[Qemu-devel] [Bug 1349277] [NEW] AArch64 emulation ignores SPSel=0 when taking (or returning from) an exception at EL1 or greater

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [Qemu-devel] [Bug 1349277] [NEW] AArch64 emulation ignores SPSel=0 when taking (or returning from) an exception at EL1 or greater
@ 2014-07-28  7:40 T McIntosh
  2014-07-30  5:24 ` Edgar E. Iglesias
                   ` (7 more replies)
  0 siblings, 8 replies; 9+ messages in thread
From: T McIntosh @ 2014-07-28  7:40 UTC (permalink / raw)
  To: qemu-devel

Public bug reported:

The AArch64 emulation ignores SPSel=0 when:

(1) taking an interrupt from an exception level greater than EL0 (e.g.,
EL1t),

(2) returning from an exception (via ERET) to an exception level greater
than EL0 (e.g., EL1t), with SPSR_ELx[SPSel]=0.

The attached patch fixes the problem in my application.

Background:

I'm running a standalone application (toy OS) that is performing
preemptive multithreading between threads running at EL1t, with
exception handling / context switching occurring at EL1h.  This bug
causes the stack pointer to be corrupted in the threads running at EL1t
(they end up with a version of the EL1h stack pointer (SP_EL1)).

Occurs in:
	qemu-2.1.0-rc1 (found in)
	commit c60a57ff497667780132a3fcdc1500c83af5d5c0 (current master)

** Affects: qemu
     Importance: Undecided
         Status: New

** Patch added: "Proposed fix"
   https://bugs.launchpad.net/bugs/1349277/+attachment/4164169/+files/qemu-aarch64-spsel-fix.patch

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1349277

Title:
  AArch64 emulation ignores SPSel=0 when taking (or returning from) an
  exception at EL1 or greater

Status in QEMU:
  New

Bug description:
  The AArch64 emulation ignores SPSel=0 when:

  (1) taking an interrupt from an exception level greater than EL0
  (e.g., EL1t),

  (2) returning from an exception (via ERET) to an exception level
  greater than EL0 (e.g., EL1t), with SPSR_ELx[SPSel]=0.

  The attached patch fixes the problem in my application.

  Background:

  I'm running a standalone application (toy OS) that is performing
  preemptive multithreading between threads running at EL1t, with
  exception handling / context switching occurring at EL1h.  This bug
  causes the stack pointer to be corrupted in the threads running at
  EL1t (they end up with a version of the EL1h stack pointer (SP_EL1)).

  Occurs in:
  	qemu-2.1.0-rc1 (found in)
  	commit c60a57ff497667780132a3fcdc1500c83af5d5c0 (current master)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1349277/+subscriptions

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [Qemu-devel] [Bug 1349277] [NEW] AArch64 emulation ignores SPSel=0 when taking (or returning from) an exception at EL1 or greater
  2014-07-28  7:40 [Qemu-devel] [Bug 1349277] [NEW] AArch64 emulation ignores SPSel=0 when taking (or returning from) an exception at EL1 or greater T McIntosh
@ 2014-07-30  5:24 ` Edgar E. Iglesias
  2014-12-04 19:02 ` [Qemu-devel] [Bug 1349277] " Andy Whitcroft
                   ` (6 subsequent siblings)
  7 siblings, 0 replies; 9+ messages in thread
From: Edgar E. Iglesias @ 2014-07-30  5:24 UTC (permalink / raw)
  To: Bug 1349277; +Cc: qemu-devel

On Mon, Jul 28, 2014 at 07:40:56AM -0000, T McIntosh wrote:
> Public bug reported:
> 
> The AArch64 emulation ignores SPSel=0 when:
> 
> (1) taking an interrupt from an exception level greater than EL0 (e.g.,
> EL1t),
> 
> (2) returning from an exception (via ERET) to an exception level greater
> than EL0 (e.g., EL1t), with SPSR_ELx[SPSel]=0.
> 
> The attached patch fixes the problem in my application.

