af68a7132d
- Updating to Sphinx v3.1.2 in Factory is exposing an issue in qemu doc sources. Fix it docs-fix-trace-docs-build-with-sphinx-3..patch - Fix DoS possibility in ati-vga emulation (CVE-2020-13800 bsc#1172495) ati-vga-check-mm_index-before-recursive-.patch - Fix DoS possibility in Network Block Device (nbd) support infrastructure (CVE-2020-10761 bsc#1172710) nbd-server-Avoid-long-error-message-asse.patch - Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2 emulation (CVE-2020-13659 bsc#1172386) exec-set-map-length-to-zero-when-returni.patch - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362 bsc#1172383) megasas-use-unsigned-type-for-reply_queu.patch - Fix legacy IGD passthrough hw-vfio-pci-quirks-Fix-broken-legacy-IGD.patch - The latest gcc10 available in Factory has the fix for the issue this patch was created to avoid, so drop it build-Work-around-gcc10-bug-by-not-using.patch - Switch to upstream versions of some patches we carry add-enum-cast-to-avoid-gcc10-warning.patch -> golan-Add-explicit-type-casts-for-nodnic.patch Be-explicit-about-fcommon-compiler-direc.patch -> build-Be-explicit-about-fcommon-compiler.patch Do-not-apply-WORKAROUND_CFLAGS-for-host-.patch -> build-Do-not-apply-WORKAROUND_CFLAGS-for.patch Fix-s-directive-argument-is-null-error.patch -> build-Fix-s-directive-argument-is-null-e.patch Workaround-compilation-error-with-gcc-9..patch -> build-Workaround-compilation-error-with-.patch work-around-gcc10-problem-with-zero-leng.patch -> intel-Avoid-spurious-compiler-warning-on.patch - Fix vgabios issue for cirrus graphics emulation, which effectively downgraded it to standard VGA behavior vga-fix-cirrus-bios.patch - Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361 bsc#1172384) es1370-check-total-frame-count-against-c.patch OBS-URL: https://build.opensuse.org/request/show/822154 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=553
157 lines
6.4 KiB
Diff
157 lines
6.4 KiB
Diff
From: Janosch Frank <frankja@linux.ibm.com>
|
|
Date: Wed, 5 Feb 2020 07:02:33 -0500
|
|
Subject: s390x: protvirt: Move IO control structures over SIDA
|
|
|
|
Git-commit: 4989e18cbe5621df39020ef812316f479d8f5246
|
|
References: bsc#1167075
|
|
|
|
For protected guests, we need to put the IO emulation results into the
|
|
SIDA, so SIE will write them into the guest at the next entry.
|
|
|
|
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
|
|
Reviewed-by: David Hildenbrand <david@redhat.com>
|
|
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
|
|
