mbox

[PULL,00/34] s390x update

Message ID 20190919124115.11510-1-cohuck@redhat.com
State New
Headers show

Pull-request

https://github.com/cohuck/qemu tags/s390x-20190919

Message

Cornelia Huck Sept. 19, 2019, 12:40 p.m. UTC 
The following changes since commit f8c3db33a5e863291182f8862ddf81618a7c6194:

  target/sparc: Switch to do_transaction_failed() hook (2019-09-17 12:01:00 +0100)

are available in the Git repository at:

  https://github.com/cohuck/qemu tags/s390x-20190919

for you to fetch changes up to 37105adebeb28e60da3cb1ef82231d7ed8d23589:

  Merge tag 'tags/s390-ccw-bios-2019-09-18' into s390-next-staging (2019-09-19 12:04:01 +0200)

----------------------------------------------------------------
- bugfixes in tcg and the ccw bios
- gen15a is called z15
- officially require a 3.15 kernel or later for kvm

----------------------------------------------------------------

Christian Borntraeger (1):
  s390x/cpumodel: Add the z15 name to the description of gen15a

David Hildenbrand (29):
  s390x/tcg: Reset exception_index to -1 instead of 0
  s390x/tcg: MVCL: Zero out unused bits of address
  s390x/tcg: MVCL: Detect destructive overlaps
  s390x/tcg: MVCL: Process max 4k bytes at a time
  s390x/tcg: MVC: Increment the length once
  s390x/tcg: MVC: Use is_destructive_overlap()
  s390x/tcg: MVPG: Check for specification exceptions
  s390x/tcg: MVPG: Properly wrap the addresses
  s390x/tcg: MVCLU/MVCLE: Process max 4k bytes at a time
  s390x/tcg: MVCS/MVCP: Check for special operation exceptions
  s390x/tcg: MVCOS: Lengths are 32 bit in 24/31-bit mode
  s390x/tcg: MVCS/MVCP: Properly wrap the length
  s390x/tcg: MVST: Check for specification exceptions
  s390x/tcg: MVST: Fix storing back the addresses to registers
  s390x/tcg: Always use MMU_USER_IDX for CONFIG_USER_ONLY
  s390x/tcg: Fault-safe memset
  s390x/tcg: Fault-safe memmove
  s390x/tcg: MVCS/MVCP: Use access_memmove()
  s390x/tcg: MVC: Fault-safe handling on destructive overlaps
  s390x/tcg: MVCLU: Fault-safe handling
  s390x/tcg: OC: Fault-safe handling
  s390x/tcg: XC: Fault-safe handling
  s390x/tcg: NC: Fault-safe handling
  s390x/tcg: MVCIN: Fault-safe handling
  s390x/tcg: MVN: Fault-safe handling
  s390x/tcg: MVZ: Fault-safe handling
  s390x/tcg: MVST: Fault-safe handling
  s390x/tcg: MVO: Fault-safe handling
  tests/tcg: target/s390x: Test MVO

Thomas Huth (3):
  pc-bios/s390-ccw: Do not pre-initialize empty array
  pc-bios/s390-ccw: Rebuild the s390-netboot.img firmware image
  s390x/kvm: Officially require at least kernel 3.15

Yifan Luo (1):
  pc-bios/s390-ccw/net: fix a possible memory leak in get_uuid()

 hw/intc/s390_flic_kvm.c   | 6 ------
 hw/intc/trace-events      | 1 -
 target/s390x/cpu_models.c | 2 +-
 target/s390x/kvm.c        | 7 +++++++
 4 files changed, 8 insertions(+), 8 deletions(-)

Comments

Peter Maydell Sept. 20, 2019, 10:45 a.m. UTC | #1 
On Thu, 19 Sep 2019 at 13:41, Cornelia Huck <cohuck@redhat.com> wrote:
>
> The following changes since commit f8c3db33a5e863291182f8862ddf81618a7c6194:
>
>   target/sparc: Switch to do_transaction_failed() hook (2019-09-17 12:01:00 +0100)
>
> are available in the Git repository at:
>
>   https://github.com/cohuck/qemu tags/s390x-20190919
>
> for you to fetch changes up to 37105adebeb28e60da3cb1ef82231d7ed8d23589:
>
>   Merge tag 'tags/s390-ccw-bios-2019-09-18' into s390-next-staging (2019-09-19 12:04:01 +0200)
>
> ----------------------------------------------------------------
> - bugfixes in tcg and the ccw bios
> - gen15a is called z15
> - officially require a 3.15 kernel or later for kvm
>
> ----------------------------------------------------------------