Hi,

Patches 1-3 in the following series fix the this problem.
http://lists.gnu.org/archive/html/qemu-devel/2014-06/msg03675.html

Cheers,
Edgar

^ permalink raw reply	[flat|nested] 9+ messages in thread

* [Qemu-devel] [Bug 1349277] Re: AArch64 emulation ignores SPSel=0 when taking (or returning from) an exception at EL1 or greater
  2014-07-28  7:40 [Qemu-devel] [Bug 1349277] [NEW] AArch64 emulation ignores SPSel=0 when taking (or returning from) an exception at EL1 or greater T McIntosh
  2014-07-30  5:24 ` Edgar E. Iglesias
@ 2014-12-04 19:02 ` Andy Whitcroft
  2014-12-04 20:11 ` Chris J Arges
                   ` (5 subsequent siblings)
  7 siblings, 0 replies; 9+ messages in thread
From: Andy Whitcroft @ 2014-12-04 19:02 UTC (permalink / raw)
  To: qemu-devel

** Also affects: qemu (Ubuntu)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1349277

Title:
  AArch64 emulation ignores SPSel=0 when taking (or returning from) an
  exception at EL1 or greater

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  New

Bug description:
  The AArch64 emulation ignores SPSel=0 when:

  (1) taking an interrupt from an exception level greater than EL0
  (e.g., EL1t),

  (2) returning from an exception (via ERET) to an exception level
  greater than EL0 (e.g., EL1t), with SPSR_ELx[SPSel]=0.

  The attached patch fixes the problem in my application.

  Background:

  I'm running a standalone application (toy OS) that is performing
  preemptive multithreading between threads running at EL1t, with
  exception handling / context switching occurring at EL1h.  This bug
  causes the stack pointer to be corrupted in the threads running at
  EL1t (they end up with a version of the EL1h stack pointer (SP_EL1)).

  Occurs in:
  	qemu-2.1.0-rc1 (found in)
  	commit c60a57ff497667780132a3fcdc1500c83af5d5c0 (current master)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1349277/+subscriptions

^ permalink raw reply	[flat|nested] 9+ messages in thread

* [Qemu-devel] [Bug 1349277] Re: AArch64 emulation ignores SPSel=0 when taking (or returning from) an exception at EL1 or greater
  2014-07-28  7:40 [Qemu-devel] [Bug 1349277] [NEW] AArch64 emulation ignores SPSel=0 when taking (or returning from) an exception at EL1 or greater T McIntosh
  2014-07-30  5:24 ` Edgar E. Iglesias
  2014-12-04 19:02 ` [Qemu-devel] [Bug 1349277] " Andy Whitcroft
@ 2014-12-04 20:11 ` Chris J Arges
  2014-12-04 20:21 ` Ubuntu Foundations Team Bug Bot
                   ` (4 subsequent siblings)
  7 siblings, 0 replies; 9+ messages in thread
From: Chris J Arges @ 2014-12-04 20:11 UTC (permalink / raw)
  To: qemu-devel

** Changed in: qemu (Ubuntu)
     Assignee: (unassigned) => Chris J Arges (arges)

** Changed in: qemu (Ubuntu)
       Status: New => In Progress

** Changed in: qemu (Ubuntu)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1349277

Title:
  AArch64 emulation ignores SPSel=0 when taking (or returning from) an
  exception at EL1 or greater

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  In Progress

Bug description:
  The AArch64 emulation ignores SPSel=0 when:

  (1) taking an interrupt from an exception level greater than EL0
  (e.g., EL1t),

  (2) returning from an exception (via ERET) to an exception level
  greater than EL0 (e.g., EL1t), with SPSR_ELx[SPSel]=0.

  The attached patch fixes the problem in my application.

  Background:

  I'm running a standalone application (toy OS) that is performing
  preemptive multithreading between threads running at EL1t, with
  exception handling / context switching occurring at EL1h.  This bug
  causes the stack pointer to be corrupted in the threads running at
  EL1t (they end up with a version of the EL1h stack pointer (SP_EL1)).

