From nobody Sat May 18 10:57:15 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1659027440; cv=none; d=zohomail.com; s=zohoarc; b=Q82Q9uGTKgs2ivK6C8aBCd6Vvjz29+sWAnki4mTXZwTrUmP+lZ7XlOOk64gbK65Rz1XOiopmrgVBYhi+RTkQ8XlS158zU4bxybW6QGRLpOjdaHiCtValugaJhTtv3xO0BsNUoL+vWw2OM6LhNATS6cxfiQy861DNXG1lhGc9SE8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1659027440; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=j/5JQT5jxD7I297fzW/WckYBdB5KijLg8y+oQa3QVdA=; b=gZrNiZTRPjx/paLvlIfaVGSs1Z1Wa8LKiwPKbjtnKv3rqmxNrryTDXho0G2mwwqwtkcx2HOM9JYWrrbak06drTi6rT+fwQ/bWXurG69yMZCPCU4TDgi2KOyiYh9TkvXpDi9DCO7HErgl5/rr/wMzLFKzsKHOK3EaogWbpzK7OO4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1659027440110302.9925988947259; Thu, 28 Jul 2022 09:57:20 -0700 (PDT) Received: from localhost ([::1]:51358 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oH6p3-0003QN-Ri for importer@patchew.org; Thu, 28 Jul 2022 12:57:17 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38954) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oH6nL-00016C-6S; Thu, 28 Jul 2022 12:55:31 -0400 Received: from mail-oa1-x2c.google.com ([2001:4860:4864:20::2c]:37388) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oH6nJ-0006fX-Kc; Thu, 28 Jul 2022 12:55:30 -0400 Received: by mail-oa1-x2c.google.com with SMTP id 586e51a60fabf-10e4449327aso3027206fac.4; Thu, 28 Jul 2022 09:55:28 -0700 (PDT) Received: from balboa.COMFAST ([179.225.208.46]) by smtp.gmail.com with ESMTPSA id h15-20020a056870170f00b0010e5a5dfcb4sm616290oae.0.2022.07.28.09.55.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Jul 2022 09:55:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=j/5JQT5jxD7I297fzW/WckYBdB5KijLg8y+oQa3QVdA=; b=q6RyD4tgkVDDkxVARv1ZhGdw749zYNgWDHtkTVmXzTKAExBRtwIXWbwwBDQFArKO3Z X0eLRHu0FEiOfDF9tvOdaRTYSOQ2KvsoBm/iQaWvGHgVDcGUrajkikjlFXIcsRAwYcmy fQiHKBEttVCHpfDuU4UTOBscvdX9kEHjPN99HjpNcNHcZ7IRm+2CTFPoWdgFEHBNj5xg TuISPOurG1ChrO04EzqwQFMJsoFqQUsZRmftiP0TLhVyZjpYM0b7hxI0BfJ+ytnTKIsK uLSV7xFfl4xk04HOeK46L4FD74pKWLhv08cLV7qh3nrpNPuyOEvN2TlPsthZ4gnC2f/y bE4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=j/5JQT5jxD7I297fzW/WckYBdB5KijLg8y+oQa3QVdA=; b=mhtKP0VUyvI6UFq4tvcm5vzR4NzGlrUzMT3AvG3zhqNHfo2xBuiyGKbnDIyIn28TuI bh3gx7x4pWE8Ym5/x9AX5EHrOeTqkzbU8cpqG50Sbfttr4WP1xXp9jf/bLOc6JvVJozM o+tqU/uvlZhfh0zCsvxDi12kohMagQBZoXJ1Y2GlHSMRazf2EbMZEfhdFkANgAhpbiQO B70OcKj1D95pJQm9IRti0oE6L1y4KqtsD7DUZL5gnVBHsAfUIuQl4Z5XSKvzmuT7daal nGfqBoRKZa6sjBW5luiQsLAUuIKUpr+htPaUl2hGfaCQi+iqPBiV9w6KGpj+vis8o7dO 3ofQ== X-Gm-Message-State: AJIora8HYz/F8sou+Exrj5ffxLKynsD9RBsaq7vmO/kIwifD76QNfJPN wLMTLStSjj0KteGPenmmACgWB/csHWY= X-Google-Smtp-Source: AGRyM1uKT1RxAKElzEYiqkXg0MA2B/KJcVEBk0FTGlGpC2VDq1+iFe7ysQZ5QNDg6ULpuo/34gcvxQ== X-Received: by 2002:a05:6870:a112:b0:10d:c6b4:6396 with SMTP id m18-20020a056870a11200b0010dc6b46396mr187385oae.128.1659027327743; Thu, 28 Jul 2022 09:55:27 -0700 (PDT) From: Daniel Henrique Barboza To: qemu-devel@nongnu.org Cc: qemu-ppc@nongnu.org, danielhb413@gmail.com, peter.maydell@linaro.org, richard.henderson@linaro.org, Greg Kurz Subject: [PULL 1/3] hw/ppc: check if spapr_drc_index() returns NULL in spapr_nvdimm.c Date: Thu, 28 Jul 2022 13:55:17 -0300 Message-Id: <20220728165519.2101401-2-danielhb413@gmail.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220728165519.2101401-1-danielhb413@gmail.com> References: <20220728165519.2101401-1-danielhb413@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2001:4860:4864:20::2c; envelope-from=danielhb413@gmail.com; helo=mail-oa1-x2c.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1659027441434100001 Content-Type: text/plain; charset="utf-8" spapr_nvdimm_flush_completion_cb() and flush_worker_cb() are using the DRC object returned by spapr_drc_index() without checking it for NULL. In this case we would be dereferencing a NULL pointer when doing SPAPR_NVDIMM(drc->dev) and PC_DIMM(drc->dev). This can happen if, during a scm_flush(), the DRC object is wrongly freed/released (e.g. a bug in another part of the code). spapr_drc_index() would then return NULL in the callbacks. Fixes: Coverity CID 1487108, 1487178 Reviewed-by: Greg Kurz Message-Id: <20220409200856.283076-2-danielhb413@gmail.com> Signed-off-by: Daniel Henrique Barboza --- hw/ppc/spapr_nvdimm.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/hw/ppc/spapr_nvdimm.c b/hw/ppc/spapr_nvdimm.c index c4c97da5de..04a64cada3 100644 --- a/hw/ppc/spapr_nvdimm.c +++ b/hw/ppc/spapr_nvdimm.c @@ -447,9 +447,15 @@ static int flush_worker_cb(void *opaque) { SpaprNVDIMMDeviceFlushState *state =3D opaque; SpaprDrc *drc =3D spapr_drc_by_index(state->drcidx); - PCDIMMDevice *dimm =3D PC_DIMM(drc->dev); - HostMemoryBackend *backend =3D MEMORY_BACKEND(dimm->hostmem); - int backend_fd =3D memory_region_get_fd(&backend->mr); + PCDIMMDevice *dimm; + HostMemoryBackend *backend; + int backend_fd; + + g_assert(drc !=3D NULL); + + dimm =3D PC_DIMM(drc->dev); + backend =3D MEMORY_BACKEND(dimm->hostmem); + backend_fd =3D memory_region_get_fd(&backend->mr); =20 if (object_property_get_bool(OBJECT(backend), "pmem", NULL)) { MemoryRegion *mr =3D host_memory_backend_get_memory(dimm->hostmem); @@ -475,7 +481,11 @@ static void spapr_nvdimm_flush_completion_cb(void *opa= que, int hcall_ret) { SpaprNVDIMMDeviceFlushState *state =3D opaque; SpaprDrc *drc =3D spapr_drc_by_index(state->drcidx); - SpaprNVDIMMDevice *s_nvdimm =3D SPAPR_NVDIMM(drc->dev); + SpaprNVDIMMDevice *s_nvdimm; + + g_assert(drc !