* [PATCH v2 0/3] Fix BRASL and BRCL with large negative offsets
@ 2022-03-12 9:25 Ilya Leoshkevich
2022-03-12 9:25 ` [PATCH v2 1/3] s390x/tcg: Fix BRASL with a large negative offset Ilya Leoshkevich
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Ilya Leoshkevich @ 2022-03-12 9:25 UTC (permalink / raw)
To: Richard Henderson, David Hildenbrand, Cornelia Huck, Thomas Huth
Cc: Christian Borntraeger, qemu-s390x, qemu-devel, Ilya Leoshkevich
Hi,
I noticed that sometimes jumping backwards leads to crashes or hangs.
The problem is a missing cast.
Patches 1 and 2 fix the problem, patch 3 adds a test.
v1: https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg03356.html
v1 -> v2:
- Skip the test if mmap() fails (Richard).
- Replace test opcodes with inline asm (David). Since we now want to
skip the test if the code cannot be mapped (e.g. on a 31-bit host),
we shouldn't be asking the loader to map the code right away. So
the mmap() approach stays.
Best regards,
Ilya
Ilya Leoshkevich (3):
s390x/tcg: Fix BRASL with a large negative offset
s390x/tcg: Fix BRCL with a large negative offset
tests/tcg/s390x: Test BRASL and BRCL with large negative offsets
target/s390x/tcg/translate.c | 4 +-
tests/tcg/s390x/Makefile.target | 1 +
tests/tcg/s390x/branch-relative-long.c | 60 ++++++++++++++++++++++++++
3 files changed, 63 insertions(+), 2 deletions(-)
create mode 100644 tests/tcg/s390x/branch-relative-long.c
--
2.35.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH v2 1/3] s390x/tcg: Fix BRASL with a large negative offset
2022-03-12 9:25 [PATCH v2 0/3] Fix BRASL and BRCL with large negative offsets Ilya Leoshkevich
@ 2022-03-12 9:25 ` Ilya Leoshkevich
2022-03-12 9:25 ` [PATCH v2 2/3] s390x/tcg: Fix BRCL " Ilya Leoshkevich
2022-03-12 9:25 ` [PATCH v2 3/3] tests/tcg/s390x: Test BRASL and BRCL with large negative offsets Ilya Leoshkevich
2 siblings, 0 replies; 6+ messages in thread
From: Ilya Leoshkevich @ 2022-03-12 9:25 UTC (permalink / raw)
To: Richard Henderson, David Hildenbrand, Cornelia Huck, Thomas Huth
Cc: Christian Borntraeger, qemu-s390x, qemu-devel, Ilya Leoshkevich
When RI2 is 0x80000000, qemu enters an infinite loop instead of jumping
backwards. Fix by adding a missing cast, like in in2_ri2().
Fixes: 8ac33cdb8bfb ("Convert BRANCH AND SAVE")
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
---
target/s390x/tcg/translate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c
index 904b51542f..41c8696185 100644
--- a/target/s390x/tcg/translate.c
+++ b/target/s390x/tcg/translate.c
@@ -1597,7 +1597,7 @@ static DisasJumpType op_bal(DisasContext *s, DisasOps *o)
static DisasJumpType op_basi(DisasContext *s, DisasOps *o)
{
pc_to_link_info(o->out, s, s->pc_tmp);
- return help_goto_direct(s, s->base.pc_next + 2 * get_field(s, i2));
+ return help_goto_direct(s, s->base.pc_next + (int64_t)get_field(s, i2) * 2);
}
static DisasJumpType op_bc(DisasContext *s, DisasOps *o)
--
2.35.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH v2 2/3] s390x/tcg: Fix BRCL with a large negative offset
2022-03-12 9:25 [PATCH v2 0/3] Fix BRASL and BRCL with large negative offsets Ilya Leoshkevich
2022-03-12 9:25 ` [PATCH v2 1/3] s390x/tcg: Fix BRASL with a large negative offset Ilya Leoshkevich
@ 2022-03-12 9:25 ` Ilya Leoshkevich
2022-03-12 9:25 ` [PATCH v2 3/3] tests/tcg/s390x: Test BRASL and BRCL with large negative offsets Ilya Leoshkevich
2 siblings, 0 replies; 6+ messages in thread
From: Ilya Leoshkevich @ 2022-03-12 9:25 UTC (permalink / raw)
To: Richard Henderson, David Hildenbrand, Cornelia Huck, Thomas Huth
Cc: Christian Borntraeger, qemu-s390x, qemu-devel, Ilya Leoshkevich
When RI2 is 0x80000000, qemu enters an infinite loop instead of jumping
backwards. Fix by adding a missing cast, like in in2_ri2().
Fixes: 7233f2ed1717 ("target-s390: Convert BRANCH ON CONDITION")
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
---
target/s390x/tcg/translate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c
index 41c8696185..5acfc0ff9b 100644
--- a/target/s390x/tcg/translate.c
+++ b/target/s390x/tcg/translate.c
@@ -1201,7 +1201,7 @@ static DisasJumpType help_branch(DisasContext *s, DisasCompare *c,
bool is_imm, int imm, TCGv_i64 cdest)
{
DisasJumpType ret;
- uint64_t dest = s->base.pc_next + 2 * imm;
+ uint64_t dest = s->base.pc_next + (int64_t)imm * 2;
TCGLabel *lab;
/* Take care of the special cases first. */
--
2.35.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH v2 3/3] tests/tcg/s390x: Test BRASL and BRCL with large negative offsets
2022-03-12 9:25 [PATCH v2 0/3] Fix BRASL and BRCL with large negative offsets Ilya Leoshkevich
2022-03-12 9:25 ` [PATCH v2 1/3] s390x/tcg: Fix BRASL with a large negative offset Ilya Leoshkevich
2022-03-12 9:25 ` [PATCH v2 2/3] s390x/tcg: Fix BRCL " Ilya Leoshkevich
@ 2022-03-12 9:25 ` Ilya Leoshkevich
2022-03-12 14:27 ` Richard Henderson
2022-03-14 10:26 ` David Hildenbrand
2 siblings, 2 replies; 6+ messages in thread
From: Ilya Leoshkevich @ 2022-03-12 9:25 UTC (permalink / raw)
To: Richard Henderson, David Hildenbrand, Cornelia Huck, Thomas Huth
Cc: Christian Borntraeger, qemu-s390x, qemu-devel, Ilya Leoshkevich
Add a small test in order to prevent regressions.
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
---
tests/tcg/s390x/Makefile.target | 1 +
tests/tcg/s390x/branch-relative-long.c | 60 ++++++++++++++++++++++++++
2 files changed, 61 insertions(+)
create mode 100644 tests/tcg/s390x/branch-relative-long.c
diff --git a/tests/tcg/s390x/Makefile.target b/tests/tcg/s390x/Makefile.target
index 257c568c58..fd34b130f7 100644
--- a/tests/tcg/s390x/Makefile.target
+++ b/tests/tcg/s390x/Makefile.target
@@ -15,6 +15,7 @@ TESTS+=mvc
TESTS+=shift
TESTS+=trap
TESTS+=signals-s390x
+TESTS+=branch-relative-long
ifneq ($(HAVE_GDB_BIN),)
GDB_SCRIPT=$(SRC_PATH)/tests/guest-debug/run-test.py
diff --git a/tests/tcg/s390x/branch-relative-long.c b/tests/tcg/s390x/branch-relative-long.c
new file mode 100644
index 0000000000..c6f3f2db6d
--- /dev/null
+++ b/tests/tcg/s390x/branch-relative-long.c
@@ -0,0 +1,60 @@
+#include <stddef.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/mman.h>
+
+#define DEFINE_ASM(_name, _code) \
+ extern const char _name[]; \
+ extern const char _name ## _end[]; \
+ asm(" .globl " #_name "\n" \
+ #_name ":\n" \
+ " " _code "\n" \
+ " .globl " #_name "_end\n" \
+ #_name "_end:\n");
+
+DEFINE_ASM(br_r14, "br %r14");
+DEFINE_ASM(brasl_r0, "brasl %r0,.-0x100000000");
+DEFINE_ASM(brcl_0xf, "brcl 0xf,.-0x100000000");
+
+struct test {
+ const char *code;
+ const char *code_end;
+};
+
+static const struct test tests[] = {
+ {
+ .code = brasl_r0,
+ .code_end = brasl_r0_end,
+ },
+ {
+ .code = brcl_0xf,
+ .code_end = brcl_0xf_end,
+ },
+};
+
+int main(void)
+{
+ size_t length = 0x100000006;
+ unsigned char *buf;
+ void (*code)(void);
+ size_t i;
+
+ buf = mmap(NULL, length, PROT_READ | PROT_WRITE | PROT_EXEC,
+ MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+ if (buf == MAP_FAILED) {
+ perror("SKIP: mmap() failed");
+ return 0;
+ }
+
+ memcpy(buf, br_r14, br_r14_end - br_r14);
+ for (i = 0; i < sizeof(tests) / sizeof(tests[0]); i++) {
+ code = (void *)(buf + 0x100000000);
+ memcpy(code, tests[i].code, tests[i].code_end - tests[i].code);
+ code();
+ memset(code, 0, tests[i].code_end - tests[i].code);
+ }
+
+ munmap(buf, length);
+
+ return 0;
+}
--
2.35.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH v2 3/3] tests/tcg/s390x: Test BRASL and BRCL with large negative offsets
2022-03-12 9:25 ` [PATCH v2 3/3] tests/tcg/s390x: Test BRASL and BRCL with large negative offsets Ilya Leoshkevich
@ 2022-03-12 14:27 ` Richard Henderson
2022-03-14 10:26 ` David Hildenbrand
1 sibling, 0 replies; 6+ messages in thread
From: Richard Henderson @ 2022-03-12 14:27 UTC (permalink / raw)
To: Ilya Leoshkevich, David Hildenbrand, Cornelia Huck, Thomas Huth
Cc: Christian Borntraeger, qemu-s390x, qemu-devel
On 3/12/22 01:25, Ilya Leoshkevich wrote:
> Add a small test in order to prevent regressions.
>
> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
> ---
> tests/tcg/s390x/Makefile.target | 1 +
> tests/tcg/s390x/branch-relative-long.c | 60 ++++++++++++++++++++++++++
> 2 files changed, 61 insertions(+)
> create mode 100644 tests/tcg/s390x/branch-relative-long.c
>
> diff --git a/tests/tcg/s390x/Makefile.target b/tests/tcg/s390x/Makefile.target
> index 257c568c58..fd34b130f7 100644
> --- a/tests/tcg/s390x/Makefile.target
> +++ b/tests/tcg/s390x/Makefile.target
> @@ -15,6 +15,7 @@ TESTS+=mvc
> TESTS+=shift
> TESTS+=trap
> TESTS+=signals-s390x
> +TESTS+=branch-relative-long
>
> ifneq ($(HAVE_GDB_BIN),)
> GDB_SCRIPT=$(SRC_PATH)/tests/guest-debug/run-test.py
> diff --git a/tests/tcg/s390x/branch-relative-long.c b/tests/tcg/s390x/branch-relative-long.c
> new file mode 100644
> index 0000000000..c6f3f2db6d
> --- /dev/null
> +++ b/tests/tcg/s390x/branch-relative-long.c
> @@ -0,0 +1,60 @@
> +#include <stddef.h>
> +#include <stdio.h>
> +#include <string.h>
> +#include <sys/mman.h>
> +
> +#define DEFINE_ASM(_name, _code) \
> + extern const char _name[]; \
> + extern const char _name ## _end[]; \
> + asm(" .globl " #_name "\n" \
> + #_name ":\n" \
> + " " _code "\n" \
> + " .globl " #_name "_end\n" \
> + #_name "_end:\n");
> +
> +DEFINE_ASM(br_r14, "br %r14");
> +DEFINE_ASM(brasl_r0, "brasl %r0,.-0x100000000");
> +DEFINE_ASM(brcl_0xf, "brcl 0xf,.-0x100000000");
> +
> +struct test {
> + const char *code;
> + const char *code_end;
> +};
> +
> +static const struct test tests[] = {
> + {
> + .code = brasl_r0,
> + .code_end = brasl_r0_end,
> + },
> + {
> + .code = brcl_0xf,
> + .code_end = brcl_0xf_end,
> + },
> +};
> +
> +int main(void)
> +{
> + size_t length = 0x100000006;
This length is a little specific, given the apparent open-endedness of "code_end". Though
of course we know that we'll get an entire page allocated for these 6 bytes so there's no
real problem.
I'm not actually sure what to suggest to improve this though.
