qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [Bug 1817846] [NEW] Qemu 3.1 Aarch64 TLBI VAE1, x0

From: RTOS Pharos
Subject: [Qemu-devel] [Bug 1817846] [NEW] Qemu 3.1 Aarch64 TLBI VAE1, x0
Date: Wed, 27 Feb 2019 07:59:01 -0000 
Public bug reported:

Hello,

In my code I'm trying to remove some permissions to a 4KiB MMU
descriptor. After that I invalidate the MMU with

TLBI VAE1, x0

where x0 is the start of the address of the 4 KiB page.

In Qemu 2.12 this did not work, but I worked around it with:


    /* invalidate the address */
    TLBI VAE1, x0


    /*****************************************************************/
    /*****************************************************************/
    /* NOTE: THIS IS A TRICK FOR QEMU!!!!!!!!!!!!                               
                                */
    /* Apparently we have to change the TTBR0_EL1 when we change a descriptor 
(especially to remove permissions) */
    /* Otherwise qemu (2.12) will continue with the same descriptor with 
permissions!                          **/
   /*****************************************************************/
   /*****************************************************************/
     
    /* do a trick (in qemu) */
    mrs     x1 , TTBR0_EL1

    ldr     x2 , =kernelTable0Table

    msr     TTBR0_EL1 , x2

    isb

    msr     TTBR0_EL1 , x1

    /* return from function */
    ret


That is, I just replaced the TTBR0_EL1 with a temporary value, and then 
restored it. (guess qemu 2.12 just needed to reload the values again).

However, even this procedure is not working with qemu 3.1. (I just
tested again with qemu 2.12 and the code works fine, with qemu 3.1 it
does not).

Thanks,
Pharos team

** Affects: qemu
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1817846

Title:
  Qemu 3.1 Aarch64 TLBI VAE1, x0

Status in QEMU:
  New

Bug description:
  Hello,

  In my code I'm trying to remove some permissions to a 4KiB MMU
  descriptor. After that I invalidate the MMU with

  TLBI VAE1, x0

  where x0 is the start of the address of the 4 KiB page.

  In Qemu 2.12 this did not work, but I worked around it with:

  
      /* invalidate the address */
      TLBI VAE1, x0

  
      /*****************************************************************/
      /*****************************************************************/
      /* NOTE: THIS IS A TRICK FOR QEMU!!!!!!!!!!!!                             
                                  */
      /* Apparently we have to change the TTBR0_EL1 when we change a descriptor 
(especially to remove permissions) */
      /* Otherwise qemu (2.12) will continue with the same descriptor with 
permissions!                          **/
     /*****************************************************************/
     /*****************************************************************/
       
      /* do a trick (in qemu) */
      mrs     x1 , TTBR0_EL1

      ldr     x2 , =kernelTable0Table

      msr     TTBR0_EL1 , x2

      isb

      msr     TTBR0_EL1 , x1

      /* return from function */
      ret

  
  That is, I just replaced the TTBR0_EL1 with a temporary value, and then 
restored it. (guess qemu 2.12 just needed to reload the values again).

  However, even this procedure is not working with qemu 3.1. (I just
  tested again with qemu 2.12 and the code works fine, with qemu 3.1 it
  does not).

  Thanks,
  Pharos team

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1817846/+subscriptions
reply via email to
[Prev in Thread] Current Thread [Next in Thread]