  Occurs in:
  	qemu-2.1.0-rc1 (found in)
  	commit c60a57ff497667780132a3fcdc1500c83af5d5c0 (current master)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1349277/+subscriptions

^ permalink raw reply	[flat|nested] 9+ messages in thread

* [Qemu-devel] [Bug 1349277] Re: AArch64 emulation ignores SPSel=0 when taking (or returning from) an exception at EL1 or greater
  2014-07-28  7:40 [Qemu-devel] [Bug 1349277] [NEW] AArch64 emulation ignores SPSel=0 when taking (or returning from) an exception at EL1 or greater T McIntosh
                   ` (2 preceding siblings ...)
  2014-12-04 20:11 ` Chris J Arges
@ 2014-12-04 20:21 ` Ubuntu Foundations Team Bug Bot
  2014-12-04 20:51 ` Chris J Arges
                   ` (3 subsequent siblings)
  7 siblings, 0 replies; 9+ messages in thread
From: Ubuntu Foundations Team Bug Bot @ 2014-12-04 20:21 UTC (permalink / raw)
  To: qemu-devel

The attachment "Proposed fix" seems to be a patch.  If it isn't, please
remove the "patch" flag from the attachment, remove the "patch" tag, and
if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by
~brian-murray, for any issues please contact him.]

** Tags added: patch

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1349277

Title:
  AArch64 emulation ignores SPSel=0 when taking (or returning from) an
  exception at EL1 or greater

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  In Progress

Bug description:
  The AArch64 emulation ignores SPSel=0 when:

  (1) taking an interrupt from an exception level greater than EL0
  (e.g., EL1t),

  (2) returning from an exception (via ERET) to an exception level
  greater than EL0 (e.g., EL1t), with SPSR_ELx[SPSel]=0.

  The attached patch fixes the problem in my application.

  Background:

  I'm running a standalone application (toy OS) that is performing
  preemptive multithreading between threads running at EL1t, with
  exception handling / context switching occurring at EL1h.  This bug
  causes the stack pointer to be corrupted in the threads running at
  EL1t (they end up with a version of the EL1h stack pointer (SP_EL1)).

  Occurs in:
  	qemu-2.1.0-rc1 (found in)
  	commit c60a57ff497667780132a3fcdc1500c83af5d5c0 (current master)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1349277/+subscriptions

^ permalink raw reply	[flat|nested] 9+ messages in thread

* [Qemu-devel] [Bug 1349277] Re: AArch64 emulation ignores SPSel=0 when taking (or returning from) an exception at EL1 or greater
  2014-07-28  7:40 [Qemu-devel] [Bug 1349277] [NEW] AArch64 emulation ignores SPSel=0 when taking (or returning from) an exception at EL1 or greater T McIntosh
                   ` (3 preceding siblings ...)
  2014-12-04 20:21 ` Ubuntu Foundations Team Bug Bot
@ 2014-12-04 20:51 ` Chris J Arges
  2014-12-04 22:01 ` Peter Maydell
                   ` (2 subsequent siblings)
  7 siblings, 0 replies; 9+ messages in thread
From: Chris J Arges @ 2014-12-04 20:51 UTC (permalink / raw)
  To: qemu-devel

Uploaded fixed package for Vivid:
https://launchpad.net/ubuntu/+source/qemu/2.1+dfsg-7ubuntu3

Please let me know if this fixes the issue.

** Changed in: qemu (Ubuntu)
       Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1349277

Title:
  AArch64 emulation ignores SPSel=0 when taking (or returning from) an
  exception at EL1 or greater

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Fix Committed

Bug description:
  The AArch64 emulation ignores SPSel=0 when:

  (1) taking an interrupt from an exception level greater than EL0
  (e.g., EL1t),

  (2) returning from an exception (via ERET) to an exception level
  greater than EL0 (e.g., EL1t), with SPSR_ELx[SPSel]=0.

