From f1420101023c7d170d802efc8daab686189ed1bf Mon Sep 17 00:00:00 2001 From: Marc Hartmayer Date: Wed, 6 Oct 2021 11:26:30 +0200 Subject: [PATCH 1/6] s390x/ipl: check kernel command line size MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Check if the provided kernel command line exceeds the maximum size of the s390x Linux kernel command line size, which is 896 bytes. Reported-by: Sven Schnelle Signed-off-by: Marc Hartmayer Message-Id: <20211006092631.20732-1-mhartmay@linux.ibm.com> Reviewed-by: Christian Borntraeger Reviewed-by: Philippe Mathieu-Daudé [thuth: Adjusted format specifier for size_t] Signed-off-by: Thomas Huth --- hw/s390x/ipl.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c index 1821c6faee..7ddca0127f 100644 --- a/hw/s390x/ipl.c +++ b/hw/s390x/ipl.c @@ -38,6 +38,7 @@ #define KERN_IMAGE_START 0x010000UL #define LINUX_MAGIC_ADDR 0x010008UL #define KERN_PARM_AREA 0x010480UL +#define KERN_PARM_AREA_SIZE 0x000380UL #define INITRD_START 0x800000UL #define INITRD_PARM_START 0x010408UL #define PARMFILE_START 0x001000UL @@ -190,10 +191,19 @@ static void s390_ipl_realize(DeviceState *dev, Error **errp) * loader) and it won't work. For this case we force it to 0x10000, too. */ if (pentry == KERN_IMAGE_START || pentry == 0x800) { - char *parm_area = rom_ptr(KERN_PARM_AREA, strlen(ipl->cmdline) + 1); + size_t cmdline_size = strlen(ipl->cmdline) + 1; + char *parm_area = rom_ptr(KERN_PARM_AREA, cmdline_size); + ipl->start_addr = KERN_IMAGE_START; /* Overwrite parameters in the kernel image, which are "rom" */ if (parm_area) { + if (cmdline_size > KERN_PARM_AREA_SIZE) { + error_setg(errp, + "kernel command line exceeds maximum size: %zu > %lu", + cmdline_size, KERN_PARM_AREA_SIZE); + return; + } + strcpy(parm_area, ipl->cmdline); } } else { From 998eb7448c75b432a13257d019f6866e604ce43c Mon Sep 17 00:00:00 2001 From: Eric Farman Date: Fri, 8 Oct 2021 22:38:10 +0200 Subject: [PATCH 2/6] s390x: sigp: Force Set Architecture to return Invalid Parameter According to the Principles of Operation, the SIGP Set Architecture order will return Incorrect State if some CPUs are not stopped, but only if the CZAM facility is not present. If it is, the order will return Invalid Parameter because the architecture mode cannot be changed. Since CZAM always exists when S390_FEAT_ZARCH exists, which in turn exists for every defined CPU model, we can simplify this code. Fixes: 075e52b81664 ("s390x/cpumodel: we are always in zarchitecture mode") Signed-off-by: Eric Farman Reviewed-by: Christian Borntraeger Reviewed-by: Janosch Frank Message-Id: <20211008203811.1980478-2-farman@linux.ibm.com> Reviewed-by: Thomas Huth Reviewed-by: David Hildenbrand Signed-off-by: Thomas Huth --- target/s390x/sigp.c | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/target/s390x/sigp.c b/target/s390x/sigp.c index d57427ced8..51c727834c 100644 --- a/target/s390x/sigp.c +++ b/target/s390x/sigp.c @@ -428,26 +428,10 @@ static int handle_sigp_single_dst(S390CPU *cpu, S390CPU *dst_cpu, uint8_t order, static int sigp_set_architecture(S390CPU *cpu, uint32_t param, uint64_t *status_reg) { - CPUState *cur_cs; - S390CPU *cur_cpu; - bool all_stopped = true; - - CPU_FOREACH(cur_cs) { - cur_cpu = S390_CPU(cur_cs); - - if (cur_cpu == cpu) { - continue; - } - if (s390_cpu_get_state(cur_cpu) != S390_CPU_STATE_STOPPED) { - all_stopped = false; - } - } - *status_reg &= 0xffffffff00000000ULL; /* Reject set arch order, with czam we're always in z/Arch mode. */ - *status_reg |= (all_stopped ? SIGP_STAT_INVALID_PARAMETER : - SIGP_STAT_INCORRECT_STATE); + *status_reg |= SIGP_STAT_INVALID_PARAMETER; return SIGP_CC_STATUS_STORED; } From ebbc6034dcfe772473d1d29724b36ce7a9a49ad2 Mon Sep 17 00:00:00 2001 From: Cornelia Huck Date: Tue, 12 Oct 2021 16:40:38 +0200 Subject: [PATCH 3/6] vfio-ccw: step down as maintainer I currently don't have time to act as vfio-ccw maintainer anymore, so remove myself there. Signed-off-by: Cornelia Huck Message-Id: <20211012144040.360887-2-cohuck@redhat.com> Acked-by: Matthew Rosato Acked-by: Eric Farman Signed-off-by: Thomas Huth --- MAINTAINERS | 2 -- 1 file changed, 2 deletions(-) diff --git a/MAINTAINERS b/MAINTAINERS index 50435b8d2f..14d1312941 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -1862,7 +1862,6 @@ F: docs/igd-assign.txt F: docs/devel/vfio-migration.rst vfio-ccw -M: Cornelia Huck M: Eric Farman M: Matthew Rosato S: Supported @@ -1870,7 +1869,6 @@ F: hw/vfio/ccw.c F: hw/s390x/s390-ccw.c F: include/hw/s390x/s390-ccw.h F: include/hw/s390x/vfio-ccw.h -T: git https://gitlab.com/cohuck/qemu.git s390-next L: qemu-s390x@nongnu.org vfio-ap From 373b2ab35635537c67bb6fe9aa36367f28a067a2 Mon Sep 17 00:00:00 2001 From: Cornelia Huck Date: Tue, 12 Oct 2021 16:40:39 +0200 Subject: [PATCH 4/6] s390x/kvm: step down as maintainer I'm no longer involved with KVM/s390 on the kernel side, and I don't have enough resources to work on the s390 KVM cpus support, so I'll step down. Signed-off-by: Cornelia Huck Acked-by: Halil Pasic Message-Id: <20211012144040.360887-3-cohuck@redhat.com> Signed-off-by: Thomas Huth --- MAINTAINERS | 2 -- 1 file changed, 2 deletions(-) diff --git a/MAINTAINERS b/MAINTAINERS index 14d1312941..234fcaa233 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -393,7 +393,6 @@ F: target/ppc/kvm.c S390 KVM CPUs M: Halil Pasic -M: Cornelia Huck M: Christian Borntraeger S: Supported F: target/s390x/kvm/ @@ -408,7 +407,6 @@ F: hw/intc/s390_flic.c F: hw/intc/s390_flic_kvm.c F: include/hw/s390x/s390_flic.h F: gdb-xml/s390*.xml -T: git https://gitlab.com/cohuck/qemu.git s390-next T: git https://github.com/borntraeger/qemu.git s390-next L: qemu-s390x@nongnu.org From afe5c8c5c14aff25fab6ae83957e87c717415be3 Mon Sep 17 00:00:00 2001 From: Cornelia Huck Date: Tue, 12 Oct 2021 16:40:40 +0200 Subject: [PATCH 5/6] s390x virtio-ccw machine: step down as maintainer I currently don't have time to work on the s390x virtio-ccw machine anymore, so let's step down. (I will, however, continue as a maintainer for the virtio-ccw *transport*.) Signed-off-by: Cornelia Huck Acked-by: Halil Pasic Message-Id: <20211012144040.360887-4-cohuck@redhat.com> Signed-off-by: Thomas Huth --- MAINTAINERS | 2 -- 1 file changed, 2 deletions(-) diff --git a/MAINTAINERS b/MAINTAINERS index 234fcaa233..c25793bc39 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -1509,7 +1509,6 @@ F: tests/acceptance/machine_sparc_leon3.py S390 Machines ------------- S390 Virtio-ccw -M: Cornelia Huck M: Halil Pasic M: Christian Borntraeger S: Supported @@ -1521,7 +1520,6 @@ F: hw/watchdog/wdt_diag288.c F: include/hw/watchdog/wdt_diag288.h F: configs/devices/s390x-softmmu/default.mak F: tests/acceptance/machine_s390_ccw_virtio.py -T: git https://gitlab.com/cohuck/qemu.git s390-next T: git https://github.com/borntraeger/qemu.git s390-next L: qemu-s390x@nongnu.org From 962fde57b7d573281619cb2b7068d570470ef833 Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Fri, 27 Aug 2021 14:09:01 +0200 Subject: [PATCH 6/6] dtc: Update to version 1.6.1 The dtc submodule is currently pointing to non-release commit. It's nicer if submodules point to release versions instead and since dtc 1.6.1 is available now, let's update to that version. Message-Id: <20210827120901.150276-4-thuth@redhat.com> Acked-by: Greg Kurz Acked-by: David Gibson Signed-off-by: Thomas Huth --- dtc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dtc b/dtc index 85e5d83984..b6910bec11 160000 --- a/dtc +++ b/dtc @@ -1 +1 @@ -Subproject commit 85e5d839847af54efab170f2b1331b2a6421e647 +Subproject commit b6910bec11614980a21e46fbccc35934b671bd81