For the series:
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
r~
> + unsigned char *buf;
> + void (*code)(void);
> + size_t i;
> +
> + buf = mmap(NULL, length, PROT_READ | PROT_WRITE | PROT_EXEC,
> + MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
> + if (buf == MAP_FAILED) {
> + perror("SKIP: mmap() failed");
> + return 0;
> + }
> +
> + memcpy(buf, br_r14, br_r14_end - br_r14);
> + for (i = 0; i < sizeof(tests) / sizeof(tests[0]); i++) {
> + code = (void *)(buf + 0x100000000);
> + memcpy(code, tests[i].code, tests[i].code_end - tests[i].code);
> + code();
> + memset(code, 0, tests[i].code_end - tests[i].code);
> + }
> +
> + munmap(buf, length);
> +
> + return 0;
> +}
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v2 3/3] tests/tcg/s390x: Test BRASL and BRCL with large negative offsets
2022-03-12 9:25 ` [PATCH v2 3/3] tests/tcg/s390x: Test BRASL and BRCL with large negative offsets Ilya Leoshkevich
2022-03-12 14:27 ` Richard Henderson
@ 2022-03-14 10:26 ` David Hildenbrand
1 sibling, 0 replies; 6+ messages in thread
From: David Hildenbrand @ 2022-03-14 10:26 UTC (permalink / raw)
To: Ilya Leoshkevich, Richard Henderson, Cornelia Huck, Thomas Huth
Cc: Christian Borntraeger, qemu-s390x, qemu-devel
On 12.03.22 10:25, Ilya Leoshkevich wrote:
> Add a small test in order to prevent regressions.
>
> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
> ---
> tests/tcg/s390x/Makefile.target | 1 +
> tests/tcg/s390x/branch-relative-long.c | 60 ++++++++++++++++++++++++++
> 2 files changed, 61 insertions(+)
> create mode 100644 tests/tcg/s390x/branch-relative-long.c
>
> diff --git a/tests/tcg/s390x/Makefile.target b/tests/tcg/s390x/Makefile.target
> index 257c568c58..fd34b130f7 100644
> --- a/tests/tcg/s390x/Makefile.target
> +++ b/tests/tcg/s390x/Makefile.target
> @@ -15,6 +15,7 @@ TESTS+=mvc
> TESTS+=shift
> TESTS+=trap
> TESTS+=signals-s390x
> +TESTS+=branch-relative-long
>
> ifneq ($(HAVE_GDB_BIN),)
> GDB_SCRIPT=$(SRC_PATH)/tests/guest-debug/run-test.py
> diff --git a/tests/tcg/s390x/branch-relative-long.c b/tests/tcg/s390x/branch-relative-long.c
> new file mode 100644
> index 0000000000..c6f3f2db6d
> --- /dev/null
> +++ b/tests/tcg/s390x/branch-relative-long.c
> @@ -0,0 +1,60 @@
> +#include <stddef.h>
> +#include <stdio.h>
> +#include <string.h>
> +#include <sys/mman.h>
> +
> +#define DEFINE_ASM(_name, _code) \
> + extern const char _name[]; \
> + extern const char _name ## _end[]; \
> + asm(" .globl " #_name "\n" \
> + #_name ":\n" \
> + " " _code "\n" \
> + " .globl " #_name "_end\n" \
> + #_name "_end:\n");
> +
> +DEFINE_ASM(br_r14, "br %r14");
> +DEFINE_ASM(brasl_r0, "brasl %r0,.-0x100000000");
> +DEFINE_ASM(brcl_0xf, "brcl 0xf,.-0x100000000");
> +
> +struct test {
> + const char *code;
> + const char *code_end;
> +};
> +
> +static const struct test tests[] = {
> + {
> + .code = brasl_r0,
> + .code_end = brasl_r0_end,
> + },
> + {
> + .code = brcl_0xf,
> + .code_end = brcl_0xf_end,
> + },
> +};
> +
> +int main(void)
> +{
> + size_t length = 0x100000006;
> + unsigned char *buf;
> + void (*code)(void);
> + size_t i;
> +
> + buf = mmap(NULL, length, PROT_READ | PROT_WRITE | PROT_EXEC,
> + MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
With MAP_NORESERVE
Reviewed-by: David Hildenbrand <david@redhat.com>
Thanks!
--
Thanks,
David / dhildenb
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-03-14 10:28 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-12 9:25 [PATCH v2 0/3] Fix BRASL and BRCL with large negative offsets Ilya Leoshkevich
2022-03-12 9:25 ` [PATCH v2 1/3] s390x/tcg: Fix BRASL with a large negative offset Ilya Leoshkevich
2022-03-12 9:25 ` [PATCH v2 2/3] s390x/tcg: Fix BRCL " Ilya Leoshkevich
2022-03-12 9:25 ` [PATCH v2 3/3] tests/tcg/s390x: Test BRASL and BRCL with large negative offsets Ilya Leoshkevich
2022-03-12 14:27 ` Richard Henderson
2022-03-14 10:26 ` David Hildenbrand
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.