  The attached patch fixes the problem in my application.

  Background:

  I'm running a standalone application (toy OS) that is performing
  preemptive multithreading between threads running at EL1t, with
  exception handling / context switching occurring at EL1h.  This bug
  causes the stack pointer to be corrupted in the threads running at
  EL1t (they end up with a version of the EL1h stack pointer (SP_EL1)).

  Occurs in:
  	qemu-2.1.0-rc1 (found in)
  	commit c60a57ff497667780132a3fcdc1500c83af5d5c0 (current master)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1349277/+subscriptions

^ permalink raw reply	[flat|nested] 9+ messages in thread

* [Qemu-devel] [Bug 1349277] Re: AArch64 emulation ignores SPSel=0 when taking (or returning from) an exception at EL1 or greater
  2014-07-28  7:40 [Qemu-devel] [Bug 1349277] [NEW] AArch64 emulation ignores SPSel=0 when taking (or returning from) an exception at EL1 or greater T McIntosh
                   ` (4 preceding siblings ...)
  2014-12-04 20:51 ` Chris J Arges
@ 2014-12-04 22:01 ` Peter Maydell
  2014-12-05 17:44 ` Launchpad Bug Tracker
  2016-06-28 14:51 ` T. Huth
  7 siblings, 0 replies; 9+ messages in thread
From: Peter Maydell @ 2014-12-04 22:01 UTC (permalink / raw)
  To: qemu-devel

** Changed in: qemu
       Status: New => Fix Committed

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1349277

Title:
  AArch64 emulation ignores SPSel=0 when taking (or returning from) an
  exception at EL1 or greater

Status in QEMU:
  Fix Committed
Status in qemu package in Ubuntu:
  Fix Committed

Bug description:
  The AArch64 emulation ignores SPSel=0 when:

  (1) taking an interrupt from an exception level greater than EL0
  (e.g., EL1t),

  (2) returning from an exception (via ERET) to an exception level
  greater than EL0 (e.g., EL1t), with SPSR_ELx[SPSel]=0.

  The attached patch fixes the problem in my application.

  Background:

  I'm running a standalone application (toy OS) that is performing
  preemptive multithreading between threads running at EL1t, with
  exception handling / context switching occurring at EL1h.  This bug
  causes the stack pointer to be corrupted in the threads running at
  EL1t (they end up with a version of the EL1h stack pointer (SP_EL1)).

  Occurs in:
  	qemu-2.1.0-rc1 (found in)
  	commit c60a57ff497667780132a3fcdc1500c83af5d5c0 (current master)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1349277/+subscriptions

^ permalink raw reply	[flat|nested] 9+ messages in thread

* [Qemu-devel] [Bug 1349277] Re: AArch64 emulation ignores SPSel=0 when taking (or returning from) an exception at EL1 or greater
  2014-07-28  7:40 [Qemu-devel] [Bug 1349277] [NEW] AArch64 emulation ignores SPSel=0 when taking (or returning from) an exception at EL1 or greater T McIntosh
                   ` (5 preceding siblings ...)
  2014-12-04 22:01 ` Peter Maydell
@ 2014-12-05 17:44 ` Launchpad Bug Tracker
  2016-06-28 14:51 ` T. Huth
  7 siblings, 0 replies; 9+ messages in thread
From: Launchpad Bug Tracker @ 2014-12-05 17:44 UTC (permalink / raw)
  To: qemu-devel

This bug was fixed in the package qemu - 2.1+dfsg-7ubuntu3

---------------
qemu (2.1+dfsg-7ubuntu3) vivid; urgency=medium

  * d/p/target-arm-A64-Break-out-aarch64_save-restore_sp.patch
    d/p/target-arm-A64-Respect-SPSEL-in-ERET-SP-restore.patch
    d/p/target-arm-A64-Respect-SPSEL-when-taking-exceptions.patch:
    Cherry-pick of upstream patches in order to fix AArch64 emulation ignoring
    SPSel=0 in certain conditions. (LP: #1349277)
 -- Chris J Arges <chris.j.arges@canonical.com>   Thu, 04 Dec 2014 14:17:01 -0600