=3D NULL); + + s_nvdimm =3D SPAPR_NVDIMM(drc->dev); =20 state->hcall_ret =3D hcall_ret; QLIST_REMOVE(state, node); --=20 2.36.1 From nobody Sat May 18 10:57:15 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1659027612; cv=none; d=zohomail.com; s=zohoarc; b=fkMViN4kACJf3hCcd9pD5TrS6kAkoWmy67EJq/O1+QenOv9+3k1aTxQ0V00Y18yUJDPUz3KGYvVJkl3xKgdjhJuoPj1ZqpXpqKoiEIuV/NpQVqQFEq47+4LtflVl7JI2wEL9wOdo5jvTdtpImA5ew+YjcseltYSminKnZRdDmfM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1659027612; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=ka3BNUkuXJRjci7kyBlTsxCjMgagmX8j136cdDxlsJI=; b=Snn1hKKFkHozXBn+watb/cZJJoWGwhsFPgiIioofnqVXO31JDXf74t3JZENJGW0XOhvTLRSi1IxoySX0MAl3SWPdIRlBFxjGvi/O6rTvZlNIAFSOz6CMVsb7LISZGSrreVosivkytXez0TOrQSju5XkWcIx1uNOQP6YE95pdrI8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1659027612498457.3928667265992; Thu, 28 Jul 2022 10:00:12 -0700 (PDT) Received: from localhost ([::1]:56108 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oH6rr-00078M-Gq for importer@patchew.org; Thu, 28 Jul 2022 13:00:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38978) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oH6nN-0001B7-2v; Thu, 28 Jul 2022 12:55:33 -0400 Received: from mail-oa1-x2f.google.com ([2001:4860:4864:20::2f]:42556) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oH6nL-0006fu-He; Thu, 28 Jul 2022 12:55:32 -0400 Received: by mail-oa1-x2f.google.com with SMTP id 586e51a60fabf-f2a4c51c45so2995134fac.9; Thu, 28 Jul 2022 09:55:30 -0700 (PDT) Received: from balboa.COMFAST ([179.225.208.46]) by smtp.gmail.com with ESMTPSA id h15-20020a056870170f00b0010e5a5dfcb4sm616290oae.0.2022.07.28.09.55.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Jul 2022 09:55:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ka3BNUkuXJRjci7kyBlTsxCjMgagmX8j136cdDxlsJI=; b=qePUreoDDkhOKrgG2VLe8zGIVmJp6TVCWR94EVEGvSHKOV3ikq5QOERZv3ULgJdnjS E6FKZ2QDTG3FgrFfwrdTMIRVmum6ngQdHwQqgAA5BvVpQANDd1AMXgU3404waiteO607 FmtcICc6UKcWt3Kny+YdITzKbrxTGKmhqU6c24akYLsf8UvMAtgXzoN4fc8D37dWGoYd mwP5U7gb7GwRii6nEG9ebgtCvBY97pEcrs4uLDy/2ebJy0yVgO/xMAMR6cv7syjtHvTO w//WDqhFONkhUP9barjEidDMqKFXpBnIc59WT3USqfFAN0CqIYuXJQraP7Q/Lr2jjEJL SeNg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ka3BNUkuXJRjci7kyBlTsxCjMgagmX8j136cdDxlsJI=; b=XUQgLJFx+IYwQtki0zaYHbPZGuOwJMGSJJto3y56Tif6q6IhTZ5Mc0cgJM4kE5rvcc B6Q0ZFytaLj6vUHbUPEUbkWfFq/sMgjOa3k4Nyw7sGIBWSb9yXGhWGkaM3c9hmaa6qZk Y2oK5ffi4Eb+vvNpzWKW/ptwBjS03Eq70bfCccbTiRDyHmzLMP783wf8ullZQQ9msc2b JH4FMi66VpKjXbUV9YhCzw4Sr4hKCMJX0Rdl57fJLNoKgYcRg0A7UOJoTa2W4B2SLkMk ikSZkGz6RUfe3PjW6+3rlbkj4aAkimgp9CuOPJyxMfkyP/telC0Yrxjmn+12843/G1mq D9CA== X-Gm-Message-State: AJIora8p1tU/fHdhu+qeTJ6BZa1QnMCX1OwwqWSiMMq5Q+AZpOLkdY3/ kjGtgwr4BRm7lUGkbvPfbwGjBg7u25U= X-Google-Smtp-Source: AGRyM1siHpW6r3RHj2JN6uoygBL6zt85Oz+hPt2ikltfqV6L4RU/ah9uDgcQMRDWlq9bdzSbh4XQLg== X-Received: by 2002:a05:6870:a920:b0:10e:1cbc:47f0 with SMTP id eq32-20020a056870a92000b0010e1cbc47f0mr170820oab.207.1659027329923; Thu, 28 Jul 2022 09:55:29 -0700 (PDT) From: Daniel Henrique Barboza To: qemu-devel@nongnu.org Cc: qemu-ppc@nongnu.org, danielhb413@gmail.com, peter.maydell@linaro.org, richard.henderson@linaro.org Subject: [PULL 2/3] hw/ppc/ppc440_uc: Initialize length passed to cpu_physical_memory_map() Date: Thu, 28 Jul 2022 13:55:18 -0300 Message-Id: <20220728165519.2101401-3-danielhb413@gmail.