From b7022d9ac61311f92aef0994e2ab801b76d55f14 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Tue, 20 Jan 2015 10:56:37 +0100 Subject: [PATCH 1/9] s390: Plug memory leak on s390_pci_generate_event() error path Signed-off-by: Markus Armbruster Signed-off-by: Cornelia Huck --- hw/s390x/s390-pci-bus.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/s390x/s390-pci-bus.c b/hw/s390x/s390-pci-bus.c index 1201b8d57c..d25ac74f9c 100644 --- a/hw/s390x/s390-pci-bus.c +++ b/hw/s390x/s390-pci-bus.c @@ -187,7 +187,7 @@ S390PCIBusDevice *s390_pci_find_dev_by_fh(uint32_t fh) static void s390_pci_generate_event(uint8_t cc, uint16_t pec, uint32_t fh, uint32_t fid, uint64_t faddr, uint32_t e) { - SeiContainer *sei_cont = g_malloc0(sizeof(SeiContainer)); + SeiContainer *sei_cont; S390pciState *s = S390_PCI_HOST_BRIDGE( object_resolve_path(TYPE_S390_PCI_HOST_BRIDGE, NULL)); @@ -195,6 +195,7 @@ static void s390_pci_generate_event(uint8_t cc, uint16_t pec, uint32_t fh, return; } + sei_cont = g_malloc0(sizeof(SeiContainer)); sei_cont->fh = fh; sei_cont->fid = fid; sei_cont->cc = cc; From c0eb33ab5428edf85a29a4f91f64d6802b6cefaa Mon Sep 17 00:00:00 2001 From: Frank Blaschka Date: Wed, 21 Jan 2015 16:50:29 +0100 Subject: [PATCH 2/9] s390x/pci: avoid sign extension in stpcifc This patch avoids sign extension and fixes a data conversion bug in stpcifc. Both issues where found by Coverity. Reviewed-by: Markus Armbruster Signed-off-by: Frank Blaschka Signed-off-by: Cornelia Huck --- hw/s390x/s390-pci-inst.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/hw/s390x/s390-pci-inst.c b/hw/s390x/s390-pci-inst.c index 5ea13e5d79..c2691841fd 100644 --- a/hw/s390x/s390-pci-inst.c +++ b/hw/s390x/s390-pci-inst.c @@ -784,10 +784,10 @@ int stpcifc_service_call(S390CPU *cpu, uint8_t r1, uint64_t fiba) stq_p(&fib.aisb, pbdev->routes.adapter.summary_addr); stq_p(&fib.fmb_addr, pbdev->fmb_addr); - data = (pbdev->isc << 28) | (pbdev->noi << 16) | - (pbdev->routes.adapter.ind_offset << 8) | (pbdev->sum << 7) | - pbdev->routes.adapter.summary_offset; - stw_p(&fib.data, data); + data = ((uint32_t)pbdev->isc << 28) | ((uint32_t)pbdev->noi << 16) | + ((uint32_t)pbdev->routes.adapter.ind_offset << 8) | + ((uint32_t)pbdev->sum << 7) | pbdev->routes.adapter.summary_offset; + stl_p(&fib.data, data); if (pbdev->fh >> ENABLE_BIT_OFFSET) { fib.fc |= 0x80; From 5b324bbafc4fe367bd9c5bfa6cff071081fb8b0e Mon Sep 17 00:00:00 2001 From: Frank Blaschka Date: Fri, 16 Jan 2015 14:55:21 +0100 Subject: [PATCH 3/9] s390x/pci: check for invalid function handle broken guest may provide 0 (invalid) function handle to zpci instructions. Since we use function handle 0 to indicate an empty slot in the PHB we have to add an additional check to spot this kind of error. Signed-off-by: Frank Blaschka Signed-off-by: Cornelia Huck --- hw/s390x/s390-pci-bus.