SIGILL on instruction "stck" under qemu-s390x in user mode

Bug #1815024 reported by Giovanni Mascellani on 2019-02-07
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
QEMU
Undecided
Unassigned

Bug Description

qemu-s390x in user mode crashes with SIGILL (under host architecture x86_64, running Debian unstable) when executing target instruction "stck" ("STORE CLOCK", see https://www-01.ibm.com/support/docview.wss?uid=isg26480faec85f44e2385256d5200627dee&aid=1), which is basically a kind of equivalent of Intel "rdtsc". The same instruction works fine under qemu-s390x in system mode. The bug is reproducible with both the qemu version distributed in Debian unstable and with the latest upstream master (commit 47994e16b1d66411953623e7c0bf0cdcd50bd507).

This bug manifested itself as a crash of ssh-keygen program, which uses "stck" to obtain some bits of randomness during key creation. Bisection of the code led to the attached minimal example. Compile with (inside an s390x system):

 $ gcc -c -o test.o test.c
 $ gcc -c -o rdtsc.o rdtsc.S
 $ gcc -o test test.o rdtsc.o

Then run test. It will crash with SIGILL in user mode and run fine in system mode. Also, compare with the original file at https://github.com/openssl/openssl/blob/master/crypto/s390xcpuid.pl#L139 (there the instruction "stckf" is also used; it is probable that it has the same problem if it is supported altogether, but it did not test for this).

Running qemu-s390x with options -d in_asm,out_asm,op,op_opt,exec,nochain,cpu gives the trace attached in log.txt.

Thanks, Giovanni.

Giovanni Mascellani (giomasce) wrote :
Giovanni Mascellani (giomasce) wrote :
Giovanni Mascellani (giomasce) wrote :
Giovanni Mascellani (giomasce) wrote :
  • test Edit (8.1 KiB, application/octet-stream)

I am also attaching the compiled program, in case it is helpful.

Thomas Huth (th-huth) wrote :
Changed in qemu:
status: New → Fix Committed
Thomas Huth (th-huth) on 2019-04-24
Changed in qemu:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers