[Qemu-devel] [Bug 1838913] [NEW] Single-step exceptions incorrectly generated and incorrectly routed to EL1 when ELD is EL2 (TDE = 1) (qemu version 3.1)

[Qemu-devel] [Bug 1838913] [NEW] Single-step exceptions incorrectly generated and incorrectly routed to EL1 when ELD is EL2 (TDE = 1) (qemu version 3.1)

[Elouan Appéré]

Public bug reported:

Hi,

I've been encountering issues with QEMU 3.1 when trying to single-step
EL1 code, with ELD = EL2 (MDCR_EL2.TDE = 1). I could test with latest
commit in a few hours, if you want.

EL1 is Aarch64.

These happen as soon as MDSCR_EL1.SS is set to 1 and ERET is executed:

1) Single-step exceptions are generated even if they should not be
(SPSR_EL2.SS = 0)

2) Single-step exceptions are routed to EL1

Exception return from AArch64 EL2 to AArch64 EL1 PC 0x4000005c
Taking exception 1 [Undefined Instruction]
...from EL1 to EL1
...with ESR 0x32/0xca000022
...with ELR 0x4000005c
...to EL1 PC 0x200 PSTATE 0x3c5

EC 0x32 (0b110010) is Exception_SoftwareStepLowerEl.

You can find enclosed minimal code (and resulting .elf) for
reproduction.

qemu-system-aarch64 -nographic -machine virt,virtualization=on -d
unimp,int -cpu cortex-a57 -kernel test_hyp.elf

** Affects: qemu
     Importance: Undecided
         Status: New

** Attachment added: "minimal code+elf"
   https://bugs.launchpad.net/bugs/1838913/+attachment/5280823/+files/test_hyp.zip

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1838913

Title:
  Single-step exceptions incorrectly generated and incorrectly routed to
  EL1 when ELD is EL2 (TDE = 1) (qemu version 3.1)

Status in QEMU:
  New

Bug description:
  Hi,

  I've been encountering issues with QEMU 3.1 when trying to single-step
  EL1 code, with ELD = EL2 (MDCR_EL2.TDE = 1). I could test with latest
  commit in a few hours, if you want.

  EL1 is Aarch64.

  These happen as soon as MDSCR_EL1.SS is set to 1 and ERET is executed:

  1) Single-step exceptions are generated even if they should not be
  (SPSR_EL2.SS = 0)

  2) Single-step exceptions are routed to EL1

  Exception return from AArch64 EL2 to AArch64 EL1 PC 0x4000005c
  Taking exception 1 [Undefined Instruction]
  ...from EL1 to EL1
  ...with ESR 0x32/0xca000022
  ...with ELR 0x4000005c
  ...to EL1 PC 0x200 PSTATE 0x3c5

  EC 0x32 (0b110010) is Exception_SoftwareStepLowerEl.

  You can find enclosed minimal code (and resulting .elf) for
  reproduction.

  qemu-system-aarch64 -nographic -machine virt,virtualization=on -d
  unimp,int -cpu cortex-a57 -kernel test_hyp.elf

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1838913/+subscriptions

[Qemu-devel] [Bug 1838913] Re: Single-step exceptions incorrectly routed to EL1 when ELD is EL2 (TDE = 1) (qemu version 3.1)

[Elouan Appéré]

** Summary changed:

- Single-step exceptions incorrectly generated and incorrectly routed to EL1 when ELD is EL2 (TDE = 1) (qemu version 3.1)
+ Single-step exceptions incorrectly routed to EL1 when ELD is EL2 (TDE = 1) (qemu version 3.1)

** Description changed:

  Hi,
  
  I've been encountering issues with QEMU 3.1 when trying to single-step
  EL1 code, with ELD = EL2 (MDCR_EL2.TDE = 1). I could test with latest
  commit in a few hours, if you want.
  
  EL1 is Aarch64.
  
- These happen as soon as MDSCR_EL1.SS is set to 1 and ERET is executed:
+ This happens as soon as MDSCR_EL1.SS is set to 1 and ERET is executed:
  
- 1) Single-step exceptions are generated even if they should not be
- (SPSR_EL2.SS = 0)
- 
- 2) Single-step exceptions are routed to EL1
+ - Single-step exceptions are routed to EL1
  
  Exception return from AArch64 EL2 to AArch64 EL1 PC 0x4000005c
  Taking exception 1 [Undefined Instruction]
  ...from EL1 to EL1
  ...with ESR 0x32/0xca000022
  ...with ELR 0x4000005c
  ...to EL1 PC 0x200 PSTATE 0x3c5
  
  EC 0x32 (0b110010) is Exception_SoftwareStepLowerEl.
  
  You can find enclosed minimal code (and resulting .elf) for
  reproduction.
  
  qemu-system-aarch64 -nographic -machine virt,virtualization=on -d
  unimp,int -cpu cortex-a57 -kernel test_hyp.elf

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1838913

Title:
  Single-step exceptions incorrectly routed to EL1 when ELD is EL2 (TDE
  = 1) (qemu version 3.1)

Status in QEMU:
  New

Bug description:
  Hi,

  I've been encountering issues with QEMU 3.1 when trying to single-step
  EL1 code, with ELD = EL2 (MDCR_EL2.TDE = 1). I could test with latest
  commit in a few hours, if you want.

  EL1 is Aarch64.

  This happens as soon as MDSCR_EL1.SS is set to 1 and ERET is executed:

  - Single-step exceptions are routed to EL1

  Exception return from AArch64 EL2 to AArch64 EL1 PC 0x4000005c
  Taking exception 1 [Undefined Instruction]
  ...from EL1 to EL1
  ...with ESR 0x32/0xca000022
  ...with ELR 0x4000005c
  ...to EL1 PC 0x200 PSTATE 0x3c5

  EC 0x32 (0b110010) is Exception_SoftwareStepLowerEl.

  You can find enclosed minimal code (and resulting .elf) for
  reproduction.

  qemu-system-aarch64 -nographic -machine virt,virtualization=on -d
  unimp,int -cpu cortex-a57 -kernel test_hyp.elf

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1838913/+subscriptions

[Qemu-devel] [Bug 1838913] Re: Single-step exceptions incorrectly routed to EL1 when ELD is EL2 (TDE = 1) (qemu version 3.1)

[Peter Maydell]

Yes, we're directing single-step exceptions to the wrong EL. (I think
this is probably a hangover from the fact that we implemented singlestep
at about the same time or before we properly implemented EL2 support, so
we haven't shaken out all the "assumes debug EL is EL1" assumptions
still.)


** Changed in: qemu
       Status: New => In Progress

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1838913

Title:
  Single-step exceptions incorrectly routed to EL1 when ELD is EL2 (TDE
  = 1) (qemu version 3.1)

Status in QEMU:
  In Progress

Bug description:
  Hi,

  I've been encountering issues with QEMU 3.1 when trying to single-step
  EL1 code, with ELD = EL2 (MDCR_EL2.TDE = 1). I could test with latest
  commit in a few hours, if you want.

  EL1 is Aarch64.

  This happens as soon as MDSCR_EL1.SS is set to 1 and ERET is executed:

  - Single-step exceptions are routed to EL1

  Exception return from AArch64 EL2 to AArch64 EL1 PC 0x4000005c
  Taking exception 1 [Undefined Instruction]
  ...from EL1 to EL1
  ...with ESR 0x32/0xca000022
  ...with ELR 0x4000005c
  ...to EL1 PC 0x200 PSTATE 0x3c5

  EC 0x32 (0b110010) is Exception_SoftwareStepLowerEl.

