From 55281a2c53b884d0c2bce31aee592faf20a28eed Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 13 Dec 2018 12:02:52 +0000 Subject: [PATCH 1/2] hw/s390/ccw.c: Don't take address of packed members Taking the address of a field in a packed struct is a bad idea, because it might not be actually aligned enough for that pointer type (and thus cause a crash on dereference on some host architectures). Newer versions of clang warn about this. Avoid the problem by using local copies of the PMCW and SCSW struct fields in copy_schib_from_guest() and copy_schib_to_guest(). Signed-off-by: Peter Maydell Message-Id: <20181213120252.21697-1-peter.maydell@linaro.org> Reviewed-by: Farhan Ali Reviewed-by: Thomas Huth Signed-off-by: Cornelia Huck --- hw/s390x/css.c | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/hw/s390x/css.c b/hw/s390x/css.c index 04ec5cc970..f92b046cd3 100644 --- a/hw/s390x/css.c +++ b/hw/s390x/css.c @@ -1290,9 +1290,19 @@ void copy_scsw_to_guest(SCSW *dest, const SCSW *src) static void copy_schib_to_guest(SCHIB *dest, const SCHIB *src) { int i; + /* + * We copy the PMCW and SCSW in and out of local variables to + * avoid taking the address of members of a packed struct. + */ + PMCW src_pmcw, dest_pmcw; + SCSW src_scsw, dest_scsw; - copy_pmcw_to_guest(&dest->pmcw, &src->pmcw); - copy_scsw_to_guest(&dest->scsw, &src->scsw); + src_pmcw = src->pmcw; + copy_pmcw_to_guest(&dest_pmcw, &src_pmcw); + dest->pmcw = dest_pmcw; + src_scsw = src->scsw; + copy_scsw_to_guest(&dest_scsw, &src_scsw); + dest->scsw = dest_scsw; dest->mba = cpu_to_be64(src->mba); for (i = 0; i < ARRAY_SIZE(dest->mda); i++) { dest->mda[i] = src->mda[i]; @@ -1339,9 +1349,19 @@ static void copy_scsw_from_guest(SCSW *dest, const SCSW *src) static void copy_schib_from_guest(SCHIB *dest, const SCHIB *src) { int i; + /* + * We copy the PMCW and SCSW in and out of local variables to + * avoid taking the address of members of a packed struct. + */ + PMCW src_pmcw, dest_pmcw; + SCSW src_scsw, dest_scsw; - copy_pmcw_from_guest(&dest->pmcw, &src->pmcw); - copy_scsw_from_guest(&dest->scsw, &src->scsw); + src_pmcw = src->pmcw; + copy_pmcw_from_guest(&dest_pmcw, &src_pmcw); + dest->pmcw = dest_pmcw; + src_scsw = src->scsw; + copy_scsw_from_guest(&dest_scsw, &src_scsw); + dest->scsw = dest_scsw; dest->mba = be64_to_cpu(src->mba); for (i = 0; i < ARRAY_SIZE(dest->mda); i++) { dest->mda[i] = src->mda[i]; From aba7a5a2de3dba5917024df25441f715b9249e31 Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Fri, 14 Dec 2018 14:08:07 +0100 Subject: [PATCH 2/2] hw/s390x: Fix bad mask in time2tod() Since "s390x/tcg: avoid overflows in time2tod/tod2time", the time2tod() function tries to deal with the 9 uppermost bits in the time value, but uses the wrong mask for this: 0xff80000000000000 should be used instead of 0xff10000000000000 here. Fixes: 14055ce53c2d901d826ffad7fb7d6bb8ab46bdfd Cc: qemu-stable@nongnu.org Signed-off-by: Thomas Huth Message-Id: <1544792887-14575-1-git-send-email-thuth@redhat.com> Reviewed-by: David Hildenbrand [CH: tweaked commit message] Signed-off-by: Cornelia Huck --- include/hw/s390x/tod.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/hw/s390x/tod.h b/include/hw/s390x/tod.h index cbd7552e7a..47ef9de869 100644 --- a/include/hw/s390x/tod.h +++ b/include/hw/s390x/tod.h @@ -56,7 +56,7 @@ typedef struct S390TODClass { /* Converts ns to s390's clock format */ static inline uint64_t time2tod(uint64_t ns) { - return (ns << 9) / 125 + (((ns & 0xff10000000000000ull) / 125) << 9); + return (ns << 9) / 125 + (((ns & 0xff80000000000000ull) / 125) << 9); } /* Converts s390's clock format to ns */