[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[qemu-s390x] [PULL 11/35] s390x/tcg: Store only the necessary amount of
From: |
Cornelia Huck |
Subject: |
[qemu-s390x] [PULL 11/35] s390x/tcg: Store only the necessary amount of doublewords for STFLE |
Date: |
Fri, 7 Jun 2019 11:52:13 +0200 |
From: David Hildenbrand <address@hidden>
The PoP (z14, 7-382) says:
Doublewords to the right of the doubleword in which the
highest-numbered facility bit is assigned for a model
may or may not be stored.
However, stack protection in certain binaries can't deal with that.
"gzip" example code:
f1b4: a7 08 00 03 lhi %r0,3
f1b8: b2 b0 f0 a0 stfle 160(%r15)
f1bc: e3 20 f0 b2 00 90 llgc %r2,178(%r15)
f1c2: c0 2b 00 00 00 01 nilf %r2,1
f1c8: b2 4f 00 10 ear %r1,%a0
f1cc: b9 14 00 22 lgfr %r2,%r2
f1d0: eb 11 00 20 00 0d sllg %r1,%r1,32
f1d6: b2 4f 00 11 ear %r1,%a1
f1da: d5 07 f0 b8 10 28 clc 184(8,%r15),40(%r1)
f1e0: a7 74 00 06 jne f1ec <file_read@@Base+0x1bc>
f1e4: eb ef f1 30 00 04 lmg %r14,%r15,304(%r15)
f1ea: 07 fe br %r14
f1ec: c0 e5 ff ff 9d 6e brasl %r14,2cc8 <__stack_chk_fail@plt>
In QEMU, we currently have:
max_bytes = 24
the code asks for (3 + 1) doublewords == 32 bytes.
If we write 32 bytes instead of only 24, and return "2 + 1" doublewords
("one less than the number of doulewords needed to contain all of the
facility bits"), the example code detects a stack corruption.
In my opinion, the code is wrong. However, it seems to work fine on
real machines. So let's limit storing to the minimum of the requested
and the maximum doublewords.
Cc: Stefan Liebler <address@hidden>
Cc: Andreas Krebbel <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Signed-off-by: David Hildenbrand <address@hidden>
---
target/s390x/misc_helper.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/target/s390x/misc_helper.c b/target/s390x/misc_helper.c
index 34476134a407..10aa617cf9c5 100644
--- a/target/s390x/misc_helper.c
+++ b/target/s390x/misc_helper.c
@@ -678,7 +678,13 @@ uint32_t HELPER(stfle)(CPUS390XState *env, uint64_t addr)
prepare_stfl();
max_bytes = ROUND_UP(used_stfl_bytes, 8);
- for (i = 0; i < count_bytes; ++i) {
+
+ /*
+ * The PoP says that doublewords beyond the highest-numbered facility
+ * bit may or may not be stored. However, existing hardware appears to
+ * not store the words, and existing software depend on that.
+ */
+ for (i = 0; i < MIN(count_bytes, max_bytes); ++i) {
cpu_stb_data_ra(env, addr + i, stfl_bytes[i], ra);
}
--
2.20.1
- [qemu-s390x] [PULL 00/35] s390x updates, Cornelia Huck, 2019/06/07
- [qemu-s390x] [PULL 03/35] s390x/tcg: Implement VECTOR FIND ANY ELEMENT EQUAL, Cornelia Huck, 2019/06/07
- [qemu-s390x] [PULL 05/35] s390x/tcg: Implement VECTOR FIND ELEMENT NOT EQUAL, Cornelia Huck, 2019/06/07
- [qemu-s390x] [PULL 02/35] vfio-ccw: support async command subregion, Cornelia Huck, 2019/06/07
- [qemu-s390x] [PULL 01/35] MAINTAINERS: cover tests/migration/s390x/, Cornelia Huck, 2019/06/07
- [qemu-s390x] [PULL 08/35] s390x: Align vector registers to 16 bytes, Cornelia Huck, 2019/06/07
- [qemu-s390x] [PULL 04/35] s390x/tcg: Implement VECTOR FIND ELEMENT EQUAL, Cornelia Huck, 2019/06/07
- [qemu-s390x] [PULL 06/35] s390x/tcg: Implement VECTOR ISOLATE STRING, Cornelia Huck, 2019/06/07
- [qemu-s390x] [PULL 07/35] s390x/tcg: Implement VECTOR STRING RANGE COMPARE, Cornelia Huck, 2019/06/07
- [qemu-s390x] [PULL 10/35] s390x/tcg: Fix max_byte detection for stfle, Cornelia Huck, 2019/06/07
- [qemu-s390x] [PULL 11/35] s390x/tcg: Store only the necessary amount of doublewords for STFLE,
Cornelia Huck <=
- [qemu-s390x] [PULL 09/35] s390x: Use uint64_t for vector registers, Cornelia Huck, 2019/06/07
- [qemu-s390x] [PULL 12/35] s390x/tcg: Introduce tcg_s390_vector_exception(), Cornelia Huck, 2019/06/07
- [qemu-s390x] [PULL 13/35] s390x/tcg: Export float_comp_to_cc() and float(32|64|128)_dcmask(), Cornelia Huck, 2019/06/07
- [qemu-s390x] [PULL 15/35] s390x/tcg: Implement VECTOR FP COMPARE (AND SIGNAL) SCALAR, Cornelia Huck, 2019/06/07
- [qemu-s390x] [PULL 14/35] s390x/tcg: Implement VECTOR FP ADD, Cornelia Huck, 2019/06/07
- [qemu-s390x] [PULL 16/35] s390x/tcg: Implement VECTOR FP COMPARE (EQUAL|HIGH|HIGH OR EQUAL), Cornelia Huck, 2019/06/07
- [qemu-s390x] [PULL 17/35] s390x/tcg: Implement VECTOR FP CONVERT FROM FIXED 64-BIT, Cornelia Huck, 2019/06/07
- [qemu-s390x] [PULL 18/35] s390x/tcg: Implement VECTOR FP CONVERT FROM LOGICAL 64-BIT, Cornelia Huck, 2019/06/07
- [qemu-s390x] [PULL 19/35] s390x/tcg: Implement VECTOR FP CONVERT TO FIXED 64-BIT, Cornelia Huck, 2019/06/07
- [qemu-s390x] [PULL 20/35] s390x/tcg: Implement VECTOR FP CONVERT TO LOGICAL 64-BIT, Cornelia Huck, 2019/06/07