* [Qemu-devel] [Bug 1815024] [NEW] SIGILL on instruction "stck" under qemu-s390x in user mode
@ 2019-02-07 9:46 Giovanni Mascellani
2019-02-07 9:46 ` [Qemu-devel] [Bug 1815024] " Giovanni Mascellani
` (5 more replies)
0 siblings, 6 replies; 16+ messages in thread
From: Giovanni Mascellani @ 2019-02-07 9:46 UTC (permalink / raw)
To: qemu-devel
Public bug reported:
qemu-s390x in user mode crashes with SIGILL (under host architecture
x86_64, running Debian unstable) when executing target instruction
"stck" ("STORE CLOCK", see
https://www-01.ibm.com/support/docview.wss?uid=isg26480faec85f44e2385256d5200627dee&aid=1),
which is basically a kind of equivalent of Intel "rdtsc". The same
instruction works fine under qemu-s390x in system mode. The bug is
reproducible with both the qemu version distributed in Debian unstable
and with the latest upstream master (commit
47994e16b1d66411953623e7c0bf0cdcd50bd507).
This bug manifested itself as a crash of ssh-keygen program, which uses
"stck" to obtain some bits of randomness during key creation. Bisection
of the code led to the attached minimal example. Compile with (inside an
s390x system):
$ gcc -c -o test.o test.c
$ gcc -c -o rdtsc.o rdtsc.S
$ gcc -o test test.o rdtsc.o
Then run test. It will crash with SIGILL in user mode and run fine in
system mode. Also, compare with the original file at
https://github.com/openssl/openssl/blob/master/crypto/s390xcpuid.pl#L139
(there the instruction "stckf" is also used; it is probable that it has
the same problem if it is supported altogether, but it did not test for
this).
Running qemu-s390x with options -d
in_asm,out_asm,op,op_opt,exec,nochain,cpu gives the trace attached in
log.txt.
Thanks, Giovanni.
** Affects: qemu
Importance: Undecided
Status: New
** Attachment added: "test.c"
https://bugs.launchpad.net/bugs/1815024/+attachment/5236687/+files/test.c
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1815024
Title:
SIGILL on instruction "stck" under qemu-s390x in user mode
Status in QEMU:
New
Bug description:
qemu-s390x in user mode crashes with SIGILL (under host architecture
x86_64, running Debian unstable) when executing target instruction
"stck" ("STORE CLOCK", see
https://www-01.ibm.com/support/docview.wss?uid=isg26480faec85f44e2385256d5200627dee&aid=1),
which is basically a kind of equivalent of Intel "rdtsc". The same
instruction works fine under qemu-s390x in system mode. The bug is
reproducible with both the qemu version distributed in Debian unstable
and with the latest upstream master (commit
47994e16b1d66411953623e7c0bf0cdcd50bd507).
This bug manifested itself as a crash of ssh-keygen program, which
uses "stck" to obtain some bits of randomness during key creation.
Bisection of the code led to the attached minimal example. Compile
with (inside an s390x system):
$ gcc -c -o test.o test.c
$ gcc -c -o rdtsc.o rdtsc.S
$ gcc -o test test.o rdtsc.o
Then run test. It will crash with SIGILL in user mode and run fine in
system mode. Also, compare with the original file at
https://github.com/openssl/openssl/blob/master/crypto/s390xcpuid.pl#L139
(there the instruction "stckf" is also used; it is probable that it
has the same problem if it is supported altogether, but it did not
test for this).
Running qemu-s390x with options -d
in_asm,out_asm,op,op_opt,exec,nochain,cpu gives the trace attached in
log.txt.
Thanks, Giovanni.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1815024/+subscriptions
^ permalink raw reply [flat|nested] 16+ messages in thread
* [Qemu-devel] [Bug 1815024] Re: SIGILL on instruction "stck" under qemu-s390x in user mode
2019-02-07 9:46 [Qemu-devel] [Bug 1815024] [NEW] SIGILL on instruction "stck" under qemu-s390x in user mode Giovanni Mascellani
@ 2019-02-07 9:46 ` Giovanni Mascellani
2019-02-07 9:46 ` Giovanni Mascellani
` (4 subsequent siblings)
5 siblings, 0 replies; 16+ messages in thread
From: Giovanni Mascellani @ 2019-02-07 9:46 UTC (permalink / raw)
To: qemu-devel
** Attachment added: "rdtsc.S"
https://bugs.launchpad.net/qemu/+bug/1815024/+attachment/5236688/+files/rdtsc.S
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1815024
Title:
SIGILL on instruction "stck" under qemu-s390x in user mode
Status in QEMU:
New
Bug description:
qemu-s390x in user mode crashes with SIGILL (under host architecture
x86_64, running Debian unstable) when executing target instruction
"stck" ("STORE CLOCK", see
https://www-01.ibm.com/support/docview.wss?uid=isg26480faec85f44e2385256d5200627dee&aid=1),
which is basically a kind of equivalent of Intel "rdtsc". The same
instruction works fine under qemu-s390x in system mode. The bug is
reproducible with both the qemu version distributed in Debian unstable
and with the latest upstream master (commit
47994e16b1d66411953623e7c0bf0cdcd50bd507).
