diff options
| author | Pierre-Clément Tosi <ptosi@google.com> | 2024-04-04 17:36:23 +0100 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2024-04-05 15:21:56 +0100 |
| commit | 9ed866e10f196d588580ed8a701d278abd8372ee (patch) | |
| tree | 66c57805384b8b1d1b14231281e42c4870268c3a /scripts/qapi/parser.py | |
| parent | ce64e6224affb8b4e4b019f76d2950270b391af5 (diff) | |
| download | qemu-9ed866e10f196d588580ed8a701d278abd8372ee.zip qemu-9ed866e10f196d588580ed8a701d278abd8372ee.tar.gz qemu-9ed866e10f196d588580ed8a701d278abd8372ee.tar.bz2 | |
target/arm: Fix CNTPOFF_EL2 trap to missing EL3
EL2 accesses to CNTPOFF_EL2 should only ever trap to EL3 if EL3 is
present, as described by the reference manual (for MRS):
/* ... */
elsif PSTATE.EL == EL2 then
if Halted() && HaveEL(EL3) && /*...*/ then
UNDEFINED;
elsif HaveEL(EL3) && SCR_EL3.ECVEn == '0' then
/* ... */
else
X[t, 64] = CNTPOFF_EL2;
However, the existing implementation of gt_cntpoff_access() always
returns CP_ACCESS_TRAP_EL3 for EL2 accesses with SCR_EL3.ECVEn unset. In
pseudo-code terminology, this corresponds to assuming that HaveEL(EL3)
is always true, which is wrong. As a result, QEMU panics in
access_check_cp_reg() when started without EL3 and running EL2 code
accessing the register (e.g. any recent KVM booting a guest).
Therefore, add the HaveEL(EL3) check to gt_cntpoff_access().
Fixes: 2808d3b38a52 ("target/arm: Implement FEAT_ECV CNTPOFF_EL2 handling")
Signed-off-by: Pierre-Clément Tosi <ptosi@google.com>
Message-id: m3al6amhdkmsiy2f62w72ufth6dzn45xg5cz6xljceyibphnf4@ezmmpwk4tnhl
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'scripts/qapi/parser.py')
0 files changed, 0 insertions, 0 deletions