Ubuntu
qemu package

Merge ~paelzer/ubuntu/+source/qemu:lp-1929926-uretprobe-s390x-tcg-HIRSUTE into ubuntu/+source/qemu:ubuntu/hirsute-devel

  1. Git
  2. lp:~paelzer/ubuntu/+source/qemu
  3. lp-1929926-uretprobe-s390x-tcg-HIRSUTE
  4. Merge into ubuntu/hirsute-devel
Proposed by Christian Ehrhardt 
Status: Merged
Merge reported by: Christian Ehrhardt 
Merged at revision: 1d53d8ce054f6a4a2104d467e26959ad730bdd87
Proposed branch: ~paelzer/ubuntu/+source/qemu:lp-1929926-uretprobe-s390x-tcg-HIRSUTE
Merge into: ubuntu/+source/qemu:ubuntu/hirsute-devel
Diff against target: 131 lines (+109/-0)
3 files modified
debian/changelog (+7/-0)
debian/patches/series (+1/-0)
debian/patches/ubuntu/lp-1929926-target-s390x-Fix-translation-exception-on-illegal-in.patch (+101/-0)
Reviewer Review Type Date Requested Status
Sergio Durigan Junior (community) Approve
Canonical Server packageset reviewers Pending
Canonical Server Pending
Review via email: mp+410033@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

PPA: https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/4682

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Thanks for the MP, Christian.

It LGTM. The backport is OK, the fix looks correct, and the debian/-specific bits are also good.

The package has successfully built on the PPA, there are no autopkgtest results available yet. I am approving this MP conditionally on the autopkgtest tests passing.

Thanks.

review: Approve
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Uploaded to -unapproved

