Re: [PATCH v2 3/4] s390x/tcg: Only ignore content in r0 when specified via "b" or "x"

[Richard Henderson]

On 1/8/21 3:20 AM, David Hildenbrand wrote:
> Using get_address() with register identifiers comming from an "r" field
> is wrong: if the "r" field designates "r0", we don't read the content
> and instead assume 0 - which should only be applied when the register
> was specified via "b" or "x".
> 
> PoP 5-11 "Operand-Address Generation":
>   "A zero in any of the B1, B2, X2, B3, or B4 fields indicates the absence
>    of the corresponding address component. For the absent component, a zero
>    is used in forming the intermediate sum, regardless of the contents of
>    general register 0. A displacement of zero has no special significance."
> 
> This BUG became visible for CSPG as generated by LLVM-12 in the upstream
> Linux kernel (v5.11-rc2), used while creating the linear mapping in
> vmem_map_init(): Trying to store to address 0 results in a Low Address
> Protection exception.
> 
> Debugging this was more complicated than it could have been: The program
> interrupt handler in the kernel will try to crash the kernel: doing so, it
> will enable DAT. As the linear mapping is not created yet (asce=0), we run
> into an addressing exception while tring to walk non-existant DAT tables,
> resulting in a program exception loop.
> 
> This allows for booting upstream Linux kernels compiled by clang-12. Most
> of these cases seem to be broken forever.
> 
> Reported-by: Nick Desaulniers <ndesaulniers@google.com>
> Cc: Guenter Roeck <linux@roeck-us.net>
> Cc: Christian Borntraeger <borntraeger@de.ibm.com>
> Cc: Heiko Carstens <hca@linux.ibm.com>
> Signed-off-by: David Hildenbrand <david@redhat.com>
> ---
>  target/s390x/insn-data.def |  8 ++++----
>  target/s390x/translate.c   | 15 +++++++++------
>  2 files changed, 13 insertions(+), 10 deletions(-)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~