qemu-e2k/target
David Hildenbrand e19a61eb51 s390x/tcg: Store only the necessary amount of doublewords for STFLE
The PoP (z14, 7-382) says:
    Doublewords to the right of the doubleword in which the
    highest-numbered facility bit is assigned for a model
    may or may not be stored.

However, stack protection in certain binaries can't deal with that.
"gzip" example code:

f1b4:       a7 08 00 03             lhi     %r0,3
f1b8:       b2 b0 f0 a0             stfle   160(%r15)
f1bc:       e3 20 f0 b2 00 90       llgc    %r2,178(%r15)
f1c2:       c0 2b 00 00 00 01       nilf    %r2,1
f1c8:       b2 4f 00 10             ear     %r1,%a0
f1cc:       b9 14 00 22             lgfr    %r2,%r2
f1d0:       eb 11 00 20 00 0d       sllg    %r1,%r1,32
f1d6:       b2 4f 00 11             ear     %r1,%a1
f1da:       d5 07 f0 b8 10 28       clc     184(8,%r15),40(%r1)
f1e0:       a7 74 00 06             jne     f1ec <file_read@@Base+0x1bc>
f1e4:       eb ef f1 30 00 04       lmg     %r14,%r15,304(%r15)
f1ea:       07 fe                   br      %r14
f1ec:       c0 e5 ff ff 9d 6e       brasl   %r14,2cc8 <__stack_chk_fail@plt>

In QEMU, we currently have:
    max_bytes = 24
the code asks for (3 + 1) doublewords == 32 bytes.

If we write 32 bytes instead of only 24, and return "2 + 1" doublewords
("one less than the number of doulewords needed to contain all of the
 facility bits"), the example code detects a stack corruption.

In my opinion, the code is wrong. However, it seems to work fine on
real machines. So let's limit storing to the minimum of the requested
and the maximum doublewords.

Cc: Stefan Liebler <stli@linux.ibm.com>
Cc: Andreas Krebbel <Andreas.Krebbel@de.ibm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Hildenbrand <david@redhat.com>
2019-06-07 14:53:25 +02:00
..
alpha target/alpha: Fix user-only floating-point exceptions 2019-05-19 07:30:03 -07:00
arm target/arm: correct return values for WRITE/READ in arm-semi 2019-05-28 10:28:51 +01:00
cris Add CPUClass::tlb_fill. 2019-05-16 13:15:08 +01:00
hppa tcg: Use CPUClass::tlb_fill in cputlb.c 2019-05-10 11:12:50 -07:00
i386 i386: Enable IA32_MISC_ENABLE MWAIT bit when exposing mwait/monitor 2019-06-03 14:03:01 +02:00
lm32 semihosting: move semihosting configuration into its own directory 2019-05-28 10:28:50 +01:00
m68k semihosting: move semihosting configuration into its own directory 2019-05-28 10:28:50 +01:00
microblaze tcg: Use CPUClass::tlb_fill in cputlb.c 2019-05-10 11:12:50 -07:00
mips target/mips: Unroll loops in helpers for MSA logic instructions 2019-06-07 11:53:07 +02:00
moxie tcg: Use CPUClass::tlb_fill in cputlb.c 2019-05-10 11:12:50 -07:00
nios2 semihosting: move semihosting configuration into its own directory 2019-05-28 10:28:50 +01:00
openrisc tcg: Use CPUClass::tlb_fill in cputlb.c 2019-05-10 11:12:50 -07:00
ppc spapr/xive: add KVM support 2019-05-29 11:39:45 +10:00
riscv target/riscv: Only flush TLB if SATP.ASID changes 2019-05-24 12:09:25 -07:00
s390x s390x/tcg: Store only the necessary amount of doublewords for STFLE 2019-06-07 14:53:25 +02:00
sh4 tcg: Use CPUClass::tlb_fill in cputlb.c 2019-05-10 11:12:50 -07:00
sparc Add CPUClass::tlb_fill. 2019-05-16 13:15:08 +01:00
tilegx target/tilegx: Convert to CPUClass::tlb_fill 2019-05-10 11:12:50 -07:00
tricore Add CPUClass::tlb_fill. 2019-05-16 13:15:08 +01:00
unicore32 tcg: Use CPUClass::tlb_fill in cputlb.c 2019-05-10 11:12:50 -07:00
xtensa semihosting: move semihosting configuration into its own directory 2019-05-28 10:28:50 +01:00