SIGILL on instruction "stck" under qemu-s390x in user mode

Bug #1815024 reported by Giovanni Mascellani on 2019-02-07
This bug affects 1 person
Affects Status Importance Assigned to Milestone

Bug Description

qemu-s390x in user mode crashes with SIGILL (under host architecture x86_64, running Debian unstable) when executing target instruction "stck" ("STORE CLOCK", see, which is basically a kind of equivalent of Intel "rdtsc". The same instruction works fine under qemu-s390x in system mode. The bug is reproducible with both the qemu version distributed in Debian unstable and with the latest upstream master (commit 47994e16b1d66411953623e7c0bf0cdcd50bd507).

This bug manifested itself as a crash of ssh-keygen program, which uses "stck" to obtain some bits of randomness during key creation. Bisection of the code led to the attached minimal example. Compile with (inside an s390x system):

 $ gcc -c -o test.o test.c
 $ gcc -c -o rdtsc.o rdtsc.S
 $ gcc -o test test.o rdtsc.o

Then run test. It will crash with SIGILL in user mode and run fine in system mode. Also, compare with the original file at (there the instruction "stckf" is also used; it is probable that it has the same problem if it is supported altogether, but it did not test for this).

Running qemu-s390x with options -d in_asm,out_asm,op,op_opt,exec,nochain,cpu gives the trace attached in log.txt.

Thanks, Giovanni.

Giovanni Mascellani (giomasce) wrote :
Giovanni Mascellani (giomasce) wrote :
Giovanni Mascellani (giomasce) wrote :
Giovanni Mascellani (giomasce) wrote :
  • test Edit (8.1 KiB, application/octet-stream)

I am also attaching the compiled program, in case it is helpful.

Thomas Huth (th-huth) wrote :
Changed in qemu:
status: New → Fix Committed
Thomas Huth (th-huth) on 2019-04-24
Changed in qemu:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers