[PULL 0/4] target-arm queue
[PULL 0/8] target-arm queue
1
Arm patches for rc3 : just a handful of bug fixes.
1
The following changes since commit aa9e7fa4689d1becb2faf67f65aafcbcf664f1ce:
2
2
3
thanks
3
Merge tag 'edk2-stable202302-20230320-pull-request' of https://gitlab.com/kraxel/qemu into staging (2023-03-20 13:43:35 +0000)
4
-- PMM
5
6
7
The following changes since commit 4ecc984210ca1bf508a96a550ec8a93a5f833f6c:
8
9
Merge remote-tracking branch 'remotes/palmer/tags/riscv-for-master-4.2-rc3' into staging (2019-11-26 12:36:40 +0000)
10
4
11
are available in the Git repository at:
5
are available in the Git repository at:
12
6
13
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20191126
7
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230321
14
8
15
for you to fetch changes up to 6a4ef4e5d1084ce41fafa7d470a644b0fd3d9317:
9
for you to fetch changes up to 5787d17a42f7af4bd117e5d6bfa54b1fdf93c255:
16
10
17
target/arm: Honor HCR_EL2.TID3 trapping requirements (2019-11-26 13:55:37 +0000)
11
target/arm: Don't advertise aarch64-pauth.xml to gdb (2023-03-21 13:19:08 +0000)
18
12
19
----------------------------------------------------------------
13
----------------------------------------------------------------
20
target-arm queue:
14
target-arm queue:
21
* handle FTYPE flag correctly in v7M exception return
15
* contrib/elf2dmp: Support Windows Server 2022
22
for v7M CPUs with an FPU (v8M CPUs were already correct)
16
* hw/char/cadence_uart: Fix guards on invalid BRGR/BDIV settings
23
* versal: Add the CRP as unimplemented
17
* target/arm: Add Neoverse-N1 IMPDEF registers
24
* Fix ISR_EL1 tracking when executing at EL2
18
* hw/usb/imx: Fix out of bounds access in imx_usbphy_read()
25
* Honor HCR_EL2.TID3 trapping requirements
19
* docs/system/arm/cpu-features.rst: Fix formatting
20
* target/arm: Don't advertise aarch64-pauth.xml to gdb
26
21
27
----------------------------------------------------------------
22
----------------------------------------------------------------
28
Edgar E. Iglesias (1):
23
Chen Baozi (1):
29
hw/arm: versal: Add the CRP as unimplemented
24
target/arm: Add Neoverse-N1 registers
30
25
31
Jean-Hugues Deschênes (1):
26
Guenter Roeck (1):
32
target/arm: Fix handling of cortex-m FTYPE flag in EXCRET
27
hw/usb/imx: Fix out of bounds access in imx_usbphy_read()
33
28
34
Marc Zyngier (2):
29
Peter Maydell (3):
35
target/arm: Fix ISR_EL1 tracking when executing at EL2
30
hw/char/cadence_uart: Fix guards on invalid BRGR/BDIV settings
36
target/arm: Honor HCR_EL2.TID3 trapping requirements
31
docs/system/arm/cpu-features.rst: Fix formatting
32
target/arm: Don't advertise aarch64-pauth.xml to gdb
37
33
38
include/hw/arm/xlnx-versal.h | 3 ++
34
Viktor Prutyanov (3):
39
hw/arm/xlnx-versal.c | 2 ++
35
contrib/elf2dmp: fix code style
40
target/arm/helper.c | 83 ++++++++++++++++++++++++++++++++++++++++++--
36
contrib/elf2dmp: move PE dir search to pe_get_data_dir_entry
41
target/arm/m_helper.c | 7 ++--
37
contrib/elf2dmp: add PE name check and Windows Server 2022 support
42
4 files changed, 89 insertions(+), 6 deletions(-)
43
38
39
docs/system/arm/cpu-features.rst | 68 ++++++++++-------------
40
contrib/elf2dmp/pe.h | 115 ++++++++++++++++++++++-----------------
41
contrib/elf2dmp/addrspace.c | 1 +
42
contrib/elf2dmp/main.c | 108 ++++++++++++++++++++++++------------
43
hw/char/cadence_uart.c | 6 +-
44
hw/usb/imx-usb-phy.c | 19 ++++++-
45
target/arm/cpu64.c | 69 +++++++++++++++++++++++
46
target/arm/gdbstub.c | 7 +++
47
8 files changed, 267 insertions(+), 126 deletions(-)
diff view generated by jsdifflib
New patch
[PULL 1/8] target/arm: Add Neoverse-N1 registers
1
From: Chen Baozi <chenbaozi@phytium.com.cn>
1
2
3
Add implementation defined registers for neoverse-n1 which
4
would be accessed by TF-A. Since there is no DSU in Qemu,
5
CPUCFR_EL1.SCU bit is set to 1 to avoid DSU registers definition.
6
7
Signed-off-by: Chen Baozi <chenbaozi@phytium.com.cn>
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
9
Tested-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
10
Message-id: 20230313033936.585669-1-chenbaozi@phytium.com.cn
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
---
13
target/arm/cpu64.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++
14
1 file changed, 69 insertions(+)
15
16
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
17
index XXXXXXX..XXXXXXX 100644
18
--- a/target/arm/cpu64.c
19
+++ b/target/arm/cpu64.c
20
@@ -XXX,XX +XXX,XX @@
21
#include "qemu/osdep.h"
22
#include "qapi/error.h"
23
#include "cpu.h"
24
+#include "cpregs.h"
25
#include "qemu/module.h"
26
#include "sysemu/kvm.h"
27
#include "sysemu/hvf.h"
28
@@ -XXX,XX +XXX,XX @@ static void aarch64_a64fx_initfn(Object *obj)
29
/* TODO: Add A64FX specific HPC extension registers */
30
}
31
32
+static const ARMCPRegInfo neoverse_n1_cp_reginfo[] = {
33
+ { .name = "ATCR_EL1", .state = ARM_CP_STATE_AA64,
34
+ .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 7, .opc2 = 0,
35
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
36
+ { .name = "ATCR_EL2", .state = ARM_CP_STATE_AA64,
37
+ .opc0 = 3, .opc1 = 4, .crn = 15, .crm = 7, .opc2 = 0,
38
+ .access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
39
+ { .name = "ATCR_EL3", .state = ARM_CP_STATE_AA64,
40
+ .opc0 = 3, .opc1 = 6, .crn = 15, .crm = 7, .opc2 = 0,
41
+ .access = PL3_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
42
+ { .name = "ATCR_EL12", .state = ARM_CP_STATE_AA64,
43
+ .opc0 = 3, .opc1 = 5, .crn = 15, .crm = 7, .opc2 = 0,
44
+ .access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
45
+ { .name = "AVTCR_EL2", .state = ARM_CP_STATE_AA64,
46
+ .opc0 = 3, .opc1 = 4, .crn = 15, .crm = 7, .opc2 = 1,
47
+ .access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
48
+ { .name = "CPUACTLR_EL1", .state = ARM_CP_STATE_AA64,
49
+ .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 1, .opc2 = 0,
50
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
51
+ { .name = "CPUACTLR2_EL1", .state = ARM_CP_STATE_AA64,
52
+ .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 1, .opc2 = 1,
53
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
54
+ { .name = "CPUACTLR3_EL1", .state = ARM_CP_STATE_AA64,
55
+ .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 1, .opc2 = 2,
56
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
57
+ /*
58
+ * Report CPUCFR_EL1.SCU as 1, as we do not implement the DSU
59
+ * (and in particular its system registers).
60
+ */
61
+ { .name = "CPUCFR_EL1", .state = ARM_CP_STATE_AA64,
62
+ .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 0, .opc2 = 0,
63
+ .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 4 },
64
+ { .name = "CPUECTLR_EL1", .state = ARM_CP_STATE_AA64,
65
+ .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 1, .opc2 = 4,
66
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0x961563010 },
67
+ { .name = "CPUPCR_EL3", .state = ARM_CP_STATE_AA64,
68
+ .opc0 = 3, .opc1 = 6, .crn = 15, .crm = 8, .opc2 = 1,
69
+ .access = PL3_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
70
+ { .name = "CPUPMR_EL3", .state = ARM_CP_STATE_AA64,
71
+ .opc0 = 3, .opc1 = 6, .crn = 15, .crm = 8, .opc2 = 3,
72
+ .access = PL3_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
73
+ { .name = "CPUPOR_EL3", .state = ARM_CP_STATE_AA64,
74
+ .opc0 = 3, .opc1 = 6, .crn = 15, .crm = 8, .opc2 = 2,
75
+ .access = PL3_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
76
+ { .name = "CPUPSELR_EL3", .state = ARM_CP_STATE_AA64,
77
+ .opc0 = 3, .opc1 = 6, .crn = 15, .crm = 8, .opc2 = 0,
78
+ .access = PL3_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
79
+ { .name = "CPUPWRCTLR_EL1", .state = ARM_CP_STATE_AA64,
80
+ .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 2, .opc2 = 7,
81
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
82
+ { .name = "ERXPFGCDN_EL1", .state = ARM_CP_STATE_AA64,
83
+ .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 2, .opc2 = 2,
84
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
85
+ { .name = "ERXPFGCTL_EL1", .state = ARM_CP_STATE_AA64,
86
+ .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 2, .opc2 = 1,
87
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
88
+ { .name = "ERXPFGF_EL1", .state = ARM_CP_STATE_AA64,
89
+ .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 2, .opc2 = 0,
90
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
91
+};
92
+
93
+static void define_neoverse_n1_cp_reginfo(ARMCPU *cpu)
94
+{
95
+ define_arm_cp_regs(cpu, neoverse_n1_cp_reginfo);
96
+}
97
+
98
static void aarch64_neoverse_n1_initfn(Object *obj)
99
{
100
ARMCPU *cpu = ARM_CPU(obj);
101
@@ -XXX,XX +XXX,XX @@ static void aarch64_neoverse_n1_initfn(Object *obj)
102
103
/* From D5.1 AArch64 PMU register summary */
104
cpu->isar.reset_pmcr_el0 = 0x410c3000;
105
+
106
+ define_neoverse_n1_cp_reginfo(cpu);
107
}
108
109
static void aarch64_host_initfn(Object *obj)
110
--
111
2.34.1
diff view generated by jsdifflib
[PULL 2/4] hw/arm: versal: Add the CRP as unimplemented
[PULL 2/8] hw/char/cadence_uart: Fix guards on invalid BRGR/BDIV settings
1
From: "Edgar E. Iglesias" <edgar.iglesias@xilinx.com>
1
The cadence UART attempts to avoid allowing the guest to set invalid
2
baud rate register values in the uart_write() function. However it
3
does the "mask to the size of the register field" and "check for
4
invalid values" in the wrong order, which means that a malicious
5
guest can get a bogus value into the register by setting also some
6
high bits in the value, and cause QEMU to crash by division-by-zero.
2
7
3
Add the CRP as unimplemented thus avoiding bus errors when
8
Do the mask before the bounds check instead of afterwards.
4
guests access these registers.
5
9
6
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
10
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1493
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Reviewed-by: Thomas Huth <thuth@redhat.com>
13
Reviewed-by: Edgar E. Iglesias <edgar@zeroasic.com>
14
Reviewed-by: Wilfred Mallawa <wilfred.mallawa@wdc.com>
7
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
15
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
8
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
16
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
9
Message-id: 20191115154734.26449-2-edgar.iglesias@gmail.com
17
Tested-by: Qiang Liu <cyruscyliu@gmail.com>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
18
Message-id: 20230314170804.1196232-1-peter.maydell@linaro.org
11
---
19
---
12
include/hw/arm/xlnx-versal.h | 3 +++
20
hw/char/cadence_uart.c | 6 ++++--
13
hw/arm/xlnx-versal.c | 2 ++
21
1 file changed, 4 insertions(+), 2 deletions(-)
14
2 files changed, 5 insertions(+)
15
22
16
diff --git a/include/hw/arm/xlnx-versal.h b/include/hw/arm/xlnx-versal.h
23
diff --git a/hw/char/cadence_uart.c b/hw/char/cadence_uart.c
17
index XXXXXXX..XXXXXXX 100644
24
index XXXXXXX..XXXXXXX 100644
18
--- a/include/hw/arm/xlnx-versal.h
25
--- a/hw/char/cadence_uart.c
19
+++ b/include/hw/arm/xlnx-versal.h
26
+++ b/hw/char/cadence_uart.c
20
@@ -XXX,XX +XXX,XX @@ typedef struct Versal {
27
@@ -XXX,XX +XXX,XX @@ static MemTxResult uart_write(void *opaque, hwaddr offset,
21
#define MM_IOU_SCNTRS_SIZE 0x10000
28
}
22
#define MM_FPD_CRF 0xfd1a0000U
29
break;
23
#define MM_FPD_CRF_SIZE 0x140000
30
case R_BRGR: /* Baud rate generator */
24
+
31
+ value &= 0xffff;
25
+#define MM_PMC_CRP 0xf1260000U
32
if (value >= 0x01) {
26
+#define MM_PMC_CRP_SIZE 0x10000
33
- s->r[offset] = value & 0xFFFF;
27
#endif
34
+ s->r[offset] = value;
28
diff --git a/hw/arm/xlnx-versal.c b/hw/arm/xlnx-versal.c
35
}
29
index XXXXXXX..XXXXXXX 100644
36
break;
30
--- a/hw/arm/xlnx-versal.c
37
case R_BDIV: /* Baud rate divider */
31
+++ b/hw/arm/xlnx-versal.c
38
+ value &= 0xff;
32
@@ -XXX,XX +XXX,XX @@ static void versal_unimp(Versal *s)
39
if (value >= 0x04) {
33
MM_CRL, MM_CRL_SIZE);
40
- s->r[offset] = value & 0xFF;
34
versal_unimp_area(s, "crf", &s->mr_ps,
41
+ s->r[offset] = value;
35
MM_FPD_CRF, MM_FPD_CRF_SIZE);
42
}
36
+ versal_unimp_area(s, "crp", &s->mr_ps,
43
break;
37
+ MM_PMC_CRP, MM_PMC_CRP_SIZE);
44
default:
38
versal_unimp_area(s, "iou-scntr", &s->mr_ps,
39
MM_IOU_SCNTR, MM_IOU_SCNTR_SIZE);
40
versal_unimp_area(s, "iou-scntr-seucre", &s->mr_ps,
41
--
45
--
42
2.20.1
46
2.34.1
43
47
44
48
diff view generated by jsdifflib
New patch
[PULL 3/8] contrib/elf2dmp: fix code style
1
From: Viktor Prutyanov <viktor@daynix.com>
1
2
3
Originally elf2dmp were added with some code style issues,
4
especially in pe.h header, and some were introduced by
5
2d0fc797faaa73fbc1d30f5f9e90407bf3dd93f0. Fix them now.
6
7
Signed-off-by: Viktor Prutyanov <viktor@daynix.com>
8
Reviewed-by: Annie Li <annie.li@oracle.com>
9
Message-id: 20230222211246.883679-2-viktor@daynix.com
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
12
contrib/elf2dmp/pe.h | 100 ++++++++++++++++++------------------
13
contrib/elf2dmp/addrspace.c | 1 +
14
contrib/elf2dmp/main.c | 9 ++--
15
3 files changed, 57 insertions(+), 53 deletions(-)
16
17
diff --git a/contrib/elf2dmp/pe.h b/contrib/elf2dmp/pe.h
18
index XXXXXXX..XXXXXXX 100644
19
--- a/contrib/elf2dmp/pe.h
20
+++ b/contrib/elf2dmp/pe.h
21
@@ -XXX,XX +XXX,XX @@ typedef struct IMAGE_DOS_HEADER {
22
} __attribute__ ((packed)) IMAGE_DOS_HEADER;
23
24
typedef struct IMAGE_FILE_HEADER {
25
- uint16_t Machine;
26
- uint16_t NumberOfSections;
27
- uint32_t TimeDateStamp;
28
- uint32_t PointerToSymbolTable;
29
- uint32_t NumberOfSymbols;
30
- uint16_t SizeOfOptionalHeader;
31
- uint16_t Characteristics;
32
+ uint16_t Machine;
33
+ uint16_t NumberOfSections;
34
+ uint32_t TimeDateStamp;
35
+ uint32_t PointerToSymbolTable;
36
+ uint32_t NumberOfSymbols;
37
+ uint16_t SizeOfOptionalHeader;
38
+ uint16_t Characteristics;
39
} __attribute__ ((packed)) IMAGE_FILE_HEADER;
40
41
typedef struct IMAGE_DATA_DIRECTORY {
42
- uint32_t VirtualAddress;
43
- uint32_t Size;
44
+ uint32_t VirtualAddress;
45
+ uint32_t Size;
46
} __attribute__ ((packed)) IMAGE_DATA_DIRECTORY;
47
48
#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16
49
50
typedef struct IMAGE_OPTIONAL_HEADER64 {
51
- uint16_t Magic; /* 0x20b */
52
- uint8_t MajorLinkerVersion;
53
- uint8_t MinorLinkerVersion;
54
- uint32_t SizeOfCode;
55
- uint32_t SizeOfInitializedData;
56
- uint32_t SizeOfUninitializedData;
57
- uint32_t AddressOfEntryPoint;
58
- uint32_t BaseOfCode;
59
- uint64_t ImageBase;
60
- uint32_t SectionAlignment;
61
- uint32_t FileAlignment;
62
- uint16_t MajorOperatingSystemVersion;
63
- uint16_t MinorOperatingSystemVersion;
64
- uint16_t MajorImageVersion;
65
- uint16_t MinorImageVersion;
66
- uint16_t MajorSubsystemVersion;
67
- uint16_t MinorSubsystemVersion;
68
- uint32_t Win32VersionValue;
69
- uint32_t SizeOfImage;
70
- uint32_t SizeOfHeaders;
71
- uint32_t CheckSum;
72
- uint16_t Subsystem;
73
- uint16_t DllCharacteristics;
74
- uint64_t SizeOfStackReserve;
75
- uint64_t SizeOfStackCommit;
76
- uint64_t SizeOfHeapReserve;
77
- uint64_t SizeOfHeapCommit;
78
- uint32_t LoaderFlags;
79
- uint32_t NumberOfRvaAndSizes;
80
- IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
81
+ uint16_t Magic; /* 0x20b */
82
+ uint8_t MajorLinkerVersion;
83
+ uint8_t MinorLinkerVersion;
84
+ uint32_t SizeOfCode;
85
+ uint32_t SizeOfInitializedData;
86
+ uint32_t SizeOfUninitializedData;
87
+ uint32_t AddressOfEntryPoint;
88
+ uint32_t BaseOfCode;
89
+ uint64_t ImageBase;
90
+ uint32_t SectionAlignment;
91
+ uint32_t FileAlignment;
92
+ uint16_t MajorOperatingSystemVersion;
93
+ uint16_t MinorOperatingSystemVersion;
94
+ uint16_t MajorImageVersion;
95
+ uint16_t MinorImageVersion;
96
+ uint16_t MajorSubsystemVersion;
97
+ uint16_t MinorSubsystemVersion;
98
+ uint32_t Win32VersionValue;
99
+ uint32_t SizeOfImage;
100
+ uint32_t SizeOfHeaders;
101
+ uint32_t CheckSum;
102
+ uint16_t Subsystem;
103
+ uint16_t DllCharacteristics;
104
+ uint64_t SizeOfStackReserve;
105
+ uint64_t SizeOfStackCommit;
106
+ uint64_t SizeOfHeapReserve;
107
+ uint64_t SizeOfHeapCommit;
108
+ uint32_t LoaderFlags;
109
+ uint32_t NumberOfRvaAndSizes;
110
+ IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
111
} __attribute__ ((packed)) IMAGE_OPTIONAL_HEADER64;
112
113
typedef struct IMAGE_NT_HEADERS64 {
114
- uint32_t Signature;
115
- IMAGE_FILE_HEADER FileHeader;
116
- IMAGE_OPTIONAL_HEADER64 OptionalHeader;
117
+ uint32_t Signature;
118
+ IMAGE_FILE_HEADER FileHeader;
119
+ IMAGE_OPTIONAL_HEADER64 OptionalHeader;
120
} __attribute__ ((packed)) IMAGE_NT_HEADERS64;
121
122
typedef struct IMAGE_DEBUG_DIRECTORY {
123
- uint32_t Characteristics;
124
- uint32_t TimeDateStamp;
125
- uint16_t MajorVersion;
126
- uint16_t MinorVersion;
127
- uint32_t Type;
128
- uint32_t SizeOfData;
129
- uint32_t AddressOfRawData;
130
- uint32_t PointerToRawData;
131
+ uint32_t Characteristics;
132
+ uint32_t TimeDateStamp;
133
+ uint16_t MajorVersion;
134
+ uint16_t MinorVersion;
135
+ uint32_t Type;
136
+ uint32_t SizeOfData;
137
+ uint32_t AddressOfRawData;
138
+ uint32_t PointerToRawData;
139
} __attribute__ ((packed)) IMAGE_DEBUG_DIRECTORY;
140
141
#define IMAGE_DEBUG_TYPE_CODEVIEW 2
142
diff --git a/contrib/elf2dmp/addrspace.c b/contrib/elf2dmp/addrspace.c
143
index XXXXXXX..XXXXXXX 100644
144
--- a/contrib/elf2dmp/addrspace.c
145
+++ b/contrib/elf2dmp/addrspace.c
146
@@ -XXX,XX +XXX,XX @@
147
static struct pa_block *pa_space_find_block(struct pa_space *ps, uint64_t pa)
148
{
149
size_t i;
150
+
151
for (i = 0; i < ps->block_nr; i++) {
152
if (ps->block[i].paddr <= pa &&
153
pa <= ps->block[i].paddr + ps->block[i].size) {
154
diff --git a/contrib/elf2dmp/main.c b/contrib/elf2dmp/main.c
155
index XXXXXXX..XXXXXXX 100644
156
--- a/contrib/elf2dmp/main.c
157
+++ b/contrib/elf2dmp/main.c
158
@@ -XXX,XX +XXX,XX @@ static int fill_header(WinDumpHeader64 *hdr, struct pa_space *ps,
159
};
160
161
for (i = 0; i < ps->block_nr; i++) {
162
- h.PhysicalMemoryBlock.NumberOfPages += ps->block[i].size / ELF2DMP_PAGE_SIZE;
163
+ h.PhysicalMemoryBlock.NumberOfPages +=
164
+ ps->block[i].size / ELF2DMP_PAGE_SIZE;
165
h.PhysicalMemoryBlock.Run[i] = (WinDumpPhyMemRun64) {
166
.BasePage = ps->block[i].paddr / ELF2DMP_PAGE_SIZE,
167
.PageCount = ps->block[i].size / ELF2DMP_PAGE_SIZE,
168
};
169
}
170
171
- h.RequiredDumpSpace += h.PhysicalMemoryBlock.NumberOfPages << ELF2DMP_PAGE_BITS;
172
+ h.RequiredDumpSpace +=
173
+ h.PhysicalMemoryBlock.NumberOfPages << ELF2DMP_PAGE_BITS;
174
175
*hdr = h;
176
177
@@ -XXX,XX +XXX,XX @@ static int fill_header(WinDumpHeader64 *hdr, struct pa_space *ps,
178
static int fill_context(KDDEBUGGER_DATA64 *kdbg,
179
struct va_space *vs, QEMU_Elf *qe)
180
{
181
- int i;
182
+ int i;
183
+
184
for (i = 0; i < qe->state_nr; i++) {
185
uint64_t Prcb;
186
uint64_t Context;
187
--
188
2.34.1
diff view generated by jsdifflib
[PULL 4/4] target/arm: Honor HCR_EL2.TID3 trapping requirements
[PULL 4/8] contrib/elf2dmp: move PE dir search to pe_get_data_dir_entry
1
From: Marc Zyngier <maz@kernel.org>
1
From: Viktor Prutyanov <viktor@daynix.com>
2
2
3
HCR_EL2.TID3 mandates that access from EL1 to a long list of id
3
Move out PE directory search functionality to be reused not only
4
registers traps to EL2, and QEMU has so far ignored this requirement.
4
for Debug Directory processing but for arbitrary PE directory.
5
5
6
This breaks (among other things) KVM guests that have PtrAuth enabled,
6
Signed-off-by: Viktor Prutyanov <viktor@daynix.com>
7
while the hypervisor doesn't want to expose the feature to its guest.
7
Reviewed-by: Annie Li <annie.li@oracle.com>
8
To achieve this, KVM traps the ID registers (ID_AA64ISAR1_EL1 in this
8
Message-id: 20230222211246.883679-3-viktor@daynix.com
9
case), and masks out the unsupported feature.
10
11
QEMU not honoring the trap request means that the guest observes
12
that the feature is present in the HW, starts using it, and dies
13
a horrible death when KVM injects an UNDEF, because the feature
14
*really* isn't supported.
15
16
Do the right thing by trapping to EL2 if HCR_EL2.TID3 is set.
17
18
Note that this change does not include trapping of the MVFR
19
registers from AArch32 (they are accessed via the VMRS
20
instruction and need to be handled in a different way).