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/s390x/s390-pci-bus.c b/hw/s390x/s390-pci-bus.c index d25ac74f9c..dc455a2bb7 100644 --- a/hw/s390x/s390-pci-bus.c +++ b/hw/s390x/s390-pci-bus.c @@ -170,7 +170,7 @@ S390PCIBusDevice *s390_pci_find_dev_by_fh(uint32_t fh) S390pciState *s = S390_PCI_HOST_BRIDGE( object_resolve_path(TYPE_S390_PCI_HOST_BRIDGE, NULL)); - if (!s) { + if (!s || !fh) { return NULL; } From 4e99a0f7ae2a8392fd306c357148763ac4f820f9 Mon Sep 17 00:00:00 2001 From: Yi Min Zhao Date: Mon, 19 Jan 2015 15:15:56 +0800 Subject: [PATCH 4/9] s390x/pci: fix dma notifications in rpcit instruction The virtual I/O address range passed to rpcit instruction might not map to consecutive physical guest pages. For this we have to translate and create mapping notifications for each vioa page separately. Signed-off-by: Yi Min Zhao Signed-off-by: Cornelia Huck --- hw/s390x/s390-pci-inst.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/hw/s390x/s390-pci-inst.c b/hw/s390x/s390-pci-inst.c index c2691841fd..9e5bc5b899 100644 --- a/hw/s390x/s390-pci-inst.c +++ b/hw/s390x/s390-pci-inst.c @@ -487,7 +487,7 @@ int rpcit_service_call(S390CPU *cpu, uint8_t r1, uint8_t r2) CPUS390XState *env = &cpu->env; uint32_t fh; S390PCIBusDevice *pbdev; - ram_addr_t size; + hwaddr start, end; IOMMUTLBEntry entry; MemoryRegion *mr; @@ -504,7 +504,8 @@ int rpcit_service_call(S390CPU *cpu, uint8_t r1, uint8_t r2) } fh = env->regs[r1] >> 32; - size = env->regs[r2 + 1]; + start = env->regs[r2]; + end = start + env->regs[r2 + 1]; pbdev = s390_pci_find_dev_by_fh(fh); @@ -515,15 +516,18 @@ int rpcit_service_call(S390CPU *cpu, uint8_t r1, uint8_t r2) } mr = pci_device_iommu_address_space(pbdev->pdev)->root; - entry = mr->iommu_ops->translate(mr, env->regs[r2], 0); + while (start < end) { + entry = mr->iommu_ops->translate(mr, start, 0); - if (!entry.translated_addr) { - setcc(cpu, ZPCI_PCI_LS_ERR); - goto out; + if (!entry.translated_addr) { + setcc(cpu, ZPCI_PCI_LS_ERR); + goto out; + } + + memory_region_notify_iommu(mr, entry); + start += entry.addr_mask + 1; } - entry.addr_mask = size - 1; - memory_region_notify_iommu(mr, entry); setcc(cpu, ZPCI_PCI_LS_OK); out: return 0; From 20dd25bb67a51a4a57092b6381a6d4b0e64e2153 Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Mon, 8 Dec 2014 14:19:13 +0100 Subject: [PATCH 5/9] s390x/kvm: Fix diag-308 register decoding Fix the decoding of the r1 register number in the diagnose 308 handler. Signed-off-by: Thomas Huth Reviewed-by: Michael Mueller Signed-off-by: Cornelia Huck --- target-s390x/kvm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target-s390x/kvm.c b/target-s390x/kvm.c index dcd75055c1..6bf2719c43 100644 --- a/target-s390x/kvm.c +++ b/target-s390x/kvm.c @@ -1046,7 +1046,7 @@ static void kvm_handle_diag_308(S390CPU *cpu, struct kvm_run *run) uint64_t r1, r3; cpu_synchronize_state(CPU(cpu)); - r1 = (run->s390_sieic.ipa & 0x00f0) >> 8; + r1 = (run->s390_sieic.ipa & 0x00f0) >> 4; r3 = run->s390_sieic.ipa & 0x000f; handle_diag_308(&cpu->env, r1, r3); } From 68540b1a1b505d9578699b03fe0b5da716a21dcc Mon Sep 17 00:00:00 2001 From: Christian Borntraeger Date: Thu, 18 Dec 2014 10:04:17 +0100 Subject: [PATCH 6/9] s390x/kvm: unknown DIAGNOSE code should give a specification exception As described in CP programming services an unimplemented DIAGNOSE function should return a specification exception. Today we give the guest an operation exception. As both exception types are suppressing and Linux as a guest does not care about the type of program check in its exception table handler as long as both types have the same kind of error handling (nullifying, terminating, suppressing etc.) this was unnoticed. Reviewed-by: Thomas Huth Signed-off-by: Christian Borntraeger Signed-off-by: Cornelia Huck --- target-s390x/kvm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target-s390x/kvm.c b/target-s390x/kvm.c index 6bf2719c43..6f2d5b4924 100644 --- a/target-s390x/kvm.c +++ b/target-s390x/kvm.c @@ -1091,7 +1091,7 @@ static int handle_diag(S390CPU *cpu, struct kvm_run *run, uint32_t ipb) break; default: DPRINTF("KVM: unknown DIAG: 0x%x\n", func_code); - r = -1; + enter_pgmcheck(cpu, PGM_SPECIFICATION); break; } From 7691993c2b290dfedfb08a8eaa8cf7d5c6573fcb Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Tue, 11 Feb 2014 09:12:27 +0100 Subject: [PATCH 7/9] s390x/ipl: Improved code indentation in s390_ipl_init() The indentation of the code in s390_ipl_init() can be simplified a little bit by removing superfluous else-statements. Suggested-by: Michael Mueller Signed-off-by: Thomas Huth Acked-by: Cornelia Huck Signed-off-by: Cornelia Huck --- hw/s390x/ipl.c | 49 +++++++++++++++++++++++++------------------------ 1 file changed, 25 insertions(+), 24 deletions(-) diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c index 3b77c9a227..4ba8409668 100644 --- a/hw/s390x/ipl.c +++ b/hw/s390x/ipl.c @@ -62,6 +62,7 @@ typedef struct S390IPLState { static int s390_ipl_init(SysBusDevice *dev) { S390IPLState *ipl = S390_IPL(dev); + uint64_t pentry = KERN_IMAGE_START; int kernel_size; if (!ipl->kernel) { @@ -94,31 +95,31 @@ static int s390_ipl_init(SysBusDevice *dev) hw_error("could not load bootloader '%s'\n", bios_name); } return 0; - } else { - uint64_t pentry = KERN_IMAGE_START; - kernel_size = load_elf(ipl->kernel, NULL, NULL, &pentry, NULL, - NULL, 1, ELF_MACHINE, 0); - if (kernel_size < 0) { - kernel_size = load_image_targphys(ipl->kernel, 0, ram_size); - } - if (kernel_size < 0) { - fprintf(stderr, "could not load kernel '%s'\n", ipl->kernel); - return -1; - } - /* - * Is it a Linux kernel (starting at 0x10000)? If yes, we fill in the - * kernel parameters here as well. Note: For old kernels (up