This bug manifested itself as a crash of ssh-keygen program, which
uses "stck" to obtain some bits of randomness during key creation.
Bisection of the code led to the attached minimal example. Compile
with (inside an s390x system):
$ gcc -c -o test.o test.c
$ gcc -c -o rdtsc.o rdtsc.S
$ gcc -o test test.o rdtsc.o
Then run test. It will crash with SIGILL in user mode and run fine in
system mode. Also, compare with the original file at
https://github.com/openssl/openssl/blob/master/crypto/s390xcpuid.pl#L139
(there the instruction "stckf" is also used; it is probable that it
has the same problem if it is supported altogether, but it did not
test for this).
Running qemu-s390x with options -d
in_asm,out_asm,op,op_opt,exec,nochain,cpu gives the trace attached in
log.txt.
Thanks, Giovanni.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1815024/+subscriptions
^ permalink raw reply [flat|nested] 16+ messages in thread
* [Qemu-devel] [Bug 1815024] Re: SIGILL on instruction "stck" under qemu-s390x in user mode
2019-02-07 9:46 [Qemu-devel] [Bug 1815024] [NEW] SIGILL on instruction "stck" under qemu-s390x in user mode Giovanni Mascellani
2019-02-07 9:46 ` [Qemu-devel] [Bug 1815024] " Giovanni Mascellani
@ 2019-02-07 9:46 ` Giovanni Mascellani
2019-02-07 9:48 ` Giovanni Mascellani
` (3 subsequent siblings)
5 siblings, 0 replies; 16+ messages in thread
From: Giovanni Mascellani @ 2019-02-07 9:46 UTC (permalink / raw)
To: qemu-devel
** Attachment added: "log.txt"
https://bugs.launchpad.net/qemu/+bug/1815024/+attachment/5236689/+files/log.txt
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1815024
Title:
SIGILL on instruction "stck" under qemu-s390x in user mode
Status in QEMU:
New
Bug description:
qemu-s390x in user mode crashes with SIGILL (under host architecture
x86_64, running Debian unstable) when executing target instruction
"stck" ("STORE CLOCK", see
https://www-01.ibm.com/support/docview.wss?uid=isg26480faec85f44e2385256d5200627dee&aid=1),
which is basically a kind of equivalent of Intel "rdtsc". The same
instruction works fine under qemu-s390x in system mode. The bug is
reproducible with both the qemu version distributed in Debian unstable
and with the latest upstream master (commit
47994e16b1d66411953623e7c0bf0cdcd50bd507).
This bug manifested itself as a crash of ssh-keygen program, which
uses "stck" to obtain some bits of randomness during key creation.
Bisection of the code led to the attached minimal example. Compile
with (inside an s390x system):
$ gcc -c -o test.o test.c
$ gcc -c -o rdtsc.o rdtsc.S
$ gcc -o test test.o rdtsc.o
Then run test. It will crash with SIGILL in user mode and run fine in
system mode. Also, compare with the original file at
https://github.com/openssl/openssl/blob/master/crypto/s390xcpuid.pl#L139
(there the instruction "stckf" is also used; it is probable that it
has the same problem if it is supported altogether, but it did not
test for this).
Running qemu-s390x with options -d
in_asm,out_asm,op,op_opt,exec,nochain,cpu gives the trace attached in
log.txt.
Thanks, Giovanni.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1815024/+subscriptions
^ permalink raw reply [flat|nested] 16+ messages in thread
* [Qemu-devel] [Bug 1815024] Re: SIGILL on instruction "stck" under qemu-s390x in user mode
2019-02-07 9:46 [Qemu-devel] [Bug 1815024] [NEW] SIGILL on instruction "stck" under qemu-s390x in user mode Giovanni Mascellani
2019-02-07 9:46 ` [Qemu-devel] [Bug 1815024] " Giovanni Mascellani
2019-02-07 9:46 ` Giovanni Mascellani
@ 2019-02-07 9:48 ` Giovanni Mascellani
2019-02-07 10:49 ` [Qemu-devel] [Bug 1815024] [NEW] " Cornelia Huck
` (2 subsequent siblings)
5 siblings, 0 replies; 16+ messages in thread
From: Giovanni Mascellani @ 2019-02-07 9:48 UTC (permalink / raw)
To: qemu-devel
I am also attaching the compiled program, in case it is helpful.
** Attachment added: "test"
https://bugs.launchpad.net/qemu/+bug/1815024/+attachment/5236690/+files/test
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1815024
Title:
SIGILL on instruction "stck" under qemu-s390x in user mode
Status in QEMU:
New
Bug description:
qemu-s390x in user mode crashes with SIGILL (under host architecture
x86_64, running Debian unstable) when executing target instruction
"stck" ("STORE CLOCK", see
https://www-01.ibm.com/support/docview.wss?uid=isg26480faec85f44e2385256d5200627dee&aid=1),
which is basically a kind of equivalent of Intel "rdtsc". The same
instruction works fine under qemu-s390x in system mode. The bug is
reproducible with both the qemu version distributed in Debian unstable
and with the latest upstream master (commit
47994e16b1d66411953623e7c0bf0cdcd50bd507).
