Test the instruction address used by targets of an execute instruction. When the target instruction calculates a relative address, the result is relative to the target instruction, not the execute instruction. Reviewed-by: Janosch Frank <frankja@xxxxxxxxxxxxx> Signed-off-by: Nina Schoetterl-Glausch <nsg@xxxxxxxxxxxxx> --- v5 -> v6: * fix section for exrl targets (thanks Claudio) * add comments (thanks Claudio) v4 -> v5: * word align the execute-type instruction, preventing a specification exception if the address calculation is wrong, since LLGFRL requires word alignment * change wording of comment v3 -> v4: * fix nits (thanks Janosch) * pickup R-b (thanks Janosch) v2 -> v3: * add some comments (thanks Janosch) * add two new tests (drop Nico's R-b) * push prefix v1 -> v2: * add test to unittests.cfg and .gitlab-ci.yml * pick up R-b (thanks Nico) See https://patchew.org/QEMU/20230316210751.302423-1-iii@xxxxxxxxxxxxx/ for TCG fixes. Range-diff against v5: 1: 57f8f256 ! 1: 3893f723 s390x: Add tests for execute-type instructions @@ s390x/ex.c (new) +#include <libcflat.h> + +/* ++ * Accesses to the operand of execute-type instructions are instruction fetches. ++ * Minimum alignment is two, since the relative offset is specified by number of halfwords. ++ */ ++asm ( ".pushsection .text.exrl_targets,\"x\"\n" ++" .balign 2\n" ++" .popsection\n" ++); ++ ++/* + * BRANCH AND SAVE, register register variant. + * Saves the next instruction address (address from PSW + length of instruction) + * to the first register. No branch is taken in this test, because 0 is @@ s390x/ex.c (new) + uint64_t ret_addr, after_ex; + + report_prefix_push("BASR"); -+ asm volatile ( ".pushsection .rodata\n" ++ asm volatile ( ".pushsection .text.exrl_targets\n" + "0: basr %[ret_addr],0\n" + " .popsection\n" + @@ s390x/ex.c (new) + uint64_t after_target, ret_addr, after_ex, branch_addr; + + report_prefix_push("BRAS"); -+ asm volatile ( ".pushsection .text.ex_bras, \"x\"\n" ++ asm volatile ( ".pushsection .text.exrl_targets\n" + "0: bras %[ret_addr],1f\n" + " nopr %%r7\n" + "1: larl %[branch_addr],0\n" @@ s390x/ex.c (new) + " larl %[after_target],1b\n" + " larl %[after_ex],3f\n" + "2: exrl 0,0b\n" ++/* ++ * In case the address calculation is correct, we jump by the relative offset 1b-0b from 0b to 1b. ++ * In case the address calculation is relative to the exrl (i.e. a test failure), ++ * put a valid instruction at the same relative offset from the exrl, so the test continues in a ++ * controlled manner. ++ */ + "3: larl %[branch_addr],0\n" + "4:\n" + @@ s390x/ex.c (new) + uint64_t target, addr; + + report_prefix_push("LARL"); -+ asm volatile ( ".pushsection .rodata\n" ++ asm volatile ( ".pushsection .text.exrl_targets\n" + "0: larl %[addr],0\n" + " .popsection\n" + @@ s390x/ex.c (new) + uint64_t target, value; + + report_prefix_push("LLGFRL"); -+ asm volatile ( ".pushsection .rodata\n" ++ asm volatile ( ".pushsection .text.exrl_targets\n" + " .balign 4\n" ++ //operand of llgfrl must be word aligned + "0: llgfrl %[value],0\n" + " .popsection\n" + @@ s390x/ex.c (new) + uint32_t program_mask, cc, crl_word; + + report_prefix_push("CRL"); -+ asm volatile ( ".pushsection .rodata\n" ++ asm volatile ( ".pushsection .text.exrl_targets\n" + //operand of crl must be word aligned + " .balign 4\n" + "0: crl %[crl_word],0\n" s390x/Makefile | 1 + s390x/ex.c | 188 ++++++++++++++++++++++++++++++++++++++++++++ s390x/unittests.cfg | 3 + .gitlab-ci.yml | 1 + 4 files changed, 193 insertions(+) create mode 100644 s390x/ex.c diff --git a/s390x/Makefile b/s390x/Makefile index 97a61611..6cf8018b 100644 --- a/s390x/Makefile +++ b/s390x/Makefile @@ -39,6 +39,7 @@ tests += $(TEST_DIR)/panic-loop-extint.elf tests += $(TEST_DIR)/panic-loop-pgm.elf tests += $(TEST_DIR)/migration-sck.elf tests += $(TEST_DIR)/exittime.elf +tests += $(TEST_DIR)/ex.elf pv-tests += $(TEST_DIR)/pv-diags.elf diff --git a/s390x/ex.c b/s390x/ex.c new file mode 100644 index 00000000..dbd8030d --- /dev/null +++ b/s390x/ex.c @@ -0,0 +1,188 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright IBM Corp. 2023 + * + * Test EXECUTE (RELATIVE LONG). + * These instructions execute a target instruction. The target instruction is formed + * by reading an instruction from memory and optionally modifying some of its bits. + * The execution of the target instruction is the same as if it was executed + * normally as part of the instruction sequence, except for the instruction + * address and the instruction-length code. + */ + +#include <libcflat.h> + +/* + * Accesses to the operand of execute-type instructions are instruction fetches. + * Minimum alignment is two, since the relative offset is specified by number of halfwords. + */ +asm ( ".pushsection .text.exrl_targets,\"x\"\n" +" .balign 2\n" +" .popsection\n" +); + +/* + * BRANCH AND SAVE, register register variant. + * Saves the next instruction address (address