Bug 881893

Summary: vex s390->IR: unimplemented insn: B93E 0002 (s390x) KIMD message-security assist (MSA) instruction extension
Product: Red Hat Enterprise Linux 6 Reporter: Miroslav Franc <mfranc>
Component: valgrindAssignee: Mark Wielaard <mjw>
Status: CLOSED ERRATA QA Contact: Miloš Prchlík <mprchlik>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.4CC: hkario, jakub, ksrot, mbenitez, mcermak, mfranc, mprchlik, ohudlick, patrickm
Target Milestone: rcKeywords: TestBlocker
Target Release: ---   
Hardware: s390x   
OS: Unspecified   
Whiteboard:
Fixed In Version: valgrind-3.8.1-3.3.el6 Doc Type: Bug Fix
Doc Text:
Cause: valgrind on s390x didn't properly report which instruction sets were supported. In particular it might report support for the KIMD message-security assist (MSA) instruction extension when the host machine supported that, even though valgrind itself does not support that instruction set extension. Consequence: A program running under valgrind might use some instructions on s390x that valgrind doesn't support, causing the program to receive a SIGILL signal. Fix: The implementation of STFLE (which reports the instruction set facilities that the machine supports) in valgrind has been changed to report the facilities of the valgrind virtual machine, not just the facilities the host machine supports. Result: Programs running under valgrind on s390x can now accurately detect which instruction set facilities are supported so they don't get killed because they use instructions not supported by valgrind.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2014-10-14 06:36:48 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1056252    

Description Miroslav Franc 2012-11-29 18:24:43 UTC 
Description of problem:
On s390x valgrind hits unrecognized instruction.



Version-Release number of selected component (if applicable):
valgrind-3.8.1-3.2.el6



Steps to Reproduce:
1. valgrind /usr/sbin/snmpd


  
Actual results:
...
ex s390->IR: unimplemented insn: B93E 0002
==63244== valgrind: Unrecognised instruction at address 0x51b1edc.
==63244==    at 0x51B1EDC: sha1_block_data_order (in /usr/lib64/libcrypto.so.1.0.0)
==63244==    by 0x51B0F8F: SHA1_Update (in /usr/lib64/libcrypto.so.1.0.0)
...


Expected results:
instruction is recognized :)
Comment 1 Mark Wielaard 2012-11-29 20:02:01 UTC 
Replicated against:

valgrind-3.8.1-3.2.el6.s390x
net-snmp-5.5-44.el6.s390x
openssl-1.0.0-27.el6.s390x

==2345== Process terminating with default action of signal 4 (SIGILL)
==2345==  Illegal opcode at address 0x51D5EDC
==2345==    at 0x51D5EDC: sha1_block_data_order (sha1-s390x.s:15)
==2345==    by 0x51D4F8F: SHA1_Update (md32_common.h:307)
==2345==    by 0x523159F: ssleay_rand_add (md_rand.c:289)

gdb says:

Dump of assembler code for function sha1_block_data_order:
   0x00000000051d5ec0 <+0>:     larl    %r1,0x532d770 <OPENSSL_s390xcap_P>
   0x00000000051d5ec6 <+6>:     lg      %r0,0(%r1)
   0x00000000051d5ecc <+12>:    tmhl    %r0,16384
   0x00000000051d5ed0 <+16>:    je      0x51d5f10 <sha1_block_data_order+80>
   0x00000000051d5ed4 <+20>:    lghi    %r0,0
   0x00000000051d5ed8 <+24>:    la      %r1,16(%r15)
   0x00000000051d5edc <+28>:    kimd    %r0,%r2
=> 0x00000000051d5ee0 <+32>:    lg      %r0,16(%r15)
   0x00000000051d5ee6 <+38>:    tmhh    %r0,16384
   0x00000000051d5eea <+42>:    je      0x51d5f10 <sha1_block_data_order+80>
Comment 2 Mark Wielaard 2012-11-29 20:49:36 UTC 
KIMD is part of the message-security assist (MSA) instruction extension.
And valgrind doesn't implement it:

   case 0xb93e: /* KIMD */ goto unimplemented;

openssl seems to probe the cpu to see if it can use it first, so valgrind should probably mask the availability somehow.
Comment 3 Mark Wielaard 2012-11-30 23:59:01 UTC 
Proposed upstream patch:

Index: VEX/priv/guest_s390_helpers.c
===================================================================
--- VEX/priv/guest_s390_helpers.c	(revision 2574)
+++ VEX/priv/guest_s390_helpers.c	(working copy)
@@ -310,6 +310,11 @@
                 "srl    %2,28\n"
                 : "=m" (hoststfle), "+d"(reg0), "=d"(cc) : : "cc", "memory");
 
+   /* None of the message-security assist (MSA) extensions are supported
+      under valgrind.  So clear bit 17. */
+   UChar *ptr = (UChar *) &hoststfle[0] + (17 >> 3);
+   *ptr &= ~(0x80 >> (17 & 7));
+
    /* Update guest register 0  with what STFLE set r0 to */
    guest_state->guest_r0 = reg0;
Comment 4 Mark Wielaard 2013-03-13 18:30:52 UTC 
This has been fixed upstream, differently from my proposed patch in comment #3. See https://bugs.kde.org/show_bug.cgi?id=310931 and upstream SVN commits valgrind r13150 / VEX r2579.
Comment 5 Mark Wielaard 2013-04-19 11:53:12 UTC 
*** Bug 953840 has been marked as a duplicate of this bug. ***
Comment 6 mbenitez 2013-06-26 20:52:08 UTC 
From a conversation with Mark there is an upstream fix and could be easily backported.
Proposing for 6.6 since valgrind is not in 6.5 ACL.
Comment 7 Mark Wielaard 2013-08-15 10:19:55 UTC 
I put the backport into valgrind-3.8.1-25.fc20 for fedora rawhide. It will be some time before that gets through the s390 koji builder though.
Comment 8 Mark Wielaard 2013-09-26 18:33:41 UTC 
*** Bug 1012625 has been marked as a duplicate of this bug. ***
Comment 13 Miloš Prchlík 2014-06-03 12:20:15 UTC 
Verified for build valgrind-3.8.1-3.5.el6.
Comment 14 errata-xmlrpc 2014-10-14 06:36:48 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1464.html