* [Qemu-devel] [Bug 1768295] [NEW] VLLDM/VLSTM trigger UsageFault in the Secure Mode
@ 2018-05-01 16:20 YVT
2018-05-01 16:46 ` [Qemu-devel] [Bug 1768295] " Peter Maydell
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: YVT @ 2018-05-01 16:20 UTC (permalink / raw)
To: qemu-devel
Public bug reported:
The VLLDM/VLSTM instructions trigger UsageFault when they are supposed
to behave as NOP.
Version:
$ qemu-system-arm --version QEMU emulator version 2.11.93
VLLDM and VLSTM are instructions newly added to ARMv8-M Mainline
Profile. Although they are FP instructions and the FP support of the M
profile is not implemented by QEMU, the Armv8-M Architecture Reference
Manual specifies that they should behave as NOP even in this case:
C2.4.268 VLLDM:
> If the Floating-point Extension is not implemented, this instruction
is available in Secure state, but behaves as a NOP.
C2.4.269 VLSTM:
> If the Floating-point Extension is not implemented, this instruction
is available in Secure state, but behaves as a NOP.
VLLDM and VLSTM are generated automatically by the compiler to save and
restore the floating point registers (in a lazy manner) during a Non-
Secure function call. An example is shown below:
10000064 <__gnu_cmse_nonsecure_call>:
10000064: e92d 4fe0 stmdb sp!, {r5, r6, r7, r8, r9, sl, fp, lr}
10000068: 4627 mov r7, r4
1000006a: 46a0 mov r8, r4
1000006c: 46a1 mov r9, r4
1000006e: 46a2 mov sl, r4
10000070: 46a3 mov fp, r4
10000072: 46a4 mov ip, r4
10000074: b0a2 sub sp, #136 ; 0x88
10000076: ec2d 0a00 vlstm sp
1000007a: f384 8800 msr CPSR_f, r4
1000007e: 4625 mov r5, r4
10000080: 4626 mov r6, r4
10000082: 47a4 blxns r4
10000084: ec3d 0a00 vlldm sp
10000088: b022 add sp, #136 ; 0x88
1000008a: e8bd 8fe0 ldmia.w sp!, {r5, r6, r7, r8, r9, sl, fp, pc}
** Affects: qemu
Importance: Undecided
Status: New
** Tags: arm
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1768295
Title:
VLLDM/VLSTM trigger UsageFault in the Secure Mode
Status in QEMU:
New
Bug description:
The VLLDM/VLSTM instructions trigger UsageFault when they are supposed
to behave as NOP.
Version:
$ qemu-system-arm --version QEMU emulator version 2.11.93
VLLDM and VLSTM are instructions newly added to ARMv8-M Mainline
Profile. Although they are FP instructions and the FP support of the M
profile is not implemented by QEMU, the Armv8-M Architecture Reference
Manual specifies that they should behave as NOP even in this case:
C2.4.268 VLLDM:
> If the Floating-point Extension is not implemented, this instruction
is available in Secure state, but behaves as a NOP.
C2.4.269 VLSTM:
> If the Floating-point Extension is not implemented, this instruction
is available in Secure state, but behaves as a NOP.
VLLDM and VLSTM are generated automatically by the compiler to save
and restore the floating point registers (in a lazy manner) during a
Non-Secure function call. An example is shown below:
10000064 <__gnu_cmse_nonsecure_call>:
10000064: e92d 4fe0 stmdb sp!, {r5, r6, r7, r8, r9, sl, fp, lr}
10000068: 4627 mov r7, r4
1000006a: 46a0 mov r8, r4
1000006c: 46a1 mov r9, r4
1000006e: 46a2 mov sl, r4
10000070: 46a3 mov fp, r4
10000072: 46a4 mov ip, r4
10000074: b0a2 sub sp, #136 ; 0x88
10000076: ec2d 0a00 vlstm sp
1000007a: f384 8800 msr CPSR_f, r4
1000007e: 4625 mov r5, r4
10000080: 4626 mov r6, r4
10000082: 47a4 blxns r4
10000084: ec3d 0a00 vlldm sp
10000088: b022 add sp, #136 ; 0x88
1000008a: e8bd 8fe0 ldmia.w sp!, {r5, r6, r7, r8, r9, sl, fp, pc}
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1768295/+subscriptions
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Qemu-devel] [Bug 1768295] Re: VLLDM/VLSTM trigger UsageFault in the Secure Mode
2018-05-01 16:20 [Qemu-devel] [Bug 1768295] [NEW] VLLDM/VLSTM trigger UsageFault in the Secure Mode YVT
@ 2018-05-01 16:46 ` Peter Maydell
2018-05-02 8:49 ` YVT
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Peter Maydell @ 2018-05-01 16:46 UTC (permalink / raw)
To: qemu-devel
Yes, you're right -- I hadn't noticed this wrinkle of the architecture.
I'll put this on my todo list -- it should be straightforward.
Do you have a convenient test binary that I could use as a test case?
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1768295
Title:
VLLDM/VLSTM trigger UsageFault in the Secure Mode
Status in QEMU:
New
Bug description:
The VLLDM/VLSTM instructions trigger UsageFault when they are supposed
to behave as NOP.
Version:
$ qemu-system-arm --version QEMU emulator version 2.11.93
VLLDM and VLSTM are instructions newly added to ARMv8-M Mainline
Profile. Although they are FP instructions and the FP support of the M
profile is not implemented by QEMU, the Armv8-M Architecture Reference
Manual specifies that they should behave as NOP even in this case:
C2.4.268 VLLDM:
> If the Floating-point Extension is not implemented, this instruction
is available in Secure state, but behaves as a NOP.
C2.4.269 VLSTM:
> If the Floating-point Extension is not implemented, this instruction
is available in Secure state, but behaves as a NOP.
VLLDM and VLSTM are generated automatically by the compiler to save
and restore the floating point registers (in a lazy manner) during a
Non-Secure function call. An example is shown below:
10000064 <__gnu_cmse_nonsecure_call>:
10000064: e92d 4fe0 stmdb sp!, {r5, r6, r7, r8, r9, sl, fp, lr}
10000068: 4627 mov r7, r4
1000006a: 46a0 mov r8, r4
1000006c: 46a1 mov r9, r4
1000006e: 46a2 mov sl, r4
10000070: 46a3 mov fp, r4
10000072: 46a4 mov ip, r4
10000074: b0a2 sub sp, #136 ; 0x88
10000076: ec2d 0a00 vlstm sp
1000007a: f384 8800 msr CPSR_f, r4
1000007e: 4625 mov r5, r4
10000080: 4626 mov r6, r4
10000082: 47a4 blxns r4
10000084: ec3d 0a00 vlldm sp
10000088: b022 add sp, #136 ; 0x88
1000008a: e8bd 8fe0 ldmia.w sp!, {r5, r6, r7, r8, r9, sl, fp, pc}
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1768295/+subscriptions
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Qemu-devel] [Bug 1768295] Re: VLLDM/VLSTM trigger UsageFault in the Secure Mode
2018-05-01 16:20 [Qemu-devel] [Bug 1768295] [NEW] VLLDM/VLSTM trigger UsageFault in the Secure Mode YVT
2018-05-01 16:46 ` [Qemu-devel] [Bug 1768295] " Peter Maydell
@ 2018-05-02 8:49 ` YVT
2018-05-03 11:00 ` Peter Maydell
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: YVT @ 2018-05-02 8:49 UTC (permalink / raw)
To: qemu-devel
I attached a ZIP file containing a set of binary images that reproduces
the problem.