This bug manifested itself as a crash of ssh-keygen program, which
uses "stck" to obtain some bits of randomness during key creation.
Bisection of the code led to the attached minimal example. Compile
with (inside an s390x system):
$ gcc -c -o test.o test.c
$ gcc -c -o rdtsc.o rdtsc.S
$ gcc -o test test.o rdtsc.o
Then run test. It will crash with SIGILL in user mode and run fine in
system mode. Also, compare with the original file at
https://github.com/openssl/openssl/blob/master/crypto/s390xcpuid.pl#L139
(there the instruction "stckf" is also used; it is probable that it
has the same problem if it is supported altogether, but it did not
test for this).
Running qemu-s390x with options -d
in_asm,out_asm,op,op_opt,exec,nochain,cpu gives the trace attached in
log.txt.
Thanks, Giovanni.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1815024/+subscriptions
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [Qemu-devel] [Bug 1815024] [NEW] SIGILL on instruction "stck" under qemu-s390x in user mode
2019-02-07 9:46 [Qemu-devel] [Bug 1815024] [NEW] SIGILL on instruction "stck" under qemu-s390x in user mode Giovanni Mascellani
` (2 preceding siblings ...)
2019-02-07 9:48 ` Giovanni Mascellani
@ 2019-02-07 10:49 ` Cornelia Huck
2019-02-07 11:05 ` Giovanni Mascellani
2019-02-22 15:24 ` [Qemu-devel] [Bug 1815024] " Thomas Huth
2019-04-24 6:09 ` Thomas Huth
5 siblings, 1 reply; 16+ messages in thread
From: Cornelia Huck @ 2019-02-07 10:49 UTC (permalink / raw)
To: Giovanni Mascellani, David Hildenbrand; +Cc: Bug 1815024, qemu-devel
On Thu, 07 Feb 2019 09:46:07 -0000
Giovanni Mascellani <gio@debian.org> wrote:
> Public bug reported:
>
> qemu-s390x in user mode crashes with SIGILL (under host architecture
> x86_64, running Debian unstable) when executing target instruction
> "stck" ("STORE CLOCK", see
> https://www-01.ibm.com/support/docview.wss?uid=isg26480faec85f44e2385256d5200627dee&aid=1),
> which is basically a kind of equivalent of Intel "rdtsc". The same
> instruction works fine under qemu-s390x in system mode. The bug is
> reproducible with both the qemu version distributed in Debian unstable
> and with the latest upstream master (commit
> 47994e16b1d66411953623e7c0bf0cdcd50bd507).
Did that work before commit 7de3b1cdc67 ("s390x/tcg: properly implement
the TOD")?
>
> This bug manifested itself as a crash of ssh-keygen program, which uses
> "stck" to obtain some bits of randomness during key creation. Bisection
> of the code led to the attached minimal example. Compile with (inside an
> s390x system):
>
> $ gcc -c -o test.o test.c
> $ gcc -c -o rdtsc.o rdtsc.S
> $ gcc -o test test.o rdtsc.o
>
> Then run test. It will crash with SIGILL in user mode and run fine in
> system mode. Also, compare with the original file at
> https://github.com/openssl/openssl/blob/master/crypto/s390xcpuid.pl#L139
> (there the instruction "stckf" is also used; it is probable that it has
> the same problem if it is supported altogether, but it did not test for
> this).
stckf will end up at the same helper, so it seems likely to hit the
same problem.
>
> Running qemu-s390x with options -d
> in_asm,out_asm,op,op_opt,exec,nochain,cpu gives the trace attached in
> log.txt.
I think the problem is that the helper tries to access the todstate
object, which we won't have in user mode IIUC. David?
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [Qemu-devel] [Bug 1815024] [NEW] SIGILL on instruction "stck" under qemu-s390x in user mode
2019-02-07 10:49 ` [Qemu-devel] [Bug 1815024] [NEW] " Cornelia Huck
@ 2019-02-07 11:05 ` Giovanni Mascellani
2019-02-07 11:26 ` Thomas Huth
0 siblings, 1 reply; 16+ messages in thread
From: Giovanni Mascellani @ 2019-02-07 11:05 UTC (permalink / raw)
To: Cornelia Huck, David Hildenbrand; +Cc: Bug 1815024, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 1310 bytes --]
Hi, thanks for answering!
Il 07/02/19 11:49, Cornelia Huck ha scritto:
> Did that work before commit 7de3b1cdc67 ("s390x/tcg: properly implement
> the TOD")?
