Bug https://bugs.launchpad.net/qemu/+bug/1838913 reports that
when doing architectural singlestepping we send the singlestep
exceptions to EL1, even if the guest has configured the debug
exception level to be EL2 or EL3.
This patchset fixes that, by putting the debug target EL into
the TB flags and sending exceptions there, rather than sending
them to the default exception level.
Patch 1 is a preliminary refactoring out of the "generate the
exception" code into translate.h; we then have a single
place to do the actual fix, which is in patch 2.
(This bug has been present for ages, and it only affects
guests that try to do debug to EL2, which is pretty rare,
so it's not 4.1 material, especially at this point in the
release cycle.)
thanks
-- PMM
Peter Maydell (2):
target/arm: Factor out 'generate singlestep exception' function
target/arm: Fix routing of singlestep exceptions
target/arm/cpu.h | 5 +++++
target/arm/translate.h | 34 ++++++++++++++++++++++++++++++++--
target/arm/helper.c | 6 ++++++
target/arm/translate-a64.c | 21 +++------------------
target/arm/translate.c | 24 +++++-------------------
5 files changed, 51 insertions(+), 39 deletions(-)
--
2.20.1