[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 12/34] target-s390x: fix MMU index computation
From: |
Alexander Graf |
Subject: |
[Qemu-devel] [PULL 12/34] target-s390x: fix MMU index computation |
Date: |
Fri, 5 Jun 2015 01:41:42 +0200 |
From: Aurelien Jarno <address@hidden>
The cpu_mmu_index function wrongly looks at PSW P bit to determine the
MMU index, while this bit actually only control the use of priviledge
instructions. The addressing mode is detected by looking at the PSW ASC
bits instead.
This used to work more or less correctly up to kernel 3.6 as the kernel
was running in primary space and userland in secondary space. Since
kernel 3.7 the default is to run the kernel in home space and userland
in primary space. While the current QEMU code seems to work it open some
security issues, like accessing the lowcore memory in R/W mode from a
userspace process once it has been accessed by the kernel (it is then
cached by the QEMU TLB).
At the same time change the MMU_USER_IDX value so that it matches the
value used in recent kernels.
Signed-off-by: Aurelien Jarno <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
---
target-s390x/cpu.h | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/target-s390x/cpu.h b/target-s390x/cpu.h
index 3140f75..adb9a84 100644
--- a/target-s390x/cpu.h
+++ b/target-s390x/cpu.h
@@ -48,7 +48,7 @@
#define MMU_MODE1_SUFFIX _secondary
#define MMU_MODE2_SUFFIX _home
-#define MMU_USER_IDX 1
+#define MMU_USER_IDX 0
#define MAX_EXT_QUEUE 16
#define MAX_IO_QUEUE 16
@@ -304,11 +304,18 @@ static inline CPU_DoubleU *get_freg(CPUS390XState *cs,
int nr)
static inline int cpu_mmu_index (CPUS390XState *env)
{
- if (env->psw.mask & PSW_MASK_PSTATE) {
+ switch (env->psw.mask & PSW_MASK_ASC) {
+ case PSW_ASC_PRIMARY:
+ return 0;
+ case PSW_ASC_SECONDARY:
return 1;
+ case PSW_ASC_HOME:
+ return 2;
+ case PSW_ASC_ACCREG:
+ /* Fallthrough: access register mode is not yet supported */
+ default:
+ abort();
}
-
- return 0;
}
static inline void cpu_get_tb_cpu_state(CPUS390XState* env, target_ulong *pc,
--
1.7.12.4
- [Qemu-devel] [PULL 06/34] target-s390x: simplify SCKC helper, (continued)
- [Qemu-devel] [PULL 06/34] target-s390x: simplify SCKC helper, Alexander Graf, 2015/06/04
- [Qemu-devel] [PULL 07/34] target-s390x: streamline STCK helper, Alexander Graf, 2015/06/04
- [Qemu-devel] [PULL 04/34] target-s390x: remove unused helpers, Alexander Graf, 2015/06/04
- [Qemu-devel] [PULL 05/34] target-s390x: add a tod2time function, Alexander Graf, 2015/06/04
- [Qemu-devel] [PULL 02/34] target-s390x: fix CC computation for LOAD POSITIVE instructions, Alexander Graf, 2015/06/04
- [Qemu-devel] [PULL 09/34] target-s390x: implement STPT helper, Alexander Graf, 2015/06/04
- [Qemu-devel] [PULL 14/34] target-s390x: silence NaNs for LOAD LENGTHENED and LOAD ROUNDED, Alexander Graf, 2015/06/04
- [Qemu-devel] [PULL 16/34] target-s390x: move a few instructions to the correct facility, Alexander Graf, 2015/06/04
- [Qemu-devel] [PULL 20/34] target-s390x: change CHRL and CGHRL format to RIL-b, Alexander Graf, 2015/06/04
- [Qemu-devel] [PULL 30/34] target-s390x: add a cpu_mmu_idx_to_asc function, Alexander Graf, 2015/06/04
- [Qemu-devel] [PULL 12/34] target-s390x: fix MMU index computation,
Alexander Graf <=
- [Qemu-devel] [PULL 11/34] target-s390x: fix PSW value on dynamical exception from helpers, Alexander Graf, 2015/06/04
- [Qemu-devel] [PULL 15/34] target-s390x: detect tininess before rounding for FP operations, Alexander Graf, 2015/06/04
- [Qemu-devel] [PULL 03/34] target-s390x: optimize (negative-) abs computation, Alexander Graf, 2015/06/04
- [Qemu-devel] [PULL 01/34] target-s390x: fix CC computation for EX instruction, Alexander Graf, 2015/06/04
- [Qemu-devel] [PULL 24/34] target-s390x: implement TRANSLATE AND TEST instruction, Alexander Graf, 2015/06/04
- [Qemu-devel] [PULL 13/34] target-s390x: define default NaN values, Alexander Graf, 2015/06/04
- [Qemu-devel] [PULL 33/34] target-s390x: fix MVC instruction when areas overlap, Alexander Graf, 2015/06/04
- [Qemu-devel] [PULL 22/34] target-s390x: move SET DFP ROUNDING MODE to the correct facility, Alexander Graf, 2015/06/04