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220728165519.2101401-1-danielhb413@gmail.com> References: <20220728165519.2101401-1-danielhb413@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2001:4860:4864:20::2f; envelope-from=danielhb413@gmail.com; helo=mail-oa1-x2f.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1659027614502100001 Content-Type: text/plain; charset="utf-8" From: Peter Maydell In dcr_write_dma(), there is code that uses cpu_physical_memory_map() to implement a DMA transfer. That function takes a 'plen' argument, which points to a hwaddr which is used for both input and output: the caller must set it to the size of the range it wants to map, and on return it is updated to the actual length mapped. The dcr_write_dma() code fails to initialize rlen and wlen, so will end up mapping an unpredictable amount of memory. Initialize the length values correctly, and check that we managed to map the entire range before using the fast-path memmove(). This was spotted by Coverity, which points out that we never initialized the variables before using them. Fixes: Coverity CID 1487137, 1487150 Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-Id: <20220726182341.1888115-2-peter.maydell@linaro.org> Signed-off-by: Daniel Henrique Barboza --- hw/ppc/ppc440_uc.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/hw/ppc/ppc440_uc.c b/hw/ppc/ppc440_uc.c index a1ecf6dd1c..11fdb88c22 100644 --- a/hw/ppc/ppc440_uc.c +++ b/hw/ppc/ppc440_uc.c @@ -904,14 +904,17 @@ static void dcr_write_dma(void *opaque, int dcrn, uin= t32_t val) int width, i, sidx, didx; uint8_t *rptr, *wptr; hwaddr rlen, wlen; + hwaddr xferlen; =20 sidx =3D didx =3D 0; width =3D 1 << ((val & DMA0_CR_PW) >> 25); + xferlen =3D count * width; + wlen =3D rlen =3D xferlen; rptr =3D cpu_physical_memory_map(dma->ch[chnl].sa, &rl= en, false); wptr =3D cpu_physical_memory_map(dma->ch[chnl].da, &wl= en, true); - if (rptr && wptr) { + if (rptr && rlen =3D=3D xferlen && wptr && wlen =3D=3D= xferlen) { if (!(val & DMA0_CR_DEC) && val & DMA0_CR_SAI && val & DMA0_CR_DAI) { /* optimise common case */ --=20 2.36.1 From nobody Sat May 18 10:57:15 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1659027532; cv=none; d=zohomail.com; s=zohoarc; b=im7ae1ooNhjj2F7F2fZNPLntblTMHxZa9ex2Hi2U6vhdPFGMcBNJlbybCnZ2BmIv9R1tXOZbEa27EscZ+VWOtX8fXZ3VQHfCf/BiRF/EWdTRJET88y3zfgO7oPSfhNOfWjWWHnY2kCCiku2716OUECL9Z5RRYsDhZhFMyXclIBs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1659027532; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=6JpKN6VGIawog0Lbow57TwD2L6j5sb5+ZAYB2OsJi+o=; b=DQJs+I7xJdy8Fc9N9zDfrs+TqTvYb3wuBcqIfQAl+c/eR0UxR6BQgOc29taOH/LDlQXIhRqHAG91a+rQeppar7JcL0mQmvFdqO4UU+VQGNHboKAOt+Ri5PoeCjA53NXOWNwwciPXeqba6OosIjW42kxuv5C1/ZA5ufE7LUszOkw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1659027532143188.40450418386854; Thu, 