From nobody Sun May 5 20:12:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1574431327; cv=none; d=zohomail.com; s=zohoarc; b=lk4Vlmw+r5qrZiBlTkpNmSZPsxOFtBXtQ91zOddRQCYlxuXbxyM9W0mq4MbjZmn6DL85tmM+6VYmG9UcDCIWsacZp0uEMmTHPI1zcaxkaQt+6R9OGiJhs4aDI/BXAdr6CEOv/M5yC2pyoXNKyKiEdyuwSQEo68ATskK7B1LXhXk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1574431327; h=Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=6760eX3eGm8RceJnFp678piXx2oPlL6mAy/nmhQckpQ=; b=HN7YBygmwD3DBJeIJXmpYgywKyZdZJoiwG4CQuQQB1PKyThqq1K1McZjNAU2R1yBSX6ohXdKK4ZsVOy/mmkFnLZoQXrYUGljL0sRcEw+zYviIVmx4r666wcBPacjnT1iBpOyNHvfpD3oxCb26gtnCfQsq23jVxrNVkl6SrfWA+M= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1574431327002823.8786644314753; Fri, 22 Nov 2019 06:02:07 -0800 (PST) Received: from localhost ([::1]:51250 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iY9Va-0002Bw-I1 for importer@patchew.org; Fri, 22 Nov 2019 09:02:02 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:58332) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iY9Sk-0000WH-Oa for qemu-devel@nongnu.org; Fri, 22 Nov 2019 08:59:07 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iY9Sj-0004NZ-HX for qemu-devel@nongnu.org; Fri, 22 Nov 2019 08:59:06 -0500 Received: from inca-roads.misterjones.org ([213.251.177.50]:37816) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1iY9Sj-0004N3-BI for qemu-devel@nongnu.org; Fri, 22 Nov 2019 08:59:05 -0500 Received: from 78.163-31-62.static.virginmediabusiness.co.uk ([62.31.163.78] helo=why.lan) by cheepnis.misterjones.org with esmtpsa (TLSv1.2:DHE-RSA-AES128-GCM-SHA256:128) (Exim 4.80) (envelope-from ) id 1iY9Sf-0003Nj-Qt; Fri, 22 Nov 2019 14:59:01 +0100 From: Marc Zyngier To: qemu-devel@nongnu.org Subject: [PATCH] target/arm: Fix ISR_EL1 tracking when executing at EL2 Date: Fri, 22 Nov 2019 13:58:33 +0000 Message-Id: <20191122135833.28953-1-maz@kernel.org> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-SA-Exim-Connect-IP: 62.31.163.78 X-SA-Exim-Rcpt-To: qemu-devel@nongnu.org, kvmarm@lists.cs.columbia.edu, will@kernel.org, peter.maydell@linaro.org, qperret@google.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on cheepnis.misterjones.org); SAEximRunCond expanded to false X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [fuzzy] X-Received-From: 213.251.177.50 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Will Deacon , kvmarm@lists.cs.columbia.edu, Quentin Perret Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" The ARMv8 ARM states when executing at EL2, EL3 or Secure EL1, ISR_EL1 shows the pending status of the physical IRQ, FIQ, or SError interrupts. Unfortunately, QEMU's implementation only considers the HCR_EL2 bits, and ignores the current exception level. This means a hypervisor trying to look at its own interrupt state actually sees the guest state, which is unexpected and breaks KVM as of Linux 5.3. Instead, check for the running EL and return the physical bits if not running in a virtualized context. Fixes: 636540e9c40b Reported-by: Quentin Perret Signed-off-by: Marc Zyngier Reviewed-by: Edgar E. Iglesias --- target/arm/helper.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index a089fb5a69..027fffbff6 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -1934,8 +1934,11 @@ static uint64_t isr_read(CPUARMState *env, const ARM= CPRegInfo *ri) CPUState *cs =3D env_cpu(env); uint64_t hcr_el2 =3D arm_hcr_el2_eff(env); uint64_t ret =3D 0; + bool allow_virt =3D (arm_current_el(env) =3D=3D 1 && + (!arm_is_secure_below_el3(env) || + (env->cp15.scr_el3 & SCR_EEL2))); =20 - if (hcr_el2 & HCR_IMO) { + if (allow_virt && (hcr_el2 & HCR_IMO)) { if (cs->interrupt_request & CPU_INTERRUPT_VIRQ) { ret |=3D CPSR_I; } @@ -1945,7 +1948,7 @@ static uint64_t isr_read(CPUARMState *env, const ARMC= PRegInfo *ri) } } =20 - if (hcr_el2 & HCR_FMO) { + if (allow_virt && (hcr_el2 & HCR_FMO)) { if (cs->interrupt_request & CPU_INTERRUPT_VFIQ) { ret |=3D CPSR_F; } --=20 2.17.1