21
22
Reported-by: Will Deacon <will@kernel.org>
23
Signed-off-by: Marc Zyngier <maz@kernel.org>
24
Tested-by: Will Deacon <will@kernel.org>
25
Message-id: 20191123115618.29230-1-maz@kernel.org
26
[PMM: added missing accessfn line for ID_AA4PFR2_EL1_RESERVED;
27
changed names of access functions to include _tid3]
28
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
29
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
30
---
10
---
31
target/arm/helper.c | 76 +++++++++++++++++++++++++++++++++++++++++++++
11
contrib/elf2dmp/main.c | 71 +++++++++++++++++++++++++-----------------
32
1 file changed, 76 insertions(+)
12
1 file changed, 42 insertions(+), 29 deletions(-)
33
13
34
diff --git a/target/arm/helper.c b/target/arm/helper.c
14
diff --git a/contrib/elf2dmp/main.c b/contrib/elf2dmp/main.c
35
index XXXXXXX..XXXXXXX 100644
15
index XXXXXXX..XXXXXXX 100644
36
--- a/target/arm/helper.c
16
--- a/contrib/elf2dmp/main.c
37
+++ b/target/arm/helper.c
17
+++ b/contrib/elf2dmp/main.c
38
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo predinv_reginfo[] = {
18
@@ -XXX,XX +XXX,XX @@ static int fill_context(KDDEBUGGER_DATA64 *kdbg,
39
REGINFO_SENTINEL
19
return 0;
40
};
20
}
41
21
42
+static CPAccessResult access_aa64_tid3(CPUARMState *env, const ARMCPRegInfo *ri,
22
+static int pe_get_data_dir_entry(uint64_t base, void *start_addr, int idx,
43
+ bool isread)
23
+ void *entry, size_t size, struct va_space *vs)
44
+{
24
+{
45
+ if ((arm_current_el(env) < 2) && (arm_hcr_el2_eff(env) & HCR_TID3)) {
25
+ const char e_magic[2] = "MZ";
46
+ return CP_ACCESS_TRAP_EL2;
26
+ const char Signature[4] = "PE\0\0";
27
+ IMAGE_DOS_HEADER *dos_hdr = start_addr;
28
+ IMAGE_NT_HEADERS64 nt_hdrs;
29
+ IMAGE_FILE_HEADER *file_hdr = &nt_hdrs.FileHeader;
30
+ IMAGE_OPTIONAL_HEADER64 *opt_hdr = &nt_hdrs.OptionalHeader;
31
+ IMAGE_DATA_DIRECTORY *data_dir = nt_hdrs.OptionalHeader.DataDirectory;
32
+
33
+ QEMU_BUILD_BUG_ON(sizeof(*dos_hdr) >= ELF2DMP_PAGE_SIZE);
34
+
35
+ if (memcmp(&dos_hdr->e_magic, e_magic, sizeof(e_magic))) {
36
+ return 1;
47
+ }
37
+ }
48
+
38
+
49
+ return CP_ACCESS_OK;
39
+ if (va_space_rw(vs, base + dos_hdr->e_lfanew,
40
+ &nt_hdrs, sizeof(nt_hdrs), 0)) {
41
+ return 1;
42
+ }
43
+
44
+ if (memcmp(&nt_hdrs.Signature, Signature, sizeof(Signature)) ||
45
+ file_hdr->Machine != 0x8664 || opt_hdr->Magic != 0x020b) {
46
+ return 1;
47
+ }
48
+
49
+ if (va_space_rw(vs,
50
+ base + data_dir[idx].VirtualAddress,
51
+ entry, size, 0)) {
52
+ return 1;
53
+ }
54
+
55
+ printf("Data directory entry #%d: RVA = 0x%08"PRIx32"\n", idx,
56
+ (uint32_t)data_dir[idx].VirtualAddress);
57
+
58
+ return 0;
50
+}
59
+}
51
+
60
+
52
+static CPAccessResult access_aa32_tid3(CPUARMState *env, const ARMCPRegInfo *ri,
61
static int write_dump(struct pa_space *ps,
53
+ bool isread)
62
WinDumpHeader64 *hdr, const char *name)
54
+{
55
+ if (arm_feature(env, ARM_FEATURE_V8)) {
56
+ return access_aa64_tid3(env, ri, isread);
57
+ }
58
+
59
+ return CP_ACCESS_OK;
60
+}
61
+
62
void register_cp_regs_for_features(ARMCPU *cpu)
63
{
63
{
64
/* Register all the coprocessor registers based on feature bits */
64
@@ -XXX,XX +XXX,XX @@ static int write_dump(struct pa_space *ps,
65
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
65
static int pe_get_pdb_symstore_hash(uint64_t base, void *start_addr,
66
{ .name = "ID_PFR0", .state = ARM_CP_STATE_BOTH,
66
char *hash, struct va_space *vs)
67
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 0,
67
{
68
.access = PL1_R, .type = ARM_CP_CONST,
68
- const char e_magic[2] = "MZ";
69
+ .accessfn = access_aa32_tid3,
69
- const char Signature[4] = "PE\0\0";
70
.resetvalue = cpu->id_pfr0 },
70
const char sign_rsds[4] = "RSDS";
71
/* ID_PFR1 is not a plain ARM_CP_CONST because we don't know
71
- IMAGE_DOS_HEADER *dos_hdr = start_addr;
72
* the value of the GIC field until after we define these regs.
72
- IMAGE_NT_HEADERS64 nt_hdrs;
73
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
73
- IMAGE_FILE_HEADER *file_hdr = &nt_hdrs.FileHeader;
74
{ .name = "ID_PFR1", .state = ARM_CP_STATE_BOTH,
74
- IMAGE_OPTIONAL_HEADER64 *opt_hdr = &nt_hdrs.OptionalHeader;
75
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 1,
75
- IMAGE_DATA_DIRECTORY *data_dir = nt_hdrs.OptionalHeader.DataDirectory;
76
.access = PL1_R, .type = ARM_CP_NO_RAW,
76
IMAGE_DEBUG_DIRECTORY debug_dir;
77
+ .accessfn = access_aa32_tid3,
77
OMFSignatureRSDS rsds;
78
.readfn = id_pfr1_read,
78
char *pdb_name;
79
.writefn = arm_cp_write_ignore },
79
size_t pdb_name_sz;
80
{ .name = "ID_DFR0", .state = ARM_CP_STATE_BOTH,
80
size_t i;
81
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 2,
81
82
.access = PL1_R, .type = ARM_CP_CONST,
82
- QEMU_BUILD_BUG_ON(sizeof(*dos_hdr) >= ELF2DMP_PAGE_SIZE);
83
+ .accessfn = access_aa32_tid3,
83
-
84
.resetvalue = cpu->id_dfr0 },
84
- if (memcmp(&dos_hdr->e_magic, e_magic, sizeof(e_magic))) {
85
{ .name = "ID_AFR0", .state = ARM_CP_STATE_BOTH,
85
- return 1;
86
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 3,
86
- }
87
.access = PL1_R, .type = ARM_CP_CONST,
87
-
88
+ .accessfn = access_aa32_tid3,
88
- if (va_space_rw(vs, base + dos_hdr->e_lfanew,
89
.resetvalue = cpu->id_afr0 },
89
- &nt_hdrs, sizeof(nt_hdrs), 0)) {
90
{ .name = "ID_MMFR0", .state = ARM_CP_STATE_BOTH,
90
- return 1;
91
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 4,
91
- }
92
.access = PL1_R, .type = ARM_CP_CONST,
92
-
93
+ .accessfn = access_aa32_tid3,
93
- if (memcmp(&nt_hdrs.Signature, Signature, sizeof(Signature)) ||
94
.resetvalue = cpu->id_mmfr0 },
94
- file_hdr->Machine != 0x8664 || opt_hdr->Magic != 0x020b) {
95
{ .name = "ID_MMFR1", .state = ARM_CP_STATE_BOTH,
95
- return 1;
96
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 5,
96
- }
97
.access = PL1_R, .type = ARM_CP_CONST,
97
-
98
+ .accessfn = access_aa32_tid3,
98
- printf("Debug Directory RVA = 0x%08"PRIx32"\n",
99
.resetvalue = cpu->id_mmfr1 },
99
- (uint32_t)data_dir[IMAGE_FILE_DEBUG_DIRECTORY].VirtualAddress);
100
{ .name = "ID_MMFR2", .state = ARM_CP_STATE_BOTH,
100
-
101
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 6,
101
- if (va_space_rw(vs,
102
.access = PL1_R, .type = ARM_CP_CONST,
102
- base + data_dir[IMAGE_FILE_DEBUG_DIRECTORY].VirtualAddress,
103
+ .accessfn = access_aa32_tid3,
103
- &debug_dir, sizeof(debug_dir), 0)) {
104
.resetvalue = cpu->id_mmfr2 },
104
+ if (pe_get_data_dir_entry(base, start_addr, IMAGE_FILE_DEBUG_DIRECTORY,
105
{ .name = "ID_MMFR3", .state = ARM_CP_STATE_BOTH,
105
+ &debug_dir, sizeof(debug_dir), vs)) {
106
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 7,
106
+ eprintf("Failed to get Debug Directory\n");
107
.access = PL1_R, .type = ARM_CP_CONST,
107
return 1;
