[PULL for-6.2 0/1] target-arm queue
[PULL 0/2] target-arm queue
1
Last minute pullreq with one patch, fixing the GICv3 ICH_MISR_EL2.LRENP
1
This bug seemed worth fixing for 8.0 since we need an rc4 anyway:
2
calculation. I went back-and-forth on whether to put this in, but:
2
we were using uninitialized data for the guarded bit when
3
* it's an effective regression from 6.1 (the bug itself has been
3
combining stage 1 and stage 2 attrs.
4
present since before then, but it was previously masked by the
5
other bug which we fixed in 9cee1efe92)
6
* I just realized it could cause a screaming maintenance interrupt
7
even for hypervisors like KVM that don't set LRENPIE
8
4
9
On the other hand this is very late and we haven't seen it be a
5
thanks
10
problem with any guest except Qualcomm's hypervisor. So if you want
11
to decide it's better not going in that's OK too.
12
13
Tested on the gitlab CI and with a local test of nested KVM.
14
15
-- PMM
6
-- PMM
16
7
17
The following changes since commit 7635eff97104242d618400e4b6746d0a5c97af82:
8
The following changes since commit 08dede07030973c1053868bc64de7e10bfa02ad6:
18
9
19
Merge tag 'block-pull-request' of https://gitlab.com/stefanha/qemu into staging (2021-12-06 11:18:06 -0800)
10
Merge tag 'pull-ppc-20230409' of https://github.com/legoater/qemu into staging (2023-04-10 11:47:52 +0100)
20
11
21
are available in the Git repository at:
12
are available in the Git repository at:
22
13
23
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20211207
14
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230410
24
15
25
for you to fetch changes up to 2958e5150dfa297dd5a51fe57a29156b8744f07f:
16
for you to fetch changes up to 8539dc00552e8ea60420856fc1262c8299bc6308:
26
17
27
gicv3: fix ICH_MISR's LRENP computation (2021-12-07 15:30:08 +0000)
18
target/arm: Copy guarded bit in combine_cacheattrs (2023-04-10 14:31:40 +0100)
28
19
29
----------------------------------------------------------------
20
----------------------------------------------------------------
30
target-arm queue:
21
target-arm: Fix bug where we weren't initializing
31
* Fix calculation of ICH_MISR_EL2.LRENP to avoid incorrect generation
22
guarded bit state when combining S1/S2 attrs
32
of maintenance interrupts
33
23
34
----------------------------------------------------------------
24
----------------------------------------------------------------
35
Damien Hedde (1):
25
Richard Henderson (2):
36
gicv3: fix ICH_MISR's LRENP computation
26
target/arm: PTE bit GP only applies to stage1
27
target/arm: Copy guarded bit in combine_cacheattrs
37
28
38
hw/intc/arm_gicv3_cpuif.c | 3 ++-
29
target/arm/ptw.c | 11 ++++++-----
39
1 file changed, 2 insertions(+), 1 deletion(-)
30
1 file changed, 6 insertions(+), 5 deletions(-)
40
diff view generated by jsdifflib
[PULL 1/1] gicv3: fix ICH_MISR's LRENP computation
[PULL 1/2] target/arm: PTE bit GP only applies to stage1
1
From: Damien Hedde <damien.hedde@greensocs.com>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
According to the "Arm Generic Interrupt Controller Architecture
3
Only perform the extract of GP during the stage1 walk.
4
Specification GIC architecture version 3 and 4" (version G: page 345
5
for aarch64 or 509 for aarch32):
6
LRENP bit of ICH_MISR is set when ICH_HCR.LRENPIE==1 and
7
ICH_HCR.EOIcount is non-zero.
8
4
9
When only LRENPIE was set (and EOI count was zero), the LRENP bit was
5
Reported-by: Peter Maydell <peter.maydell@linaro.org>
10
wrongly set and MISR value was wrong.
6
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
11
12
As an additional consequence, if an hypervisor set ICH_HCR.LRENPIE,
13
the maintenance interrupt was constantly fired. It happens since patch
14
9cee1efe92 ("hw/intc: Set GIC maintenance interrupt level to only 0 or 1")
15
which fixed another bug about maintenance interrupt (most significant
16
bits of misr, including this one, were ignored in the interrupt trigger).
17
18
Fixes: 83f036fe3d ("hw/intc/arm_gicv3: Add accessors for ICH_ system registers")
19
Signed-off-by: Damien Hedde <damien.hedde@greensocs.com>
20
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
21
Message-id: 20211207094427.3473-1-damien.hedde@greensocs.com
8
Message-id: 20230407185149.3253946-2-richard.henderson@linaro.org
22
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23
---
10
---
24
hw/intc/arm_gicv3_cpuif.c | 3 ++-
11
target/arm/ptw.c | 10 +++++-----
25
1 file changed, 2 insertions(+), 1 deletion(-)
12
1 file changed, 5 insertions(+), 5 deletions(-)
26
13
27
diff --git a/hw/intc/arm_gicv3_cpuif.c b/hw/intc/arm_gicv3_cpuif.c
14
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
28
index XXXXXXX..XXXXXXX 100644
15
index XXXXXXX..XXXXXXX 100644
29
--- a/hw/intc/arm_gicv3_cpuif.c
16
--- a/target/arm/ptw.c
30
+++ b/hw/intc/arm_gicv3_cpuif.c
17
+++ b/target/arm/ptw.c
31
@@ -XXX,XX +XXX,XX @@ static uint32_t maintenance_interrupt_state(GICv3CPUState *cs)
18
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
32
/* Scan list registers and fill in the U, NP and EOI bits */
19
result->f.attrs.secure = false;
33
eoi_maintenance_interrupt_state(cs, &value);
34
35
- if (cs->ich_hcr_el2 & (ICH_HCR_EL2_LRENPIE | ICH_HCR_EL2_EOICOUNT_MASK)) {
36
+ if ((cs->ich_hcr_el2 & ICH_HCR_EL2_LRENPIE) &&
37
+ (cs->ich_hcr_el2 & ICH_HCR_EL2_EOICOUNT_MASK)) {
38
value |= ICH_MISR_EL2_LRENP;
39
}
20
}
40
21
22
- /* When in aarch64 mode, and BTI is enabled, remember GP in the TLB. */
23
- if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) {
24
- result->f.guarded = extract64(attrs, 50, 1); /* GP */
25
- }
26
-
27
if (regime_is_stage2(mmu_idx)) {
28
result->cacheattrs.is_s2_format = true;
29
result->cacheattrs.attrs = extract32(attrs, 2, 4);
30
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
31
assert(attrindx <= 7);
32
result->cacheattrs.is_s2_format = false;
33
result->cacheattrs.attrs = extract64(mair, attrindx * 8, 8);
34
+
35
+ /* When in aarch64 mode, and BTI is enabled, remember GP in the TLB. */
36
+ if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) {
37
+ result->f.guarded = extract64(attrs, 50, 1); /* GP */
38
+ }
39
}
40
41
/*
41
--
42
--
42
2.25.1
43
2.34.1
43
44
diff view generated by jsdifflib
New patch
[PULL 2/2] target/arm: Copy guarded bit in combine_cacheattrs
1
From: Richard Henderson <richard.henderson@linaro.org>
1
2
3
The guarded bit comes from the stage1 walk.
4
5
Fixes: Coverity CID 1507929
6
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
7
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
8
Message-id: 20230407185149.3253946-3-richard.henderson@linaro.org
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
11
target/arm/ptw.c | 1 +
12
1 file changed, 1 insertion(+)
13
14
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
15
index XXXXXXX..XXXXXXX 100644
16
--- a/target/arm/ptw.c
17
+++ b/target/arm/ptw.c
18
@@ -XXX,XX +XXX,XX @@ static ARMCacheAttrs combine_cacheattrs(uint64_t hcr,
19
20
assert(!s1.is_s2_format);
21
ret.is_s2_format = false;
22
+ ret.guarded = s1.guarded;
23
24
if (s1.attrs == 0xf0) {
25
tagged = true;
26
--
27
2.34.1
diff view generated by jsdifflib

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.