target/s390x/tcg: Fix and improve the SACF instruction

The SET ADDRESS SPACE CONTROL FAST instruction is not privileged, it can be
used from problem space, too. Just the switching to the home addres

target/s390x/tcg: Fix and improve the SACF instruction

The SET ADDRESS SPACE CONTROL FAST instruction is not privileged, it can be
used from problem space, too. Just the switching to the home address space
is privileged and should still generate a privilege exception. This bug is
e.g. causing programs like Java that use the "getcpu" vdso kernel function
to crash (see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990417#26 ).

While we're at it, also check if DAT is not enabled. In that case the
instruction is supposed to generate a special operation exception.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/655
Message-Id: <20221201184443.136355-1-thuth@redhat.com>
Reviewed-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>

show more ...

target/s390x: Fix determination of overflow condition code after subtraction

Reported by Paul Eggert in
https://lists.gnu.org/archive/html/bug-gnulib/2021-09/msg00050.html

This program currently pr

target/s390x: Fix determination of overflow condition code after subtraction

Reported by Paul Eggert in
https://lists.gnu.org/archive/html/bug-gnulib/2021-09/msg00050.html

This program currently prints different results when run with TCG instead
of running on real s390x hardware:

#include <stdio.h>

int overflow_32 (int x, int y)
{
int sum;
return __builtin_sub_overflow (x, y, &sum);
}

int overflow_64 (long long x, long long y)
{
long sum;
return __builtin_sub_overflow (x, y, &sum);
}

int a1 = 0;
int b1 = -2147483648;
long long a2 = 0L;
long long b2 = -9223372036854775808L;

int main ()
{
{
int a = a1;
int b = b1;
printf ("a = 0x%x, b = 0x%x\n", a, b);
printf ("no_overflow = %d\n", ! overflow_32 (a, b));
}
{
long long a = a2;
long long b = b2;
printf ("a = 0x%llx, b = 0x%llx\n", a, b);
printf ("no_overflow = %d\n", ! overflow_64 (a, b));
}
}

Signed-off-by: Bruno Haible <bruno@clisp.org>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/618
Message-Id: <20220323162621.139313-3-thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>

show more ...

target/s390x: Fix determination of overflow condition code after addition

This program currently prints different results when run with TCG instead
of running on real s390x hardware:

#include <std

target/s390x: Fix determination of overflow condition code after addition

This program currently prints different results when run with TCG instead
of running on real s390x hardware:

#include <stdio.h>

int overflow_32 (int x, int y)
{
int sum;
return ! __builtin_add_overflow (x, y, &sum);
}

int overflow_64 (long long x, long long y)
{
long sum;
return ! __builtin_add_overflow (x, y, &sum);
}

int a1 = -2147483648;
int b1 = -2147483648;
long long a2 = -9223372036854775808L;
long long b2 = -9223372036854775808L;

int main ()
{
{
int a = a1;
int b = b1;
printf ("a = 0x%x, b = 0x%x\n", a, b);
printf ("no_overflow = %d\n", overflow_32 (a, b));
}
{
long long a = a2;
long long b = b2;
printf ("a = 0x%llx, b = 0x%llx\n", a, b);
printf ("no_overflow = %d\n", overflow_64 (a, b));
}
}

Signed-off-by: Bruno Haible <bruno@clisp.org>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/616
Message-Id: <20220323162621.139313-2-thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>

show more ...

target/s390x: Fix shifting 32-bit values for more than 31 bits

According to PoP, both 32- and 64-bit shifts use lowest 6 address
bits. The current code special-cases 32-bit shifts to use only 5 bits

target/s390x: Fix shifting 32-bit values for more than 31 bits

According to PoP, both 32- and 64-bit shifts use lowest 6 address
bits. The current code special-cases 32-bit shifts to use only 5 bits,
which is not correct. For example, shifting by 32 bits currently
preserves the initial value, however, it's supposed zero it out
instead.

Fix by merging sh32 and sh64 and adapting CC calculation to shift
values greater than 31.

Fixes: cbe24bfa91d2 ("target-s390: Convert SHIFT, ROTATE SINGLE")
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Message-Id: <20220112165016.226996-5-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>

show more ...

target/s390x: Fix cc_calc_sla_64() missing overflows

An overflow occurs for SLAG when at least one shifted bit is not equal
to sign bit. Therefore, we need to check that `shift + 1` bits are
neither

target/s390x: Fix cc_calc_sla_64() missing overflows

An overflow occurs for SLAG when at least one shifted bit is not equal
to sign bit. Therefore, we need to check that `shift + 1` bits are
neither all 0s nor all 1s. The current code checks only `shift` bits,
missing some overflows.