28 Jul 2022 09:58:52 -0700 (PDT) Received: from localhost ([::1]:52498 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oH6qY-0004Ge-6j for importer@patchew.org; Thu, 28 Jul 2022 12:58:50 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:39012) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oH6nR-0001OS-MN; Thu, 28 Jul 2022 12:55:37 -0400 Received: from mail-oa1-x2c.google.com ([2001:4860:4864:20::2c]:40912) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oH6nP-0006gW-KW; Thu, 28 Jul 2022 12:55:37 -0400 Received: by mail-oa1-x2c.google.com with SMTP id 586e51a60fabf-10e45b51f77so3012839fac.7; Thu, 28 Jul 2022 09:55:34 -0700 (PDT) Received: from balboa.COMFAST ([179.225.208.46]) by smtp.gmail.com with ESMTPSA id h15-20020a056870170f00b0010e5a5dfcb4sm616290oae.0.2022.07.28.09.55.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Jul 2022 09:55:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=6JpKN6VGIawog0Lbow57TwD2L6j5sb5+ZAYB2OsJi+o=; b=LD82aIze5F+NUWC0MGbQ9YdqlOvDVWaYDSwuIqhZrpAYZRCnhBBu9kSNUQawG88oxt xT9pejRM4UrkbxAjSavSndEnnKsA5QS7Pjv8Ne35s1Qw84Kw0GFuMwxZTJbQbV8ZcWnE 70hUTi0dK2IoQWt10kh9NRqSCsKVOlJ7uroe1nuVYYhwcbZEhFnx8y0f9DyTO98dcM7H b3tVSMF6qhEQHf7sKfCh8GASxRRz2gEId+WXUxDmeMYSPNtlLtOuveeMZRkyNt6khp55 I4d/N+sHuhz9UW9FcWE3RcnEhzXYtmADXiZ+E1fGfPRJPSEZ1JtgTjGp/SqzkAbaxyua Yz+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=6JpKN6VGIawog0Lbow57TwD2L6j5sb5+ZAYB2OsJi+o=; b=yEazKQR4jMQ7C5Mw5b3RyNwNDWnV5Q0LlcorOEaRefErJny2Ctg58aK7+TXFKEojYY 2gi+sM+i+pNtC/oZ28dmFheXyBSWXG7ZeiPU+aN+5iHGH+8gylGvcrnS5dR8Mu38Pmge /kaYsezARrerNDjJDYDDPUYOYQeUW6FoxktpH6f4SCxFfs78b69b+PNK0YZoC07dIwFH i4zM6J2d9zh1rjiidvi603fjjZesdWAAcG7uNYOxjVFVVJ2M9qPskCyGkEbNQ3v6L7Qm sxBRvuTbBrC2komJAcZgBlkHjYfpyD+9yOHKWEbx5/O6ghks36zvBz3fAOhMVsiZ+CM1 mt2Q== X-Gm-Message-State: AJIora8zhVWMhxx9JxpUTkkybXwUDOfriN5xHD2QJfmvkn2Zb793QBlI p8ISzanA57ywJNt7lcCSHrTpgcz3Srg= X-Google-Smtp-Source: AGRyM1sucxnalaCTjqFcGQXSpYbuWLiAFFTeWxaiN0Yu2cfOfY/KSXthCGoffoKsyL9/pVZRWPfnsQ== X-Received: by 2002:a05:6870:f593:b0:10d:887e:70fa with SMTP id eh19-20020a056870f59300b0010d887e70famr159081oab.241.1659027332980; Thu, 28 Jul 2022 09:55:32 -0700 (PDT) From: Daniel Henrique Barboza To: qemu-devel@nongnu.org Cc: qemu-ppc@nongnu.org, danielhb413@gmail.com, peter.maydell@linaro.org, richard.henderson@linaro.org, Nicholas Piggin , =?UTF-8?q?V=C3=ADctor=20Colombo?= , Joel Stanley Subject: [PULL 3/3] target/ppc: Implement new wait variants Date: Thu, 28 Jul 2022 13:55:19 -0300 Message-Id: <20220728165519.2101401-4-danielhb413@gmail.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220728165519.2101401-1-danielhb413@gmail.com> References: <20220728165519.2101401-1-danielhb413@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2001:4860:4864:20::2c; envelope-from=danielhb413@gmail.com; helo=mail-oa1-x2c.