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index f7983b9..ec5c1f7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
1qemu (1:5.2+dfsg-9ubuntu3.3) hirsute; urgency=medium
2
3 * d/p/u/lp-1929926-target-s390x-Fix-translation-exception-on-illegal-in.patch:
4 fix uretprobe in s390x TCG (LP: #1929926)
5
6 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 12 Oct 2021 09:04:44 +0200
7
1qemu (1:5.2+dfsg-9ubuntu3.2) hirsute; urgency=medium8qemu (1:5.2+dfsg-9ubuntu3.2) hirsute; urgency=medium
29
3 * d/rules fix microvm default machine type for a new build system10 * d/rules fix microvm default machine type for a new build system
diff --git a/debian/patches/series b/debian/patches/series
index 30500b2..525e25c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -74,3 +74,4 @@ CVE-2021-3544-8.patch
74CVE-2021-3582.patch74CVE-2021-3582.patch
75CVE-2021-3607.patch75CVE-2021-3607.patch
76CVE-2021-3608.patch76CVE-2021-3608.patch
77ubuntu/lp-1929926-target-s390x-Fix-translation-exception-on-illegal-in.patch
diff --git a/debian/patches/ubuntu/lp-1929926-target-s390x-Fix-translation-exception-on-illegal-in.patch b/debian/patches/ubuntu/lp-1929926-target-s390x-Fix-translation-exception-on-illegal-in.patch
77new file mode 10064478new file mode 100644
index 0000000..07027af
--- /dev/null
+++ b/debian/patches/ubuntu/lp-1929926-target-s390x-Fix-translation-exception-on-illegal-in.patch
@@ -0,0 +1,101 @@
1From 86131c71b13257e095d8c4f4453d52cbc6553c07 Mon Sep 17 00:00:00 2001
2From: Ilya Leoshkevich <iii@linux.ibm.com>
3Date: Fri, 16 Apr 2021 17:49:36 +0200
4Subject: [PATCH] target/s390x: Fix translation exception on illegal
5 instruction
6
7Hitting an uretprobe in a s390x TCG guest causes a SIGSEGV. What
8happens is:
9
10* uretprobe maps a userspace page containing an invalid instruction.
11* uretprobe replaces the target function's return address with the
12 address of that page.
13* When tb_gen_code() is called on that page, tb->size ends up being 0
14 (because the page starts with the invalid instruction), which causes
15 virt_page2 to point to the previous page.
16* The previous page is not mapped, so this causes a spurious
17 translation exception.
18
19tb->size must never be 0: even if there is an illegal instruction, the
20instruction bytes that have been looked at must count towards tb->size.
21So adjust s390x's translate_one() to act this way for both illegal
22instructions and instructions that are known to generate exceptions.
23
24Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
25Reviewed-by: David Hildenbrand <david@redhat.com>
26Message-Id: <20210416154939.32404-2-iii@linux.ibm.com>
27Signed-off-by: Cornelia Huck <cohuck@redhat.com>
28
29Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=86131c71b13257e095d8c4f4453d52cbc6553c07
30Bug-Ubuntu: https://bugs.launchpad.net/bugs/1929926
31Last-Update: 2021-10-12
32
33---
34 target/s390x/translate.c | 16 +++++++++++-----
35 1 file changed, 11 insertions(+), 5 deletions(-)
36
37diff --git a/target/s390x/translate.c b/target/s390x/translate.c
38index 4f953ddfba..e243624d2a 100644
39--- a/target/s390x/translate.c
40+++ b/target/s390x/translate.c
41@@ -6412,7 +6412,8 @@ static DisasJumpType translate_one(CPUS390XState *env, DisasContext *s)
42 qemu_log_mask(LOG_UNIMP, "unimplemented opcode 0x%02x%02x\n",
43 s->fields.op, s->fields.op2);
44 gen_illegal_opcode(s);
45- return DISAS_NORETURN;
46+ ret = DISAS_NORETURN;
47+ goto out;
48 }
49
50 #ifndef CONFIG_USER_ONLY
51@@ -6428,7 +6429,8 @@ static DisasJumpType translate_one(CPUS390XState *env, DisasContext *s)
52 /* privileged instruction */
53 if ((s->base.tb->flags & FLAG_MASK_PSTATE) && (insn->flags & IF_PRIV)) {
54 gen_program_exception(s, PGM_PRIVILEGED);
55- return DISAS_NORETURN;
56+ ret = DISAS_NORETURN;
57+ goto out;
58 }
59
60 /* if AFP is not enabled, instructions and registers are forbidden */
61@@ -6455,7 +6457,8 @@ static DisasJumpType translate_one(CPUS390XState *env, DisasContext *s)
62 }
63 if (dxc) {
64 gen_data_exception(dxc);
65- return DISAS_NORETURN;
66+ ret = DISAS_NORETURN;
67+ goto out;
68 }
69 }
70
71@@ -6463,7 +6466,8 @@ static DisasJumpType translate_one(CPUS390XState *env, DisasContext *s)
72 if (insn->flags & IF_VEC) {
73 if (!((s->base.tb->flags & FLAG_MASK_VECTOR))) {
74 gen_data_exception(0xfe);
75- return DISAS_NORETURN;
76+ ret = DISAS_NORETURN;
77+ goto out;
78 }
79 }
80
81@@ -6484,7 +6488,8 @@ static DisasJumpType translate_one(CPUS390XState *env, DisasContext *s)
82 (insn->spec & SPEC_r1_f128 && !is_fp_pair(get_field(s, r1))) ||
83 (insn->spec & SPEC_r2_f128 && !is_fp_pair(get_field(s, r2)))) {
84 gen_program_exception(s, PGM_SPECIFICATION);
85- return DISAS_NORETURN;
86+ ret = DISAS_NORETURN;
87+ goto out;
88 }
89 }
90
91@@ -6544,6 +6549,7 @@ static DisasJumpType translate_one(CPUS390XState *env, DisasContext *s)
92 }
93 #endif
94
95+out:
96 /* Advance to the next instruction. */
97 s->base.pc_next = s->pc_tmp;
98 return ret;
99--
1002.33.0
101

Subscribers

People subscribed via source and target branches