From nobody Mon Apr 29 09:04:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1499859637387462.3907484688374; Wed, 12 Jul 2017 04:40:37 -0700 (PDT) Received: from localhost ([::1]:51936 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dVG0S-0005T0-AO for importer@patchew.org; Wed, 12 Jul 2017 07:40:36 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:46575) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dVFzT-0004vA-I1 for qemu-devel@nongnu.org; Wed, 12 Jul 2017 07:39:36 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dVFzQ-0006bv-D0 for qemu-devel@nongnu.org; Wed, 12 Jul 2017 07:39:35 -0400 Received: from mailout3.w1.samsung.com ([210.118.77.13]:37673) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dVFzQ-0006aL-6U for qemu-devel@nongnu.org; Wed, 12 Jul 2017 07:39:32 -0400 Received: from eucas1p1.samsung.com (unknown [182.198.249.206]) by mailout3.w1.samsung.com (Oracle Communications Messaging Server 7.0.5.31.0 64bit (built May 5 2014)) with ESMTP id <0OSZ00E4571O4K30@mailout3.w1.samsung.com> for qemu-devel@nongnu.org; Wed, 12 Jul 2017 12:39:26 +0100 (BST) Received: from eusmges3.samsung.com (unknown [203.254.199.242]) by eucas1p1.samsung.com (KnoxPortal) with ESMTP id 20170712113926eucas1p12d09c8575758b5dc398d4884a16f0320~QklQ8iZ900130601306eucas1p1u for ; Wed, 12 Jul 2017 11:39:26 +0000 (GMT) Received: from eucas1p2.samsung.com ( [182.198.249.207]) by eusmges3.samsung.com (EUCPMTA) with SMTP id EE.E9.17464.B6A06695; Wed, 12 Jul 2017 12:39:23 +0100 (BST) Received: from eusmgms2.samsung.com (unknown [182.198.249.180]) by eucas1p1.samsung.com (KnoxPortal) with ESMTP id 20170712113922eucas1p1c6588b2e29439254cafd3d8dde5c505c~QklNOrvq93241132411eucas1p12 for ; Wed, 12 Jul 2017 11:39:22 +0000 (GMT) Received: from eusync1.samsung.com ( [203.254.199.211]) by eusmgms2.samsung.com (EUCPMTA) with SMTP id 5E.04.20206.96A06695; Wed, 12 Jul 2017 12:39:21 +0100 (BST) Received: from AMDN1843 ([106.120.52.68]) by eusync1.samsung.com (Oracle Communications Messaging Server 7.0.5.31.0 64bit (built May 5 2014)) with ESMTPA id <0OSZ00DMP71LI460@eusync1.samsung.com> for qemu-devel@nongnu.org; Wed, 12 Jul 2017 12:39:21 +0100 (BST) X-AuditID: cbfec7f2-f797e6d000004438-42-59660a6b1e18 From: Jaroslaw Pelczar To: qemu-devel@nongnu.org Date: Wed, 12 Jul 2017 13:39:20 +0200 Message-id: <001801d2fb03$811079e0$83316da0$@samsung.com> MIME-version: 1.0 Content-transfer-encoding: quoted-printable X-Mailer: Microsoft Outlook 14.0 Content-language: pl Thread-index: AdL7Az5b8G1Wlm/HSk6SPUVLJ23zrw== X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrJIsWRmVeSWpSXmKPExsWy7djP87rZXGmRBj+38Voc793B4sDo8eTa ZqYAxigum5TUnMyy1CJ9uwSujBsN/5kKlvJWtG04w9LAuIWri5GTQ0LAROLwu6WMELaYxIV7 69m6GLk4hASWMkqsunSFHSQhJNDPJLG2SRKmYe2d3UwQRcsYJbbs64Xq6GaSeDixjxmkik1A T+L8o7dgY0UEJCV+d50GinNwCAt4Sex4pQBisgioSjRuiwep4BWwlPh14B4zhC0o8WPyPRYQ m1lAR+LssXWMELa8xOY1b5khblCQ2HH2NVRcROJuw3NWiE16ErOOr2YBOUdC4DKbxLJTc8DW SgjISmw6ANXrIjF16Ro2CFtY4tXxLewQtozE5cndUL2TGSUer30I5axmlGhcsp4FospaYtON V0wQm/kkJm2bDrWAV6KjTQiixEPizby3UGFHiemXVSFhGCtx7cxj9gmM8rOQvDkLyZuzkLw5 C8lrCxhZVjGKpJYW56anFhvrFSfmFpfmpesl5+duYgQmgNP/jn/awfj1hNUhRgEORiUe3on7 UyOFWBPLiitzDzFKcDArifBefQsU4k1JrKxKLcqPLyrNSS0+xCjNwaIkzst16lqEkEB6Yklq dmpqQWoRTJaJg1OqgdFb/tnfq6KGGSeZZh569iMnfUbQl/ZLzxoOfLx95ohTh3mV+7W+9tfs 4vmN3QYLy5feX6coplOwiXNm352L73c+mrD8dGDbhsPRDl0z3q012P+yeBNb2f6lMbYqd8x4 33pnaNhuMGS5pXLbso2V9WB3mVSpWH1HmInVVuMNkb0zO45Hx+n8FFViKc5INNRiLipOBACV Yo4w/AIAAA== X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrHLMWRmVeSWpSXmKPExsVy+t/xy7qZXGmRBh8n6Voc793B4sDo8eTa ZqYAxig3m4zUxJTUIoXUvOT8lMy8dFul0BA3XQslhbzE3FRbpQhd35AgJYWyxJxSIM/IAA04 OAe4Byvp2yW4Zdxo+M9UsJS3om3DGZYGxi1cXYycHBICJhJr7+xmgrDFJC7cW8/WxcjFISSw hFFi4uVjUE4vk0T3je1gVWwCehLnH71lBLFFBCQlfnedZu5i5OAQFvCS2PFKAcRkEVCVaNwW D1LBK2Ap8evAPWYIW1Dix+R7LCA2s4CWxPqdx5kgbHmJzWveMkPcoCCx4+xrRoi4iMTdhues EJv0JGYdX80ygZF/FpJRs5CMmoVk1Cwk7QsYWVYxiqSWFuem5xYb6RUn5haX5qXrJefnbmIE hv22Yz+37GDsehd8iFGAg1GJh7fhQkqkEGtiWXFl7iFGCQ5mJRHeq29TI4V4UxIrq1KL8uOL SnNSiw8xmgL9OZFZSjQ5HxiTeSXxhiaG5paGRsYWFuZGRkrivFM/XAkXEkhPLEnNTk0tSC2C 6WPi4JRqYDRI62pwvuwzSXENz4HNJ7kWpKcsY3osuyRI6quMbUrJptrVJ3+Y3GCKUy2d/mz7 vebez127nV2vVp398ixhe6C9oPDtdFPmKV5nZ2xV/2XPe+2f1f59DTl3fVLdwvZoZXUd+m0w ueaz1bG766Kfp06/2Wf83dz2/ft58XkGke+VH70vmb757QclluKMREMt5qLiRABUbYLxkQIA AA== X-MTR: 20000000000000000@CPGS X-CMS-MailID: 20170712113922eucas1p1c6588b2e29439254cafd3d8dde5c505c X-Msg-Generator: CA X-Sender-IP: 182.198.249.180 X-Local-Sender: =?UTF-8?B?7JW866Gc7Iqs65287ZSEG1NSUE9MLVNlY3VyZSBPUyAoVFAp?= =?UTF-8?B?G+yCvOyEseyghOyekBsuL1NlbmlvciBTb2Z0d2FyZSBFbmdpbmVlcg==?= X-Global-Sender: =?UTF-8?B?SmFyb3NsYXcgUGVsY3phchtTUlBPTC1TZWN1cmUgT1MgKFRQ?= =?UTF-8?B?KRtTYW1zdW5nIEVsZWN0cm9uaWNzGy4vU2VuaW9yIFNvZnR3YXJlIEVuZ2lu?= =?UTF-8?B?ZWVy?= X-Sender-Code: =?UTF-8?B?QzEwG0VIURtDMTBDRDAyQ0QwMjczOTQ=?= CMS-TYPE: 201P X-HopCount: 7 X-CMS-RootMailID: 20170712113922eucas1p1c6588b2e29439254cafd3d8dde5c505c X-RootMTR: 20170712113922eucas1p1c6588b2e29439254cafd3d8dde5c505c References: X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 210.118.77.13 Subject: [Qemu-devel] target/arm: Fix abort on exception return from AArch64 to AArch32 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Problem manifests itself when we handle the following sequence: 1. 64-bit Secure EL3 returns to 32-bit Secure EL1 2. 32-bit Secure EL1 performs SMC call to 64-bit Secure EL3 3. 64-bit Secure EL3 performs return ERET to 32-bit Secure EL1] 4. 32-bit Secure EL1 receives prefetch abort If CPU's env->pc is not set to the same value as env->regs[15], during ERET the simulator will try to fetch instruction from EL3's virtual address inside 32-bit Secure EL1 virtual address space. This will cause Prefetch Abort in 32-bit Secure EL1. Problem occurs because of the following code generation scheme: 1. disas_uncond_b_reg will decode ERET 2. gen_helper_exception_return(cpu_env) will generate thunk to helper_exception_return 3. s->is_jmp is set to DISAS_JUMP 4. gen_intermediate_code_a64 will see dc->is_jmp =3D=3D DISAS_JUMP 5. tcg_gen_lookup_and_goto_ptr(cpu_pc) will be called which trigger access cpu->pc to fetch next opcode At this point cpu->pc will have EL3's PC value. Signed-off-by: Jaroslaw Pelczar --- target/arm/op_helper.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c index 2a85666..8222c19 100644 --- a/target/arm/op_helper.c +++ b/target/arm/op_helper.c @@ -1027,6 +1027,9 @@ void HELPER(exception_return)(CPUARMState *env) } else { env->regs[15] =3D env->elr_el[cur_el] & ~0x3; } + + env->pc =3D env->regs[15]; + qemu_log_mask(CPU_LOG_INT, "Exception return from AArch64 EL%d to " "AArch32 EL%d PC 0x%" PRIx32 "\n", cur_el, new_el, env->regs[15]); --=20 2.7.4 =09