *flags)
 /**
  * Translate a virtual (logical) address into a physical (absolute) addres=
s.
  * @param vaddr  the virtual address
- * @param rw     0 =3D read, 1 =3D write, 2 =3D code fetch
+ * @param rw     0 =3D read, 1 =3D write, 2 =3D code fetch, < 0 =3D load r=
eal address
  * @param asc    address space control (one of the PSW_ASC_* modes)
  * @param raddr  the translated address is stored to this pointer
  * @param flags  the PAGE_READ/WRITE/EXEC flags are stored to this pointer
@@ -449,10 +448,17 @@ int mmu_translate(CPUS390XState *env, target_ulong va=
ddr, int rw, uint64_t asc,
     }
=20
 nodat:
-    /* Convert real address -> absolute address */
-    *raddr =3D mmu_real2abs(env, *raddr);
+    if (rw >=3D 0) {
+        /* Convert real address -> absolute address */
+        *raddr =3D mmu_real2abs(env, *raddr);
=20
-    mmu_handle_skey(*raddr, rw, flags);
+        if (!mmu_absolute_addr_valid(*raddr, rw =3D=3D MMU_DATA_STORE)) {
+            *tec =3D 0; /* unused */
+            return PGM_ADDRESSING;
+        }
+
+        mmu_handle_skey(*raddr, rw, flags);
+    }
     return 0;
 }
=20
@@ -473,12 +479,6 @@ static int translate_pages(S390CPU *cpu, vaddr addr, i=
nt nr_pages,
         if (ret) {
             return ret;
         }
-        if (!address_space_access_valid(&address_space_memory, pages[i],
-                                        TARGET_PAGE_SIZE, is_write,
-                                        MEMTXATTRS_UNSPECIFIED)) {
-            *tec =3D 0; /* unused */
-            return PGM_ADDRESSING;
-        }
         addr +=3D TARGET_PAGE_SIZE;
     }
=20
@@ -588,6 +588,12 @@ int mmu_translate_real(CPUS390XState *env, target_ulon=
g raddr, int rw,
=20
     *addr =3D mmu_real2abs(env, raddr & TARGET_PAGE_MASK);
=20
+    if (!mmu_absolute_addr_valid(*addr, rw =3D=3D MMU_DATA_STORE)) {
+        /* unused */
+        *tec =3D 0;
+        return PGM_ADDRESSING;
+    }
+
     mmu_handle_skey(*addr, rw, flags);
     return 0;
 }
diff --git a/target/s390x/s390x-internal.h b/target/s390x/s390x-internal.h
index d246d26b04..7a6aa4dacc 100644
--- a/target/s390x/s390x-internal.h
+++ b/target/s390x/s390x-internal.h
@@ -374,6 +374,8 @@ void probe_write_access(CPUS390XState *env, uint64_t ad=
dr, uint64_t len,
=20
 /* mmu_helper.c */
 bool mmu_absolute_addr_valid(target_ulong addr, bool is_write);
+/* Special access mode only valid for mmu_translate() */
+#define MMU_S390_LRA        -1
 int mmu_translate(CPUS390XState *env, target_ulong vaddr, int rw, uint64_t=
 asc,
                   target_ulong *raddr, int *flags, uint64_t *tec);
 int mmu_translate_real(CPUS390XState *env, target_ulong raddr, int rw,
diff --git a/target/s390x/tcg/excp_helper.c b/target/s390x/tcg/excp_helper.c
index a61917d04f..3d6662a53c 100644
--- a/target/s390x/tcg/excp_helper.c
+++ b/target/s390x/tcg/excp_helper.c
@@ -150,19 +150,6 @@ bool s390_cpu_tlb_fill(CPUState *cs, vaddr address, in=
t size,
         g_assert_not_reached();
     }
=20
-    /* check out of RAM access */
-    if (!excp &&
-        !address_space_access_valid(&address_space_memory, raddr,
-                                    TARGET_PAGE_SIZE, access_type,
-                                    MEMTXATTRS_UNSPECIFIED)) {
-        MachineState *ms =3D MACHINE(qdev_get_machine());
-        qemu_log_mask(CPU_LOG_MMU,
-                      "%s: raddr %" PRIx64 " > ram_size %" PRIx64 "\n",
-                      __func__, (uint64_t)raddr, (uint64_t)ms->ram_size);
-        excp =3D PGM_ADDRESSING;
-        tec =3D 0; /* unused */
-    }
-
     env->tlb_fill_exc =3D excp;
     env->tlb_fill_tec =3D tec;
=20
diff --git a/target/s390x/tcg/mem_helper.c b/target/s390x/tcg/mem_helper.c
index a44a107374..4f9f3e1f63 100644
--- a/target/s390x/tcg/mem_helper.c
+++ b/target/s390x/tcg/mem_helper.c
@@ -2455,7 +2455,7 @@ uint64_t HELPER(lra)(CPUS390XState *env, uint64_t add=
r)
         tcg_s390_program_interrupt(env, PGM_SPECIAL_OP, GETPC());
     }
=20
-    exc =3D mmu_translate(env, addr, 0, asc, &ret, &flags, &tec);
+    exc =3D mmu_translate(env, addr, MMU_S390_LRA, asc, &ret, &flags, &tec=
);
     if (exc) {
         cc =3D 3;
         ret =3D exc | 0x80000000;
--=20
2.27.0