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1659027534073100001 From: Nicholas Piggin ISA v2.06 adds new variations of wait, specified by the WC field. These are not all compatible with the prior wait implementation, because they add additional conditions that cause the processor to resume, which can cause software to hang or run very slowly. At this moment, with the current wait implementation and a pseries guest using mainline kernel with new wait upcodes [1], QEMU hangs during boot if more than one CPU is present: qemu-system-ppc64 -M pseries,x-vof=3Don -cpu POWER10 -smp 2 -nographic -kernel zImage.pseries -no-reboot QEMU will exit (as there's no filesystem) if the test "passes", or hang during boot if it hits the bug. ISA v3.0 changed the wait opcode and removed the new variants (retaining the WC field but making non-zero values reserved). ISA v3.1 added new WC values to the new wait opcode, and added a PL field. This patch implements the new wait encoding and supports WC variants with no-op implementations, which provides basic correctness as explained in comments. [1] https://lore.kernel.org/all/20220720132132.903462-1-npiggin@gmail.com/ Signed-off-by: Nicholas Piggin Reviewed-by: V=C3=ADctor Colombo Tested-by: Joel Stanley Reviewed-by: Daniel Henrique Barboza Message-Id: <20220720133352.904263-1-npiggin@gmail.com> [danielhb: added information about the bug being fixed] Signed-off-by: Daniel Henrique Barboza --- target/ppc/internal.h | 3 ++ target/ppc/translate.c | 96 ++++++++++++++++++++++++++++++++++++++---- 2 files changed, 91 insertions(+), 8 deletions(-) diff --git a/target/ppc/internal.h b/target/ppc/internal.h index 467f3046c8..337a362205 100644 --- a/target/ppc/internal.h +++ b/target/ppc/internal.h @@ -165,6 +165,9 @@ EXTRACT_HELPER_SPLIT_3(DX, 10, 6, 6, 5, 16, 1, 1, 0, 0) /* darn */ EXTRACT_HELPER(L, 16, 2); #endif +/* wait */ +EXTRACT_HELPER(WC, 21, 2); +EXTRACT_HELPER(PL, 16, 2); =20 /*** Jump target decoding = ***/ /* Immediate address */ diff --git a/target/ppc/translate.c b/target/ppc/translate.c index 5a18ee577f..388337f81b 100644 --- a/target/ppc/translate.c +++ b/target/ppc/translate.c @@ -4071,12 +4071,91 @@ static void gen_sync(DisasContext *ctx) /* wait */ static void gen_wait(DisasContext *ctx) { - TCGv_i32 t0 =3D tcg_const_i32(1); - tcg_gen_st_i32(t0, cpu_env, - -offsetof(PowerPCCPU, env) + offsetof(CPUState, halted)= ); - tcg_temp_free_i32(t0); - /* Stop translation, as the CPU is supposed to sleep from now */ - gen_exception_nip(ctx, EXCP_HLT, ctx->base.pc_next); + uint32_t wc; + + if (ctx->insns_flags & PPC_WAIT) { + /* v2.03-v2.07 define an older incompatible 'wait' encoding. */ + + if (ctx->insns_flags2 & PPC2_PM_ISA206) { + /* v2.06 introduced the WC field. WC > 0 may be treated as no-= op. */ + wc =3D WC(ctx->opcode); + } else { + wc =3D 0; + } + + } else if (ctx->insns_flags2 & PPC2_ISA300) { + /* v3.0 defines a new 'wait' encoding. */ + wc =3D WC(ctx->opcode); + if (ctx->insns_flags2 & PPC2_ISA310) { + uint32_t pl =3D PL(ctx->opcode); + + /* WC 1,2 may be treated as no-op. WC 3 is reserved. */ + if (wc =3D=3D 3) { + gen_invalid(ctx); + return; + } + + /* PL 1-3 are reserved. If WC=3D2 then the insn is treated as = noop. */ + if (pl > 0 && wc !