from PSW + length of instruction) + * to the first register. No branch is taken in this test, because 0 is + * specified as target. + * BASR does *not* perform a relative address calculation with an intermediate. + */ +static void test_basr(void) +{ + uint64_t ret_addr, after_ex; + + report_prefix_push("BASR"); + asm volatile ( ".pushsection .text.exrl_targets\n" + "0: basr %[ret_addr],0\n" + " .popsection\n" + + " larl %[after_ex],1f\n" + " exrl 0,0b\n" + "1:\n" + : [ret_addr] "=d" (ret_addr), + [after_ex] "=d" (after_ex) + ); + + report(ret_addr == after_ex, "return address after EX"); + report_prefix_pop(); +} + +/* + * BRANCH RELATIVE AND SAVE. + * According to PoP (Branch-Address Generation), the address calculated relative + * to the instruction address is relative to BRAS when it is the target of an + * execute-type instruction, not relative to the execute-type instruction. + */ +static void test_bras(void) +{ + uint64_t after_target, ret_addr, after_ex, branch_addr; + + report_prefix_push("BRAS"); + asm volatile ( ".pushsection .text.exrl_targets\n" + "0: bras %[ret_addr],1f\n" + " nopr %%r7\n" + "1: larl %[branch_addr],0\n" + " j 4f\n" + " .popsection\n" + + " larl %[after_target],1b\n" + " larl %[after_ex],3f\n" + "2: exrl 0,0b\n" +/* + * In case the address calculation is correct, we jump by the relative offset 1b-0b from 0b to 1b. + * In case the address calculation is relative to the exrl (i.e. a test failure), + * put a valid instruction at the same relative offset from the exrl, so the test continues in a + * controlled manner. + */ + "3: larl %[branch_addr],0\n" + "4:\n" + + " .if (1b - 0b) != (3b - 2b)\n" + " .error \"right and wrong target must have same offset\"\n" + " .endif\n" + : [after_target] "=d" (after_target), + [ret_addr] "=d" (ret_addr), + [after_ex] "=d" (after_ex), + [branch_addr] "=d" (branch_addr) + ); + + report(after_target == branch_addr, "address calculated relative to BRAS"); + report(ret_addr == after_ex, "return address after EX"); + report_prefix_pop(); +} + +/* + * LOAD ADDRESS RELATIVE LONG. + * If it is the target of an execute-type instruction, the address is relative + * to the LARL. + */ +static void test_larl(void) +{ + uint64_t target, addr; + + report_prefix_push("LARL"); + asm volatile ( ".pushsection .text.exrl_targets\n" + "0: larl %[addr],0\n" + " .popsection\n" + + " larl %[target],0b\n" + " exrl 0,0b\n" + : [target] "=d" (target), + [addr] "=d" (addr) + ); + + report(target == addr, "address calculated relative to LARL"); + report_prefix_pop(); +} + +/* LOAD LOGICAL RELATIVE LONG. + * If it is the target of an execute-type instruction, the address is relative + * to the LLGFRL. + */ +static void test_llgfrl(void) +{ + uint64_t target, value; + + report_prefix_push("LLGFRL"); + asm volatile ( ".pushsection .text.exrl_targets\n" + " .balign 4\n" + //operand of llgfrl must be word aligned + "0: llgfrl %[value],0\n" + " .popsection\n" + + " llgfrl %[target],0b\n" + //align (pad with nop), in case the wrong operand is used + " .balignw 4,0x0707\n" + " exrl 0,0b\n" + : [target] "=d" (target), + [value] "=d" (value) + ); + + report(target == value, "loaded correct value"); + report_prefix_pop(); +} + +/* + * COMPARE RELATIVE LONG + * If it is the target of an execute-type instruction, the address is relative + * to the CRL. + */ +static void test_crl(void) +{ + uint32_t program_mask, cc, crl_word; + + report_prefix_push("CRL"); + asm volatile ( ".pushsection .text.exrl_targets\n" + //operand of crl must be word aligned + " .balign 4\n" + "0: crl %[crl_word],0\n" + " .popsection\n" + + " lrl %[crl_word],0b\n" + //align (pad with nop), in case the wrong operand is used + " .balignw 4,0x0707\n" + " exrl 0,0b\n" + " ipm %[program_mask]\n" + : [program_mask] "=d" (program_mask), + [crl_word] "=d" (crl_word) + :: "cc" + ); + + cc = program_mask >> 28; + report(!cc, "operand compared to is relative to CRL"); + report_prefix_pop(); +} + +int main(int argc, char **argv) +{ + report_prefix_push("ex"); + test_basr(); + test_bras(); + test_larl(); + test_llgfrl(); + test_crl(); + report_prefix_pop(); + + return report_summary(); +} diff --git a/s390x/unittests.cfg b/s390x/unittests.cfg index d97eb5e9..b61faf07 100644 --- a/s390x/unittests.cfg +++ b/s390x/unittests.cfg @@ -215,3 +215,6 @@ file = migration-skey.elf smp = 2 groups = migration extra_params = -append '--parallel' + +[execute] +file = ex.elf diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index ad7949c9..a999f64a 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -275,6 +275,7 @@ s390x-kvm: - ACCEL=kvm ./run_tests.sh selftest-setup intercept emulator sieve sthyi diag10 diag308 pfmf cmm vector gs iep cpumodel diag288 stsi sclp-1g sclp-3g css skrf sie + execute | tee results.txt - grep -q PASS results.txt && ! grep -q FAIL results.txt only: base-commit: 20de8c3b54078ebc3df0b47344f9ce55bf52b7a5 -- 2.39.1
