diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2017-07-28 10:35:02 +0100 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2017-07-28 10:35:02 +0100 |
| commit | 871a0f7ad2b9560c5f7d640125c5be95ca23ca7f (patch) | |
| tree | f24a3558b915fdae78a9bb322e98fb4be426b710 | |
| parent | e01151de165070c25a1b202e9e2392950bd7c8da (diff) | |
| parent | 4add0da64942d83e0564147c0876b01074bde9cb (diff) | |
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20170728' into staging
More s390x fixes: Correct ilen, and ccw checking.
# gpg: Signature made Fri 28 Jul 2017 10:13:42 BST
# gpg: using RSA key 0xDECF6B93C6F02FAF
# gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>"
# gpg: aka "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg: aka "Cornelia Huck <cornelia.huck@de.ibm.com>"
# gpg: aka "Cornelia Huck <cohuck@kernel.org>"
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0 18CE DECF 6B93 C6F0 2FAF
* remotes/cohuck/tags/s390x-20170728:
s390x/css: fix bits must be zero check for TIC
s390x/css: check ccw address validity
target/s390x: fix pgm irq ilen in translate_pages()
target/s390x: fix pgm irq ilen for stsi
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| -rw-r--r-- | hw/s390x/css.c | 7 | ||||
| -rw-r--r-- | target/s390x/misc_helper.c | 2 | ||||
| -rw-r--r-- | target/s390x/mmu_helper.c | 2 |
3 files changed, 8 insertions, 3 deletions
diff --git a/hw/s390x/css.c b/hw/s390x/css.c index 6a42b95cee..1880b1a0ff 100644 --- a/hw/s390x/css.c +++ b/hw/s390x/css.c @@ -795,6 +795,10 @@ static int css_interpret_ccw(SubchDev *sch, hwaddr ccw_addr, if (!ccw_addr) { return -EIO; } + /* Check doubleword aligned and 31 or 24 (fmt 0) bit addressable. */ + if (ccw_addr & (sch->ccw_fmt_1 ? 0x80000007 : 0xff000007)) { + return -EINVAL; + } /* Translate everything to format-1 ccws - the information is the same. */ ccw = copy_ccw_from_guest(ccw_addr, sch->ccw_fmt_1); @@ -881,7 +885,8 @@ static int css_interpret_ccw(SubchDev *sch, hwaddr ccw_addr, ret = -EINVAL; break; } - if (ccw.flags & (CCW_FLAG_CC | CCW_FLAG_DC)) { + if (ccw.flags || ccw.count) { + /* We have already sanitized these if converted from fmt 0. */ ret = -EINVAL; break; } diff --git a/target/s390x/misc_helper.c b/target/s390x/misc_helper.c index 44c5c401fb..d23ffcd890 100644 --- a/target/s390x/misc_helper.c +++ b/target/s390x/misc_helper.c @@ -192,7 +192,7 @@ uint32_t HELPER(stsi)(CPUS390XState *env, uint64_t a0, if ((r0 & STSI_LEVEL_MASK) <= STSI_LEVEL_3 && ((r0 & STSI_R0_RESERVED_MASK) || (r1 & STSI_R1_RESERVED_MASK))) { /* valid function code, invalid reserved bits */ - program_interrupt(env, PGM_SPECIFICATION, 2); + program_interrupt(env, PGM_SPECIFICATION, 4); } sel1 = r0 & STSI_R0_SEL1_MASK; diff --git a/target/s390x/mmu_helper.c b/target/s390x/mmu_helper.c index a873dc48a0..1ad01584b4 100644 --- a/target/s390x/mmu_helper.c +++ b/target/s390x/mmu_helper.c @@ -440,7 +440,7 @@ static int translate_pages(S390CPU *cpu, vaddr addr, int nr_pages, } if (!address_space_access_valid(&address_space_memory, pages[i], TARGET_PAGE_SIZE, is_write)) { - program_interrupt(env, PGM_ADDRESSING, 0); + program_interrupt(env, PGM_ADDRESSING, ILEN_AUTO); return -EFAULT; } addr += TARGET_PAGE_SIZE; |