Secure.elf and NonSecure.elf contain codes that run in the Secure/Non-
Secure mode, respectively. They must be loaded simultaneously by using
the generic loader:
$ qemu-system-arm -device loader,file=Secure.elf -kernel
NonSecure.elf -machine mps2-an505 -nographic -s -cpu cortex-m33
The problematic instructions are located in 0x10000064
<__gnu_cmse_nonsecure_call> of Secure.elf. The program runs successfully
and outputs some message via UART0 if they are replaced with NOPs, as
shown below:
$ qemu-system-arm -device loader,file=Secure-patched.elf -kernel NonSecure.elf -machine mps2-an505 -nographic -s -cpu cortex-m33
I'm running in the Non-Secure mode.
** Attachment added: "An505BasicApp.zip"
https://bugs.launchpad.net/qemu/+bug/1768295/+attachment/5131902/+files/An505BasicApp.zip
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1768295
Title:
VLLDM/VLSTM trigger UsageFault in the Secure Mode
Status in QEMU:
New
Bug description:
The VLLDM/VLSTM instructions trigger UsageFault when they are supposed
to behave as NOP.
Version:
$ qemu-system-arm --version QEMU emulator version 2.11.93
VLLDM and VLSTM are instructions newly added to ARMv8-M Mainline
Profile. Although they are FP instructions and the FP support of the M
profile is not implemented by QEMU, the Armv8-M Architecture Reference
Manual specifies that they should behave as NOP even in this case:
C2.4.268 VLLDM:
> If the Floating-point Extension is not implemented, this instruction
is available in Secure state, but behaves as a NOP.
C2.4.269 VLSTM:
> If the Floating-point Extension is not implemented, this instruction
is available in Secure state, but behaves as a NOP.
VLLDM and VLSTM are generated automatically by the compiler to save
and restore the floating point registers (in a lazy manner) during a
Non-Secure function call. An example is shown below:
10000064 <__gnu_cmse_nonsecure_call>:
10000064: e92d 4fe0 stmdb sp!, {r5, r6, r7, r8, r9, sl, fp, lr}
10000068: 4627 mov r7, r4
1000006a: 46a0 mov r8, r4
1000006c: 46a1 mov r9, r4
1000006e: 46a2 mov sl, r4
10000070: 46a3 mov fp, r4
10000072: 46a4 mov ip, r4
10000074: b0a2 sub sp, #136 ; 0x88
10000076: ec2d 0a00 vlstm sp
1000007a: f384 8800 msr CPSR_f, r4
1000007e: 4625 mov r5, r4
10000080: 4626 mov r6, r4
10000082: 47a4 blxns r4
10000084: ec3d 0a00 vlldm sp
10000088: b022 add sp, #136 ; 0x88
1000008a: e8bd 8fe0 ldmia.w sp!, {r5, r6, r7, r8, r9, sl, fp, pc}
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1768295/+subscriptions
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Qemu-devel] [Bug 1768295] Re: VLLDM/VLSTM trigger UsageFault in the Secure Mode
2018-05-01 16:20 [Qemu-devel] [Bug 1768295] [NEW] VLLDM/VLSTM trigger UsageFault in the Secure Mode YVT
2018-05-01 16:46 ` [Qemu-devel] [Bug 1768295] " Peter Maydell
2018-05-02 8:49 ` YVT
@ 2018-05-03 11:00 ` Peter Maydell
2018-06-01 16:06 ` Peter Maydell
2018-08-15 7:29 ` Thomas Huth
4 siblings, 0 replies; 6+ messages in thread
From: Peter Maydell @ 2018-05-03 11:00 UTC (permalink / raw)
To: qemu-devel
Submitted this patch for review which should fix this bug:
https://patchwork.ozlabs.org/patch/907959/
** Changed in: qemu
Status: New => In Progress
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1768295
Title:
VLLDM/VLSTM trigger UsageFault in the Secure Mode
Status in QEMU:
In Progress
Bug description:
The VLLDM/VLSTM instructions trigger UsageFault when they are supposed
to behave as NOP.