  You can find enclosed minimal code (and resulting .elf) for
  reproduction.

  qemu-system-aarch64 -nographic -machine virt,virtualization=on -d
  unimp,int -cpu cortex-a57 -kernel test_hyp.elf

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1838913/+subscriptions

[Qemu-devel] [Bug 1838913] Re: Single-step exceptions incorrectly routed to EL1 when ELD is EL2 (TDE = 1) (qemu version 3.1)

[Peter Maydell]

I've just submitted this patchset:
https://patchew.org/QEMU/20190805130952.4415-1-peter.maydell@linaro.org/

which I think should fix this bug. With those changes, the test image
takes a single-step exception to EL2, and then (because there's no code
at the exception entry point) takes a series of EL2-to-EL2 undef
exceptions, which I think is expected and correct behaviour.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1838913

Title:
  Single-step exceptions incorrectly routed to EL1 when ELD is EL2 (TDE
  = 1) (qemu version 3.1)

Status in QEMU:
  In Progress

Bug description:
  Hi,

  I've been encountering issues with QEMU 3.1 when trying to single-step
  EL1 code, with ELD = EL2 (MDCR_EL2.TDE = 1). I could test with latest
  commit in a few hours, if you want.

  EL1 is Aarch64.

  This happens as soon as MDSCR_EL1.SS is set to 1 and ERET is executed:

  - Single-step exceptions are routed to EL1

  Exception return from AArch64 EL2 to AArch64 EL1 PC 0x4000005c
  Taking exception 1 [Undefined Instruction]
  ...from EL1 to EL1
  ...with ESR 0x32/0xca000022
  ...with ELR 0x4000005c
  ...to EL1 PC 0x200 PSTATE 0x3c5

  EC 0x32 (0b110010) is Exception_SoftwareStepLowerEl.

  You can find enclosed minimal code (and resulting .elf) for
  reproduction.

  qemu-system-aarch64 -nographic -machine virt,virtualization=on -d
  unimp,int -cpu cortex-a57 -kernel test_hyp.elf

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1838913/+subscriptions

[Qemu-devel] [Bug 1838913] Re: Single-step exceptions incorrectly routed to EL1 when ELD is EL2 (TDE = 1) (qemu version 3.1)

[Elouan Appéré]

Thanks for the patch!

I tested it with more complex code, it seems to work fine (and fixes the
bug), e.g. with an infinite loop of 2 instructions:

Single-step exeception ELR = 0x0000000060100000, ISV = 1, EX = 0
Single-step exeception ELR = 0x0000000060100004, ISV = 1, EX = 0
(and so on)

(I haven't been able to test load-exclusive instructions yet but I don't
see why it would fail for EL2 specifically, anyway)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1838913

Title:
  Single-step exceptions incorrectly routed to EL1 when ELD is EL2 (TDE
  = 1) (qemu version 3.1)

Status in QEMU:
  In Progress

Bug description:
  Hi,

  I've been encountering issues with QEMU 3.1 when trying to single-step
  EL1 code, with ELD = EL2 (MDCR_EL2.TDE = 1). I could test with latest
  commit in a few hours, if you want.

  EL1 is Aarch64.

  This happens as soon as MDSCR_EL1.SS is set to 1 and ERET is executed:

  - Single-step exceptions are routed to EL1

  Exception return from AArch64 EL2 to AArch64 EL1 PC 0x4000005c
  Taking exception 1 [Undefined Instruction]
  ...from EL1 to EL1
  ...with ESR 0x32/0xca000022
  ...with ELR 0x4000005c
  ...to EL1 PC 0x200 PSTATE 0x3c5

  EC 0x32 (0b110010) is Exception_SoftwareStepLowerEl.

