From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-arm <qemu-arm@nongnu.org>, QEMU Developers <qemu-devel@nongnu.org>
Cc: "patches@linaro.org" <patches@linaro.org>
Subject: Re: [Qemu-devel] [PATCH for-2.12] hw/intc/arm_gicv3: Fix secure-GIC NS ICC_PMR and ICC_RPR accesses
Date: Thu, 22 Mar 2018 12:51:34 +0000 [thread overview]
Message-ID: <CAFEAcA_hAmDDdbTpR2PYu0SLd5nJvwcw34xRgiHXtiU_5kQxWg@mail.gmail.com> (raw)
In-Reply-To: <20180315133441.24149-1-peter.maydell@linaro.org>
Ping for code review -- it would be nice to put this bugfix
into rc1.
thanks
-- PMM
On 15 March 2018 at 13:34, Peter Maydell <peter.maydell@linaro.org> wrote:
> If the GIC has the security extension support enabled, then a
> non-secure access to ICC_PMR must take account of the non-secure
> view of interrupt priorities, where real priorities 0..0x7f
> are secure-only and not visible to the non-secure guest, and
> priorities 0x80..0xff are shown to the guest as if they were
> 0x00..0xff. We had the logic here wrong:
> * on reads, the priority is in the secure range if bit 7
> is clear, not if it is set
> * on writes, we want to set bit 7, not mask everything else
>
> Our ICC_RPR read code had the same error as ICC_PMR.
>
> (Compare the GICv3 spec pseudocode functions ICC_RPR_EL1
> and ICC_PMR_EL1.)
>
> Fixes: https://bugs.launchpad.net/qemu/+bug/1748434
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
> hw/intc/arm_gicv3_cpuif.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/hw/intc/arm_gicv3_cpuif.c b/hw/intc/arm_gicv3_cpuif.c
> index 5cbafaf497..26f5eeda94 100644
> --- a/hw/intc/arm_gicv3_cpuif.c
> +++ b/hw/intc/arm_gicv3_cpuif.c
> @@ -836,7 +836,7 @@ static uint64_t icc_pmr_read(CPUARMState *env, const ARMCPRegInfo *ri)
> /* NS access and Group 0 is inaccessible to NS: return the
> * NS view of the current priority
> */
> - if (value & 0x80) {
> + if ((value & 0x80) == 0) {
> /* Secure priorities not visible to NS */
> value = 0;
> } else if (value != 0xff) {
> @@ -871,7 +871,7 @@ static void icc_pmr_write(CPUARMState *env, const ARMCPRegInfo *ri,
> /* Current PMR in the secure range, don't allow NS to change it */
> return;
> }
> - value = (value >> 1) & 0x80;
> + value = (value >> 1) | 0x80;
> }
> cs->icc_pmr_el1 = value;
> gicv3_cpuif_update(cs);
> @@ -1609,7 +1609,7 @@ static uint64_t icc_rpr_read(CPUARMState *env, const ARMCPRegInfo *ri)
> if (arm_feature(env, ARM_FEATURE_EL3) &&
> !arm_is_secure(env) && (env->cp15.scr_el3 & SCR_FIQ)) {
> /* NS GIC access and Group 0 is inaccessible to NS */
> - if (prio & 0x80) {
> + if ((prio & 0x80) == 0) {
> /* NS mustn't see priorities in the Secure half of the range */
> prio = 0;
> } else if (prio != 0xff) {
> --
> 2.16.2
next prev parent reply other threads:[~2018-03-22 12:51 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-15 13:34 [Qemu-devel] [PATCH for-2.12] hw/intc/arm_gicv3: Fix secure-GIC NS ICC_PMR and ICC_RPR accesses Peter Maydell
2018-03-22 12:51 ` Peter Maydell [this message]
2018-03-22 14:23 ` Andrew Jones
2018-03-22 18:29 ` Peter Maydell
2018-03-22 20:42 ` [Qemu-devel] [Qemu-arm] " Philippe Mathieu-Daudé
2018-03-23 9:45 ` Peter Maydell
2018-03-23 10:08 ` Andrew Jones
2018-03-23 2:23 ` [Qemu-devel] " Philippe Mathieu-Daudé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFEAcA_hAmDDdbTpR2PYu0SLd5nJvwcw34xRgiHXtiU_5kQxWg@mail.gmail.com \
--to=peter.maydell@linaro.org \
--cc=patches@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).