Fixes: cbe24bfa91d2 ("target-s390: Convert SHIFT, ROTATE SINGLE")
Co-developed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Message-Id: <20220112165016.226996-4-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>

show more ...

Merge remote-tracking branch 'remotes/mdroth/tags/qga-pull-2021-07-13-tag' into staging

qemu-ga patch queue for soft-freeze

* add support for Windows Server 2022 in get-osinfo comma

Merge remote-tracking branch 'remotes/mdroth/tags/qga-pull-2021-07-13-tag' into staging

qemu-ga patch queue for soft-freeze

* add support for Windows Server 2022 in get-osinfo command

# gpg: Signature made Tue 13 Jul 2021 19:10:05 BST
# gpg: using RSA key CEACC9E15534EBABB82D3FA03353C9CEF108B584
# gpg: Good signature from "Michael Roth <flukshun@gmail.com>" [full]
# gpg: aka "Michael Roth <mdroth@utexas.edu>" [full]
# gpg: aka "Michael Roth <mdroth@linux.vnet.ibm.com>" [full]
# Primary key fingerprint: CEAC C9E1 5534 EBAB B82D 3FA0 3353 C9CE F108 B584

* remotes/mdroth/tags/qga-pull-2021-07-13-tag:
qga-win: Add support of Windows Server 2022 in get-osinfo command

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-6.1-pull-request' into staging

Linux-user pull request 20210713

Update headers to linux v5.13
cleanup errno tar

Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-6.1-pull-request' into staging

Linux-user pull request 20210713

Update headers to linux v5.13
cleanup errno target headers
Fix race condition on fd translation table

# gpg: Signature made Tue 13 Jul 2021 14:41:25 BST
# gpg: using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg: issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg: aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg: aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F 5173 F30C 38BD 3F2F BE3C

* remotes/vivier2/tags/linux-user-for-6.1-pull-request:
linux-user: update syscall.tbl to Linux v5.13
linux-user, mips: update syscall-args-o32.c.inc to Linux v5.13
linux-user: update syscall_nr.h to Linux v5.13
fd-trans: Fix race condition on reallocation of the translation table.
linux-user/syscall: Remove ERRNO_TABLE_SIZE check
linux-user: Simplify host <-> target errno conversion using macros
linux-user/mips: Move errno definitions to 'target_errno_defs.h'
linux-user/hppa: Move errno definitions to 'target_errno_defs.h'
linux-user/alpha: Move errno definitions to 'target_errno_defs.h'
linux-user: Extract target errno to 'target_errno_defs.h'
linux-user/sparc: Rename target_errno.h -> target_errno_defs.h
linux-user/syscall: Fix RF-kill errno (typo in ERFKILL)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2021-07-09-v2' into staging

nbd patches for 2021-07-09

- enhance 'qemu-img map --output=json' to make it easier to duplicat

Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2021-07-09-v2' into staging

nbd patches for 2021-07-09

- enhance 'qemu-img map --output=json' to make it easier to duplicate
backing chain allocation patterns
- fix a race in the 'yank' QMP command in relation to NBD requests

# gpg: Signature made Mon 12 Jul 2021 18:43:37 BST
# gpg: using RSA key 71C2CC22B1C4602927D2F3AAA7A16B4A2527436A
# gpg: Good signature from "Eric Blake <eblake@redhat.com>" [full]
# gpg: aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>" [full]
# gpg: aka "[jpeg image of size 6874]" [full]
# Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2 F3AA A7A1 6B4A 2527 436A

* remotes/ericb/tags/pull-nbd-2021-07-09-v2:
nbd: register yank function earlier
qemu-img: Reword 'qemu-img map --output=json' docs
qemu-img: Make unallocated part of backing chain obvious in map
iotests: Improve and rename test 309 to nbd-qemu-allocation

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

Merge remote-tracking branch 'remotes/stefanha-gitlab/tags/tracing-pull-request' into staging

Pull request

# gpg: Signature made Mon 12 Jul 2021 17:49:46 BST
# gpg:

Merge remote-tracking branch 'remotes/stefanha-gitlab/tags/tracing-pull-request' into staging