to 3.2) - * we can not rely on the ELF entry point - it was 0x800 (the SALIPL - * loader) and it won't work. For this case we force it to 0x10000, too. - */ - if (pentry == KERN_IMAGE_START || pentry == 0x800) { - ipl->start_addr = KERN_IMAGE_START; - /* Overwrite parameters in the kernel image, which are "rom" */ - strcpy(rom_ptr(KERN_PARM_AREA), ipl->cmdline); - } else { - ipl->start_addr = pentry; - } } + + kernel_size = load_elf(ipl->kernel, NULL, NULL, &pentry, NULL, + NULL, 1, ELF_MACHINE, 0); + if (kernel_size < 0) { + kernel_size = load_image_targphys(ipl->kernel, 0, ram_size); + } + if (kernel_size < 0) { + fprintf(stderr, "could not load kernel '%s'\n", ipl->kernel); + return -1; + } + /* + * Is it a Linux kernel (starting at 0x10000)? If yes, we fill in the + * kernel parameters here as well. Note: For old kernels (up to 3.2) + * we can not rely on the ELF entry point - it was 0x800 (the SALIPL + * loader) and it won't work. For this case we force it to 0x10000, too. + */ + if (pentry == KERN_IMAGE_START || pentry == 0x800) { + ipl->start_addr = KERN_IMAGE_START; + /* Overwrite parameters in the kernel image, which are "rom" */ + strcpy(rom_ptr(KERN_PARM_AREA), ipl->cmdline); + } else { + ipl->start_addr = pentry; + } + if (ipl->initrd) { ram_addr_t initrd_offset; int initrd_size; From f17a84300f3f3b5de45c8706a44d69d41d1727cb Mon Sep 17 00:00:00 2001 From: Christian Borntraeger Date: Thu, 22 Jan 2015 13:44:26 +0100 Subject: [PATCH 8/9] pc-bios/s390-ccw: fix sparse warnings Fix some sparse warnings in the s390-ccw bios. Signed-off-by: Christian Borntraeger Signed-off-by: Cornelia Huck --- pc-bios/s390-ccw/bootmap.c | 4 ++-- pc-bios/s390-ccw/bootmap.h | 2 +- pc-bios/s390-ccw/main.c | 2 +- pc-bios/s390-ccw/s390-ccw.h | 2 ++ pc-bios/s390-ccw/virtio.c | 2 +- 5 files changed, 7 insertions(+), 5 deletions(-) diff --git a/pc-bios/s390-ccw/bootmap.c b/pc-bios/s390-ccw/bootmap.c index 115d8bbac6..b678d5ebb8 100644 --- a/pc-bios/s390-ccw/bootmap.c +++ b/pc-bios/s390-ccw/bootmap.c @@ -33,7 +33,7 @@ typedef struct ResetInfo { uint32_t ipl_continue; } ResetInfo; -ResetInfo save; +static ResetInfo save; static void jump_to_IPL_2(void) { @@ -80,7 +80,7 @@ static void jump_to_IPL_code(uint64_t address) */ static unsigned char _bprs[8*1024]; /* guessed "max" ECKD sector size */ -const int max_bprs_entries = sizeof(_bprs) / sizeof(ExtEckdBlockPtr); +static const int max_bprs_entries = sizeof(_bprs) / sizeof(ExtEckdBlockPtr); static inline void verify_boot_info(BootInfo *bip) { diff --git a/pc-bios/s390-ccw/bootmap.h b/pc-bios/s390-ccw/bootmap.h index 6a4823d544..ab132e3579 100644 --- a/pc-bios/s390-ccw/bootmap.h +++ b/pc-bios/s390-ccw/bootmap.h @@ -15,7 +15,7 @@ #include "virtio.h" typedef uint64_t block_number_t; -#define NULL_BLOCK_NR 0xffffffffffffffff +#define NULL_BLOCK_NR 0xffffffffffffffffULL #define