[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[qemu-s390x] [PULL SUBSYSTEM s390x 09/33] s390x/tcg: Store only the nece
From: |
David Hildenbrand |
Subject: |
[qemu-s390x] [PULL SUBSYSTEM s390x 09/33] s390x/tcg: Store only the necessary amount of doublewords for STFLE |
Date: |
Wed, 5 Jun 2019 22:33:39 +0200 |
The PoP (z14, 7-382) says:
Doublewords to the right of the doubleword in which the
highest-numbered facility bit is assigned for a model
may or may not be stored.
However, stack protection in certain binaries can't deal with that.
"gzip" example code:
f1b4: a7 08 00 03 lhi %r0,3
f1b8: b2 b0 f0 a0 stfle 160(%r15)
f1bc: e3 20 f0 b2 00 90 llgc %r2,178(%r15)
f1c2: c0 2b 00 00 00 01 nilf %r2,1
f1c8: b2 4f 00 10 ear %r1,%a0
f1cc: b9 14 00 22 lgfr %r2,%r2
f1d0: eb 11 00 20 00 0d sllg %r1,%r1,32
f1d6: b2 4f 00 11 ear %r1,%a1
f1da: d5 07 f0 b8 10 28 clc 184(8,%r15),40(%r1)
f1e0: a7 74 00 06 jne f1ec <file_read@@Base+0x1bc>
f1e4: eb ef f1 30 00 04 lmg %r14,%r15,304(%r15)
f1ea: 07 fe br %r14
f1ec: c0 e5 ff ff 9d 6e brasl %r14,2cc8 <address@hidden>
In QEMU, we currently have:
max_bytes = 24
the code asks for (3 + 1) doublewords == 32 bytes.
If we write 32 bytes instead of only 24, and return "2 + 1" doublewords
("one less than the number of doulewords needed to contain all of the
facility bits"), the example code detects a stack corruption.
In my opinion, the code is wrong. However, it seems to work fine on
real machines. So let's limit storing to the minimum of the requested
and the maximum doublewords.
Cc: Stefan Liebler <address@hidden>
Cc: Andreas Krebbel <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Signed-off-by: David Hildenbrand <address@hidden>
---
target/s390x/misc_helper.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/target/s390x/misc_helper.c b/target/s390x/misc_helper.c
index 34476134a4..10aa617cf9 100644
--- a/target/s390x/misc_helper.c
+++ b/target/s390x/misc_helper.c
@@ -678,7 +678,13 @@ uint32_t HELPER(stfle)(CPUS390XState *env, uint64_t addr)
prepare_stfl();
max_bytes = ROUND_UP(used_stfl_bytes, 8);
- for (i = 0; i < count_bytes; ++i) {
+
+ /*
+ * The PoP says that doublewords beyond the highest-numbered facility
+ * bit may or may not be stored. However, existing hardware appears to
+ * not store the words, and existing software depend on that.
+ */
+ for (i = 0; i < MIN(count_bytes, max_bytes); ++i) {
cpu_stb_data_ra(env, addr + i, stfl_bytes[i], ra);
}
--
2.21.0
- [qemu-s390x] [PULL SUBSYSTEM s390x 00/33] s390x/tcg: Final Vector Instruction Support, David Hildenbrand, 2019/06/05
- [qemu-s390x] [PULL SUBSYSTEM s390x 01/33] s390x/tcg: Implement VECTOR FIND ANY ELEMENT EQUAL, David Hildenbrand, 2019/06/05
- [qemu-s390x] [PULL SUBSYSTEM s390x 09/33] s390x/tcg: Store only the necessary amount of doublewords for STFLE,
David Hildenbrand <=
- [qemu-s390x] [PULL SUBSYSTEM s390x 04/33] s390x/tcg: Implement VECTOR ISOLATE STRING, David Hildenbrand, 2019/06/05
- [qemu-s390x] [PULL SUBSYSTEM s390x 07/33] s390x: Use uint64_t for vector registers, David Hildenbrand, 2019/06/05
- [qemu-s390x] [PULL SUBSYSTEM s390x 02/33] s390x/tcg: Implement VECTOR FIND ELEMENT EQUAL, David Hildenbrand, 2019/06/05
- [qemu-s390x] [PULL SUBSYSTEM s390x 08/33] s390x/tcg: Fix max_byte detection for stfle, David Hildenbrand, 2019/06/05
- [qemu-s390x] [PULL SUBSYSTEM s390x 05/33] s390x/tcg: Implement VECTOR STRING RANGE COMPARE, David Hildenbrand, 2019/06/05
- [qemu-s390x] [PULL SUBSYSTEM s390x 15/33] s390x/tcg: Implement VECTOR FP CONVERT FROM FIXED 64-BIT, David Hildenbrand, 2019/06/05
- [qemu-s390x] [PULL SUBSYSTEM s390x 26/33] s390x/tcg: Implement VECTOR FP SQUARE ROOT, David Hildenbrand, 2019/06/05
- [qemu-s390x] [PULL SUBSYSTEM s390x 29/33] s390x/tcg: Allow linux-user to use vector instructions, David Hildenbrand, 2019/06/05
- [qemu-s390x] [PULL SUBSYSTEM s390x 10/33] s390x/tcg: Introduce tcg_s390_vector_exception(), David Hildenbrand, 2019/06/05
- [qemu-s390x] [PULL SUBSYSTEM s390x 31/33] s390x: Bump the "qemu" CPU model up to a stripped-down z13, David Hildenbrand, 2019/06/05