From patchwork Fri Jul 28 09:19:59 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cornelia Huck X-Patchwork-Id: 9868169 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 128BB6035E for ; Fri, 28 Jul 2017 09:25:43 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 080502889D for ; Fri, 28 Jul 2017 09:25:43 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id EF865288AD; Fri, 28 Jul 2017 09:25:42 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 8DB862889D for ; Fri, 28 Jul 2017 09:25:42 +0000 (UTC) Received: from localhost ([::1]:47017 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1db1Wf-0001xq-Py for patchwork-qemu-devel@patchwork.kernel.org; Fri, 28 Jul 2017 05:25:41 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60912) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1db1RY-0006e0-B5 for qemu-devel@nongnu.org; Fri, 28 Jul 2017 05:20:25 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1db1RU-0006PY-7c for qemu-devel@nongnu.org; Fri, 28 Jul 2017 05:20:24 -0400 Received: from mx1.redhat.com ([209.132.183.28]:42638) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1db1RU-0006P7-0Q for qemu-devel@nongnu.org; Fri, 28 Jul 2017 05:20:20 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id EF01A18310A; Fri, 28 Jul 2017 09:20:18 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com EF01A18310A Authentication-Results: ext-mx10.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx10.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=cohuck@redhat.com Received: from localhost (dhcp-192-215.str.redhat.com [10.33.192.215]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E0FFD5D9C9; Fri, 28 Jul 2017 09:20:16 +0000 (UTC) From: Cornelia Huck To: peter.maydell@linaro.org Date: Fri, 28 Jul 2017 11:19:59 +0200 Message-Id: <20170728092000.19216-4-cohuck@redhat.com> In-Reply-To: <20170728092000.19216-1-cohuck@redhat.com> References: <20170728092000.19216-1-cohuck@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Fri, 28 Jul 2017 09:20:19 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL for-2.10 3/4] s390x/css: check ccw address validity X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: thuth@redhat.com, david@redhat.com, Cornelia Huck , qemu-devel@nongnu.org, agraf@suse.de, borntraeger@de.ibm.com, Halil Pasic , rth@twiddle.net Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP From: Halil Pasic According to the PoP channel command words (CCW) must be doubleword aligned and 31 bit addressable for format 1 and 24 bit addressable for format 0 CCWs. If the channel subsystem encounters a ccw address which does not satisfy this alignment requirement a program-check condition is recognised. The situation with 31 bit addressable is a bit more complicated: both the ORB and a format 1 CCW TIC hold the address of (the rest of) the channel program, that is the address of the next CCW in a word, and the PoP mandates that bit 0 of that word shall be zero -- or a program-check condition is to be recognized -- and does not belong to the field holding the ccw address. Since in code the corresponding fields span across the whole word (unlike in PoP where these are defined as 31 bit wide) we can check this by applying a mask. The 24 addressable case isn't affecting TIC because the address is composed of a halfword and a byte portion (no additional zero bit requirements) and just slightly complicates the ORB case where also bits 1-7 need to be zero. The same requirements (especially n-bit addressability) apply to the ccw addresses generated while chaining. Let's make our CSS implementation follow the AR more closely. Signed-off-by: Halil Pasic Message-Id: <20170727154842.23427-1-pasic@linux.vnet.ibm.com> Reviewed-by: Dong Jia Shi Signed-off-by: Cornelia Huck --- hw/s390x/css.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hw/s390x/css.c b/hw/s390x/css.c index 6a42b95cee..177cbfc92d 100644 --- a/hw/s390x/css.c +++ b/hw/s390x/css.c @@ -795,6 +795,10 @@ static int css_interpret_ccw(SubchDev *sch, hwaddr ccw_addr, if (!ccw_addr) { return -EIO; } + /* Check doubleword aligned and 31 or 24 (fmt 0) bit addressable. */ + if (ccw_addr & (sch->ccw_fmt_1 ? 0x80000007 : 0xff000007)) { + return -EINVAL; + } /* Translate everything to format-1 ccws - the information is the same. */ ccw = copy_ccw_from_guest(ccw_addr, sch->ccw_fmt_1);