From b7022d9ac61311f92aef0994e2ab801b76d55f14 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Tue, 20 Jan 2015 10:56:37 +0100 Subject: s390: Plug memory leak on s390_pci_generate_event() error path Signed-off-by: Markus Armbruster Signed-off-by: Cornelia Huck --- hw/s390x/s390-pci-bus.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'hw') diff --git a/hw/s390x/s390-pci-bus.c b/hw/s390x/s390-pci-bus.c index 1201b8d..d25ac74 100644 --- a/hw/s390x/s390-pci-bus.c +++ b/hw/s390x/s390-pci-bus.c @@ -187,7 +187,7 @@ S390PCIBusDevice *s390_pci_find_dev_by_fh(uint32_t fh) static void s390_pci_generate_event(uint8_t cc, uint16_t pec, uint32_t fh, uint32_t fid, uint64_t faddr, uint32_t e) { - SeiContainer *sei_cont = g_malloc0(sizeof(SeiContainer)); + SeiContainer *sei_cont; S390pciState *s = S390_PCI_HOST_BRIDGE( object_resolve_path(TYPE_S390_PCI_HOST_BRIDGE, NULL)); @@ -195,6 +195,7 @@ static void s390_pci_generate_event(uint8_t cc, uint16_t pec, uint32_t fh, return; } + sei_cont = g_malloc0(sizeof(SeiContainer)); sei_cont->fh = fh; sei_cont->fid = fid; sei_cont->cc = cc; -- cgit v1.1 From c0eb33ab5428edf85a29a4f91f64d6802b6cefaa Mon Sep 17 00:00:00 2001 From: Frank Blaschka Date: Wed, 21 Jan 2015 16:50:29 +0100 Subject: s390x/pci: avoid sign extension in stpcifc This patch avoids sign extension and fixes a data conversion bug in stpcifc. Both issues where found by Coverity. Reviewed-by: Markus Armbruster Signed-off-by: Frank Blaschka Signed-off-by: Cornelia Huck --- hw/s390x/s390-pci-inst.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'hw') diff --git a/hw/s390x/s390-pci-inst.c b/hw/s390x/s390-pci-inst.c index 5ea13e5..c269184 100644 --- a/hw/s390x/s390-pci-inst.c +++ b/hw/s390x/s390-pci-inst.c @@ -784,10 +784,10 @@ int stpcifc_service_call(S390CPU *cpu, uint8_t r1, uint64_t fiba) stq_p(&fib.aisb, pbdev->routes.adapter.summary_addr); stq_p(&fib.fmb_addr, pbdev->fmb_addr); - data = (pbdev->isc << 28) | (pbdev->noi << 16) | - (pbdev->routes.adapter.ind_offset << 8) | (pbdev->sum << 7) | - pbdev->routes.adapter.summary_offset; - stw_p(&fib.data, data); + data = ((uint32_t)pbdev->isc << 28) | ((uint32_t)pbdev->noi << 16) | + ((uint32_t)pbdev->routes.adapter.ind_offset << 8) | + ((uint32_t)pbdev->sum << 7) | pbdev->routes.adapter.summary_offset; + stl_p(&fib.data, data); if (pbdev->fh >> ENABLE_BIT_OFFSET) { fib.fc |= 0x80; -- cgit v1.1 From 5b324bbafc4fe367bd9c5bfa6cff071081fb8b0e Mon Sep 17 00:00:00 2001 From: Frank Blaschka Date: Fri, 16 Jan 2015 14:55:21 +0100 Subject: s390x/pci: check for invalid function handle broken guest may provide 0 (invalid) function handle to zpci instructions. Since we use function handle 0 to indicate an empty slot in the PHB we have to add an additional check to spot this kind of error. Signed-off-by: Frank Blaschka Signed-off-by: Cornelia Huck --- hw/s390x/s390-pci-bus.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'hw') diff --git a/hw/s390x/s390-pci-bus.c b/hw/s390x/s390-pci-bus.c index d25ac74..dc455a2 100644 --- a/hw/s390x/s390-pci-bus.c +++ b/hw/s390x/s390-pci-bus.c @@ -170,7 +170,7 @@ S390PCIBusDevice *s390_pci_find_dev_by_fh(uint32_t fh) S390pciState *s = S390_PCI_HOST_BRIDGE( object_resolve_path(TYPE_S390_PCI_HOST_BRIDGE, NULL)); - if (!s) { + if (!s || !fh) { return NULL; } -- cgit v1.1 From 4e99a0f7ae2a8392fd306c357148763ac4f820f9 Mon Sep 17 00:00:00 2001 From: Yi Min Zhao Date: Mon, 19 Jan 2015 15:15:56 +0800 Subject: s390x/pci: fix dma notifications in rpcit instruction The virtual I/O address range passed to rpcit instruction might not map to consecutive physical guest pages. For this we have to translate and create mapping notifications for each vioa page separately. Signed-off-by: Yi Min Zhao Signed-off-by: Cornelia Huck --- hw/s390x/s390-pci-inst.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) (limited to 'hw') diff --git a/hw/s390x/s390-pci-inst.c b/hw/s390x/s390-pci-inst.c index c269184..9e5bc5b 100644 --- a/hw/s390x/s390-pci-inst.c +++ b/hw/s390x/s390-pci-inst.c @@ -487,7 +487,7 @@ int rpcit_service_call(S390CPU *cpu, uint8_t r1, uint8_t r2) CPUS390XState *env = &cpu->env; uint32_t fh; S390PCIBusDevice *pbdev; - ram_addr_t size; + hwaddr start, end; IOMMUTLBEntry entry; MemoryRegion *mr; @@ -504,7 +504,8 @@ int rpcit_service_call(S390CPU *cpu, uint8_t r1, uint8_t r2) } fh = env->regs[r1] >> 32; - size = env->regs[r2 + 1]; + start = env->regs[r2]; + end = start + env->regs[r2 + 1]; pbdev = s390_pci_find_dev_by_fh(fh); @@ -515,15 +516,18 @@ int rpcit_service_call(S390CPU *cpu, uint8_t r1, uint8_t r2) } mr = pci_device_iommu_address_space(pbdev->pdev)->root; - entry = mr->iommu_ops->translate(mr, env->regs[r2], 0); + while (start < end) { + entry = mr->iommu_ops->translate(mr, start, 0); - if (!entry.translated_addr) { - setcc(cpu, ZPCI_PCI_LS_ERR); - goto out; + if (!entry.translated_addr) { + setcc(cpu, ZPCI_PCI_LS_ERR); + goto out; + } + + memory_region_notify_iommu(mr, entry); + start += entry.addr_mask + 1; } - entry.addr_mask = size - 1; - memory_region_notify_iommu(mr, entry); setcc(cpu, ZPCI_PCI_LS_OK); out: return 0; -- cgit v1.1 From 7691993c2b290dfedfb08a8eaa8cf7d5c6573fcb Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Tue, 11 Feb 2014 09:12:27 +0100 Subject: s390x/ipl: Improved code indentation in s390_ipl_init() The indentation of the code in s390_ipl_init() can be simplified a little bit by removing superfluous else-statements. Suggested-by: Michael Mueller Signed-off-by: Thomas Huth Acked-by: Cornelia Huck Signed-off-by: Cornelia Huck --- hw/s390x/ipl.c | 47 ++++++++++++++++++++++++----------------------- 1 file changed, 24 insertions(+), 23 deletions(-) (limited to 'hw') diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c index 3b77c9a..4ba8409 100644 --- a/hw/s390x/ipl.c +++ b/hw/s390x/ipl.c @@ -62,6 +62,7 @@ typedef struct S390IPLState { static int s390_ipl_init(SysBusDevice *dev) { S390IPLState *ipl = S390_IPL(dev); + uint64_t pentry = KERN_IMAGE_START; int kernel_size; if (!ipl->kernel) { @@ -94,31 +95,31 @@ static int s390_ipl_init(SysBusDevice *dev) hw_error("could not load bootloader '%s'\n", bios_name); } return 0; + } + + kernel_size = load_elf(ipl->kernel, NULL, NULL, &pentry, NULL, + NULL, 1, ELF_MACHINE, 0); + if (kernel_size < 0) { + kernel_size = load_image_targphys(ipl->kernel, 0, ram_size); + } + if (kernel_size < 0) { + fprintf(stderr, "could not load kernel '%s'\n", ipl->kernel); + return -1; + } + /* + * Is it a Linux kernel (starting at 0x10000)? If yes, we fill in the + * kernel parameters here as well. Note: For old kernels (up to 3.2) + * we can not rely on the ELF entry point - it was 0x800 (the SALIPL + * loader) and it won't work. For this case we force it to 0x10000, too. + */ + if (pentry == KERN_IMAGE_START || pentry == 0x800) { + ipl->start_addr = KERN_IMAGE_START; + /* Overwrite parameters in the kernel image, which are "rom" */ + strcpy(rom_ptr(KERN_PARM_AREA), ipl->cmdline); } else { - uint64_t pentry = KERN_IMAGE_START; - kernel_size = load_elf(ipl->kernel, NULL, NULL, &pentry, NULL, - NULL, 1, ELF_MACHINE, 0); - if (kernel_size < 0) { - kernel_size = load_image_targphys(ipl->kernel, 0, ram_size); - } - if (kernel_size < 0) { - fprintf(stderr, "could not load kernel '%s'\n", ipl->kernel); - return -1; - } - /* - * Is it a Linux kernel (starting at 0x10000)? If yes, we fill in the - * kernel parameters here as well. Note: For old kernels (up to 3.2) - * we can not rely on the ELF entry point - it was 0x800 (the SALIPL - * loader) and it won't work. For this case we force it to 0x10000, too. - */ - if (pentry == KERN_IMAGE_START || pentry == 0x800) { - ipl->start_addr = KERN_IMAGE_START; - /* Overwrite parameters in the kernel image, which are "rom" */ - strcpy(rom_ptr(KERN_PARM_AREA), ipl->cmdline); - } else { - ipl->start_addr = pentry; - } + ipl->start_addr = pentry; } + if (ipl->initrd) { ram_addr_t initrd_offset; int initrd_size; -- cgit v1.1