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
|
---
|
|
target/s390x/ioinst.c | 61 +++++++++++++++++++++++++++++++------------
|
|
1 file changed, 45 insertions(+), 16 deletions(-)
|
|
|
|
diff --git a/target/s390x/ioinst.c b/target/s390x/ioinst.c
|
|
index 8828482eec306a2bccd8bef269b7..7a14c52c123b842bba0b13f96b16 100644
|
|
--- a/target/s390x/ioinst.c
|
|
+++ b/target/s390x/ioinst.c
|
|
@@ -138,7 +138,9 @@ void ioinst_handle_msch(S390CPU *cpu, uint64_t reg1, uint32_t ipb, uintptr_t ra)
|
|
s390_program_interrupt(env, PGM_SPECIFICATION, ra);
|
|
return;
|
|
}
|
|
- if (s390_cpu_virt_mem_read(cpu, addr, ar, &schib, sizeof(schib))) {
|
|
+ if (s390_is_pv()) {
|
|
+ s390_cpu_pv_mem_read(cpu, addr, &schib, sizeof(schib));
|
|
+ } else if (s390_cpu_virt_mem_read(cpu, addr, ar, &schib, sizeof(schib))) {
|
|
s390_cpu_virt_mem_handle_exc(cpu, ra);
|
|
return;
|
|
}
|
|
@@ -195,7 +197,9 @@ void ioinst_handle_ssch(S390CPU *cpu, uint64_t reg1, uint32_t ipb, uintptr_t ra)
|
|
s390_program_interrupt(env, PGM_SPECIFICATION, ra);
|
|
return;
|
|
}
|
|
- if (s390_cpu_virt_mem_read(cpu, addr, ar, &orig_orb, sizeof(orb))) {
|
|
+ if (s390_is_pv()) {
|
|
+ s390_cpu_pv_mem_read(cpu, addr, &orig_orb, sizeof(orb));
|
|
+ } else if (s390_cpu_virt_mem_read(cpu, addr, ar, &orig_orb, sizeof(orb))) {
|
|
s390_cpu_virt_mem_handle_exc(cpu, ra);
|
|
return;
|
|
}
|
|
@@ -231,14 +235,19 @@ void ioinst_handle_stcrw(S390CPU *cpu, uint32_t ipb, uintptr_t ra)
|
|
cc = css_do_stcrw(&crw);
|
|
/* 0 - crw stored, 1 - zeroes stored */
|
|
|
|
- if (s390_cpu_virt_mem_write(cpu, addr, ar, &crw, sizeof(crw)) == 0) {
|
|
+ if (s390_is_pv()) {
|
|
+ s390_cpu_pv_mem_write(cpu, addr, &crw, sizeof(crw));
|
|
setcc(cpu, cc);
|
|
} else {
|
|
- if (cc == 0) {
|
|
- /* Write failed: requeue CRW since STCRW is suppressing */
|
|
- css_undo_stcrw(&crw);
|
|
+ if (s390_cpu_virt_mem_write(cpu, addr, ar, &crw, sizeof(crw)) == 0) {
|
|
+ setcc(cpu, cc);
|
|
+ } else {
|
|
+ if (cc == 0) {
|
|
+ /* Write failed: requeue CRW since STCRW is suppressing */
|
|
+ css_undo_stcrw(&crw);
|
|
+ }
|
|
+ s390_cpu_virt_mem_handle_exc(cpu, ra);
|
|
}
|
|
- s390_cpu_virt_mem_handle_exc(cpu, ra);
|
|
}
|
|
}
|
|
|
|
@@ -260,6 +269,13 @@ void ioinst_handle_stsch(S390CPU *cpu, uint64_t reg1, uint32_t ipb,
|
|
}
|
|
|
|
if (ioinst_disassemble_sch_ident(reg1, &m, &cssid, &ssid, &schid)) {
|
|
+ /*
|
|
+ * The Ultravisor checks schid bit 16 to be one and bits 0-12
|
|
+ * to be 0 and injects a operand exception itself.
|
|
+ *
|
|
+ * Hence we should never end up here.
