{"id":819238,"url":"http://patchwork.ozlabs.org/api/patches/819238/?format=json","web_url":"http://patchwork.ozlabs.org/project/qemu-devel/patch/20170927170027.8539-3-david@redhat.com/","project":{"id":14,"url":"http://patchwork.ozlabs.org/api/projects/14/?format=json","name":"QEMU Development","link_name":"qemu-devel","list_id":"qemu-devel.nongnu.org","list_email":"qemu-devel@nongnu.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20170927170027.8539-3-david@redhat.com>","list_archive_url":null,"date":"2017-09-27T17:00:26","name":"[RFC,2/3] s390x/tcg: low-address protection support","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"e4a1510e1403c4477bc0d43f2f51c2d68bc3849e","submitter":{"id":70402,"url":"http://patchwork.ozlabs.org/api/people/70402/?format=json","name":"David Hildenbrand","email":"david@redhat.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/qemu-devel/patch/20170927170027.8539-3-david@redhat.com/mbox/","series":[{"id":5406,"url":"http://patchwork.ozlabs.org/api/series/5406/?format=json","web_url":"http://patchwork.ozlabs.org/project/qemu-devel/list/?series=5406","date":"2017-09-27T17:00:24","name":"s390x/tcg: LAP support using immediate TLB invalidation","version":1,"mbox":"http://patchwork.ozlabs.org/series/5406/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/819238/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/819238/checks/","tags":{},"related":[],"headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=nongnu.org\n\t(client-ip=2001:4830:134:3::11; helo=lists.gnu.org;\n\tenvelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n\treceiver=)","ext-mx03.extmail.prod.ext.phx2.redhat.com;\n\tdmarc=none (p=none dis=none) header.from=redhat.com","ext-mx03.extmail.prod.ext.phx2.redhat.com;\n\tspf=fail smtp.mailfrom=david@redhat.com"],"Received":["from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])\n\t(using TLSv1 with cipher AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3y2PMS1JyDz9tXb\n\tfor ;\n\tThu, 28 Sep 2017 03:05:08 +1000 (AEST)","from localhost ([::1]:55635 helo=lists.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.71) (envelope-from\n\t)\n\tid 1dxFli-00017i-CX\n\tfor incoming@patchwork.ozlabs.org; Wed, 27 Sep 2017 13:05:06 -0400","from eggs.gnu.org ([2001:4830:134:3::10]:60091)\n\tby lists.gnu.org with esmtp (Exim 4.71)\n\t(envelope-from ) id 1dxFhX-0006dX-2V\n\tfor qemu-devel@nongnu.org; Wed, 27 Sep 2017 13:00:53 -0400","from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)\n\t(envelope-from ) id 1dxFhS-000663-P2\n\tfor qemu-devel@nongnu.org; Wed, 27 Sep 2017 13:00:47 -0400","from mx1.redhat.com ([209.132.183.28]:53376)\n\tby eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)\n\t(Exim 4.71) (envelope-from ) id 1dxFhS-00065O-GV\n\tfor qemu-devel@nongnu.org; Wed, 27 Sep 2017 13:00:42 -0400","from smtp.corp.redhat.com\n\t(int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby mx1.redhat.com (Postfix) with ESMTPS id 7E14B16349C;\n\tWed, 27 Sep 2017 17:00:41 +0000 (UTC)","from t460s.redhat.com (ovpn-117-241.ams2.redhat.com\n\t[10.36.117.241])\n\tby smtp.corp.redhat.com (Postfix) with ESMTP id 005A2E8184;\n\tWed, 27 Sep 2017 17:00:38 +0000 (UTC)"],"DMARC-Filter":"OpenDMARC Filter v1.3.2 mx1.redhat.com 7E14B16349C","From":"David Hildenbrand ","To":"qemu-devel@nongnu.org","Date":"Wed, 27 Sep 2017 19:00:26 +0200","Message-Id":"<20170927170027.8539-3-david@redhat.com>","In-Reply-To":"<20170927170027.8539-1-david@redhat.com>","References":"<20170927170027.8539-1-david@redhat.com>","X-Scanned-By":"MIMEDefang 2.79 on 10.5.11.13","X-Greylist":"Sender IP whitelisted, not delayed by milter-greylist-4.5.16\n\t(mx1.redhat.com [10.5.110.27]);\n\tWed, 27 Sep 2017 17:00:41 +0000 (UTC)","X-detected-operating-system":"by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]\n\t[fuzzy]","X-Received-From":"209.132.183.28","Subject":"[Qemu-devel] [PATCH RFC 2/3] s390x/tcg: low-address protection\n\tsupport","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.21","Precedence":"list","List-Id":"","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","Cc":"thuth@redhat.com, David Hildenbrand , cohuck@redhat.com,\n\tRichard Henderson ,\n\tAlexander Graf ,\n\tChristian Borntraeger ","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"\"Qemu-devel\"\n\t"},"content":"This is a neat way to implement low address protection, whereby\nonly the first 512 bytes of the first two pages (each 4096 bytes) of\nevery address space are protected.\n\nStore a tec of 0 for the access exception, this is what is defined by\nEnhanced Suppression on Protection in case of a low address protection\n(Bit 61 set to 0, rest undefined).\n\nWe have to make sure to to pass the access address, not the masked page\naddress into mmu_translate*().\n\nDrop the check from testblock. So we can properly test this via\nkvm-unit-tests.\n\nThis will check every access going through one of the MMUs.\n\nSigned-off-by: David Hildenbrand \n---\n target/s390x/excp_helper.c | 3 +-\n target/s390x/mem_helper.c | 8 ----\n target/s390x/mmu_helper.c | 96 +++++++++++++++++++++++++++++-----------------\n 3 files changed, 62 insertions(+), 45 deletions(-)","diff":"diff --git a/target/s390x/excp_helper.c b/target/s390x/excp_helper.c\nindex 3e4349d00b..aa0cbf67ac 100644\n--- a/target/s390x/excp_helper.c\n+++ b/target/s390x/excp_helper.c\n@@ -95,7 +95,6 @@ int s390_cpu_handle_mmu_fault(CPUState *cs, vaddr orig_vaddr,\n DPRINTF(\"%s: address 0x%\" VADDR_PRIx \" rw %d mmu_idx %d\\n\",\n __func__, orig_vaddr, rw, mmu_idx);\n \n- orig_vaddr &= TARGET_PAGE_MASK;\n vaddr = orig_vaddr;\n \n if (mmu_idx < MMU_REAL_IDX) {\n@@ -127,7 +126,7 @@ int s390_cpu_handle_mmu_fault(CPUState *cs, vaddr orig_vaddr,\n qemu_log_mask(CPU_LOG_MMU, \"%s: set tlb %\" PRIx64 \" -> %\" PRIx64 \" (%x)\\n\",\n __func__, (uint64_t)vaddr, (uint64_t)raddr, prot);\n \n- tlb_set_page(cs, orig_vaddr, raddr, prot,\n+ tlb_set_page(cs, orig_vaddr & TARGET_PAGE_MASK, raddr, prot,\n mmu_idx, TARGET_PAGE_SIZE);\n \n return 0;\ndiff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c\nindex bbbe1c62b3..69a16867d4 100644\n--- a/target/s390x/mem_helper.c\n+++ b/target/s390x/mem_helper.c\n@@ -1687,18 +1687,10 @@ void HELPER(stctl)(CPUS390XState *env, uint32_t r1, uint64_t a2, uint32_t r3)\n uint32_t HELPER(testblock)(CPUS390XState *env, uint64_t real_addr)\n {\n uintptr_t ra = GETPC();\n- CPUState *cs = CPU(s390_env_get_cpu(env));\n int i;\n \n real_addr = wrap_address(env, real_addr) & TARGET_PAGE_MASK;\n \n- /* Check low-address protection */\n- if ((env->cregs[0] & CR0_LOWPROT) && real_addr < 0x2000) {\n- cpu_restore_state(cs, ra);\n- program_interrupt(env, PGM_PROTECTION, 4);\n- return 1;\n- }\n-\n for (i = 0; i < TARGET_PAGE_SIZE; i += 8) {\n cpu_stq_real_ra(env, real_addr + i, 0, ra);\n }\ndiff --git a/target/s390x/mmu_helper.c b/target/s390x/mmu_helper.c\nindex 9daa0fd8e2..44a15449d2 100644\n--- a/target/s390x/mmu_helper.c\n+++ b/target/s390x/mmu_helper.c\n@@ -106,6 +106,37 @@ static void trigger_page_fault(CPUS390XState *env, target_ulong vaddr,\n trigger_access_exception(env, type, ilen, tec);\n }\n \n+/* check whether the address would be proteted by Low-Address Protection */\n+static bool is_low_address(uint64_t addr)\n+{\n+ return addr < 512 || (addr >= 4096 && addr < 4607);\n+}\n+\n+/* check whether Low-Address Protection is enabled for mmu_translate() */\n+static bool lowprot_enabled(const CPUS390XState *env, uint64_t asc)\n+{\n+ if (!(env->cregs[0] & CR0_LOWPROT)) {\n+ return false;\n+ }\n+ if (!