[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 0da067: target/arm: Fix MTE access checks for
|
From: |
Peter Maydell |
|
Subject: |
[Qemu-commits] [qemu/qemu] 0da067: target/arm: Fix MTE access checks for disabled SEL2 |
|
Date: |
Sat, 02 Apr 2022 01:36:12 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 0da067f2a83c61efc6f1688d4379269420838b28
https://github.com/qemu/qemu/commit/0da067f2a83c61efc6f1688d4379269420838b28
Author: Idan Horowitz <idan.horowitz@gmail.com>
Date: 2022-04-01 (Fri, 01 Apr 2022)
Changed paths:
M target/arm/helper.c
M target/arm/internals.h
Log Message:
-----------
target/arm: Fix MTE access checks for disabled SEL2
While not mentioned anywhere in the actual specification text, the
HCR_EL2.ATA bit is treated as '1' when EL2 is disabled at the current
security state. This can be observed in the psuedo-code implementation
of AArch64.AllocationTagAccessIsEnabled().
Signed-off-by: Idan Horowitz <idan.horowitz@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220328173107.311267-1-idan.horowitz@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit: d3b2d191119ee3e6364e470b9579e6353d202e54
https://github.com/qemu/qemu/commit/d3b2d191119ee3e6364e470b9579e6353d202e54
Author: Idan Horowitz <idan.horowitz@gmail.com>
Date: 2022-04-01 (Fri, 01 Apr 2022)
Changed paths:
M target/arm/helper.c
Log Message:
-----------
target/arm: Check VSTCR.SW when assigning the stage 2 output PA space
As per the AArch64.SS2OutputPASpace() psuedo-code in the ARMv8 ARM when the
PA space of the IPA is non secure, the output PA space is secure if and only
if all of the bits VTCR.<NSW, NSA>, VSTCR.<SW, SA> are not set.
Signed-off-by: Idan Horowitz <idan.horowitz@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220327093427.1548629-2-idan.horowitz@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit: bcd7a8cf38b7e9769f741419bc56675cbddb42c6
https://github.com/qemu/qemu/commit/bcd7a8cf38b7e9769f741419bc56675cbddb42c6
Author: Idan Horowitz <idan.horowitz@gmail.com>
Date: 2022-04-01 (Fri, 01 Apr 2022)
Changed paths:
M target/arm/helper.c
Log Message:
-----------
target/arm: Take VSTCR.SW, VTCR.NSW into account in final stage 2 walk
As per the AArch64.SS2InitialTTWState() psuedo-code in the ARMv8 ARM the
initial PA space used for stage 2 table walks is assigned based on the SW
and NSW bits of the VSTCR and VTCR registers.
This was already implemented for the recursive stage 2 page table walks
in S1_ptw_translate(), but was missing for the final stage 2 walk.
Signed-off-by: Idan Horowitz <idan.horowitz@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220327093427.1548629-3-idan.horowitz@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit: 6c05a866cf732efce5745fabea409603a9f334d0
https://github.com/qemu/qemu/commit/6c05a866cf732efce5745fabea409603a9f334d0
Author: Idan Horowitz <idan.horowitz@gmail.com>
Date: 2022-04-01 (Fri, 01 Apr 2022)
Changed paths:
M target/arm/helper.c
Log Message:
-----------
target/arm: Determine final stage 2 output PA space based on original IPA
As per the AArch64.S2Walk() pseudo-code in the ARMv8 ARM, the final
decision as to the output address's PA space based on the SA/SW/NSA/NSW
bits needs to take the input IPA's PA space into account, and not the
PA space of the result of the stage 2 walk itself.
Signed-off-by: Idan Horowitz <idan.horowitz@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220327093427.1548629-4-idan.horowitz@gmail.com
[PMM: fixed commit message typo]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit: 034e050dbd96db61ec35a34abe11c6088b5af373
https://github.com/qemu/qemu/commit/034e050dbd96db61ec35a34abe11c6088b5af373
Author: Frederic Konrad <konrad@adacore.com>
Date: 2022-04-01 (Fri, 01 Apr 2022)
Changed paths:
M .mailmap
M MAINTAINERS
Log Message:
-----------
MAINTAINERS: change Fred Konrad's email address
frederic.konrad@adacore.com and konrad@adacore.com will stop working starting
2022-04-01.
Use my personal email instead.
Signed-off-by: Frederic Konrad <frederic.konrad@adacore.com>
Reviewed-by: Fabien Chouteau <chouteau@adacore.com <clg@kaod.org>>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 1648643217-15811-1-git-send-email-frederic.konrad@adacore.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit: a5b1e1ab662aa6dc42d5a913080fccbb8bf82e9b
https://github.com/qemu/qemu/commit/a5b1e1ab662aa6dc42d5a913080fccbb8bf82e9b
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2022-04-01 (Fri, 01 Apr 2022)
Changed paths:
M target/arm/translate-a64.c
Log Message:
-----------
target/arm: Don't use DISAS_NORETURN in STXP !HAVE_CMPXCHG128 codegen
In gen_store_exclusive(), if the host does not have a cmpxchg128
primitive then we generate bad code for STXP for storing two 64-bit
values. We generate a call to the exit_atomic helper, which never
returns, and set is_jmp to DISAS_NORETURN. However, this is
forgetting that we have already emitted a brcond that jumps over this
call for the case where we don't hold the exclusive. The effect is
that we don't generate any code to end the TB for the
exclusive-not-held execution path, which falls into the "exit with
TB_EXIT_REQUESTED" code that gen_tb_end() emits. This then causes an
assert at runtime when cpu_loop_exec_tb() sees an EXIT_REQUESTED TB
return that wasn't for an interrupt or icount.
In particular, you can hit this case when using the clang sanitizers
and trying to run the xlnx-versal-virt acceptance test in 'make
check-acceptance'. This bug was masked until commit 848126d11e93ff
("meson: move int128 checks from configure") because we used to set
CONFIG_CMPXCHG128=1 and avoid the buggy codepath, but after that we
do not.
Fix the bug by not setting is_jmp. The code after the exit_atomic
call up to the fail_label is dead, but TCG is smart enough to
eliminate it. We do need to set 'tmp' to some valid value, though
(in the same way the exit_atomic-using code in tcg/tcg-op.c does).
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/953
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220331150858.96348-1-peter.maydell@linaro.org
Commit: ea72ac9bc8fcb90405768412ebb9ff01d3b1a2bb
https://github.com/qemu/qemu/commit/ea72ac9bc8fcb90405768412ebb9ff01d3b1a2bb
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2022-04-01 (Fri, 01 Apr 2022)
Changed paths:
M .mailmap
M MAINTAINERS
M target/arm/helper.c
M target/arm/internals.h
M target/arm/translate-a64.c
Log Message:
-----------
Merge tag 'pull-target-arm-20220401' of
https://git.linaro.org/people/pmaydell/qemu-arm into staging
target-arm queue:
* target/arm: Fix some bugs in secure EL2 handling
* target/arm: Fix assert when !HAVE_CMPXCHG128
* MAINTAINERS: change Fred Konrad's email address
# gpg: Signature made Fri 01 Apr 2022 15:59:59 BST
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"
[ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* tag 'pull-target-arm-20220401' of
https://git.linaro.org/people/pmaydell/qemu-arm:
target/arm: Don't use DISAS_NORETURN in STXP !HAVE_CMPXCHG128 codegen
MAINTAINERS: change Fred Konrad's email address
target/arm: Determine final stage 2 output PA space based on original IPA
target/arm: Take VSTCR.SW, VTCR.NSW into account in final stage 2 walk
target/arm: Check VSTCR.SW when assigning the stage 2 output PA space
target/arm: Fix MTE access checks for disabled SEL2
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Compare: https://github.com/qemu/qemu/compare/697d18b1bd26...ea72ac9bc8fc