| 1 | Just one patch for rc2, a revert. | 1 | This bug seemed worth fixing for 8.0 since we need an rc4 anyway: |
|---|---|---|---|
| 2 | we were using uninitialized data for the guarded bit when | ||
| 3 | combining stage 1 and stage 2 attrs. | ||
| 2 | 4 | ||
| 5 | thanks | ||
| 3 | -- PMM | 6 | -- PMM |
| 4 | 7 | ||
| 5 | The following changes since commit 49aaac3548bc5a4632a14de939d5312b28dc1ba2: | 8 | The following changes since commit 08dede07030973c1053868bc64de7e10bfa02ad6: |
| 6 | 9 | ||
| 7 | Merge tag 'linux-user-for-6.2-pull-request' of git://github.com/vivier/qemu into staging (2021-11-22 10:33:13 +0100) | 10 | Merge tag 'pull-ppc-20230409' of https://github.com/legoater/qemu into staging (2023-04-10 11:47:52 +0100) |
| 8 | 11 | ||
| 9 | are available in the Git repository at: | 12 | are available in the Git repository at: |
| 10 | 13 | ||
| 11 | https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20211122 | 14 | https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230410 |
| 12 | 15 | ||
| 13 | for you to fetch changes up to 4825eaae4fdd56fba0febdfbdd7bf9684ae3ee0d: | 16 | for you to fetch changes up to 8539dc00552e8ea60420856fc1262c8299bc6308: |
| 14 | 17 | ||
| 15 | Revert "arm: tcg: Adhere to SMCCC 1.3 section 5.2" (2021-11-22 13:41:48 +0000) | 18 | target/arm: Copy guarded bit in combine_cacheattrs (2023-04-10 14:31:40 +0100) |
| 16 | 19 | ||
| 17 | ---------------------------------------------------------------- | 20 | ---------------------------------------------------------------- |
| 18 | target-arm queue: | 21 | target-arm: Fix bug where we weren't initializing |
| 19 | * revert SMCCC/PSCI change, as it regresses some usecases for some boards | 22 | guarded bit state when combining S1/S2 attrs |
| 20 | 23 | ||
| 21 | ---------------------------------------------------------------- | 24 | ---------------------------------------------------------------- |
| 22 | Peter Maydell (1): | 25 | Richard Henderson (2): |
| 23 | Revert "arm: tcg: Adhere to SMCCC 1.3 section 5.2" | 26 | target/arm: PTE bit GP only applies to stage1 |
| 27 | target/arm: Copy guarded bit in combine_cacheattrs | ||
| 24 | 28 | ||
| 25 | target/arm/psci.c | 35 +++++++++++++++++++++++++++++------ | 29 | target/arm/ptw.c | 11 ++++++----- |
| 26 | 1 file changed, 29 insertions(+), 6 deletions(-) | 30 | 1 file changed, 6 insertions(+), 5 deletions(-) |
| 27 | diff view generated by jsdifflib |
| 1 | This reverts commit 9fcd15b9193e819b6cc2fd0a45e3506148812bb4. | 1 | From: Richard Henderson <richard.henderson@linaro.org> |
|---|---|---|---|
| 2 | 2 | ||
| 3 | This change turns out to cause regressions, for instance on the | 3 | Only perform the extract of GP during the stage1 walk. |
| 4 | imx6ul boards as described here: | ||
| 5 | https://lore.kernel.org/qemu-devel/c8b89685-7490-328b-51a3-48711c140a84@tribudubois.net/ | ||
| 6 | 4 | ||
| 7 | The primary cause of that regression is that the guest code running | 5 | Reported-by: Peter Maydell <peter.maydell@linaro.org> |
| 8 | at EL3 expects SMCs (not related to PSCI) to do what they would if | 6 | Signed-off-by: Richard Henderson <richard.henderson@linaro.org> |
| 9 | our PSCI emulation was not present at all, but after this change | 7 | Reviewed-by: Peter Maydell <peter.maydell@linaro.org> |
| 10 | they instead set a value in R0/X0 and continue. | 8 | Message-id: 20230407185149.3253946-2-richard.henderson@linaro.org |
| 9 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | ||
| 10 | --- | ||
| 11 | target/arm/ptw.c | 10 +++++----- | ||
| 12 | 1 file changed, 5 insertions(+), 5 deletions(-) | ||
| 11 | 13 | ||
| 12 | We could fix that by a refactoring that allowed us to only turn on | 14 | diff --git a/target/arm/ptw.c b/target/arm/ptw.c |
| 13 | the PSCI emulation if we weren't booting the guest at EL3, but there | ||
| 14 | is a more tangled problem with the highbank board, which: | ||
| 15 | (1) wants to enable PSCI emulation | ||
| 16 | (2) has a bit of guest code that it wants to run at EL3 and | ||
| 17 | to perform SMC calls that trap to the monitor vector table: | ||
| 18 | this is the boot stub code that is written to memory by | ||
| 19 | arm_write_secure_board_setup_dummy_smc() and which the | ||
| 20 | highbank board enables by setting bootinfo->secure_board_setup | ||
| 21 | |||
| 22 | We can't satisfy both of those and also have the PSCI emulation | ||
| 23 | handle all SMC instruction executions regardless of function | ||
| 24 | identifier value. | ||
| 25 | |||
| 26 | This is too tricky to try to sort out before 6.2 is released; | ||
| 27 | revert this commit so we can take the time to get it right in | ||
| 28 | the 7.0 release. | ||
| 29 | |||
| 30 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | ||
| 31 | Message-id: 20211119163419.557623-1-peter.maydell@linaro.org | ||
| 32 | --- | ||
| 33 | target/arm/psci.c | 35 +++++++++++++++++++++++++++++------ | ||
| 34 | 1 file changed, 29 insertions(+), 6 deletions(-) | ||
| 35 | |||
| 36 | diff --git a/target/arm/psci.c b/target/arm/psci.c | ||
| 37 | index XXXXXXX..XXXXXXX 100644 | 15 | index XXXXXXX..XXXXXXX 100644 |
| 38 | --- a/target/arm/psci.c | 16 | --- a/target/arm/ptw.c |
| 39 | +++ b/target/arm/psci.c | 17 | +++ b/target/arm/ptw.c |
| 40 | @@ -XXX,XX +XXX,XX @@ | 18 | @@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw, |
| 41 | 19 | result->f.attrs.secure = false; | |
| 42 | bool arm_is_psci_call(ARMCPU *cpu, int excp_type) | ||
| 43 | { | ||
| 44 | - /* | ||
| 45 | - * Return true if the exception type matches the configured PSCI conduit. | ||
| 46 | - * This is called before the SMC/HVC instruction is executed, to decide | ||
| 47 | - * whether we should treat it as a PSCI call or with the architecturally | ||
| 48 | + /* Return true if the r0/x0 value indicates a PSCI call and | ||
| 49 | + * the exception type matches the configured PSCI conduit. This is | ||
| 50 | + * called before the SMC/HVC instruction is executed, to decide whether | ||
| 51 | + * we should treat it as a PSCI call or with the architecturally | ||
| 52 | * defined behaviour for an SMC or HVC (which might be UNDEF or trap | ||
| 53 | * to EL2 or to EL3). | ||
| 54 | */ | ||
| 55 | + CPUARMState *env = &cpu->env; | ||
| 56 | + uint64_t param = is_a64(env) ? env->xregs[0] : env->regs[0]; | ||
| 57 | |||
| 58 | switch (excp_type) { | ||
| 59 | case EXCP_HVC: | ||
| 60 | @@ -XXX,XX +XXX,XX @@ bool arm_is_psci_call(ARMCPU *cpu, int excp_type) | ||
| 61 | return false; | ||
| 62 | } | 20 | } |
| 63 | 21 | ||
| 64 | - return true; | 22 | - /* When in aarch64 mode, and BTI is enabled, remember GP in the TLB. */ |
| 65 | + switch (param) { | 23 | - if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) { |
| 66 | + case QEMU_PSCI_0_2_FN_PSCI_VERSION: | 24 | - result->f.guarded = extract64(attrs, 50, 1); /* GP */ |
| 67 | + case QEMU_PSCI_0_2_FN_MIGRATE_INFO_TYPE: | 25 | - } |
| 68 | + case QEMU_PSCI_0_2_FN_AFFINITY_INFO: | 26 | - |
| 69 | + case QEMU_PSCI_0_2_FN64_AFFINITY_INFO: | 27 | if (regime_is_stage2(mmu_idx)) { |
| 70 | + case QEMU_PSCI_0_2_FN_SYSTEM_RESET: | 28 | result->cacheattrs.is_s2_format = true; |
| 71 | + case QEMU_PSCI_0_2_FN_SYSTEM_OFF: | 29 | result->cacheattrs.attrs = extract32(attrs, 2, 4); |
| 72 | + case QEMU_PSCI_0_1_FN_CPU_ON: | 30 | @@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw, |
| 73 | + case QEMU_PSCI_0_2_FN_CPU_ON: | 31 | assert(attrindx <= 7); |
| 74 | + case QEMU_PSCI_0_2_FN64_CPU_ON: | 32 | result->cacheattrs.is_s2_format = false; |
| 75 | + case QEMU_PSCI_0_1_FN_CPU_OFF: | 33 | result->cacheattrs.attrs = extract64(mair, attrindx * 8, 8); |
| 76 | + case QEMU_PSCI_0_2_FN_CPU_OFF: | 34 | + |
| 77 | + case QEMU_PSCI_0_1_FN_CPU_SUSPEND: | 35 | + /* When in aarch64 mode, and BTI is enabled, remember GP in the TLB. */ |
| 78 | + case QEMU_PSCI_0_2_FN_CPU_SUSPEND: | 36 | + if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) { |
| 79 | + case QEMU_PSCI_0_2_FN64_CPU_SUSPEND: | 37 | + result->f.guarded = extract64(attrs, 50, 1); /* GP */ |
| 80 | + case QEMU_PSCI_0_1_FN_MIGRATE: | 38 | + } |
| 81 | + case QEMU_PSCI_0_2_FN_MIGRATE: | ||
| 82 | + return true; | ||
| 83 | + default: | ||
| 84 | + return false; | ||
| 85 | + } | ||
| 86 | } | ||
| 87 | |||
| 88 | void arm_handle_psci_call(ARMCPU *cpu) | ||
| 89 | @@ -XXX,XX +XXX,XX @@ void arm_handle_psci_call(ARMCPU *cpu) | ||
| 90 | break; | ||
| 91 | case QEMU_PSCI_0_1_FN_MIGRATE: | ||
| 92 | case QEMU_PSCI_0_2_FN_MIGRATE: | ||
| 93 | - default: | ||
| 94 | ret = QEMU_PSCI_RET_NOT_SUPPORTED; | ||
| 95 | break; | ||
| 96 | + default: | ||
| 97 | + g_assert_not_reached(); | ||
| 98 | } | 39 | } |
| 99 | 40 | ||
| 100 | err: | 41 | /* |
| 101 | -- | 42 | -- |
| 102 | 2.25.1 | 43 | 2.34.1 |
| 103 | |||
| 104 | diff view generated by jsdifflib |
New patch | |||
|---|---|---|---|
| 1 | From: Richard Henderson <richard.henderson@linaro.org> | ||
| 1 | 2 | ||
| 3 | The guarded bit comes from the stage1 walk. | ||
| 4 | |||
| 5 | Fixes: Coverity CID 1507929 | ||
| 6 | Signed-off-by: Richard Henderson <richard.henderson@linaro.org> | ||
| 7 | Reviewed-by: Peter Maydell <peter.maydell@linaro.org> | ||
| 8 | Message-id: 20230407185149.3253946-3-richard.henderson@linaro.org | ||
| 9 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | ||
| 10 | --- | ||
| 11 | target/arm/ptw.c | 1 + | ||
| 12 | 1 file changed, 1 insertion(+) | ||
| 13 | |||
| 14 | diff --git a/target/arm/ptw.c b/target/arm/ptw.c | ||
| 15 | index XXXXXXX..XXXXXXX 100644 | ||
| 16 | --- a/target/arm/ptw.c | ||
| 17 | +++ b/target/arm/ptw.c | ||
| 18 | @@ -XXX,XX +XXX,XX @@ static ARMCacheAttrs combine_cacheattrs(uint64_t hcr, | ||
| 19 | |||
| 20 | assert(!s1.is_s2_format); | ||
| 21 | ret.is_s2_format = false; | ||
| 22 | + ret.guarded = s1.guarded; | ||
| 23 | |||
| 24 | if (s1.attrs == 0xf0) { | ||
| 25 | tagged = true; | ||
| 26 | -- | ||
| 27 | 2.34.1 | diff view generated by jsdifflib |