108
+ .accessfn = access_aa32_tid3,
108
}
109
.resetvalue = cpu->id_mmfr3 },
109
110
{ .name = "ID_ISAR0", .state = ARM_CP_STATE_BOTH,
111
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 0,
112
.access = PL1_R, .type = ARM_CP_CONST,
113
+ .accessfn = access_aa32_tid3,
114
.resetvalue = cpu->isar.id_isar0 },
115
{ .name = "ID_ISAR1", .state = ARM_CP_STATE_BOTH,
116
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 1,
117
.access = PL1_R, .type = ARM_CP_CONST,
118
+ .accessfn = access_aa32_tid3,
119
.resetvalue = cpu->isar.id_isar1 },
120
{ .name = "ID_ISAR2", .state = ARM_CP_STATE_BOTH,
121
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 2,
122
.access = PL1_R, .type = ARM_CP_CONST,
123
+ .accessfn = access_aa32_tid3,
124
.resetvalue = cpu->isar.id_isar2 },
125
{ .name = "ID_ISAR3", .state = ARM_CP_STATE_BOTH,
126
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 3,
127
.access = PL1_R, .type = ARM_CP_CONST,
128
+ .accessfn = access_aa32_tid3,
129
.resetvalue = cpu->isar.id_isar3 },
130
{ .name = "ID_ISAR4", .state = ARM_CP_STATE_BOTH,
131
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 4,
132
.access = PL1_R, .type = ARM_CP_CONST,
133
+ .accessfn = access_aa32_tid3,
134
.resetvalue = cpu->isar.id_isar4 },
135
{ .name = "ID_ISAR5", .state = ARM_CP_STATE_BOTH,
136
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 5,
137
.access = PL1_R, .type = ARM_CP_CONST,
138
+ .accessfn = access_aa32_tid3,
139
.resetvalue = cpu->isar.id_isar5 },
140
{ .name = "ID_MMFR4", .state = ARM_CP_STATE_BOTH,
141
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 6,
142
.access = PL1_R, .type = ARM_CP_CONST,
143
+ .accessfn = access_aa32_tid3,
144
.resetvalue = cpu->id_mmfr4 },
145
{ .name = "ID_ISAR6", .state = ARM_CP_STATE_BOTH,
146
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 7,
147
.access = PL1_R, .type = ARM_CP_CONST,
148
+ .accessfn = access_aa32_tid3,
149
.resetvalue = cpu->isar.id_isar6 },
150
REGINFO_SENTINEL
151
};
152
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
153
{ .name = "ID_AA64PFR0_EL1", .state = ARM_CP_STATE_AA64,
154
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 0,
155
.access = PL1_R, .type = ARM_CP_NO_RAW,
156
+ .accessfn = access_aa64_tid3,
157
.readfn = id_aa64pfr0_read,
158
.writefn = arm_cp_write_ignore },
159
{ .name = "ID_AA64PFR1_EL1", .state = ARM_CP_STATE_AA64,
160
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 1,
161
.access = PL1_R, .type = ARM_CP_CONST,
162
+ .accessfn = access_aa64_tid3,
163
.resetvalue = cpu->isar.id_aa64pfr1},
164
{ .name = "ID_AA64PFR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
165
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 2,
166
.access = PL1_R, .type = ARM_CP_CONST,
167
+ .accessfn = access_aa64_tid3,
168
.resetvalue = 0 },
169
{ .name = "ID_AA64PFR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
170
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 3,
171
.access = PL1_R, .type = ARM_CP_CONST,
172
+ .accessfn = access_aa64_tid3,
173
.resetvalue = 0 },
174
{ .name = "ID_AA64ZFR0_EL1", .state = ARM_CP_STATE_AA64,
175
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 4,
176
.access = PL1_R, .type = ARM_CP_CONST,
177
+ .accessfn = access_aa64_tid3,
178
/* At present, only SVEver == 0 is defined anyway. */
179
.resetvalue = 0 },
180
{ .name = "ID_AA64PFR5_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
181
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 5,
182
.access = PL1_R, .type = ARM_CP_CONST,
183
+ .accessfn = access_aa64_tid3,
184
.resetvalue = 0 },
185
{ .name = "ID_AA64PFR6_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
186
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 6,
187
.access = PL1_R, .type = ARM_CP_CONST,
188
+ .accessfn = access_aa64_tid3,
189
.resetvalue = 0 },
190
{ .name = "ID_AA64PFR7_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
191
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 7,
192
.access = PL1_R, .type = ARM_CP_CONST,
193
+ .accessfn = access_aa64_tid3,
194
.resetvalue = 0 },
195
{ .name = "ID_AA64DFR0_EL1", .state = ARM_CP_STATE_AA64,
196
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 0,
197
.access = PL1_R, .type = ARM_CP_CONST,
198
+ .accessfn = access_aa64_tid3,
199
.resetvalue = cpu->id_aa64dfr0 },
200
{ .name = "ID_AA64DFR1_EL1", .state = ARM_CP_STATE_AA64,
201
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 1,
202
.access = PL1_R, .type = ARM_CP_CONST,
203
+ .accessfn = access_aa64_tid3,
204
.resetvalue = cpu->id_aa64dfr1 },
205
{ .name = "ID_AA64DFR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
206
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 2,
207
.access = PL1_R, .type = ARM_CP_CONST,
208
+ .accessfn = access_aa64_tid3,
209
.resetvalue = 0 },
210
{ .name = "ID_AA64DFR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
211
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 3,
212
.access = PL1_R, .type = ARM_CP_CONST,
213
+ .accessfn = access_aa64_tid3,
214
.resetvalue = 0 },
215
{ .name = "ID_AA64AFR0_EL1", .state = ARM_CP_STATE_AA64,
216
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 4,
217
.access = PL1_R, .type = ARM_CP_CONST,
218
+ .accessfn = access_aa64_tid3,
219
.resetvalue = cpu->id_aa64afr0 },
220
{ .name = "ID_AA64AFR1_EL1", .state = ARM_CP_STATE_AA64,
221
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 5,
222
.access = PL1_R, .type = ARM_CP_CONST,
223
+ .accessfn = access_aa64_tid3,
224
.resetvalue = cpu->id_aa64afr1 },
225
{ .name = "ID_AA64AFR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
226
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 6,
227
.access = PL1_R, .type = ARM_CP_CONST,
228
+ .accessfn = access_aa64_tid3,
229
.resetvalue = 0 },
230
{ .name = "ID_AA64AFR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
231
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 7,
232
.access = PL1_R, .type = ARM_CP_CONST,
233
+ .accessfn = access_aa64_tid3,
234
.resetvalue = 0 },
235
{ .name = "ID_AA64ISAR0_EL1", .state = ARM_CP_STATE_AA64,
236
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 0,
237
.access = PL1_R, .type = ARM_CP_CONST,
238
+ .accessfn = access_aa64_tid3,
239
.resetvalue = cpu->isar.id_aa64isar0 },
240
{ .name = "ID_AA64ISAR1_EL1", .state = ARM_CP_STATE_AA64,
241
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 1,
242
.access = PL1_R, .type = ARM_CP_CONST,
243
+ .accessfn = access_aa64_tid3,
244
.resetvalue = cpu->isar.id_aa64isar1 },
245
{ .name = "ID_AA64ISAR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
246
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 2,
247
.access = PL1_R, .type = ARM_CP_CONST,
248
+ .accessfn = access_aa64_tid3,
249