FREE_SPACE_FILLER '\xAA' diff --git a/pc-bios/s390-ccw/main.c b/pc-bios/s390-ccw/main.c index f9ec2157ad..6f707bbcd4 100644 --- a/pc-bios/s390-ccw/main.c +++ b/pc-bios/s390-ccw/main.c @@ -13,7 +13,7 @@ char stack[PAGE_SIZE * 8] __attribute__((__aligned__(PAGE_SIZE))); uint64_t boot_value; -struct subchannel_id blk_schid = { .one = 1 }; +static struct subchannel_id blk_schid = { .one = 1 }; /* * Priniciples of Operations (SA22-7832-09) chapter 17 requires that diff --git a/pc-bios/s390-ccw/s390-ccw.h b/pc-bios/s390-ccw/s390-ccw.h index 2b773deafa..ceb7418a50 100644 --- a/pc-bios/s390-ccw/s390-ccw.h +++ b/pc-bios/s390-ccw/s390-ccw.h @@ -51,6 +51,8 @@ void disabled_wait(void); /* main.c */ void virtio_panic(const char *string); void write_subsystem_identification(void); +extern char stack[PAGE_SIZE * 8] __attribute__((__aligned__(PAGE_SIZE))); +extern uint64_t boot_value; /* sclp-ascii.c */ void sclp_print(const char *string); diff --git a/pc-bios/s390-ccw/virtio.c b/pc-bios/s390-ccw/virtio.c index c0540d1cd4..4dc91a7c43 100644 --- a/pc-bios/s390-ccw/virtio.c +++ b/pc-bios/s390-ccw/virtio.c @@ -11,7 +11,7 @@ #include "s390-ccw.h" #include "virtio.h" -struct vring block; +static struct vring block; static char chsc_page[PAGE_SIZE] __attribute__((__aligned__(PAGE_SIZE))); From 553ce81c31e49d834b1bf635ab486695a4694333 Mon Sep 17 00:00:00 2001 From: Cornelia Huck Date: Mon, 26 Jan 2015 15:51:37 +0100 Subject: [PATCH 9/9] pc-bios/s390-ccw: update binary Signed-off-by: Cornelia Huck --- pc-bios/s390-ccw.img | Bin 17752 -> 17752 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/pc-bios/s390-ccw.img b/pc-bios/s390-ccw.img index 44873ad1817f44a5610ea556f86394b2c4a4c1ff..dbe5a38262cf6f2013154a77e850cda90e0fcaec 100644 GIT binary patch delta 778 zcmZ{hPe>F|9LL|!DQ5hKvyQGi?&!|0o7=hxs}Z7Q?zroADeR!s5=G^fmn5hzrP86W z5|pVQ1{KLdUrJfeP0o!3Wf`se959Q@b z2WO-S;TB6h+65RfWU8}9I+y#E(ZmqBHE9rSo`6=7`)T$>vR3+ul|E^vBe=`%f(Ulo zT~hp&Cd#x&CR$*lC%J{xnSJqDRPAe0eBXZqEjV5gr{^#ZKZNyq$59Z%t>(?cEyfgO zlQ}Gm_eBxHI4#aYJ6@@*q0}nx@$ILyW1eXHd8WEYmxHF z44Hv~85)Ryf;T0R^09Oo6g^Ni0zzoQFbEfVU?eCL=ExAvSBntBboFjZw<}5c*7Y9R zFewjGHn{`PruVoV3_QaDZw=^}@HUIL$8vnBc9l3a2O-Ha;%3(ko^XT1xaK_pG3?s* z*_KL8WjW$if>~lt8u*F_YyIWRG#$}mz?i?Ve%^8xaJ1G5b2wS6Ll++N^?(QGd;uuJ zFTUvB{*_dacM$ck%$MDegXTC7yUw!a!2acw%$E}NZ~dCq!e$+${!9Jb_MHGhobVrj zeEjbBBlLyW18=sTR(Z0qO3aPTEJ**(`ymTP4< zb+@H#g3VYtdXD->E+8;8j*AUV_^}}$xyD(BI{NcQzNGBX@s-iY-8=Q&^_PktlGPuh MYn^@is&a<;4d6BMYXATM delta 778 zcmZ{hUr1AN6vxkT#vPV;=hbq^7jM?QsLNIG|RP{>f*8s~PvRjQcou2WgMhfk8TG zb=bo*nxe896*SMrOe`C!_+0ooMXYP~u&DyiJ21b*;X;3ywv0 z>oIkJvEJ!nci-!jO}I$?u5yf1)YYI&+)a!5+7+;AGC-^VoI=VF!94JQ)?7V!h7N3B zvHVz`Ts4Es=UoM!)W1OcE8K-|n7dW$Mic)Fsk52R3%Xfh!wDL%&@oKMDtob!URHY0 zMPDo1n)_kdE6NZ#tcnHKRWFY#6HQrgx*)}!>hE@a|93R*F5jGoQjID@#OKBkX-t=&UA%jRAq}aW@XBZ zm#>)a%qW}K^l|-)wz^iGp*0o(?Vg`noLOn>8@loO Nt=u=IfANJ)zX1{f_mKbq