It does not seem so:
$ /qemu-s390x-new -version
qemu-s390x version 2.12.50 (v2.12.0-1983-g7de3b1cdc6-dirty)
Copyright (c) 2003-2017 Fabrice Bellard and the QEMU Project developers
$ /qemu-s390x-new ./a.out
Istruzione non consentita
(i.e., "illegal instruction")
But this might be expected. Now I go to the previous commit (f777b20544)
and recompile:
$ /qemu-s390x-new -version
qemu-s390x version 2.12.50 (v2.12.0-1982-gf777b20544-dirty)
Copyright (c) 2003-2017 Fabrice Bellard and the QEMU Project developers
$ /qemu-s390x-new ./a.out
Istruzione non consentita
So again. And even going back to 76ed4b18de (i.e., skipping a few
apparently related s390x commits):
$ /qemu-s390x-new -version
qemu-s390x version 2.12.50 (v2.12.0-1976-g76ed4b18de-dirty)
Copyright (c) 2003-2017 Fabrice Bellard and the QEMU Project developers
$ /qemu-s390x-new ./a.out
Istruzione non consentita
> stckf will end up at the same helper, so it seems likely to hit the
> same problem.
I guessed so.
Thanks again, Giovanni.
--
Giovanni Mascellani <g.mascellani@gmail.com>
Postdoc researcher - Université Libre de Bruxelles
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 228 bytes --]
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [Qemu-devel] [Bug 1815024] [NEW] SIGILL on instruction "stck" under qemu-s390x in user mode
2019-02-07 11:05 ` Giovanni Mascellani
@ 2019-02-07 11:26 ` Thomas Huth
2019-02-07 11:46 ` Giovanni Mascellani
0 siblings, 1 reply; 16+ messages in thread
From: Thomas Huth @ 2019-02-07 11:26 UTC (permalink / raw)
To: Giovanni Mascellani, Cornelia Huck, David Hildenbrand
Cc: Bug 1815024, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 3964 bytes --]
On 2019-02-07 12:05, Giovanni Mascellani wrote:
> Hi, thanks for answering!
>
> Il 07/02/19 11:49, Cornelia Huck ha scritto:
>> Did that work before commit 7de3b1cdc67 ("s390x/tcg: properly implement
>> the TOD")?
>
> It does not seem so
The problem is rather that the STCK instruction is fenced with
"#ifndef CONFIG_USER_ONLY" ... quick-n-dirty hack to allow it:
diff --git a/target/s390x/helper.h b/target/s390x/helper.h
index 018e9dd..8baa784 100644
--- a/target/s390x/helper.h
+++ b/target/s390x/helper.h
@@ -122,12 +122,13 @@ DEF_HELPER_4(cu42, i32, env, i32, i32, i32)
DEF_HELPER_5(msa, i32, env, i32, i32, i32, i32)
DEF_HELPER_FLAGS_1(stpt, TCG_CALL_NO_RWG, i64, env)
+DEF_HELPER_FLAGS_1(stck, TCG_CALL_NO_RWG_SE, i64, env)
+
#ifndef CONFIG_USER_ONLY
DEF_HELPER_3(servc, i32, env, i64, i64)
DEF_HELPER_4(diag, void, env, i32, i32, i32)
DEF_HELPER_3(load_psw, noreturn, env, i64, i64)
DEF_HELPER_FLAGS_2(spx, TCG_CALL_NO_RWG, void, env, i64)
-DEF_HELPER_FLAGS_1(stck, TCG_CALL_NO_RWG_SE, i64, env)
DEF_HELPER_FLAGS_2(sck, TCG_CALL_NO_RWG, i32, env, i64)
DEF_HELPER_FLAGS_2(sckc, TCG_CALL_NO_RWG, void, env, i64)
DEF_HELPER_FLAGS_2(sckpf, TCG_CALL_NO_RWG, void, env, i64)
diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index dab805f..41e2911 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -962,6 +962,10 @@
D(0xb93e, KIMD, RRE, MSA, 0, 0, 0, 0, msa, 0, S390_FEAT_TYPE_KIMD)
D(0xb93f, KLMD, RRE, MSA, 0, 0, 0, 0, msa, 0, S390_FEAT_TYPE_KLMD)
+/* STORE CLOCK */
+ C(0xb205, STCK, S, Z, la2, 0, new, m1_64, stck, 0)
+ C(0xb27c, STCKF, S, SCF, la2, 0, new, m1_64, stck, 0)
+
#ifndef CONFIG_USER_ONLY
/* COMPARE AND SWAP AND PURGE */
E(0xb250, CSP, RRE, Z, r1_32u, ra2, r1_P, 0, csp, 0, MO_TEUL, IF_PRIV)
@@ -1020,9 +1024,6 @@
F(0x8000, SSM, S, Z, 0, m2_8u, 0, 0, ssm, 0, IF_PRIV)
/* SIGNAL PROCESSOR */
F(0xae00, SIGP, RS_a, Z, 0, a2, 0, 0, sigp, 0, IF_PRIV)
-/* STORE CLOCK */
- C(0xb205, STCK, S, Z, la2, 0, new, m1_64, stck, 0)
- C(0xb27c, STCKF, S, SCF, la2, 0, new, m1_64, stck, 0)
/* STORE CLOCK EXTENDED */
C(0xb278, STCKE, S, Z, 0, a2, 0, 0, stcke, 0)
/* STORE CLOCK COMPARATOR */
diff --git a/target/s390x/misc_helper.c b/target/s390x/misc_helper.c
index 52262f6..b9eea7f 100644
--- a/target/s390x/misc_helper.c
+++ b/target/s390x/misc_helper.c
@@ -396,6 +396,16 @@ uint32_t HELPER(sigp)(CPUS390XState *env, uint64_t order_code, uint32_t r1,
return cc;
}
+
+#else
+
+uint64_t HELPER(stck)(CPUS390XState *env)
+{
+ uint64_t ns = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
+
+ return (ns << 9) / 125 + (((ns & 0xff80000000000000ull) / 125) << 9);
+}
+
#endif
#ifndef CONFIG_USER_ONLY
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index 639084a..177e281 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -4034,6 +4034,14 @@ static DisasJumpType op_ectg(DisasContext *s, DisasOps *o)
return DISAS_NEXT;
}
+static DisasJumpType op_stck(DisasContext *s, DisasOps *o)
+{
+ gen_helper_stck(o->out, cpu_env);
+ /* ??? We don't implement clock states. */
+ gen_op_movi_cc(s, 0);
+ return DISAS_NEXT;
+}
+
#ifndef CONFIG_USER_ONLY
static DisasJumpType op_spka(DisasContext *s, DisasOps *o)
{
@@ -4061,14 +4069,6 @@ static DisasJumpType op_stap(DisasContext *s, DisasOps *o)
return DISAS_NEXT;
}
-static DisasJumpType op_stck(DisasContext *s, DisasOps *o)
-{
- gen_helper_stck(o->out, cpu_env);
- /* ??? We don't implement clock states. */
- gen_op_movi_cc(s, 0);
- return DISAS_NEXT;
-}
-
static DisasJumpType op_stcke(DisasContext *s, DisasOps *o)
{
TCGv_i64 c1 = tcg_temp_new_i64();
... then your test program works fine without crashing.
Thomas
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply related [flat|nested] 16+ messages in thread
* Re: [Qemu-devel] [Bug 1815024] [NEW] SIGILL on instruction "stck" under qemu-s390x in user mode
2019-02-07 11:26 ` Thomas Huth
@ 2019-02-07 11:46 ` Giovanni Mascellani
2019-02-07 12:01 ` Thomas Huth
0 siblings, 1 reply; 16+ messages in thread
From: Giovanni Mascellani @ 2019-02-07 11:46 UTC (permalink / raw)
To: Thomas Huth, Cornelia Huck, David Hildenbrand; +Cc: Bug 1815024, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 871 bytes --]
Hi,
Il 07/02/19 12:26, Thomas Huth ha scritto:
> The problem is rather that the STCK instruction is fenced with
> "#ifndef CONFIG_USER_ONLY" ... quick-n-dirty hack to allow it:
Thanks for the patch. Unfortunately on my system it failes with:
LINK s390x-linux-user/qemu-s390x
/usr/bin/ld: ../libqemuutil.a(cpu-get-icount.o):(.bss+0x0): multiple
definition of `use_icount'; exec.o:(.bss+0x58): first defined here
collect2: error: ld returned 1 exit status
make[1]: *** [Makefile:207: qemu-s390x] Error 1
make: *** [Makefile:432: subdir-s390x-linux-user] Error 2
The error does not appear when compiling from current master.
I am compiling with
$ git clean -fdx
$ ./configure --target-list=s390x-linux-user
$ make -j16
Giovanni.
--
Giovanni Mascellani <g.mascellani@gmail.com>
Postdoc researcher - Université Libre de Bruxelles
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 228 bytes --]
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [Qemu-devel] [Bug 1815024] [NEW] SIGILL on instruction "stck" under qemu-s390x in user mode
2019-02-07 11:46 ` Giovanni Mascellani
@ 2019-02-07 12:01 ` Thomas Huth
2019-02-07 12:15 ` Richard Henderson
0 siblings, 1 reply; 16+ messages in thread
From: Thomas Huth @ 2019-02-07 12:01 UTC (permalink / raw)
To: Giovanni Mascellani, Cornelia Huck, David Hildenbrand
Cc: Bug 1815024, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 1300 bytes --]
On 2019-02-07 12:46, Giovanni Mascellani wrote:
> Hi,
>
> Il 07/02/19 12:26, Thomas Huth ha scritto:
>> The problem is rather that the STCK instruction is fenced with
>> "#ifndef CONFIG_USER_ONLY" ... quick-n-dirty hack to allow it:
>
> Thanks for the patch. Unfortunately on my system it failes with:
>
> LINK s390x-linux-user/qemu-s390x
> /usr/bin/ld: ../libqemuutil.a(cpu-get-icount.o):(.bss+0x0): multiple
> definition of `use_icount'; exec.o:(.bss+0x58): first defined here
> collect2: error: ld returned 1 exit status
> make[1]: *** [Makefile:207: qemu-s390x] Error 1
> make: *** [Makefile:432: subdir-s390x-linux-user] Error 2
>
> The error does not appear when compiling from current master.