.resetvalue = 0 },
250
{ .name = "ID_AA64ISAR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
251
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 3,
252
.access = PL1_R, .type = ARM_CP_CONST,
253
+ .accessfn = access_aa64_tid3,
254
.resetvalue = 0 },
255
{ .name = "ID_AA64ISAR4_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
256
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 4,
257
.access = PL1_R, .type = ARM_CP_CONST,
258
+ .accessfn = access_aa64_tid3,
259
.resetvalue = 0 },
260
{ .name = "ID_AA64ISAR5_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
261
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 5,
262
.access = PL1_R, .type = ARM_CP_CONST,
263
+ .accessfn = access_aa64_tid3,
264
.resetvalue = 0 },
265
{ .name = "ID_AA64ISAR6_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
266
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 6,
267
.access = PL1_R, .type = ARM_CP_CONST,
268
+ .accessfn = access_aa64_tid3,
269
.resetvalue = 0 },
270
{ .name = "ID_AA64ISAR7_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
271
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 7,
272
.access = PL1_R, .type = ARM_CP_CONST,
273
+ .accessfn = access_aa64_tid3,
274
.resetvalue = 0 },
275
{ .name = "ID_AA64MMFR0_EL1", .state = ARM_CP_STATE_AA64,
276
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 0,
277
.access = PL1_R, .type = ARM_CP_CONST,
278
+ .accessfn = access_aa64_tid3,
279
.resetvalue = cpu->isar.id_aa64mmfr0 },
280
{ .name = "ID_AA64MMFR1_EL1", .state = ARM_CP_STATE_AA64,
281
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 1,
282
.access = PL1_R, .type = ARM_CP_CONST,
283
+ .accessfn = access_aa64_tid3,
284
.resetvalue = cpu->isar.id_aa64mmfr1 },
285
{ .name = "ID_AA64MMFR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
286
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 2,
287
.access = PL1_R, .type = ARM_CP_CONST,
288
+ .accessfn = access_aa64_tid3,
289
.resetvalue = 0 },
290
{ .name = "ID_AA64MMFR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
291
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 3,
292
.access = PL1_R, .type = ARM_CP_CONST,
293
+ .accessfn = access_aa64_tid3,
294
.resetvalue = 0 },
295
{ .name = "ID_AA64MMFR4_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
296
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 4,
297
.access = PL1_R, .type = ARM_CP_CONST,
298
+ .accessfn = access_aa64_tid3,
299
.resetvalue = 0 },
300
{ .name = "ID_AA64MMFR5_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
301
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 5,
302
.access = PL1_R, .type = ARM_CP_CONST,
303
+ .accessfn = access_aa64_tid3,
304
.resetvalue = 0 },
305
{ .name = "ID_AA64MMFR6_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
306
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 6,
307
.access = PL1_R, .type = ARM_CP_CONST,
308
+ .accessfn = access_aa64_tid3,
309
.resetvalue = 0 },
310
{ .name = "ID_AA64MMFR7_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
311
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 7,
312
.access = PL1_R, .type = ARM_CP_CONST,
313
+ .accessfn = access_aa64_tid3,
314
.resetvalue = 0 },
315
{ .name = "MVFR0_EL1", .state = ARM_CP_STATE_AA64,
316
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 0,
317
.access = PL1_R, .type = ARM_CP_CONST,
318
+ .accessfn = access_aa64_tid3,
319
.resetvalue = cpu->isar.mvfr0 },
320
{ .name = "MVFR1_EL1", .state = ARM_CP_STATE_AA64,
321
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 1,
322
.access = PL1_R, .type = ARM_CP_CONST,
323
+ .accessfn = access_aa64_tid3,
324
.resetvalue = cpu->isar.mvfr1 },
325
{ .name = "MVFR2_EL1", .state = ARM_CP_STATE_AA64,
326
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 2,
327
.access = PL1_R, .type = ARM_CP_CONST,
328
+ .accessfn = access_aa64_tid3,
329
.resetvalue = cpu->isar.mvfr2 },
330
{ .name = "MVFR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
331
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 3,
332
.access = PL1_R, .type = ARM_CP_CONST,
333
+ .accessfn = access_aa64_tid3,
334
.resetvalue = 0 },
335
{ .name = "MVFR4_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
336
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 4,
337
.access = PL1_R, .type = ARM_CP_CONST,
338
+ .accessfn = access_aa64_tid3,
339
.resetvalue = 0 },
340
{ .name = "MVFR5_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
341
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 5,
342
.access = PL1_R, .type = ARM_CP_CONST,
343
+ .accessfn = access_aa64_tid3,
344
.resetvalue = 0 },
345
{ .name = "MVFR6_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
346
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 6,
347
.access = PL1_R, .type = ARM_CP_CONST,
348
+ .accessfn = access_aa64_tid3,
349
.resetvalue = 0 },
350
{ .name = "MVFR7_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
351
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 7,
352
.access = PL1_R, .type = ARM_CP_CONST,
353
+ .accessfn = access_aa64_tid3,
354
.resetvalue = 0 },
355
{ .name = "PMCEID0", .state = ARM_CP_STATE_AA32,
356
.cp = 15, .opc1 = 0, .crn = 9, .crm = 12, .opc2 = 6,
357
--
110
--
358
2.20.1
111
2.34.1
359
360
diff view generated by jsdifflib
[PULL 3/4] target/arm: Fix ISR_EL1 tracking when executing at EL2
[PULL 5/8] contrib/elf2dmp: add PE name check and Windows Server 2022 support
1
From: Marc Zyngier <maz@kernel.org>
1
From: Viktor Prutyanov <viktor@daynix.com>
2
2
3
The ARMv8 ARM states when executing at EL2, EL3 or Secure EL1,
3
Since its inception elf2dmp has checked MZ signatures within an
4
ISR_EL1 shows the pending status of the physical IRQ, FIQ, or
4
address space above IDT[0] interrupt vector and took first PE image
5
SError interrupts.
5
found as Windows Kernel.
6
But in Windows Server 2022 memory dump this address space range is
7
full of invalid PE fragments and the tool must check that PE image
8
is 'ntoskrnl.exe' actually.
9
So, introduce additional validation by checking image name from
10
Export Directory against 'ntoskrnl.exe'.
6
11
7
Unfortunately, QEMU's implementation only considers the HCR_EL2
12
Signed-off-by: Viktor Prutyanov <viktor@daynix.com>
8
bits, and ignores the current exception level. This means a hypervisor
13
Tested-by: Yuri Benditovich <yuri.benditovich@daynix.com>
9
trying to look at its own interrupt state actually sees the guest
14
Reviewed-by: Annie Li <annie.li@oracle.com>
10
state, which is unexpected and breaks KVM as of Linux 5.3.
15
Message-id: 20230222211246.883679-4-viktor@daynix.com
11
12
Instead, check for the running EL and return the physical bits
13
if not running in a virtualized context.
