qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 3/4] s390x/tcg: Only ignore content in r0 when specified v


From: Richard Henderson
Subject: Re: [PATCH v2 3/4] s390x/tcg: Only ignore content in r0 when specified via "b" or "x"
Date: Fri, 8 Jan 2021 09:43:29 -1000
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0

On 1/8/21 3:20 AM, David Hildenbrand wrote:
> Using get_address() with register identifiers comming from an "r" field
> is wrong: if the "r" field designates "r0", we don't read the content
> and instead assume 0 - which should only be applied when the register
> was specified via "b" or "x".
> 
> PoP 5-11 "Operand-Address Generation":
>   "A zero in any of the B1, B2, X2, B3, or B4 fields indicates the absence
>    of the corresponding address component. For the absent component, a zero
>    is used in forming the intermediate sum, regardless of the contents of
>    general register 0. A displacement of zero has no special significance."
> 
> This BUG became visible for CSPG as generated by LLVM-12 in the upstream
> Linux kernel (v5.11-rc2), used while creating the linear mapping in
> vmem_map_init(): Trying to store to address 0 results in a Low Address
> Protection exception.
> 
> Debugging this was more complicated than it could have been: The program
> interrupt handler in the kernel will try to crash the kernel: doing so, it
> will enable DAT. As the linear mapping is not created yet (asce=0), we run
> into an addressing exception while tring to walk non-existant DAT tables,
> resulting in a program exception loop.
> 
> This allows for booting upstream Linux kernels compiled by clang-12. Most
> of these cases seem to be broken forever.
> 
> Reported-by: Nick Desaulniers <ndesaulniers@google.com>
> Cc: Guenter Roeck <linux@roeck-us.net>
> Cc: Christian Borntraeger <borntraeger@de.ibm.com>
> Cc: Heiko Carstens <hca@linux.ibm.com>
> Signed-off-by: David Hildenbrand <david@redhat.com>
> ---
>  target/s390x/insn-data.def |  8 ++++----
>  target/s390x/translate.c   | 15 +++++++++------
>  2 files changed, 13 insertions(+), 10 deletions(-)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~




reply via email to

[Prev in Thread] Current Thread [Next in Thread]