From patchwork Tue Sep 19 18:27:44 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Halil Pasic X-Patchwork-Id: 9959929 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id CF4606056A for ; Tue, 19 Sep 2017 18:31:20 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C1AAF28EC5 for ; Tue, 19 Sep 2017 18:31:20 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B624B28ED3; Tue, 19 Sep 2017 18:31:20 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 50E5328EC5 for ; Tue, 19 Sep 2017 18:31:19 +0000 (UTC) Received: from localhost ([::1]:44778 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1duNIl-0005ff-8D for patchwork-qemu-devel@patchwork.kernel.org; Tue, 19 Sep 2017 14:31:19 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:53073) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1duNFa-0003p7-Nh for qemu-devel@nongnu.org; Tue, 19 Sep 2017 14:28:03 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1duNFW-0002MT-9x for qemu-devel@nongnu.org; Tue, 19 Sep 2017 14:28:02 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:50216 helo=mx0a-001b2d01.pphosted.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1duNFW-0002LO-57 for qemu-devel@nongnu.org; Tue, 19 Sep 2017 14:27:58 -0400 Received: from pps.filterd (m0098416.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id v8JIOJDp139066 for ; Tue, 19 Sep 2017 14:27:57 -0400 Received: from e06smtp11.uk.ibm.com (e06smtp11.uk.ibm.com [195.75.94.107]) by mx0b-001b2d01.pphosted.com with ESMTP id 2d33drv5r0-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Tue, 19 Sep 2017 14:27:57 -0400 Received: from localhost by e06smtp11.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 19 Sep 2017 19:27:55 +0100 Received: from b06cxnps3074.portsmouth.uk.ibm.com (9.149.109.194) by e06smtp11.uk.ibm.com (192.168.101.141) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Tue, 19 Sep 2017 19:27:52 +0100 Received: from d06av24.portsmouth.uk.ibm.com (d06av24.portsmouth.uk.ibm.com [9.149.105.60]) by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id v8JIRq8523527672; Tue, 19 Sep 2017 18:27:52 GMT Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8391942041; Tue, 19 Sep 2017 19:24:04 +0100 (BST) Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 556044203F; Tue, 19 Sep 2017 19:24:04 +0100 (BST) Received: from tuxmaker.boeblingen.de.ibm.com (unknown [9.152.85.9]) by d06av24.portsmouth.uk.ibm.com (Postfix) with ESMTPS; Tue, 19 Sep 2017 19:24:04 +0100 (BST) From: Halil Pasic To: Cornelia Huck Date: Tue, 19 Sep 2017 20:27:44 +0200 X-Mailer: git-send-email 2.13.5 In-Reply-To: <20170919182745.90280-1-pasic@linux.vnet.ibm.com> References: <20170919182745.90280-1-pasic@linux.vnet.ibm.com> X-TM-AS-GCONF: 00 x-cbid: 17091918-0040-0000-0000-000003FB71C4 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17091918-0041-0000-0000-0000209CA4A2 Message-Id: <20170919182745.90280-5-pasic@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-09-19_08:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000 definitions=main-1709190256 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] [fuzzy] X-Received-From: 148.163.158.5 Subject: [Qemu-devel] [PATCH v3 4/5] 390x/css: introduce maximum data address checking X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Dong Jia Shi , Halil Pasic , Pierre Morel , qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP The architecture mandates the addresses to be accessed on the first indirection level (that is, the data addresses without IDA, and the (M)IDAW addresses with (M)IDA) to be checked against an CCW format dependent limit maximum address. If a violation is detected, the storage access is not to be performed and a channel program check needs to be generated. As of today, we fail to do this check. Let us stick even closer to the architecture specification. Signed-off-by: Halil Pasic --- hw/s390x/css.c | 10 ++++++++++ include/hw/s390x/css.h | 1 + 2 files changed, 11 insertions(+) diff --git a/hw/s390x/css.c b/hw/s390x/css.c index 6b0cd8861b..2d37a9ddde 100644 --- a/hw/s390x/css.c +++ b/hw/s390x/css.c @@ -795,6 +795,11 @@ static inline int cds_check_len(CcwDataStream *cds, int len) return cds->flags & CDS_F_STREAM_BROKEN ? -EINVAL : len; } +static inline bool cds_ccw_addrs_ok(hwaddr addr, int len, bool ccw_fmt1) +{ + return (addr + len) < (ccw_fmt1 ? (1UL << 31) : (1UL << 24)); +} + static int ccw_dstream_rw_noflags(CcwDataStream *cds, void *buff, int len, CcwDataStreamOp op) { @@ -804,6 +809,9 @@ static int ccw_dstream_rw_noflags(CcwDataStream *cds, void *buff, int len, if (ret <= 0) { return ret; } + if (!cds_ccw_addrs_ok(cds->cda, len, cds->flags & CDS_F_FMT)) { + return -EINVAL; /* channel program check */ + } if (op == CDS_OP_A) { goto incr; } @@ -828,7 +836,9 @@ void ccw_dstream_init(CcwDataStream *cds, CCW1 const *ccw, ORB const *orb) g_assert(!(orb->ctrl1 & ORB_CTRL1_MASK_MIDAW)); cds->flags = (orb->ctrl0 & ORB_CTRL0_MASK_I2K ? CDS_F_I2K : 0) | (orb->ctrl0 & ORB_CTRL0_MASK_C64 ? CDS_F_C64 : 0) | + (orb->ctrl0 & ORB_CTRL0_MASK_FMT ? CDS_F_FMT : 0) | (ccw->flags & CCW_FLAG_IDA ? CDS_F_IDA : 0); + cds->count = ccw->count; cds->cda_orig = ccw->cda; ccw_dstream_rewind(cds); diff --git a/include/hw/s390x/css.h b/include/hw/s390x/css.h index 078356e94c..69b374730e 100644 --- a/include/hw/s390x/css.h +++ b/include/hw/s390x/css.h @@ -87,6 +87,7 @@ typedef struct CcwDataStream { #define CDS_F_MIDA 0x02 #define CDS_F_I2K 0x04 #define CDS_F_C64 0x08 +#define CDS_F_FMT 0x10 /* CCW format-1 */ #define CDS_F_STREAM_BROKEN 0x80 uint8_t flags; uint8_t at_idaw;