[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 77077a: arm: Fix SMC reporting to EL2 when QE
|
From: |
GitHub |
|
Subject: |
[Qemu-commits] [qemu/qemu] 77077a: arm: Fix SMC reporting to EL2 when QEMU provides P... |
|
Date: |
Fri, 06 Oct 2017 09:41:47 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 77077a83006c3c9bdca496727f1735a3c5c5355d
https://github.com/qemu/qemu/commit/77077a83006c3c9bdca496727f1735a3c5c5355d
Author: Jan Kiszka <address@hidden>
Date: 2017-10-06 (Fri, 06 Oct 2017)
Changed paths:
M target/arm/helper.c
M target/arm/op_helper.c
Log Message:
-----------
arm: Fix SMC reporting to EL2 when QEMU provides PSCI
This properly forwards SMC events to EL2 when PSCI is provided by QEMU
itself and, thus, ARM_FEATURE_EL3 is off.
Found and tested with the Jailhouse hypervisor. Solution based on
suggestions by Peter Maydell.
Signed-off-by: Jan Kiszka <address@hidden>
Message-id: address@hidden
Reviewed-by: Peter Maydell <address@hidden>
Signed-off-by: Peter Maydell <address@hidden>
Commit: 8573378e62d19e25a2434e23462ec99ef4d065ac
https://github.com/qemu/qemu/commit/8573378e62d19e25a2434e23462ec99ef4d065ac
Author: Michael Olbrich <address@hidden>
Date: 2017-10-06 (Fri, 06 Oct 2017)
Changed paths:
M hw/sd/sd.c
Log Message:
-----------
hw/sd: fix out-of-bounds check for multi block reads
The current code checks if the next block exceeds the size of the card.
This generates an error while reading the last block of the card.
Do the out-of-bounds check when starting to read a new block to fix this.
This issue became visible with increased error checking in Linux 4.13.
Cc: address@hidden
Signed-off-by: Michael Olbrich <address@hidden>
Reviewed-by: Alistair Francis <address@hidden>
Message-id: address@hidden
Signed-off-by: Peter Maydell <address@hidden>
Commit: d858914435a13982c3ea981bb24dee958b2ca7c4
https://github.com/qemu/qemu/commit/d858914435a13982c3ea981bb24dee958b2ca7c4
Author: Thomas Huth <address@hidden>
Date: 2017-10-06 (Fri, 06 Oct 2017)
Changed paths:
M hw/arm/xlnx-zynqmp.c
Log Message:
-----------
hw/arm/xlnx-zynqmp: Mark the "xlnx, zynqmp" device with user_creatable = false
The device uses serial_hds in its realize function and thus can't be
used twice. Apart from that, the comma in its name makes it quite hard
to use for the user anyway, since a comma is normally used to separate
the device name from its properties when using the "-device" parameter
or the "device_add" HMP command.
Signed-off-by: Thomas Huth <address@hidden>
Reviewed-by: Alistair Francis <address@hidden>
Message-id: address@hidden
Signed-off-by: Peter Maydell <address@hidden>
Commit: 8ff26a3344b6e6d1eeb00b4043232a5bdbc0ebf9
https://github.com/qemu/qemu/commit/8ff26a3344b6e6d1eeb00b4043232a5bdbc0ebf9
Author: Peter Maydell <address@hidden>
Date: 2017-10-06 (Fri, 06 Oct 2017)
Changed paths:
M hw/intc/armv7m_nvic.c
Log Message:
-----------
nvic: Clear the vector arrays and prigroup on reset
Reset for devices does not include an automatic clear of the
device state (unlike CPU state, where most of the state
structure is cleared to zero). Add some missing initialization
of NVIC state that meant that the device was left in the wrong
state if the guest did a warm reset.
(In particular, since we were resetting the computed state like
s->exception_prio but not all the state it was computed
from like s->vectors[x].active, the NVIC wound up in an
inconsistent state that could later trigger assertion failures.)
Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Message-id: address@hidden
Commit: 5b5223997c04b769bb362767cecb5f7ec382c5f0
https://github.com/qemu/qemu/commit/5b5223997c04b769bb362767cecb5f7ec382c5f0
Author: Peter Maydell <address@hidden>
Date: 2017-10-06 (Fri, 06 Oct 2017)
Changed paths:
M target/arm/helper.c
Log Message:
-----------
target/arm: Don't switch to target stack early in v7M exception return
Currently our M profile exception return code switches to the
target stack pointer relatively early in the process, before
it tries to pop the exception frame off the stack. This is
awkward for v8M for two reasons:
* in v8M the process vs main stack pointer is not selected
purely by the value of CONTROL.SPSEL, so updating SPSEL
and relying on that to switch to the right stack pointer
won't work
* the stack we should be reading the stack frame from and
the stack we will eventually switch to might not be the
same if the guest is doing strange things
Change our exception return code to use a 'frame pointer'
to read the exception frame rather than assuming that we
can switch the live stack pointer this early.
Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Message-id: address@hidden
Commit: de2db7ec894f11931932ca78cd14a8d2b1389d5b
https://github.com/qemu/qemu/commit/de2db7ec894f11931932ca78cd14a8d2b1389d5b
Author: Peter Maydell <address@hidden>
Date: 2017-10-06 (Fri, 06 Oct 2017)
Changed paths:
M hw/intc/armv7m_nvic.c
M target/arm/cpu.h
M target/arm/helper.c
Log Message:
-----------
target/arm: Prepare for CONTROL.SPSEL being nonzero in Handler mode
In the v7M architecture, there is an invariant that if the CPU is
in Handler mode then the CONTROL.SPSEL bit cannot be nonzero.
This in turn means that the current stack pointer is always
indicated by CONTROL.SPSEL, even though Handler mode always uses
the Main stack pointer.
In v8M, this invariant is removed, and CONTROL.SPSEL may now
be nonzero in Handler mode (though Handler mode still always
uses the Main stack pointer). In preparation for this change,
change how we handle this bit: rename switch_v7m_sp() to
the now more accurate write_v7m_control_spsel(), and make it
check both the handler mode state and the SPSEL bit.
Note that this implicitly changes the point at which we switch
active SP on exception exit from before we pop the exception
frame to after it.
Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Message-id: address@hidden
Commit: 3919e60b6efd9a86a0e6ba637aa584222855ac3a
https://github.com/qemu/qemu/commit/3919e60b6efd9a86a0e6ba637aa584222855ac3a
Author: Peter Maydell <address@hidden>
Date: 2017-10-06 (Fri, 06 Oct 2017)
Changed paths:
M target/arm/helper.c
Log Message:
-----------
target/arm: Restore security state on exception return
Now that we can handle the CONTROL.SPSEL bit not necessarily being
in sync with the current stack pointer, we can restore the correct
security state on exception return. This happens before we start
to read registers off the stack frame, but after we have taken
possible usage faults for bad exception return magic values and
updated CONTROL.SPSEL.
Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Message-id: address@hidden
Commit: 3f0cddeee1f266d43c956581f3050058360a810d
https://github.com/qemu/qemu/commit/3f0cddeee1f266d43c956581f3050058360a810d
Author: Peter Maydell <address@hidden>
Date: 2017-10-06 (Fri, 06 Oct 2017)
Changed paths:
M target/arm/helper.c
Log Message:
-----------
target/arm: Restore SPSEL to correct CONTROL register on exception return
On exception return for v8M, the SPSEL bit in the EXC_RETURN magic
value should be restored to the SPSEL bit in the CONTROL register
banked specified by the EXC_RETURN.ES bit.
Add write_v7m_control_spsel_for_secstate() which behaves like
write_v7m_control_spsel() but allows the caller to specify which
CONTROL bank to use, reimplement write_v7m_control_spsel() in
terms of it, and use it in exception return.
Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Message-id: address@hidden
Commit: 224e0c300a0098fb577a03bd29d774d0769f632a
https://github.com/qemu/qemu/commit/224e0c300a0098fb577a03bd29d774d0769f632a
Author: Peter Maydell <address@hidden>
Date: 2017-10-06 (Fri, 06 Oct 2017)
Changed paths:
M target/arm/helper.c
Log Message:
-----------
target/arm: Check for xPSR mismatch usage faults earlier for v8M
ARM v8M specifies that the INVPC usage fault for mismatched
xPSR exception field and handler mode bit should be checked
before updating the PSR and SP, so that the fault is taken
with the existing stack frame rather than by pushing a new one.