** Changed in: qemu (Ubuntu)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1349277

Title:
  AArch64 emulation ignores SPSel=0 when taking (or returning from) an
  exception at EL1 or greater

Status in QEMU:
  Fix Committed
Status in qemu package in Ubuntu:
  Fix Released

Bug description:
  The AArch64 emulation ignores SPSel=0 when:

  (1) taking an interrupt from an exception level greater than EL0
  (e.g., EL1t),

  (2) returning from an exception (via ERET) to an exception level
  greater than EL0 (e.g., EL1t), with SPSR_ELx[SPSel]=0.

  The attached patch fixes the problem in my application.

  Background:

  I'm running a standalone application (toy OS) that is performing
  preemptive multithreading between threads running at EL1t, with
  exception handling / context switching occurring at EL1h.  This bug
  causes the stack pointer to be corrupted in the threads running at
  EL1t (they end up with a version of the EL1h stack pointer (SP_EL1)).

  Occurs in:
  	qemu-2.1.0-rc1 (found in)
  	commit c60a57ff497667780132a3fcdc1500c83af5d5c0 (current master)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1349277/+subscriptions

^ permalink raw reply	[flat|nested] 9+ messages in thread

* [Qemu-devel] [Bug 1349277] Re: AArch64 emulation ignores SPSel=0 when taking (or returning from) an exception at EL1 or greater
  2014-07-28  7:40 [Qemu-devel] [Bug 1349277] [NEW] AArch64 emulation ignores SPSel=0 when taking (or returning from) an exception at EL1 or greater T McIntosh
                   ` (6 preceding siblings ...)
  2014-12-05 17:44 ` Launchpad Bug Tracker
@ 2016-06-28 14:51 ` T. Huth
  7 siblings, 0 replies; 9+ messages in thread
From: T. Huth @ 2016-06-28 14:51 UTC (permalink / raw)
  To: qemu-devel

** Changed in: qemu
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1349277

Title:
  AArch64 emulation ignores SPSel=0 when taking (or returning from) an
  exception at EL1 or greater

Status in QEMU:
  Fix Released
Status in qemu package in Ubuntu:
  Fix Released

Bug description:
  The AArch64 emulation ignores SPSel=0 when:

  (1) taking an interrupt from an exception level greater than EL0
  (e.g., EL1t),

  (2) returning from an exception (via ERET) to an exception level
  greater than EL0 (e.g., EL1t), with SPSR_ELx[SPSel]=0.

  The attached patch fixes the problem in my application.

  Background:

  I'm running a standalone application (toy OS) that is performing
  preemptive multithreading between threads running at EL1t, with
  exception handling / context switching occurring at EL1h.  This bug
  causes the stack pointer to be corrupted in the threads running at
  EL1t (they end up with a version of the EL1h stack pointer (SP_EL1)).

  Occurs in:
  	qemu-2.1.0-rc1 (found in)
  	commit c60a57ff497667780132a3fcdc1500c83af5d5c0 (current master)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1349277/+subscriptions

^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, other threads:[~2016-06-28 15:01 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-07-28  7:40 [Qemu-devel] [Bug 1349277] [NEW] AArch64 emulation ignores SPSel=0 when taking (or returning from) an exception at EL1 or greater T McIntosh
2014-07-30  5:24 ` Edgar E. Iglesias
2014-12-04 19:02 ` [Qemu-devel] [Bug 1349277] " Andy Whitcroft
2014-12-04 20:11 ` Chris J Arges
2014-12-04 20:21 ` Ubuntu Foundations Team Bug Bot
2014-12-04 20:51 ` Chris J Arges
2014-12-04 22:01 ` Peter Maydell
2014-12-05 17:44 ` Launchpad Bug Tracker
2016-06-28 14:51 ` T. Huth

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).