I just saw it, too. Seems like the stubs/cpu-get-icount.c file now gets
pulled in for some reason. Try this on top:
diff --git a/stubs/cpu-get-icount.c b/stubs/cpu-get-icount.c
index 35f0c1e..8da6646 100644
--- a/stubs/cpu-get-icount.c
+++ b/stubs/cpu-get-icount.c
@@ -4,7 +4,7 @@
#include "sysemu/cpus.h"
#include "qemu/main-loop.h"
-int use_icount;
+int use_icount __attribute__((weak));
int64_t cpu_get_icount(void)
{
... anyway, I'll ponder about that a little bit and will try to come up
with a proper, mergable patch instead.
Thomas
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply related [flat|nested] 16+ messages in thread
* Re: [Qemu-devel] [Bug 1815024] [NEW] SIGILL on instruction "stck" under qemu-s390x in user mode
2019-02-07 12:01 ` Thomas Huth
@ 2019-02-07 12:15 ` Richard Henderson
2019-02-07 12:36 ` Thomas Huth
2019-02-07 13:00 ` Giovanni Mascellani
0 siblings, 2 replies; 16+ messages in thread
From: Richard Henderson @ 2019-02-07 12:15 UTC (permalink / raw)
To: Thomas Huth, Giovanni Mascellani, Cornelia Huck, David Hildenbrand
Cc: Bug 1815024, qemu-devel
On 2/7/19 12:01 PM, Thomas Huth wrote:
> On 2019-02-07 12:46, Giovanni Mascellani wrote:
>> Hi,
>>
>> Il 07/02/19 12:26, Thomas Huth ha scritto:
>>> The problem is rather that the STCK instruction is fenced with
>>> "#ifndef CONFIG_USER_ONLY" ... quick-n-dirty hack to allow it:
>>
>> Thanks for the patch. Unfortunately on my system it failes with:
>>
>> LINK s390x-linux-user/qemu-s390x
>> /usr/bin/ld: ../libqemuutil.a(cpu-get-icount.o):(.bss+0x0): multiple
>> definition of `use_icount'; exec.o:(.bss+0x58): first defined here
>> collect2: error: ld returned 1 exit status
>> make[1]: *** [Makefile:207: qemu-s390x] Error 1
>> make: *** [Makefile:432: subdir-s390x-linux-user] Error 2
>>
>> The error does not appear when compiling from current master.
>
> I just saw it, too. Seems like the stubs/cpu-get-icount.c file now gets
> pulled in for some reason. Try this on top:
>
> diff --git a/stubs/cpu-get-icount.c b/stubs/cpu-get-icount.c
> index 35f0c1e..8da6646 100644
> --- a/stubs/cpu-get-icount.c
> +++ b/stubs/cpu-get-icount.c
> @@ -4,7 +4,7 @@
> #include "sysemu/cpus.h"
> #include "qemu/main-loop.h"
>
> -int use_icount;
> +int use_icount __attribute__((weak));
>
> int64_t cpu_get_icount(void)
> {
>
> ... anyway, I'll ponder about that a little bit and will try to come up
> with a proper, mergable patch instead.
See also
https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg06734.html
which I never followed up on the review changes requested.
r~
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [Qemu-devel] [Bug 1815024] [NEW] SIGILL on instruction "stck" under qemu-s390x in user mode
2019-02-07 12:15 ` Richard Henderson
@ 2019-02-07 12:36 ` Thomas Huth
2019-02-07 13:05 ` Richard Henderson
2019-02-07 13:00 ` Giovanni Mascellani
1 sibling, 1 reply; 16+ messages in thread
From: Thomas Huth @ 2019-02-07 12:36 UTC (permalink / raw)
To: Richard Henderson, Giovanni Mascellani, Cornelia Huck, David Hildenbrand
Cc: Bug 1815024, qemu-devel
On 2019-02-07 13:15, Richard Henderson wrote:
> On 2/7/19 12:01 PM, Thomas Huth wrote:
>> On 2019-02-07 12:46, Giovanni Mascellani wrote:
>>> Hi,
>>>
>>> Il 07/02/19 12:26, Thomas Huth ha scritto:
>>>> The problem is rather that the STCK instruction is fenced with
>>>> "#ifndef CONFIG_USER_ONLY" ... quick-n-dirty hack to allow it:
>>>
>>> Thanks for the patch. Unfortunately on my system it failes with:
>>>
>>> LINK s390x-linux-user/qemu-s390x
>>> /usr/bin/ld: ../libqemuutil.a(cpu-get-icount.o):(.bss+0x0): multiple
>>> definition of `use_icount'; exec.o:(.bss+0x58): first defined here
>>> collect2: error: ld returned 1 exit status
>>> make[1]: *** [Makefile:207: qemu-s390x] Error 1
>>> make: *** [Makefile:432: subdir-s390x-linux-user] Error 2
>>>
>>> The error does not appear when compiling from current master.
>>
>> I just saw it, too. Seems like the stubs/cpu-get-icount.c file now gets
>> pulled in for some reason. Try this on top:
>>
>> diff --git a/stubs/cpu-get-icount.c b/stubs/cpu-get-icount.c
>> index 35f0c1e..8da6646 100644
>> --- a/stubs/cpu-get-icount.c
>> +++ b/stubs/cpu-get-icount.c
>> @@ -4,7 +4,7 @@
>> #include "sysemu/cpus.h"
>> #include "qemu/main-loop.h"
>>
>> -int use_icount;
>> +int use_icount __attribute__((weak));
>>
>> int64_t cpu_get_icount(void)
>> {
>>
>> ... anyway, I'll ponder about that a little bit and will try to come up
>> with a proper, mergable patch instead.