14
15
Fixes: 636540e9c40b
16
Cc: qemu-stable@nongnu.org
17
Reported-by: Quentin Perret <qperret@google.com>
18
Signed-off-by: Marc Zyngier <maz@kernel.org>
19
Message-id: 20191122135833.28953-1-maz@kernel.org
20
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
21
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
22
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
16
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23
---
17
---
24
target/arm/helper.c | 7 +++++--
18
contrib/elf2dmp/pe.h | 15 +++++++++++++++
25
1 file changed, 5 insertions(+), 2 deletions(-)
19
contrib/elf2dmp/main.c | 28 ++++++++++++++++++++++++++--
20
2 files changed, 41 insertions(+), 2 deletions(-)
26
21
27
diff --git a/target/arm/helper.c b/target/arm/helper.c
22
diff --git a/contrib/elf2dmp/pe.h b/contrib/elf2dmp/pe.h
28
index XXXXXXX..XXXXXXX 100644
23
index XXXXXXX..XXXXXXX 100644
29
--- a/target/arm/helper.c
24
--- a/contrib/elf2dmp/pe.h
30
+++ b/target/arm/helper.c
25
+++ b/contrib/elf2dmp/pe.h
31
@@ -XXX,XX +XXX,XX @@ static uint64_t isr_read(CPUARMState *env, const ARMCPRegInfo *ri)
26
@@ -XXX,XX +XXX,XX @@ typedef struct IMAGE_NT_HEADERS64 {
32
CPUState *cs = env_cpu(env);
27
IMAGE_OPTIONAL_HEADER64 OptionalHeader;
33
uint64_t hcr_el2 = arm_hcr_el2_eff(env);
28
} __attribute__ ((packed)) IMAGE_NT_HEADERS64;
34
uint64_t ret = 0;
29
35
+ bool allow_virt = (arm_current_el(env) == 1 &&
30
+typedef struct IMAGE_EXPORT_DIRECTORY {
36
+ (!arm_is_secure_below_el3(env) ||
31
+ uint32_t Characteristics;
37
+ (env->cp15.scr_el3 & SCR_EEL2)));
32
+ uint32_t TimeDateStamp;
38
33
+ uint16_t MajorVersion;
39
- if (hcr_el2 & HCR_IMO) {
34
+ uint16_t MinorVersion;
40
+ if (allow_virt && (hcr_el2 & HCR_IMO)) {
35
+ uint32_t Name;
41
if (cs->interrupt_request & CPU_INTERRUPT_VIRQ) {
36
+ uint32_t Base;
42
ret |= CPSR_I;
37
+ uint32_t NumberOfFunctions;
38
+ uint32_t NumberOfNames;
39
+ uint32_t AddressOfFunctions;
40
+ uint32_t AddressOfNames;
41
+ uint32_t AddressOfNameOrdinals;
42
+} __attribute__ ((packed)) IMAGE_EXPORT_DIRECTORY;
43
+
44
typedef struct IMAGE_DEBUG_DIRECTORY {
45
uint32_t Characteristics;
46
uint32_t TimeDateStamp;
47
@@ -XXX,XX +XXX,XX @@ typedef struct IMAGE_DEBUG_DIRECTORY {
48
#define IMAGE_DEBUG_TYPE_CODEVIEW 2
49
#endif
50
51
+#define IMAGE_FILE_EXPORT_DIRECTORY 0
52
#define IMAGE_FILE_DEBUG_DIRECTORY 6
53
54
typedef struct guid_t {
55
diff --git a/contrib/elf2dmp/main.c b/contrib/elf2dmp/main.c
56
index XXXXXXX..XXXXXXX 100644
57
--- a/contrib/elf2dmp/main.c
58
+++ b/contrib/elf2dmp/main.c
59
@@ -XXX,XX +XXX,XX @@
60
61
#define SYM_URL_BASE "https://msdl.microsoft.com/download/symbols/"
62
#define PDB_NAME "ntkrnlmp.pdb"
63
+#define PE_NAME "ntoskrnl.exe"
64
65
#define INITIAL_MXCSR 0x1f80
66
67
@@ -XXX,XX +XXX,XX @@ static int write_dump(struct pa_space *ps,
68
return fclose(dmp_file);
69
}
70
71
+static bool pe_check_export_name(uint64_t base, void *start_addr,
72
+ struct va_space *vs)
73
+{
74
+ IMAGE_EXPORT_DIRECTORY export_dir;
75
+ const char *pe_name;
76
+
77
+ if (pe_get_data_dir_entry(base, start_addr, IMAGE_FILE_EXPORT_DIRECTORY,
78
+ &export_dir, sizeof(export_dir), vs)) {
79
+ return false;
80
+ }
81
+
82
+ pe_name = va_space_resolve(vs, base + export_dir.Name);
83
+ if (!pe_name) {
84
+ return false;
85
+ }
86
+
87
+ return !strcmp(pe_name, PE_NAME);
88
+}
89
+
90
static int pe_get_pdb_symstore_hash(uint64_t base, void *start_addr,
91
char *hash, struct va_space *vs)
92
{
93
@@ -XXX,XX +XXX,XX @@ int main(int argc, char *argv[])
94
uint64_t KdDebuggerDataBlock;
95
KDDEBUGGER_DATA64 *kdbg;
96
uint64_t KdVersionBlock;
97
+ bool kernel_found = false;
98
99
if (argc != 3) {
100
eprintf("usage:\n\t%s elf_file dmp_file\n", argv[0]);
101
@@ -XXX,XX +XXX,XX @@ int main(int argc, char *argv[])
43
}
102
}
44
@@ -XXX,XX +XXX,XX @@ static uint64_t isr_read(CPUARMState *env, const ARMCPRegInfo *ri)
103
104
if (*(uint16_t *)nt_start_addr == 0x5a4d) { /* MZ */
105
- break;
106
+ if (pe_check_export_name(KernBase, nt_start_addr, &vs)) {
107
+ kernel_found = true;
108
+ break;
109
+ }
45
}
110
}
46
}
111
}
47
112
48
- if (hcr_el2 & HCR_FMO) {
113
- if (!nt_start_addr) {
49
+ if (allow_virt && (hcr_el2 & HCR_FMO)) {
114
+ if (!kernel_found) {
50
if (cs->interrupt_request & CPU_INTERRUPT_VFIQ) {
115
eprintf("Failed to find NT kernel image\n");
51
ret |= CPSR_F;
116
err = 1;
52
}
117
goto out_ps;
53
--
118
--
54
2.20.1
119
2.34.1
55
56
diff view generated by jsdifflib
[PULL 1/4] target/arm: Fix handling of cortex-m FTYPE flag in EXCRET
[PULL 6/8] hw/usb/imx: Fix out of bounds access in imx_usbphy_read()
1
From: Jean-Hugues Deschênes <Jean-Hugues.Deschenes@ossiaco.com>
1
From: Guenter Roeck <linux@roeck-us.net>
2
2
3
According to the PushStack() pseudocode in the armv7m RM,
3
The i.MX USB Phy driver does not check register ranges, resulting in out of
4
bit 4 of the LR should be set to NOT(CONTROL.PFCA) when
4
bounds accesses if an attempt is made to access non-existing PHY registers.
5
an FPU is present. Current implementation is doing it for
5
Add range check and conditionally report bad accesses to fix the problem.
6
armv8, but not for armv7. This patch makes the existing
7
logic applicable to both code paths.
8
6
9
Signed-off-by: Jean-Hugues Deschenes <jean-hugues.deschenes@ossiaco.com>
7
While at it, also conditionally log attempted writes to non-existing or
8
read-only registers.
9
10
Reported-by: Qiang Liu <cyruscyliu@gmail.com>
11
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
12
Tested-by: Qiang Liu <cyruscyliu@gmail.com>
13
Message-id: 20230316234926.208874-1-linux@roeck-us.net
14
Link: https://gitlab.com/qemu-project/qemu/-/issues/1408
15
Fixes: 0701a5efa015 ("hw/usb: Add basic i.MX USB Phy support")
16
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
10
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
17
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
18
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
---
19
---
13
target/arm/m_helper.c | 7 +++----
20
hw/usb/imx-usb-phy.c | 19 +++++++++++++++++--
14
1 file changed, 3 insertions(+), 4 deletions(-)
21
1 file changed, 17 insertions(+), 2 deletions(-)
15
22
16
diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
23
diff --git a/hw/usb/imx-usb-phy.c b/hw/usb/imx-usb-phy.c
17
index XXXXXXX..XXXXXXX 100644
24
index XXXXXXX..XXXXXXX 100644
18
--- a/target/arm/m_helper.c
25
--- a/hw/usb/imx-usb-phy.c
19
+++ b/target/arm/m_helper.c
26
+++ b/hw/usb/imx-usb-phy.c
20
@@ -XXX,XX +XXX,XX @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)
27
@@ -XXX,XX +XXX,XX @@
21
if (env->v7m.secure) {
28
#include "qemu/osdep.h"
22
lr |= R_V7M_EXCRET_S_MASK;
29
#include "hw/usb/imx-usb-phy.h"
23
}
30
#include "migration/vmstate.h"
24
- if (!(env->v7m.control[M_REG_S] & R_V7M_CONTROL_FPCA_MASK)) {
31
+#include "qemu/log.h"
25
- lr |= R_V7M_EXCRET_FTYPE_MASK;
32
#include "qemu/module.h"
26
- }
33
27
} else {
34
static const VMStateDescription vmstate_imx_usbphy = {
28
lr = R_V7M_EXCRET_RES1_MASK |
35
@@ -XXX,XX +XXX,XX @@ static uint64_t imx_usbphy_read(void *opaque, hwaddr offset, unsigned size)
29
R_V7M_EXCRET_S_MASK |
36
value = s->usbphy[index - 3];
30
R_V7M_EXCRET_DCRS_MASK |
37
break;
31
- R_V7M_EXCRET_FTYPE_MASK |
38
default:
32
R_V7M_EXCRET_ES_MASK;
39
- value = s->usbphy[index];
33
if (env->v7m.control[M_REG_NS] & R_V7M_CONTROL_SPSEL_MASK) {
40
+ if (index < USBPHY_MAX) {
34
lr |= R_V7M_EXCRET_SPSEL_MASK;
41
+ value = s->usbphy[index];
35
}
42
+ } else {
43
+ qemu_log_mask(LOG_GUEST_ERROR,
44
+ "%s: Read from non-existing USB PHY register 0x%"
45
+ HWADDR_PRIx "\n",
46
+ __func__, offset);
47
+ value = 0;
48
+ }
49
break;
36
}
50
}
37
+ if (!(env->v7m.control[M_REG_S] & R_V7M_CONTROL_FPCA_MASK)) {
51
return (uint64_t)value;
38
+ lr |= R_V7M_EXCRET_FTYPE_MASK;
52
@@ -XXX,XX +XXX,XX @@ static void imx_usbphy_write(void *opaque, hwaddr offset, uint64_t value,
39
+ }
53
s->usbphy[index - 3] ^= value;
40
if (!arm_v7m_is_handler_mode(env)) {
54
break;
41
lr |= R_V7M_EXCRET_MODE_MASK;
55
default:
56
- /* Other registers are read-only */
57
+ /* Other registers are read-only or do not exist */
58
+ qemu_log_mask(LOG_GUEST_ERROR,
59
+ "%s: Write to %s USB PHY register 0x%"
60
+ HWADDR_PRIx "\n",
61
+ __func__,
62
+ index >= USBPHY_MAX ? "non-existing" : "read-only",
63
+ offset);
64
break;
42
}
65
}
66
}
43
--
67
--
44
2.20.1
68
2.34.1
45
46
diff view generated by jsdifflib
New patch
[PULL 7/8] docs/system/arm/cpu-features.rst: Fix formatting
1
The markup for the Arm CPU feature documentation is incorrect,
2
and results in the HTML not rendering correctly -- the first
3
line of each description is rendered in boldface as if it
4
were part of the option name.