Hi -- I'm afraid this pullreq results in new warnings from
the runtime-sanitizer build when 'make check' is run:
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}
QTEST_QEMU_BINARY=s390x-softmmu/qemu-system-s390x
QTEST_QEMU_IMG=qemu-img tests
/boot-serial-test -m=quick -k --tap < /dev/null |
./scripts/tap-driver.pl --test-name="boot-serial-test"
/home/petmay01/linaro/qemu-for-merges/target/s390x/mem_helper.c:293:17:
runtime error: null pointer passed as argument 1, which is declared to
never be null
/usr/include/string.h:47:14: note: nonnull attribute specified here
/home/petmay01/linaro/qemu-for-merges/target/s390x/mem_helper.c:293:32:
runtime error: null pointer passed as argument 2, which is declared to
never be null

(and the same warnings for a few other tests).

Looks like you sometimes can pass NULL pointers to the source
and destination of memmove(). This isn't permitted by the
standard even in the case where the size argument is zero.

thanks
-- PMM
Cornelia Huck Sept. 20, 2019, 11 a.m. UTC | #2 
On Fri, 20 Sep 2019 11:45:18 +0100
Peter Maydell <peter.maydell@linaro.org> wrote:

> On Thu, 19 Sep 2019 at 13:41, Cornelia Huck <cohuck@redhat.com> wrote:
> >
> > The following changes since commit f8c3db33a5e863291182f8862ddf81618a7c6194:
> >
> >   target/sparc: Switch to do_transaction_failed() hook (2019-09-17 12:01:00 +0100)
> >
> > are available in the Git repository at:
> >
> >   https://github.com/cohuck/qemu tags/s390x-20190919
> >
> > for you to fetch changes up to 37105adebeb28e60da3cb1ef82231d7ed8d23589:
> >
> >   Merge tag 'tags/s390-ccw-bios-2019-09-18' into s390-next-staging (2019-09-19 12:04:01 +0200)
> >
> > ----------------------------------------------------------------
> > - bugfixes in tcg and the ccw bios
> > - gen15a is called z15
> > - officially require a 3.15 kernel or later for kvm
> >
> > ----------------------------------------------------------------  
> 
> Hi -- I'm afraid this pullreq results in new warnings from
> the runtime-sanitizer build when 'make check' is run:
> MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}
> QTEST_QEMU_BINARY=s390x-softmmu/qemu-system-s390x
> QTEST_QEMU_IMG=qemu-img tests
> /boot-serial-test -m=quick -k --tap < /dev/null |
> ./scripts/tap-driver.pl --test-name="boot-serial-test"
> /home/petmay01/linaro/qemu-for-merges/target/s390x/mem_helper.c:293:17:
> runtime error: null pointer passed as argument 1, which is declared to
> never be null
> /usr/include/string.h:47:14: note: nonnull attribute specified here
> /home/petmay01/linaro/qemu-for-merges/target/s390x/mem_helper.c:293:32:
> runtime error: null pointer passed as argument 2, which is declared to
> never be null
> 
> (and the same warnings for a few other tests).
> 
> Looks like you sometimes can pass NULL pointers to the source
> and destination of memmove(). This isn't permitted by the
> standard even in the case where the size argument is zero.
> 
> thanks
> -- PMM