>
> See also
>
> https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg06734.html
>
> which I never followed up on the review changes requested.
Ah, right, now that you've mentioned it, it rings a bell! Do you have
some spare time to respin the series, with using time2tod() in the
HELPER(stck) function?
Thomas
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [Qemu-devel] [Bug 1815024] [NEW] SIGILL on instruction "stck" under qemu-s390x in user mode
2019-02-07 12:15 ` Richard Henderson
2019-02-07 12:36 ` Thomas Huth
@ 2019-02-07 13:00 ` Giovanni Mascellani
2019-02-07 13:09 ` Thomas Huth
1 sibling, 1 reply; 16+ messages in thread
From: Giovanni Mascellani @ 2019-02-07 13:00 UTC (permalink / raw)
To: Richard Henderson, Thomas Huth, Cornelia Huck, David Hildenbrand
Cc: Bug 1815024, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 714 bytes --]
Hi,
Il 07/02/19 13:15, Richard Henderson ha scritto:
> See also
>
> https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg06734.html
>
> which I never followed up on the review changes requested.
I can confirm that both patches (Thomas' and Richard's) work for me.
Although they produce rather different results:
Thomas' patch: around 6346926678828662276
Richard's patch: around 9048173079139739571
They also appear to grow at different speeds, if I am not mistaken. I
have no idea of what is correct, because I do not know s390x.
Thanks again for your interest, Giovanni.
--
Giovanni Mascellani <g.mascellani@gmail.com>
Postdoc researcher - Université Libre de Bruxelles
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 228 bytes --]
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [Qemu-devel] [Bug 1815024] [NEW] SIGILL on instruction "stck" under qemu-s390x in user mode
2019-02-07 12:36 ` Thomas Huth
@ 2019-02-07 13:05 ` Richard Henderson
0 siblings, 0 replies; 16+ messages in thread
From: Richard Henderson @ 2019-02-07 13:05 UTC (permalink / raw)
To: Thomas Huth, Giovanni Mascellani, Cornelia Huck, David Hildenbrand
Cc: Bug 1815024, qemu-devel
On 2/7/19 12:36 PM, Thomas Huth wrote:
> On 2019-02-07 13:15, Richard Henderson wrote:
>> See also
>>
>> https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg06734.html
>>
>> which I never followed up on the review changes requested.
>
> Ah, right, now that you've mentioned it, it rings a bell! Do you have
> some spare time to respin the series, with using time2tod() in the
> HELPER(stck) function?
I'll try to do so tomorrow.
r~
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [Qemu-devel] [Bug 1815024] [NEW] SIGILL on instruction "stck" under qemu-s390x in user mode
2019-02-07 13:00 ` Giovanni Mascellani
@ 2019-02-07 13:09 ` Thomas Huth
0 siblings, 0 replies; 16+ messages in thread
From: Thomas Huth @ 2019-02-07 13:09 UTC (permalink / raw)
To: Giovanni Mascellani, Richard Henderson, Cornelia Huck, David Hildenbrand
Cc: Bug 1815024, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 939 bytes --]
On 2019-02-07 14:00, Giovanni Mascellani wrote:
> Hi,
>
> Il 07/02/19 13:15, Richard Henderson ha scritto:
>> See also
>>
>> https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg06734.html
>>
>> which I never followed up on the review changes requested.
>
> I can confirm that both patches (Thomas' and Richard's) work for me.
> Although they produce rather different results:
>
> Thomas' patch: around 6346926678828662276
> Richard's patch: around 9048173079139739571
>
> They also appear to grow at different speeds, if I am not mistaken. I
> have no idea of what is correct, because I do not know s390x.
Both are wrong. I missed to add the TOD_UNIX_EPOCH offset, and Richard
missed to use the time2tod() conversion.
Anyway, I yield to Richard's patches since he posted his patches first
(unless he does not have any spare time to work on it at all, then I
could have another look).
Thomas
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] 16+ messages in thread
* [Qemu-devel] [Bug 1815024] Re: SIGILL on instruction "stck" under qemu-s390x in user mode
2019-02-07 9:46 [Qemu-devel] [Bug 1815024] [NEW] SIGILL on instruction "stck" under qemu-s390x in user mode Giovanni Mascellani
` (3 preceding siblings ...)