Perform this check in the right place for v8M.
Since v7M specifies in its pseudocode that this usage fault
check should happen later, we have to retain the original
code for that check rather than being able to merge the two.
(The distinction is architecturally visible but only in
very obscure corner cases like attempting an invalid exception
return with an exception frame in read only memory.)
Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Message-id: address@hidden
Commit: cb484f9a6e790205e69d9a444c3e353a3a1cfd84
https://github.com/qemu/qemu/commit/cb484f9a6e790205e69d9a444c3e353a3a1cfd84
Author: Peter Maydell <address@hidden>
Date: 2017-10-06 (Fri, 06 Oct 2017)
Changed paths:
M target/arm/helper.c
Log Message:
-----------
target/arm: Warn about restoring to unaligned stack
Attempting to do an exception return with an exception frame that
is not 8-aligned is UNPREDICTABLE in v8M; warn about this.
(It is not UNPREDICTABLE in v7M, and our implementation can
handle the merely-4-aligned case fine, so we don't need to
do anything except warn.)
Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Message-id: address@hidden
Commit: 4e4259d3c574a8e89c3af27bcb84bc19a442efb1
https://github.com/qemu/qemu/commit/4e4259d3c574a8e89c3af27bcb84bc19a442efb1
Author: Peter Maydell <address@hidden>
Date: 2017-10-06 (Fri, 06 Oct 2017)
Changed paths:
M target/arm/helper.c
Log Message:
-----------
target/arm: Don't warn about exception return with PC low bit set for v8M
In the v8M architecture, return from an exception to a PC which
has bit 0 set is not UNPREDICTABLE; it is defined that bit 0
is discarded [R_HRJH]. Restrict our complaint about this to v7M.
Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Message-id: address@hidden
Commit: bed079da04dd9e0e249b9bc22bca8dce58b67f40
https://github.com/qemu/qemu/commit/bed079da04dd9e0e249b9bc22bca8dce58b67f40
Author: Peter Maydell <address@hidden>
Date: 2017-10-06 (Fri, 06 Oct 2017)
Changed paths:
M hw/intc/armv7m_nvic.c
M target/arm/cpu.h
M target/arm/machine.c
Log Message:
-----------
target/arm: Add new-in-v8M SFSR and SFAR
Add the new M profile Secure Fault Status Register
and Secure Fault Address Register.
Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Message-id: address@hidden
Commit: bfb2eb52788b9605ef2fc9bc72683d4299117fde
https://github.com/qemu/qemu/commit/bfb2eb52788b9605ef2fc9bc72683d4299117fde
Author: Peter Maydell <address@hidden>
Date: 2017-10-06 (Fri, 06 Oct 2017)
Changed paths:
M target/arm/helper.c
Log Message:
-----------
target/arm: Update excret sanity checks for v8M
In v8M, more bits are defined in the exception-return magic
values; update the code that checks these so we accept
the v8M values when the CPU permits them.
Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Message-id: address@hidden
Commit: 907bedb3f3ce134c149599bd9cb61856d811b8ca
https://github.com/qemu/qemu/commit/907bedb3f3ce134c149599bd9cb61856d811b8ca
Author: Peter Maydell <address@hidden>
Date: 2017-10-06 (Fri, 06 Oct 2017)
Changed paths:
M target/arm/helper.c
Log Message:
-----------
target/arm: Add support for restoring v8M additional state context
For v8M, exceptions from Secure to Non-Secure state will save
callee-saved registers to the exception frame as well as the
caller-saved registers. Add support for unstacking these
registers in exception exit when necessary.
Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Message-id: address@hidden
Commit: d3392718e1fcf0859fb7c0774a8e946bacb8419c
https://github.com/qemu/qemu/commit/d3392718e1fcf0859fb7c0774a8e946bacb8419c
Author: Peter Maydell <address@hidden>
Date: 2017-10-06 (Fri, 06 Oct 2017)
Changed paths:
M target/arm/helper.c
Log Message:
-----------
target/arm: Add v8M support to exception entry code
Add support for v8M and in particular the security extension
to the exception entry code. This requires changes to:
* calculation of the exception-return magic LR value
* push the callee-saves registers in certain cases
* clear registers when taking non-secure exceptions to avoid
leaking information from the interrupted secure code
* switch to the correct security state on entry
* use the vector table for the security state we're targeting
Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Message-id: address@hidden
Commit: 9901c576f6c02d43206e5faaf6e362ab7ea83246
https://github.com/qemu/qemu/commit/9901c576f6c02d43206e5faaf6e362ab7ea83246
Author: Peter Maydell <address@hidden>
Date: 2017-10-06 (Fri, 06 Oct 2017)
Changed paths:
M hw/intc/armv7m_nvic.c
M target/arm/cpu.c
M target/arm/cpu.h
M target/arm/machine.c
Log Message:
-----------
nvic: Implement Security Attribution Unit registers
Implement the register interface for the SAU: SAU_CTRL,
SAU_TYPE, SAU_RNR, SAU_RBAR and SAU_RLAR. None of the
actual behaviour is implemented here; registers just
read back as written.
When the CPU definition for Cortex-M33 is eventually
added, its initfn will set cpu->sau_sregion, in the same
way that we currently set cpu->pmsav7_dregion for the
M3 and M4.
Number of SAU regions is typically a configurable
CPU parameter, but this patch doesn't provide a
QEMU CPU property for it. We can easily add one when
we have a board that requires it.
Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Message-id: address@hidden
Commit: 35337cc391245f251bfb9134f181c33e6375d6c1
https://github.com/qemu/qemu/commit/35337cc391245f251bfb9134f181c33e6375d6c1
Author: Peter Maydell <address@hidden>
Date: 2017-10-06 (Fri, 06 Oct 2017)
Changed paths:
M target/arm/helper.c
M target/arm/internals.h
Log Message:
-----------
target/arm: Implement security attribute lookups for memory accesses
Implement the security attribute lookups for memory accesses
in the get_phys_addr() functions, causing these to generate
various kinds of SecureFault for bad accesses.
The major subtlety in this code relates to handling of the
case when the security attributes the SAU assigns to the
address don't match the current security state of the CPU.
In the ARM ARM pseudocode for validating instruction
accesses, the security attributes of the address determine
whether the Secure or NonSecure MPU state is used. At face
value, handling this would require us to encode the relevant
bits of state into mmu_idx for both S and NS at once, which
would result in our needing 16 mmu indexes. Fortunately we
don't actually need to do this because a mismatch between
address attributes and CPU state means either:
* some kind of fault (usually a SecureFault, but in theory
perhaps a UserFault for unaligned access to Device memory)
* execution of the SG instruction in NS state from a
Secure & NonSecure code region
The purpose of SG is simply to flip the CPU into Secure
state, so we can handle it by emulating execution of that
instruction directly in arm_v7m_cpu_do_interrupt(), which
means we can treat all the mismatch cases as "throw an
exception" and we don't need to encode the state of the
other MPU bank into our mmu_idx values.
This commit doesn't include the actual emulation of SG;
it also doesn't include implementation of the IDAU, which
is a per-board way to specify hard-coded memory attributes
for addresses, which override the CPU-internal SAU if they
specify a more secure setting than the SAU is programmed to.
Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Message-id: address@hidden
Commit: fe768788d29597ee56fc11ba2279d502c2617457
https://github.com/qemu/qemu/commit/fe768788d29597ee56fc11ba2279d502c2617457
Author: Peter Maydell <address@hidden>
Date: 2017-10-06 (Fri, 06 Oct 2017)
Changed paths:
M target/arm/cpu.h
Log Message:
-----------
target/arm: Fix calculation of secure mm_idx values
In cpu_mmu_index() we try to do this:
if (env->v7m.secure) {
mmu_idx += ARMMMUIdx_MSUser;
}
but it will give the wrong answer, because ARMMMUIdx_MSUser
includes the 0x40 ARM_MMU_IDX_M field, and so does the
mmu_idx we're adding to, and we'll end up with 0x8n rather
than 0x4n. This error is then nullified by the call to
arm_to_core_mmu_idx() which masks out the high part, but
we're about to factor out the code that calculates the
ARMMMUIdx values so it can be used without passing it through
arm_to_core_mmu_idx(), so fix this bug first.
Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Message-id: address@hidden
Commit: b81ac0eb6315e602b18439961e0538538e4aed4f
https://github.com/qemu/qemu/commit/b81ac0eb6315e602b18439961e0538538e4aed4f
Author: Peter Maydell <address@hidden>
Date: 2017-10-06 (Fri, 06 Oct 2017)
Changed paths:
M target/arm/cpu.h
Log Message:
-----------
target/arm: Factor out "get mmuidx for specified security state"
For the SG instruction and secure function return we are going
to want to do memory accesses using the MMU index of the CPU
in secure state, even though the CPU is currently in non-secure
state. Write arm_v7m_mmu_idx_for_secstate() to do this job,
and use it in cpu_mmu_index().
Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Message-id: address@hidden
Commit: 04829ce334bece78d4fa1d0fdbc8bc27dae9b242
https://github.com/qemu/qemu/commit/04829ce334bece78d4fa1d0fdbc8bc27dae9b242
Author: Peter Maydell <address@hidden>
Date: 2017-10-06 (Fri, 06 Oct 2017)
Changed paths:
M hw/intc/armv7m_nvic.c
Log Message:
-----------
nvic: Add missing code for writing SHCSR.HARDFAULTPENDED bit
When we added support for the new SHCSR bits in v8M in commit
437d59c17e9 the code to support writing to the new HARDFAULTPENDED
bit was accidentally only added for non-secure writes; the
secure banked version of the bit should also be writable.
Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Message-id: address@hidden
Commit: 5121d81e387bba17496f5908d43fd623a946c645
https://github.com/qemu/qemu/commit/5121d81e387bba17496f5908d43fd623a946c645
Author: Peter Maydell <address@hidden>
Date: 2017-10-06 (Fri, 06 Oct 2017)
Changed paths:
M hw/arm/xlnx-zynqmp.c
M hw/intc/armv7m_nvic.c
M hw/sd/sd.c
M target/arm/cpu.c
M target/arm/cpu.h
M target/arm/helper.c
M target/arm/internals.h
M target/arm/machine.c
M target/arm/op_helper.c
Log Message:
-----------
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20171006'
into staging
target-arm:
* v8M: more preparatory work
* nvic: reset properly rather than leaving the nvic in a weird state
* xlnx-zynqmp: Mark the "xlnx, zynqmp" device with user_creatable = false
* sd: fix out-of-bounds check for multi block reads
* arm: Fix SMC reporting to EL2 when QEMU provides PSCI
# gpg: Signature made Fri 06 Oct 2017 16:58:15 BST
# gpg: using RSA key 0x3C2525ED14360CDE
# gpg: Good signature from "Peter Maydell <address@hidden>"
# gpg: aka "Peter Maydell <address@hidden>"
# gpg: aka "Peter Maydell <address@hidden>"
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* remotes/pmaydell/tags/pull-target-arm-20171006:
nvic: Add missing code for writing SHCSR.HARDFAULTPENDED bit
target/arm: Factor out "get mmuidx for specified security state"
target/arm: Fix calculation of secure mm_idx values
target/arm: Implement security attribute lookups for memory accesses
nvic: Implement Security Attribution Unit registers
target/arm: Add v8M support to exception entry code
target/arm: Add support for restoring v8M additional state context
target/arm: Update excret sanity checks for v8M
target/arm: Add new-in-v8M SFSR and SFAR
target/arm: Don't warn about exception return with PC low bit set for v8M
target/arm: Warn about restoring to unaligned stack
target/arm: Check for xPSR mismatch usage faults earlier for v8M
target/arm: Restore SPSEL to correct CONTROL register on exception return
target/arm: Restore security state on exception return
target/arm: Prepare for CONTROL.SPSEL being nonzero in Handler mode
target/arm: Don't switch to target stack early in v7M exception return
nvic: Clear the vector arrays and prigroup on reset
hw/arm/xlnx-zynqmp: Mark the "xlnx, zynqmp" device with user_creatable = false
hw/sd: fix out-of-bounds check for multi block reads
arm: Fix SMC reporting to EL2 when QEMU provides PSCI
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/a26a98dfb9d4...5121d81e387b
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] 77077a: arm: Fix SMC reporting to EL2 when QEMU provides P...,
GitHub <=