Version:
$ qemu-system-arm --version QEMU emulator version 2.11.93
VLLDM and VLSTM are instructions newly added to ARMv8-M Mainline
Profile. Although they are FP instructions and the FP support of the M
profile is not implemented by QEMU, the Armv8-M Architecture Reference
Manual specifies that they should behave as NOP even in this case:
C2.4.268 VLLDM:
> If the Floating-point Extension is not implemented, this instruction
is available in Secure state, but behaves as a NOP.
C2.4.269 VLSTM:
> If the Floating-point Extension is not implemented, this instruction
is available in Secure state, but behaves as a NOP.
VLLDM and VLSTM are generated automatically by the compiler to save
and restore the floating point registers (in a lazy manner) during a
Non-Secure function call. An example is shown below:
10000064 <__gnu_cmse_nonsecure_call>:
10000064: e92d 4fe0 stmdb sp!, {r5, r6, r7, r8, r9, sl, fp, lr}
10000068: 4627 mov r7, r4
1000006a: 46a0 mov r8, r4
1000006c: 46a1 mov r9, r4
1000006e: 46a2 mov sl, r4
10000070: 46a3 mov fp, r4
10000072: 46a4 mov ip, r4
10000074: b0a2 sub sp, #136 ; 0x88
10000076: ec2d 0a00 vlstm sp
1000007a: f384 8800 msr CPSR_f, r4
1000007e: 4625 mov r5, r4
10000080: 4626 mov r6, r4
10000082: 47a4 blxns r4
10000084: ec3d 0a00 vlldm sp
10000088: b022 add sp, #136 ; 0x88
1000008a: e8bd 8fe0 ldmia.w sp!, {r5, r6, r7, r8, r9, sl, fp, pc}
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1768295/+subscriptions
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Qemu-devel] [Bug 1768295] Re: VLLDM/VLSTM trigger UsageFault in the Secure Mode
2018-05-01 16:20 [Qemu-devel] [Bug 1768295] [NEW] VLLDM/VLSTM trigger UsageFault in the Secure Mode YVT
` (2 preceding siblings ...)
2018-05-03 11:00 ` Peter Maydell
@ 2018-06-01 16:06 ` Peter Maydell
2018-08-15 7:29 ` Thomas Huth
4 siblings, 0 replies; 6+ messages in thread
From: Peter Maydell @ 2018-06-01 16:06 UTC (permalink / raw)
To: qemu-devel
Fix now in master as commit b1e5336a9899016c53d59 (and cc stable), so
should be in 3.0 and 2.12.1.
** Changed in: qemu
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1768295
Title:
VLLDM/VLSTM trigger UsageFault in the Secure Mode
Status in QEMU:
Fix Committed
Bug description:
The VLLDM/VLSTM instructions trigger UsageFault when they are supposed
to behave as NOP.
Version:
$ qemu-system-arm --version QEMU emulator version 2.11.93
VLLDM and VLSTM are instructions newly added to ARMv8-M Mainline
Profile. Although they are FP instructions and the FP support of the M
profile is not implemented by QEMU, the Armv8-M Architecture Reference
Manual specifies that they should behave as NOP even in this case:
C2.4.268 VLLDM:
> If the Floating-point Extension is not implemented, this instruction
is available in Secure state, but behaves as a NOP.
C2.4.269 VLSTM:
> If the Floating-point Extension is not implemented, this instruction
is available in Secure state, but behaves as a NOP.