(env->psw.mask & PSW_MASK_DAT)) {\n+ return true;\n+ }\n+\n+ /* Check the private-space control bit */\n+ switch (asc) {\n+ case PSW_ASC_PRIMARY:\n+ return !(env->cregs[1] & _ASCE_PRIVATE_SPACE);\n+ case PSW_ASC_SECONDARY:\n+ return !(env->cregs[7] & _ASCE_PRIVATE_SPACE);\n+ case PSW_ASC_HOME:\n+ return !(env->cregs[13] & _ASCE_PRIVATE_SPACE);\n+ default:\n+ /* We don't support access register mode */\n+ error_report(\"unsupported addressing mode\");\n+ exit(1);\n+ }\n+}\n+\n /**\n * Translate real address to absolute (= physical)\n * address by taking care of the prefix mapping.\n@@ -323,6 +354,24 @@ int mmu_translate(CPUS390XState *env, target_ulong vaddr, int rw, uint64_t asc,\n }\n \n *flags = PAGE_READ | PAGE_WRITE | PAGE_EXEC;\n+ if (is_low_address(vaddr & TARGET_PAGE_MASK) && lowprot_enabled(env, asc)) {\n+ /*\n+ * If any part of this page is currently protected, make sure the\n+ * TLB entry will not be reused.\n+ *\n+ * As the protected range is always the first 512 bytes of the\n+ * two first pages, we are able to catch all writes to these areas\n+ * just by looking at the start address (triggering the tlb miss).\n+ */\n+ *flags |= PAGE_WRITE_INV;\n+ if (is_low_address(vaddr) && rw == MMU_DATA_STORE) {\n+ if (exc) {\n+ trigger_access_exception(env, PGM_PROTECTION, ILEN_AUTO, 0);\n+ }\n+ return -EACCES;\n+ }\n+ }\n+\n vaddr &= TARGET_PAGE_MASK;\n \n if (!(env->psw.mask & PSW_MASK_DAT)) {\n@@ -392,50 +441,17 @@ int mmu_translate(CPUS390XState *env, target_ulong vaddr, int rw, uint64_t asc,\n }\n \n /**\n- * lowprot_enabled: Check whether low-address protection is enabled\n- */\n-static bool lowprot_enabled(const CPUS390XState *env)\n-{\n- if (!(env->cregs[0] & CR0_LOWPROT)) {\n- return false;\n- }\n- if (!(env->psw.mask & PSW_MASK_DAT)) {\n- return true;\n- }\n-\n- /* Check the private-space control bit */\n- switch (env->psw.mask & PSW_MASK_ASC) {\n- case PSW_ASC_PRIMARY:\n- return !(env->cregs[1] & _ASCE_PRIVATE_SPACE);\n- case PSW_ASC_SECONDARY:\n- return !(env->cregs[7] & _ASCE_PRIVATE_SPACE);\n- case PSW_ASC_HOME:\n- return !(env->cregs[13] & _ASCE_PRIVATE_SPACE);\n- default:\n- /* We don't support access register mode */\n- error_report(\"unsupported addressing mode\");\n- exit(1);\n- }\n-}\n-\n-/**\n * translate_pages: Translate a set of consecutive logical page addresses\n * to absolute addresses\n */\n static int translate_pages(S390CPU *cpu, vaddr addr, int nr_pages,\n target_ulong *pages, bool is_write)\n {\n- bool lowprot = is_write && lowprot_enabled(&cpu->env);\n uint64_t asc = cpu->env.psw.mask & PSW_MASK_ASC;\n CPUS390XState *env = &cpu->env;\n int ret, i, pflags;\n \n for (i = 0; i < nr_pages; i++) {\n- /* Low-address protection? */\n- if (lowprot && (addr < 512 || (addr >= 4096 && addr < 4096 + 512))) {\n- trigger_access_exception(env, PGM_PROTECTION, ILEN_AUTO, 0);\n- return -EACCES;\n- }\n ret = mmu_translate(env, addr, is_write, asc, &pages[i], &pflags, true);\n if (ret) {\n return ret;\n@@ -509,9 +525,19 @@ int s390_cpu_virt_mem_rw(S390CPU *cpu, vaddr laddr, uint8_t ar, void *hostbuf,\n int mmu_translate_real(CPUS390XState *env, target_ulong raddr, int rw,\n target_ulong *addr, int *flags)\n {\n- /* TODO: low address protection once we flush the tlb on cr changes */\n+ const bool lowprot_enabled = env->cregs[0] & CR0_LOWPROT;\n+\n *flags = PAGE_READ | PAGE_WRITE;\n- *addr = mmu_real2abs(env, raddr);\n+ if (is_low_address(raddr & TARGET_PAGE_MASK) && lowprot_enabled) {\n+ /* see comment in mmu_translate() how this works */\n+ *flags |= PAGE_WRITE_INV;\n+ if (is_low_address(raddr) && rw == MMU_DATA_STORE) {\n+ trigger_access_exception(env, PGM_PROTECTION, ILEN_AUTO, 0);\n+ return -EACCES;\n+ }\n+ }\n+\n+ *addr = mmu_real2abs(env, raddr & TARGET_PAGE_MASK);\n \n /* TODO: storage key handling */\n return 0;\n","prefixes":["RFC","2/3"]}