=3D 2) { + gen_invalid(ctx); + return; + } + + } else { /* ISA300 */ + /* WC 1-3 are reserved */ + if (wc > 0) { + gen_invalid(ctx); + return; + } + } + + } else { + warn_report("wait instruction decoded with wrong ISA flags."); + gen_invalid(ctx); + return; + } + + /* + * wait without WC field or with WC=3D0 waits for an exception / inter= rupt + * to occur. + */ + if (wc =3D=3D 0) { + TCGv_i32 t0 =3D tcg_const_i32(1); + tcg_gen_st_i32(t0, cpu_env, + -offsetof(PowerPCCPU, env) + offsetof(CPUState, hal= ted)); + tcg_temp_free_i32(t0); + /* Stop translation, as the CPU is supposed to sleep from now */ + gen_exception_nip(ctx, EXCP_HLT, ctx->base.pc_next); + } + + /* + * Other wait types must not just wait until an exception occurs becau= se + * ignoring their other wake-up conditions could cause a hang. + * + * For v2.06 and 2.07, wc=3D1,2,3 are architected but may be implement= ed as + * no-ops. + * + * wc=3D1 and wc=3D3 explicitly allow the instruction to be treated as= a no-op. + * + * wc=3D2 waits for an implementation-specific condition, such could be + * always true, so it can be implemented as a no-op. + * + * For v3.1, wc=3D1,2 are architected but may be implemented as no-ops. + * + * wc=3D1 (waitrsv) waits for an exception or a reservation to be lost. + * Reservation-loss may have implementation-specific conditions, so it + * can be implemented as a no-op. + * + * wc=3D2 waits for an exception or an amount of time to pass. This + * amount is implementation-specific so it can be implemented as a + * no-op. + * + * ISA v3.1 allows for execution to resume "in the rare case of + * an implementation-dependent event", so in any case software must + * not depend on the architected resumption condition to become + * true, so no-op implementations should be architecturally correct + * (if suboptimal). + */ } =20 #if defined(TARGET_PPC64) @@ -6691,8 +6770,9 @@ GEN_HANDLER2(stdcx_, "stdcx.", 0x1F, 0x16, 0x06, 0x00= 000000, PPC_64B), GEN_HANDLER_E(stqcx_, 0x1F, 0x16, 0x05, 0, PPC_NONE, PPC2_LSQ_ISA207), #endif GEN_HANDLER(sync, 0x1F, 0x16, 0x12, 0x039FF801, PPC_MEM_SYNC), -GEN_HANDLER(wait, 0x1F, 0x1E, 0x01, 0x03FFF801, PPC_WAIT), -GEN_HANDLER_E(wait, 0x1F, 0x1E, 0x00, 0x039FF801, PPC_NONE, PPC2_ISA300), +/* ISA v3.0 changed the extended opcode from 62 to 30 */ +GEN_HANDLER(wait, 0x1F, 0x1E, 0x01, 0x039FF801, PPC_WAIT), +GEN_HANDLER_E(wait, 0x1F, 0x1E, 0x00, 0x039CF801, PPC_NONE, PPC2_ISA300), GEN_HANDLER(b, 0x12, 0xFF, 0xFF, 0x00000000, PPC_FLOW), GEN_HANDLER(bc, 0x10, 0xFF, 0xFF, 0x00000000, PPC_FLOW), GEN_HANDLER(bcctr, 0x13, 0x10, 0x10, 0x00000000, PPC_FLOW), --=20 2.36.1