2019-02-07 10:49 ` [Qemu-devel] [Bug 1815024] [NEW] " Cornelia Huck
@ 2019-02-22 15:24 ` Thomas Huth
2019-04-24 6:09 ` Thomas Huth
5 siblings, 0 replies; 16+ messages in thread
From: Thomas Huth @ 2019-02-22 15:24 UTC (permalink / raw)
To: qemu-devel
Fix has been merged:
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=965018bea7ce79e1987
** Changed in: qemu
Status: New => Fix Committed
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1815024
Title:
SIGILL on instruction "stck" under qemu-s390x in user mode
Status in QEMU:
Fix Committed
Bug description:
qemu-s390x in user mode crashes with SIGILL (under host architecture
x86_64, running Debian unstable) when executing target instruction
"stck" ("STORE CLOCK", see
https://www-01.ibm.com/support/docview.wss?uid=isg26480faec85f44e2385256d5200627dee&aid=1),
which is basically a kind of equivalent of Intel "rdtsc". The same
instruction works fine under qemu-s390x in system mode. The bug is
reproducible with both the qemu version distributed in Debian unstable
and with the latest upstream master (commit
47994e16b1d66411953623e7c0bf0cdcd50bd507).
This bug manifested itself as a crash of ssh-keygen program, which
uses "stck" to obtain some bits of randomness during key creation.
Bisection of the code led to the attached minimal example. Compile
with (inside an s390x system):
$ gcc -c -o test.o test.c
$ gcc -c -o rdtsc.o rdtsc.S
$ gcc -o test test.o rdtsc.o
Then run test. It will crash with SIGILL in user mode and run fine in
system mode. Also, compare with the original file at
https://github.com/openssl/openssl/blob/master/crypto/s390xcpuid.pl#L139
(there the instruction "stckf" is also used; it is probable that it
has the same problem if it is supported altogether, but it did not
test for this).
Running qemu-s390x with options -d
in_asm,out_asm,op,op_opt,exec,nochain,cpu gives the trace attached in
log.txt.
Thanks, Giovanni.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1815024/+subscriptions
^ permalink raw reply [flat|nested] 16+ messages in thread
* [Qemu-devel] [Bug 1815024] Re: SIGILL on instruction "stck" under qemu-s390x in user mode
2019-02-07 9:46 [Qemu-devel] [Bug 1815024] [NEW] SIGILL on instruction "stck" under qemu-s390x in user mode Giovanni Mascellani
` (4 preceding siblings ...)
2019-02-22 15:24 ` [Qemu-devel] [Bug 1815024] " Thomas Huth
@ 2019-04-24 6:09 ` Thomas Huth
5 siblings, 0 replies; 16+ messages in thread
From: Thomas Huth @ 2019-04-24 6:09 UTC (permalink / raw)
To: qemu-devel
** Changed in: qemu
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1815024
Title:
SIGILL on instruction "stck" under qemu-s390x in user mode
Status in QEMU:
Fix Released
Bug description:
qemu-s390x in user mode crashes with SIGILL (under host architecture
x86_64, running Debian unstable) when executing target instruction
"stck" ("STORE CLOCK", see
https://www-01.ibm.com/support/docview.wss?uid=isg26480faec85f44e2385256d5200627dee&aid=1),
which is basically a kind of equivalent of Intel "rdtsc". The same
instruction works fine under qemu-s390x in system mode. The bug is
reproducible with both the qemu version distributed in Debian unstable
and with the latest upstream master (commit
47994e16b1d66411953623e7c0bf0cdcd50bd507).
This bug manifested itself as a crash of ssh-keygen program, which
uses "stck" to obtain some bits of randomness during key creation.
Bisection of the code led to the attached minimal example. Compile
with (inside an s390x system):
$ gcc -c -o test.o test.c
$ gcc -c -o rdtsc.o rdtsc.S
$ gcc -o test test.o rdtsc.o
Then run test. It will crash with SIGILL in user mode and run fine in
system mode. Also, compare with the original file at
https://github.com/openssl/openssl/blob/master/crypto/s390xcpuid.pl#L139
(there the instruction "stckf" is also used; it is probable that it
has the same problem if it is supported altogether, but it did not
test for this).
Running qemu-s390x with options -d
in_asm,out_asm,op,op_opt,exec,nochain,cpu gives the trace attached in
log.txt.
Thanks, Giovanni.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1815024/+subscriptions
^ permalink raw reply [flat|nested] 16+ messages in thread
end of thread, other threads:[~2019-04-24 6:20 UTC | newest]
Thread overview: 16+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-02-07 9:46 [Qemu-devel] [Bug 1815024] [NEW] SIGILL on instruction "stck" under qemu-s390x in user mode Giovanni Mascellani
2019-02-07 9:46 ` [Qemu-devel] [Bug 1815024] " Giovanni Mascellani
2019-02-07 9:46 ` Giovanni Mascellani
2019-02-07 9:48 ` Giovanni Mascellani
2019-02-07 10:49 ` [Qemu-devel] [Bug 1815024] [NEW] " Cornelia Huck
2019-02-07 11:05 ` Giovanni Mascellani
2019-02-07 11:26 ` Thomas Huth
2019-02-07 11:46 ` Giovanni Mascellani
2019-02-07 12:01 ` Thomas Huth
2019-02-07 12:15 ` Richard Henderson
2019-02-07 12:36 ` Thomas Huth
2019-02-07 13:05 ` Richard Henderson
2019-02-07 13:00 ` Giovanni Mascellani
2019-02-07 13:09 ` Thomas Huth
2019-02-22 15:24 ` [Qemu-devel] [Bug 1815024] " Thomas Huth
2019-04-24 6:09 ` Thomas Huth
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.