Pull request

# gpg: Signature made Mon 12 Jul 2021 17:49:46 BST
# gpg: using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [full]
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" [full]
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8

* remotes/stefanha-gitlab/tags/tracing-pull-request:
trace, lttng: require .pc files
trace/simple: add st_init_group
trace/simple: pass iter to st_write_event_mapping
trace: add trace_event_iter_init_group
trace: iter init tweaks
qemu-trace-stap: changing SYSTEMTAP_TAPSET considered harmful.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

Merge remote-tracking branch 'remotes/philmd/tags/sdmmc-20210712' into staging

SD/MMC patches queue

- sdcard: Check for valid address range in SEND_WRITE_PROT (CMD30)

# gpg

Merge remote-tracking branch 'remotes/philmd/tags/sdmmc-20210712' into staging

SD/MMC patches queue

- sdcard: Check for valid address range in SEND_WRITE_PROT (CMD30)

# gpg: Signature made Mon 12 Jul 2021 11:28:13 BST
# gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE

* remotes/philmd/tags/sdmmc-20210712:
hw/sd/sdcard: Check for valid address range in SEND_WRITE_PROT (CMD30)
hw/sd/sdcard: Extract address_in_range() helper, log invalid accesses
hw/sd/sdcard: When card is in wrong state, log which state it is

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

Merge remote-tracking branch 'remotes/cohuck-gitlab/tags/s390x-20210708' into staging

s390x updates:
- add gen16 cpumodels
- refactor/cleanup some code
- bugfixes

# gpg:

Merge remote-tracking branch 'remotes/cohuck-gitlab/tags/s390x-20210708' into staging

s390x updates:
- add gen16 cpumodels
- refactor/cleanup some code
- bugfixes

# gpg: Signature made Thu 08 Jul 2021 12:26:21 BST
# gpg: using EDDSA key 69A3B536F5CBFC65208026C1DE88BB5641DE66C1
# gpg: issuer "cohuck@redhat.com"
# gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>" [unknown]
# gpg: aka "Cornelia Huck <huckc@linux.vnet.ibm.com>" [full]
# gpg: aka "Cornelia Huck <cornelia.huck@de.ibm.com>" [full]
# gpg: aka "Cornelia Huck <cohuck@kernel.org>" [unknown]
# gpg: aka "Cornelia Huck <cohuck@redhat.com>" [unknown]
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0 18CE DECF 6B93 C6F0 2FAF
# Subkey fingerprint: 69A3 B536 F5CB FC65 2080 26C1 DE88 BB56 41DE 66C1

* remotes/cohuck-gitlab/tags/s390x-20210708:
target/s390x: split sysemu part of cpu models
target/s390x: move kvm files into kvm/
target/s390x: remove kvm-stub.c
target/s390x: use kvm_enabled() to wrap call to kvm_s390_get_hpage_1m
target/s390x: make helper.c sysemu-only
target/s390x: split cpu-dump from helper.c
target/s390x: move sysemu-only code out to cpu-sysemu.c
target/s390x: start moving TCG-only code to tcg/
target/s390x: rename internal.h to s390x-internal.h
target/s390x: remove tcg-stub.c
hw/s390x: only build tod-tcg from the CONFIG_TCG build
hw/s390x: tod: make explicit checks for accelerators when initializing
hw/s390x: rename tod-qemu.c to tod-tcg.c
target/s390x: meson: add target_user_arch
s390x/tcg: Fix m5 vs. m4 field for VECTOR MULTIPLY SUM LOGICAL
target/s390x: Fix CC set by CONVERT TO FIXED/LOGICAL
s390x/cpumodel: add 3931 and 3932

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

target/s390x: start moving TCG-only code to tcg/

move everything related to translate, as well as HELPER code in tcg/

mmu_helper.c stays put for now, as it contains both TCG and KVM

target/s390x: start moving TCG-only code to tcg/

move everything related to translate, as well as HELPER code in tcg/

mmu_helper.c stays put for now, as it contains both TCG and KVM code.

After the reshuffling, update MAINTAINERS accordingly.
Make use of the new directory:

target/s390x/tcg/

Signed-off-by: Claudio Fontana <cfontana@suse.de>
Signed-off-by: Cho, Yu-Chen <acho@suse.com>
Acked-by: David Hildenbrand <david@redhat.com>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210707105324.23400-8-acho@suse.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>

show more ...