From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:48329)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <borntraeger@de.ibm.com>) id 1YOB8V-0001Cr-S4
	for qemu-devel@nongnu.org; Wed, 18 Feb 2015 15:22:27 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <borntraeger@de.ibm.com>) id 1YOB8N-0001rp-LE
	for qemu-devel@nongnu.org; Wed, 18 Feb 2015 15:22:19 -0500
Received: from e06smtp16.uk.ibm.com ([195.75.94.112]:49775)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <borntraeger@de.ibm.com>) id 1YOB8N-0001rP-CD
	for qemu-devel@nongnu.org; Wed, 18 Feb 2015 15:22:11 -0500
Received: from /spool/local
	by e06smtp16.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use
	Only! Violators will be prosecuted
	for <qemu-devel@nongnu.org> from <borntraeger@de.ibm.com>;
	Wed, 18 Feb 2015 20:22:10 -0000
Received: from b06cxnps3074.portsmouth.uk.ibm.com
	(d06relay09.portsmouth.uk.ibm.com [9.149.109.194])
	by d06dlp02.portsmouth.uk.ibm.com (Postfix) with ESMTP id 91DAE2190046
	for <qemu-devel@nongnu.org>; Wed, 18 Feb 2015 20:22:02 +0000 (GMT)
Received: from d06av09.portsmouth.uk.ibm.com (d06av09.portsmouth.uk.ibm.com
	[9.149.37.250])
	by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with
	ESMTP id t1IKM8Gc7405828
	for <qemu-devel@nongnu.org>; Wed, 18 Feb 2015 20:22:08 GMT
Received: from d06av09.portsmouth.uk.ibm.com (localhost [127.0.0.1])
	by d06av09.portsmouth.uk.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with
	ESMTP id t1IKM7x0020849
	for <qemu-devel@nongnu.org>; Wed, 18 Feb 2015 13:22:08 -0700
From: Christian Borntraeger <borntraeger@de.ibm.com>
Date: Wed, 18 Feb 2015 21:22:09 +0100
Message-Id: <1424290943-22480-16-git-send-email-borntraeger@de.ibm.com>
In-Reply-To: <1424290943-22480-1-git-send-email-borntraeger@de.ibm.com>
References: <1424290943-22480-1-git-send-email-borntraeger@de.ibm.com>
Subject: [Qemu-devel] [PULL 15/29] s390x/mmu: Check bit 52 in page table
	entry
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: Thomas Huth <thuth@linux.vnet.ibm.com>, qemu-devel <qemu-devel@nongnu.org>, Alexander Graf <agraf@suse.de>, Christian Borntraeger <borntraeger@de.ibm.com>, Jens Freimann <jfrei@linux.vnet.ibm.com>, Cornelia Huck <cornelia.huck@de.ibm.com>, Richard Henderson <rth@twiddle.net>

From: Thomas Huth <thuth@linux.vnet.ibm.com>

Bit 52 in a page table entry has always to be zero, or a translation
specification exception is to be recognized.

Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
 target-s390x/cpu.h        | 1 +
 target-s390x/mmu_helper.c | 5 ++++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/target-s390x/cpu.h b/target-s390x/cpu.h
index 08cdb15..c24ca5f 100644
--- a/target-s390x/cpu.h
+++ b/target-s390x/cpu.h
@@ -853,6 +853,7 @@ struct sysib_322 {
 
 #define _PAGE_RO        0x200            /* HW read-only bit  */
 #define _PAGE_INVALID   0x400            /* HW invalid bit    */
+#define _PAGE_RES0      0x800            /* bit must be zero  */
 
 #define SK_C                    (0x1 << 1)
 #define SK_R                    (0x1 << 2)
diff --git a/target-s390x/mmu_helper.c b/target-s390x/mmu_helper.c
index 7dc9900..c183958 100644
--- a/target-s390x/mmu_helper.c
+++ b/target-s390x/mmu_helper.c
@@ -112,7 +112,10 @@ static int mmu_translate_pte(CPUS390XState *env, target_ulong vaddr,
         trigger_page_fault(env, vaddr, PGM_PAGE_TRANS, asc, rw, exc);
         return -1;
     }
-
+    if (pt_entry & _PAGE_RES0) {
+        trigger_page_fault(env, vaddr, PGM_TRANS_SPEC, asc, rw, exc);
+        return -1;
+    }
     if (pt_entry & _PAGE_RO) {
         *flags &= ~PAGE_WRITE;
     }
-- 
1.9.3