VLLDM and VLSTM are generated automatically by the compiler to save
and restore the floating point registers (in a lazy manner) during a
Non-Secure function call. An example is shown below:
10000064 <__gnu_cmse_nonsecure_call>:
10000064: e92d 4fe0 stmdb sp!, {r5, r6, r7, r8, r9, sl, fp, lr}
10000068: 4627 mov r7, r4
1000006a: 46a0 mov r8, r4
1000006c: 46a1 mov r9, r4
1000006e: 46a2 mov sl, r4
10000070: 46a3 mov fp, r4
10000072: 46a4 mov ip, r4
10000074: b0a2 sub sp, #136 ; 0x88
10000076: ec2d 0a00 vlstm sp
1000007a: f384 8800 msr CPSR_f, r4
1000007e: 4625 mov r5, r4
10000080: 4626 mov r6, r4
10000082: 47a4 blxns r4
10000084: ec3d 0a00 vlldm sp
10000088: b022 add sp, #136 ; 0x88
1000008a: e8bd 8fe0 ldmia.w sp!, {r5, r6, r7, r8, r9, sl, fp, pc}
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1768295/+subscriptions
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Qemu-devel] [Bug 1768295] Re: VLLDM/VLSTM trigger UsageFault in the Secure Mode
2018-05-01 16:20 [Qemu-devel] [Bug 1768295] [NEW] VLLDM/VLSTM trigger UsageFault in the Secure Mode YVT
` (3 preceding siblings ...)
2018-06-01 16:06 ` Peter Maydell
@ 2018-08-15 7:29 ` Thomas Huth
4 siblings, 0 replies; 6+ messages in thread
From: Thomas Huth @ 2018-08-15 7:29 UTC (permalink / raw)
To: qemu-devel
** Changed in: qemu
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1768295
Title:
VLLDM/VLSTM trigger UsageFault in the Secure Mode
Status in QEMU:
Fix Released
Bug description:
The VLLDM/VLSTM instructions trigger UsageFault when they are supposed
to behave as NOP.
Version:
$ qemu-system-arm --version QEMU emulator version 2.11.93
VLLDM and VLSTM are instructions newly added to ARMv8-M Mainline
Profile. Although they are FP instructions and the FP support of the M
profile is not implemented by QEMU, the Armv8-M Architecture Reference
Manual specifies that they should behave as NOP even in this case:
C2.4.268 VLLDM:
> If the Floating-point Extension is not implemented, this instruction
is available in Secure state, but behaves as a NOP.
C2.4.269 VLSTM:
> If the Floating-point Extension is not implemented, this instruction
is available in Secure state, but behaves as a NOP.
VLLDM and VLSTM are generated automatically by the compiler to save
and restore the floating point registers (in a lazy manner) during a
Non-Secure function call. An example is shown below:
10000064 <__gnu_cmse_nonsecure_call>:
10000064: e92d 4fe0 stmdb sp!, {r5, r6, r7, r8, r9, sl, fp, lr}
10000068: 4627 mov r7, r4
1000006a: 46a0 mov r8, r4
1000006c: 46a1 mov r9, r4
1000006e: 46a2 mov sl, r4
10000070: 46a3 mov fp, r4
10000072: 46a4 mov ip, r4
10000074: b0a2 sub sp, #136 ; 0x88
10000076: ec2d 0a00 vlstm sp
1000007a: f384 8800 msr CPSR_f, r4
1000007e: 4625 mov r5, r4
10000080: 4626 mov r6, r4
10000082: 47a4 blxns r4
10000084: ec3d 0a00 vlldm sp
10000088: b022 add sp, #136 ; 0x88
1000008a: e8bd 8fe0 ldmia.w sp!, {r5, r6, r7, r8, r9, sl, fp, pc}
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1768295/+subscriptions
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2018-08-15 7:40 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-05-01 16:20 [Qemu-devel] [Bug 1768295] [NEW] VLLDM/VLSTM trigger UsageFault in the Secure Mode YVT
2018-05-01 16:46 ` [Qemu-devel] [Bug 1768295] " Peter Maydell
2018-05-02 8:49 ` YVT
2018-05-03 11:00 ` Peter Maydell
2018-06-01 16:06 ` Peter Maydell
2018-08-15 7:29 ` Thomas Huth
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.