David, can you take a look?
David Hildenbrand Sept. 20, 2019, 11:51 a.m. UTC | #3 
On 20.09.19 13:00, Cornelia Huck wrote:
> On Fri, 20 Sep 2019 11:45:18 +0100
> Peter Maydell <peter.maydell@linaro.org> wrote:
> 
>> On Thu, 19 Sep 2019 at 13:41, Cornelia Huck <cohuck@redhat.com> wrote:
>>>
>>> The following changes since commit f8c3db33a5e863291182f8862ddf81618a7c6194:
>>>
>>>   target/sparc: Switch to do_transaction_failed() hook (2019-09-17 12:01:00 +0100)
>>>
>>> are available in the Git repository at:
>>>
>>>   https://github.com/cohuck/qemu tags/s390x-20190919
>>>
>>> for you to fetch changes up to 37105adebeb28e60da3cb1ef82231d7ed8d23589:
>>>
>>>   Merge tag 'tags/s390-ccw-bios-2019-09-18' into s390-next-staging (2019-09-19 12:04:01 +0200)
>>>
>>> ----------------------------------------------------------------
>>> - bugfixes in tcg and the ccw bios
>>> - gen15a is called z15
>>> - officially require a 3.15 kernel or later for kvm
>>>
>>> ----------------------------------------------------------------  
>>
>> Hi -- I'm afraid this pullreq results in new warnings from
>> the runtime-sanitizer build when 'make check' is run:
>> MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}
>> QTEST_QEMU_BINARY=s390x-softmmu/qemu-system-s390x
>> QTEST_QEMU_IMG=qemu-img tests
>> /boot-serial-test -m=quick -k --tap < /dev/null |
>> ./scripts/tap-driver.pl --test-name="boot-serial-test"
>> /home/petmay01/linaro/qemu-for-merges/target/s390x/mem_helper.c:293:17:
>> runtime error: null pointer passed as argument 1, which is declared to
>> never be null
>> /usr/include/string.h:47:14: note: nonnull attribute specified here
>> /home/petmay01/linaro/qemu-for-merges/target/s390x/mem_helper.c:293:32:
>> runtime error: null pointer passed as argument 2, which is declared to
>> never be null
>>
>> (and the same warnings for a few other tests).
>>
>> Looks like you sometimes can pass NULL pointers to the source
>> and destination of memmove(). This isn't permitted by the
>> standard even in the case where the size argument is zero.
>>
>> thanks
>> -- PMM
> 
> David, can you take a look?
> 

I would have assumed these pointers are ignored in case the length is
zero, too (the only way this can happen). Easy to fix.
David Hildenbrand Sept. 20, 2019, 11:59 a.m. UTC | #4 
On 20.09.19 13:51, David Hildenbrand wrote:
> On 20.09.19 13:00, Cornelia Huck wrote:
>> On Fri, 20 Sep 2019 11:45:18 +0100
>> Peter Maydell <peter.maydell@linaro.org> wrote:
>>
>>> On Thu, 19 Sep 2019 at 13:41, Cornelia Huck <cohuck@redhat.com> wrote:
>>>>
>>>> The following changes since commit f8c3db33a5e863291182f8862ddf81618a7c6194:
>>>>
>>>>   target/sparc: Switch to do_transaction_failed() hook (2019-09-17 12:01:00 +0100)
>>>>
>>>> are available in the Git repository at:
>>>>
>>>>   https://github.com/cohuck/qemu tags/s390x-20190919
>>>>
>>>> for you to fetch changes up to 37105adebeb28e60da3cb1ef82231d7ed8d23589:
>>>>
>>>>   Merge tag 'tags/s390-ccw-bios-2019-09-18' into s390-next-staging (2019-09-19 12:04:01 +0200)
>>>>
>>>> ----------------------------------------------------------------
>>>> - bugfixes in tcg and the ccw bios
>>>> - gen15a is called z15
>>>> - officially require a 3.15 kernel or later for kvm
>>>>
>>>> ----------------------------------------------------------------  
>>>
>>> Hi -- I'm afraid this pullreq results in new warnings from
>>> the runtime-sanitizer build when 'make check' is run:
>>> MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}
>>> QTEST_QEMU_BINARY=s390x-softmmu/qemu-system-s390x
>>> QTEST_QEMU_IMG=qemu-img tests
>>> /boot-serial-test -m=quick -k --tap < /dev/null |
>>> ./scripts/tap-driver.pl --test-name="boot-serial-test"
>>> /home/petmay01/linaro/qemu-for-merges/target/s390x/mem_helper.c:293:17:
>>> runtime error: null pointer passed as argument 1, which is declared to
>>> never be null
>>> /usr/include/string.h:47:14: note: nonnull attribute specified here
>>> /home/petmay01/linaro/qemu-for-merges/target/s390x/mem_helper.c:293:32:
>>> runtime error: null pointer passed as argument 2, which is declared to
>>> never be null
>>>
>>> (and the same warnings for a few other tests).
>>>
>>> Looks like you sometimes can pass NULL pointers to the source
>>> and destination of memmove(). This isn't permitted by the
>>> standard even in the case where the size argument is zero.
>>>
>>> thanks
>>> -- PMM
>>
>> David, can you take a look?
>>
> 
> I would have assumed these pointers are ignored in case the length is
> zero, too (the only way this can happen). Easy to fix.
> 


diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index e50cec9263..ef8e0c20a7 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -290,17 +290,23 @@ static void access_memmove(CPUS390XState *env, S390Access *desta,
 
     if (srca->size1 == desta->size1) {
         memmove(desta->haddr1, srca->haddr1, srca->size1);
-        memmove(desta->haddr2, srca->haddr2, srca->size2);
+        if (likely(srca->size2)) {
+            memmove(desta->haddr2, srca->haddr2, srca->size2);
+        }
     } else if (srca->size1 < desta->size1) {
         diff = desta->size1 - srca->size1;
         memmove(desta->haddr1, srca->haddr1, srca->size1);
         memmove(desta->haddr1 + srca->size1, srca->haddr2, diff);
-        memmove(desta->haddr2, srca->haddr2 + diff, desta->size2);
+        if (likely(desta->size2)) {
+            memmove(desta->haddr2, srca->haddr2 + diff, desta->size2);
+        }
     } else {
         diff = srca->size1 - desta->size1;
         memmove(desta->haddr1, srca->haddr1, desta->size1);
         memmove(desta->haddr2, srca->haddr1 + desta->size1, diff);
-        memmove(desta->haddr2 + diff, srca->haddr2, srca->size2);
+        if (likely(srca->size2)) {
+            memmove(desta->haddr2 + diff, srca->haddr2, srca->size2);
+        }
     }
 }

For "s390x/tcg: Fault-safe memmove" should do the trick. Will test.
Cornelia Huck Sept. 20, 2019, 1:32 p.m. UTC | #5 
On Fri, 20 Sep 2019 13:59:12 +0200
David Hildenbrand <david@redhat.com> wrote:

> On 20.09.19 13:51, David Hildenbrand wrote:
> > On 20.09.19 13:00, Cornelia Huck wrote:  
> >> On Fri, 20 Sep 2019 11:45:18 +0100
> >> Peter Maydell <peter.maydell@linaro.org> wrote:
> >>  
> >>> On Thu, 19 Sep 2019 at 13:41, Cornelia Huck <cohuck@redhat.com> wrote:  
> >>>>
> >>>> The following changes since commit f8c3db33a5e863291182f8862ddf81618a7c6194:
> >>>>
> >>>>   target/sparc: Switch to do_transaction_failed() hook (2019-09-17 12:01:00 +0100)
> >>>>
> >>>> are available in the Git repository at:
> >>>>
> >>>>   https://github.com/cohuck/qemu tags/s390x-20190919
> >>>>
> >>>> for you to fetch changes up to 37105adebeb28e60da3cb1ef82231d7ed8d23589:
> >>>>
> >>>>   Merge tag 'tags/s390-ccw-bios-2019-09-18' into s390-next-staging (2019-09-19 12:04:01 +0200)
> >>>>
> >>>> ----------------------------------------------------------------
> >>>> - bugfixes in tcg and the ccw bios
> >>>> - gen15a is called z15
> >>>> - officially require a 3.15 kernel or later for kvm
> >>>>
> >>>> ----------------------------------------------------------------    
> >>>
> >>> Hi -- I'm afraid this pullreq results in new warnings from
> >>> the runtime-sanitizer build when 'make check' is run:
> >>> MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}
> >>> QTEST_QEMU_BINARY=s390x-softmmu/qemu-system-s390x
> >>> QTEST_QEMU_IMG=qemu-img tests
> >>> /boot-serial-test -m=quick -k --tap < /dev/null |
> >>> ./scripts/tap-driver.pl --test-name="boot-serial-test"
> >>> /home/petmay01/linaro/qemu-for-merges/target/s390x/mem_helper.c:293:17:
> >>> runtime error: null pointer passed as argument 1, which is declared to
> >>> never be null
> >>> /usr/include/string.h:47:14: note: nonnull attribute specified here
> >>> /home/petmay01/linaro/qemu-for-merges/target/s390x/mem_helper.c:293:32:
> >>> runtime error: null pointer passed as argument 2, which is declared to
> >>> never be null
> >>>
> >>> (and the same warnings for a few other tests).
> >>>
> >>> Looks like you sometimes can pass NULL pointers to the source
> >>> and destination of memmove(). This isn't permitted by the
> >>> standard even in the case where the size argument is zero.
> >>>
> >>> thanks
> >>> -- PMM  
> >>
> >> David, can you take a look?
> >>  
> > 
> > I would have assumed these pointers are ignored in case the length is
> > zero, too (the only way this can happen). Easy to fix.
> >   
> 
> 
> diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
> index e50cec9263..ef8e0c20a7 100644
> --- a/target/s390x/mem_helper.c
> +++ b/target/s390x/mem_helper.c
> @@ -290,17 +290,23 @@ static void access_memmove(CPUS390XState *env, S390Access *desta,
>  
>      if (srca->size1 == desta->size1) {
>          memmove(desta->haddr1, srca->haddr1, srca->size1);
> -        memmove(desta->haddr2, srca->haddr2, srca->size2);
> +        if (likely(srca->size2)) {
> +            memmove(desta->haddr2, srca->haddr2, srca->size2);
> +        }
>      } else if (srca->size1 < desta->size1) {
>          diff = desta->size1 - srca->size1;
>          memmove(desta->haddr1, srca->haddr1, srca->size1);
>          memmove(desta->haddr1 + srca->size1, srca->haddr2, diff);
> -        memmove(desta->haddr2, srca->haddr2 + diff, desta->size2);
> +        if (likely(desta->size2)) {
> +            memmove(desta->haddr2, srca->haddr2 + diff, desta->size2);
> +        }
>      } else {
>          diff = srca->size1 - desta->size1;
>          memmove(desta->haddr1, srca->haddr1, desta->size1);
>          memmove(desta->haddr2, srca->haddr1 + desta->size1, diff);
> -        memmove(desta->haddr2 + diff, srca->haddr2, srca->size2);
> +        if (likely(srca->size2)) {
> +            memmove(desta->haddr2 + diff, srca->haddr2, srca->size2);
> +        }
>      }
>  }
> 
> For "s390x/tcg: Fault-safe memmove" should do the trick. Will test.

Ok, great.

Peter, FYI: I'll be on vacation for two weeks (starting later today),
so David/Thomas/Christian will probably handle any s390x-related things
including pull requests for that time (I don't think I want to put a v2
together in a hurry...)
Peter Maydell Sept. 20, 2019, 1:41 p.m. UTC | #6 
On Fri, 20 Sep 2019 at 14:33, Cornelia Huck <cohuck@redhat.com> wrote:
> Peter, FYI: I'll be on vacation for two weeks (starting later today),
> so David/Thomas/Christian will probably handle any s390x-related things
> including pull requests for that time (I don't think I want to put a v2
> together in a hurry...)

No worries; have a good holiday!

-- PMM
David Hildenbrand Sept. 20, 2019, 3:34 p.m. UTC | #7 
On 20.09.19 15:41, Peter Maydell wrote:
> On Fri, 20 Sep 2019 at 14:33, Cornelia Huck <cohuck@redhat.com> wrote:
>> Peter, FYI: I'll be on vacation for two weeks (starting later today),
>> so David/Thomas/Christian will probably handle any s390x-related things
>> including pull requests for that time (I don't think I want to put a v2
>> together in a hurry...)
> 
> No worries; have a good holiday!
> 
> -- PMM
> 

Peter, I'll send the s390x/tcg bits as a separate pull request directly
to you this time.

Cheers!