|
|
+ */
|
|
+ g_assert(!s390_is_pv());
|
|
/*
|
|
* As operand exceptions have a lower priority than access exceptions,
|
|
* we check whether the memory area is writeable (injecting the
|
|
@@ -292,14 +308,17 @@ void ioinst_handle_stsch(S390CPU *cpu, uint64_t reg1, uint32_t ipb,
|
|
}
|
|
}
|
|
if (cc != 3) {
|
|
- if (s390_cpu_virt_mem_write(cpu, addr, ar, &schib,
|
|
- sizeof(schib)) != 0) {
|
|
+ if (s390_is_pv()) {
|
|
+ s390_cpu_pv_mem_write(cpu, addr, &schib, sizeof(schib));
|
|
+ } else if (s390_cpu_virt_mem_write(cpu, addr, ar, &schib,
|
|
+ sizeof(schib)) != 0) {
|
|
s390_cpu_virt_mem_handle_exc(cpu, ra);
|
|
return;
|
|
}
|
|
} else {
|
|
/* Access exceptions have a higher priority than cc3 */
|
|
- if (s390_cpu_virt_mem_check_write(cpu, addr, ar, sizeof(schib)) != 0) {
|
|
+ if (!s390_is_pv() &&
|
|
+ s390_cpu_virt_mem_check_write(cpu, addr, ar, sizeof(schib)) != 0) {
|
|
s390_cpu_virt_mem_handle_exc(cpu, ra);
|
|
return;
|
|
}
|
|
@@ -336,7 +355,9 @@ int ioinst_handle_tsch(S390CPU *cpu, uint64_t reg1, uint32_t ipb, uintptr_t ra)
|
|
}
|
|
/* 0 - status pending, 1 - not status pending, 3 - not operational */
|
|
if (cc != 3) {
|
|
- if (s390_cpu_virt_mem_write(cpu, addr, ar, &irb, irb_len) != 0) {
|
|
+ if (s390_is_pv()) {
|
|
+ s390_cpu_pv_mem_write(cpu, addr, &irb, irb_len);
|
|
+ } else if (s390_cpu_virt_mem_write(cpu, addr, ar, &irb, irb_len) != 0) {
|
|
s390_cpu_virt_mem_handle_exc(cpu, ra);
|
|
return -EFAULT;
|
|
}
|
|
@@ -344,7 +365,8 @@ int ioinst_handle_tsch(S390CPU *cpu, uint64_t reg1, uint32_t ipb, uintptr_t ra)
|
|
} else {
|
|
irb_len = sizeof(irb) - sizeof(irb.emw);
|
|
/* Access exceptions have a higher priority than cc3 */
|
|
- if (s390_cpu_virt_mem_check_write(cpu, addr, ar, irb_len) != 0) {
|
|
+ if (!s390_is_pv() &&
|
|
+ s390_cpu_virt_mem_check_write(cpu, addr, ar, irb_len) != 0) {
|
|
s390_cpu_virt_mem_handle_exc(cpu, ra);
|
|
return -EFAULT;
|
|
}
|
|
@@ -642,7 +664,9 @@ void ioinst_handle_chsc(S390CPU *cpu, uint32_t ipb, uintptr_t ra)
|
|
* present CHSC sub-handlers ... if we ever need more, we should take
|
|
* care of req->len here first.
|
|
*/
|
|
- if (s390_cpu_virt_mem_read(cpu, addr, reg, buf, sizeof(ChscReq))) {
|
|
+ if (s390_is_pv()) {
|
|
+ s390_cpu_pv_mem_read(cpu, addr, buf, sizeof(ChscReq));
|
|
+ } else if (s390_cpu_virt_mem_read(cpu, addr, reg, buf, sizeof(ChscReq))) {
|
|
s390_cpu_virt_mem_handle_exc(cpu, ra);
|
|
return;
|
|
}
|
|
@@ -675,11 +699,16 @@ void ioinst_handle_chsc(S390CPU *cpu, uint32_t ipb, uintptr_t ra)
|
|
break;
|
|
}
|
|
|
|
- if (!s390_cpu_virt_mem_write(cpu, addr + len, reg, res,
|
|
- be16_to_cpu(res->len))) {
|
|
+ if (s390_is_pv()) {
|
|
+ s390_cpu_pv_mem_write(cpu, addr + len, res, be16_to_cpu(res->len));
|
|
setcc(cpu, 0); /* Command execution complete */
|
|
} else {
|
|
- s390_cpu_virt_mem_handle_exc(cpu, ra);
|
|
+ if (!s390_cpu_virt_mem_write(cpu, addr + len, reg, res,
|
|
+ be16_to_cpu(res->len))) {
|
|
+ setcc(cpu, 0); /* Command execution complete */
|
|
+ } else {
|
|
+ s390_cpu_virt_mem_handle_exc(cpu, ra);
|
|
+ }
|
|
}
|
|
}
|
|
|