1
5
6
Reformat to match the styling used in cpu-models-x86.rst.inc.
7
8
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1479
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Message-id: 20230316105808.1414003-1-peter.maydell@linaro.org
11
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
12
---
13
docs/system/arm/cpu-features.rst | 68 ++++++++++++++------------------
14
1 file changed, 30 insertions(+), 38 deletions(-)
15
16
diff --git a/docs/system/arm/cpu-features.rst b/docs/system/arm/cpu-features.rst
17
index XXXXXXX..XXXXXXX 100644
18
--- a/docs/system/arm/cpu-features.rst
19
+++ b/docs/system/arm/cpu-features.rst
20
@@ -XXX,XX +XXX,XX @@ are named with the prefix "kvm-". KVM VCPU features may be probed,
21
enabled, and disabled in the same way as other CPU features. Below is
22
the list of KVM VCPU features and their descriptions.
23
24
- kvm-no-adjvtime By default kvm-no-adjvtime is disabled. This
25
- means that by default the virtual time
26
- adjustment is enabled (vtime is not *not*
27
- adjusted).
28
+``kvm-no-adjvtime``
29
+ By default kvm-no-adjvtime is disabled. This means that by default
30
+ the virtual time adjustment is enabled (vtime is not *not* adjusted).
31
32
- When virtual time adjustment is enabled each
33
- time the VM transitions back to running state
34
- the VCPU's virtual counter is updated to ensure
35
- stopped time is not counted. This avoids time
36
- jumps surprising guest OSes and applications,
37
- as long as they use the virtual counter for
38
- timekeeping. However it has the side effect of
39
- the virtual and physical counters diverging.
40
- All timekeeping based on the virtual counter
41
- will appear to lag behind any timekeeping that
42
- does not subtract VM stopped time. The guest
43
- may resynchronize its virtual counter with
44
- other time sources as needed.
45
+ When virtual time adjustment is enabled each time the VM transitions
46
+ back to running state the VCPU's virtual counter is updated to
47
+ ensure stopped time is not counted. This avoids time jumps
48
+ surprising guest OSes and applications, as long as they use the
49
+ virtual counter for timekeeping. However it has the side effect of
50
+ the virtual and physical counters diverging. All timekeeping based
51
+ on the virtual counter will appear to lag behind any timekeeping
52
+ that does not subtract VM stopped time. The guest may resynchronize
53
+ its virtual counter with other time sources as needed.
54
55
- Enable kvm-no-adjvtime to disable virtual time
56
- adjustment, also restoring the legacy (pre-5.0)
57
- behavior.
58
+ Enable kvm-no-adjvtime to disable virtual time adjustment, also
59
+ restoring the legacy (pre-5.0) behavior.
60
61
- kvm-steal-time Since v5.2, kvm-steal-time is enabled by
62
- default when KVM is enabled, the feature is
63
- supported, and the guest is 64-bit.
64
+``kvm-steal-time``
65
+ Since v5.2, kvm-steal-time is enabled by default when KVM is
66
+ enabled, the feature is supported, and the guest is 64-bit.
67
68
- When kvm-steal-time is enabled a 64-bit guest
69
- can account for time its CPUs were not running
70
- due to the host not scheduling the corresponding
71
- VCPU threads. The accounting statistics may
72
- influence the guest scheduler behavior and/or be
73
- exposed to the guest userspace.
74
+ When kvm-steal-time is enabled a 64-bit guest can account for time
75
+ its CPUs were not running due to the host not scheduling the
76
+ corresponding VCPU threads. The accounting statistics may influence
77
+ the guest scheduler behavior and/or be exposed to the guest
78
+ userspace.
79
80
TCG VCPU Features
81
=================
82
@@ -XXX,XX +XXX,XX @@ TCG VCPU Features
83
TCG VCPU features are CPU features that are specific to TCG.
84
Below is the list of TCG VCPU features and their descriptions.
85
86
- pauth-impdef When ``FEAT_Pauth`` is enabled, either the
87
- *impdef* (Implementation Defined) algorithm
88
- is enabled or the *architected* QARMA algorithm
89
- is enabled. By default the impdef algorithm
90
- is disabled, and QARMA is enabled.
91
+``pauth-impdef``
92
+ When ``FEAT_Pauth`` is enabled, either the *impdef* (Implementation
93
+ Defined) algorithm is enabled or the *architected* QARMA algorithm
94
+ is enabled. By default the impdef algorithm is disabled, and QARMA
95
+ is enabled.
96
97
- The architected QARMA algorithm has good
98
- cryptographic properties, but can be quite slow
99
- to emulate. The impdef algorithm used by QEMU
100
- is non-cryptographic but significantly faster.
101
+ The architected QARMA algorithm has good cryptographic properties,
102
+ but can be quite slow to emulate. The impdef algorithm used by QEMU
103
+ is non-cryptographic but significantly faster.
104
105
SVE CPU Properties
106
==================
107
--
108
2.34.1
diff view generated by jsdifflib
New patch
[PULL 8/8] target/arm: Don't advertise aarch64-pauth.xml to gdb
1
Unfortunately a bug in older versions of gdb means that they will
2
crash if QEMU sends them the aarch64-pauth.xml. This bug is fixed in
3
gdb commit 1ba3a3222039eb25, and there are plans to backport that to
4
affected gdb release branches, but since the bug affects gdb 9
5
through 12 it is very widely deployed (for instance by distros).
1
6
7
It is not currently clear what the best way to deal with this is; it
8
has been proposed to define a new XML feature name that old gdb will
9
ignore but newer gdb can handle. Since QEMU's 8.0 release is
10
imminent and at least one of our CI runners is now falling over this,
11
disable the pauth XML for the moment. We can follow up with a more
12
considered fix either in time for 8.0 or else for the 8.1 release.
13
14
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
15
---
16
target/arm/gdbstub.c | 7 +++++++
17
1 file changed, 7 insertions(+)
18
19
diff --git a/target/arm/gdbstub.c b/target/arm/gdbstub.c
20
index XXXXXXX..XXXXXXX 100644
21
--- a/target/arm/gdbstub.c
22
+++ b/target/arm/gdbstub.c
23
@@ -XXX,XX +XXX,XX @@ void arm_cpu_register_gdb_regs_for_features(ARMCPU *cpu)
24
aarch64_gdb_set_fpu_reg,
25
34, "aarch64-fpu.xml", 0);
26
}
27
+#if 0
28
+ /*
29
+ * GDB versions 9 through 12 have a bug which means they will
30
+ * crash if they see this XML from QEMU; disable it for the 8.0
31
+ * release, pending a better solution.
32
+ */
33
if (isar_feature_aa64_pauth(&cpu->isar)) {
34
gdb_register_coprocessor(cs, aarch64_gdb_get_pauth_reg,
35
aarch64_gdb_set_pauth_reg,
36
4, "aarch64-pauth.xml", 0);
37
}
38
+#endif
39
#endif
40
} else {
41
if (arm_feature(env, ARM_FEATURE_NEON)) {
42
--
43
2.34.1
diff view generated by jsdifflib

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.