From nobody Mon Nov 25 10:27:04 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1716478570; cv=none; d=zohomail.com; s=zohoarc; b=LgOIj1HeoSDuYIyAhlK9MyKRFey1lU7wB7iAPmLOfFDkVH02DE9tSQ66DpoSKItAf9lGkLWXIJyFbyqWPV+cBRyuHSJ0Meru4caNhQG8rwWWwOW9W6ToWKkubSqz+ovXcTShmW493cLEdPzRF6GSKcuq9WaH2JZRfkgbDJSPqh4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1716478570; h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To:Cc; bh=cix61aPqu8KvNLcJRTXQi8LmaQzXhkWR11FG/+cNvi0=; b=gupr1fhuby2V4G1yGsboCN8d+xRvLlFVz9zH8wSYpBbm4JCjl45Ieqyr1cjNVEpHAoh/0wkEqwWdLNKaRwN5SKlQSGiG4W6TeYE7RlSzQRe5Bo/8LoNfGGDpCLNqMDiWBuzC7JI/wKU8d33cxoWIQoP3PE5u4gNgGuXzIFtTNr0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1716478570296324.89813721388987; Thu, 23 May 2024 08:36:10 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sAATU-0007l1-BQ; Thu, 23 May 2024 11:35:24 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sAATJ-0007kI-Na for qemu-devel@nongnu.org; Thu, 23 May 2024 11:35:13 -0400 Received: from mail-wr1-x432.google.com ([2a00:1450:4864:20::432]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sAATG-0002SE-VW for qemu-devel@nongnu.org; Thu, 23 May 2024 11:35:13 -0400 Received: by mail-wr1-x432.google.com with SMTP id ffacd0b85a97d-34d8d11a523so4396205f8f.2 for ; Thu, 23 May 2024 08:35:10 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-354df9b51f7sm3888255f8f.59.2024.05.23.08.35.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 May 2024 08:35:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1716478509; x=1717083309; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=cix61aPqu8KvNLcJRTXQi8LmaQzXhkWR11FG/+cNvi0=; b=ziknbGrukqmCc06aXFV4uOjnuZtEzOYh5dnflB4mWEyZEJeDYqYR0ya/lH5O6kJ8so hhqGfE0S8np11DXw1r0kLJJJRWlPniHtydkgdeNxVVKdyfyjMOjQfYSCQOuZu9YZ2D5x VBNXzG/eK14Pbwp0lKxoNhBjpHiSHy5/wBon6I4IRUSoHnx7jb6vWGQmTfkBGTo5BMDY JfNNYMLVFWMcHbTdjgby462f56KSKz0uoKRKbkUwYmdIxZIEpGXBp4Et31HCRwnh8KK8 3RLHfnezGD8DkdhKYPgD/aSk9UWxpojZopZbBoAobs/9xMjnDmq4FHiYWD0Gr1LA40j8 eJFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716478509; x=1717083309; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=cix61aPqu8KvNLcJRTXQi8LmaQzXhkWR11FG/+cNvi0=; b=w2f+vhVQoBLaxHkPjHJWyP1EcD+utt0xMLba67uK/m57Tze+inzFiYheOUUkh8mD7+ OW3XaUvnDoRvzYUmjGhoZqbZnDV0IGwsanytsHKswaiMi24huTvVgq0zfm+mhNo93yr0 BgplaMMX9uETsVG765K/pUjThit95xG/JHtEnJGysXfP6gWa04AmyxcCJmGKkwKVuuP/ BNe7cZy5wnJsul7Hglnq49ByilGqHjOYcfbt3zwZENP7gBJIrajiwiL535bkTMREcsF9 AUSgjy/100G/ah6RTb5iUQq8d5nT4bt5N/6Flx4mVzO4SQoZvzjVAsiIO8jaLNC0q8Xh /CZQ== X-Gm-Message-State: AOJu0Yxft+Fywjr+x7rLTL7AIM4XwSjBuw33agk/9kZLJ7Rvq6gaguov WdC7MtmszAs8NtYRqEs7fiZGcHad2yaIsTim5RwTwgw7KfNz210ruQaYqxBsB88lBK5V5WlGz2y N X-Google-Smtp-Source: AGHT+IGfiIBBp2poKxJPjelqv0TZM1AYJFAFjkIkASI94qmoRGpMq5s6F1xFFWwySL0M1XAdtsCaWQ== X-Received: by 2002:adf:f04c:0:b0:352:e4d5:5e12 with SMTP id ffacd0b85a97d-354d8cdd4d9mr4059736f8f.20.1716478509483; Thu, 23 May 2024 08:35:09 -0700 (PDT) From: Peter Maydell To: qemu-devel@nongnu.org Subject: [PULL 05/37] hw/intc/arm_gic: Fix handling of NS view of GICC_APR Date: Thu, 23 May 2024 16:34:33 +0100 Message-Id: <20240523153505.2900433-6-peter.maydell@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240523153505.2900433-1-peter.maydell@linaro.org> References: <20240523153505.2900433-1-peter.maydell@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::432; envelope-from=peter.maydell@linaro.org; helo=mail-wr1-x432.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @linaro.org) X-ZM-MESSAGEID: 1716478572171100003 From: Andrey Shumilin In gic_cpu_read() and gic_cpu_write(), we delegate the handling of reading and writing the Non-Secure view of the GICC_APR registers to functions gic_apr_ns_view() and gic_apr_write_ns_view(). Unfortunately we got the order of the arguments wrong, swapping the CPU number and the register number (which the compiler doesn't catch because they're both integers). Most guests probably didn't notice this bug because directly accessing the APR registers is typically something only done by firmware when it is doing state save for going into a sleep mode. Correct the mismatched call arguments. Found by Linux Verification Center (linuxtesting.org) with SVACE. Cc: qemu-stable@nongnu.org Fixes: 51fd06e0ee ("hw/intc/arm_gic: Fix handling of GICC_APR, GICC_NSAP= R registers") Signed-off-by: Andrey Shumilin [PMM: Rewrote commit message] Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Alex Benn=C3=A9e --- hw/intc/arm_gic.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c index 074cf50af25..e4b8437f8b8 100644 --- a/hw/intc/arm_gic.c +++ b/hw/intc/arm_gic.c @@ -1658,7 +1658,7 @@ static MemTxResult gic_cpu_read(GICState *s, int cpu,= int offset, *data =3D s->h_apr[gic_get_vcpu_real_id(cpu)]; } else if (gic_cpu_ns_access(s, cpu, attrs)) { /* NS view of GICC_APR is the top half of GIC_NSAPR */ - *data =3D gic_apr_ns_view(s, regno, cpu); + *data =3D gic_apr_ns_view(s, cpu, regno); } else { *data =3D s->apr[regno][cpu]; } @@ -1746,7 +1746,7 @@ static MemTxResult gic_cpu_write(GICState *s, int cpu= , int offset, s->h_apr[gic_get_vcpu_real_id(cpu)] =3D value; } else if (gic_cpu_ns_access(s, cpu, attrs)) { /* NS view of GICC_APR is the top half of GIC_NSAPR */ - gic_apr_write_ns_view(s, regno, cpu, value); + gic_apr_write_ns_view(s, cpu, regno, value); } else { s->apr[regno][cpu] =3D value; } --=20 2.34.1