  You can find enclosed minimal code (and resulting .elf) for
  reproduction.

  qemu-system-aarch64 -nographic -machine virt,virtualization=on -d
  unimp,int -cpu cortex-a57 -kernel test_hyp.elf

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1838913/+subscriptions

[Qemu-devel] [Bug 1838913] Re: Single-step exceptions incorrectly routed to EL1 when ELD is EL2 (TDE = 1) (qemu version 3.1)

[Alex Bennée]

** Tags added: arm tcg testcase

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1838913

Title:
  Single-step exceptions incorrectly routed to EL1 when ELD is EL2 (TDE
  = 1) (qemu version 3.1)

Status in QEMU:
  In Progress

Bug description:
  Hi,

  I've been encountering issues with QEMU 3.1 when trying to single-step
  EL1 code, with ELD = EL2 (MDCR_EL2.TDE = 1). I could test with latest
  commit in a few hours, if you want.

  EL1 is Aarch64.

  This happens as soon as MDSCR_EL1.SS is set to 1 and ERET is executed:

  - Single-step exceptions are routed to EL1

  Exception return from AArch64 EL2 to AArch64 EL1 PC 0x4000005c
  Taking exception 1 [Undefined Instruction]
  ...from EL1 to EL1
  ...with ESR 0x32/0xca000022
  ...with ELR 0x4000005c
  ...to EL1 PC 0x200 PSTATE 0x3c5

  EC 0x32 (0b110010) is Exception_SoftwareStepLowerEl.

  You can find enclosed minimal code (and resulting .elf) for
  reproduction.

  qemu-system-aarch64 -nographic -machine virt,virtualization=on -d
  unimp,int -cpu cortex-a57 -kernel test_hyp.elf

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1838913/+subscriptions

[Bug 1838913] Re: Single-step exceptions incorrectly routed to EL1 when ELD is EL2 (TDE = 1) (qemu version 3.1)

[Peter Maydell]

This is fixed in master by commit 8bd587c1066f445 which will be in the
4.2 release.


** Changed in: qemu
       Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1838913

Title:
  Single-step exceptions incorrectly routed to EL1 when ELD is EL2 (TDE
  = 1) (qemu version 3.1)

Status in QEMU:
  Fix Committed

Bug description:
  Hi,

  I've been encountering issues with QEMU 3.1 when trying to single-step
  EL1 code, with ELD = EL2 (MDCR_EL2.TDE = 1). I could test with latest
  commit in a few hours, if you want.

  EL1 is Aarch64.

  This happens as soon as MDSCR_EL1.SS is set to 1 and ERET is executed:

  - Single-step exceptions are routed to EL1

  Exception return from AArch64 EL2 to AArch64 EL1 PC 0x4000005c
  Taking exception 1 [Undefined Instruction]
  ...from EL1 to EL1
  ...with ESR 0x32/0xca000022
  ...with ELR 0x4000005c
  ...to EL1 PC 0x200 PSTATE 0x3c5

  EC 0x32 (0b110010) is Exception_SoftwareStepLowerEl.

  You can find enclosed minimal code (and resulting .elf) for
  reproduction.

  qemu-system-aarch64 -nographic -machine virt,virtualization=on -d
  unimp,int -cpu cortex-a57 -kernel test_hyp.elf

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1838913/+subscriptions

[Bug 1838913] Re: Single-step exceptions incorrectly routed to EL1 when ELD is EL2 (TDE = 1) (qemu version 3.1)

[Thomas Huth]

** Changed in: qemu
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1838913

Title:
  Single-step exceptions incorrectly routed to EL1 when ELD is EL2 (TDE
  = 1) (qemu version 3.1)

Status in QEMU:
  Fix Released

Bug description:
  Hi,

  I've been encountering issues with QEMU 3.1 when trying to single-step
  EL1 code, with ELD = EL2 (MDCR_EL2.TDE = 1). I could test with latest
  commit in a few hours, if you want.

  EL1 is Aarch64.

  This happens as soon as MDSCR_EL1.SS is set to 1 and ERET is executed:

  - Single-step exceptions are routed to EL1

  Exception return from AArch64 EL2 to AArch64 EL1 PC 0x4000005c
  Taking exception 1 [Undefined Instruction]
  ...from EL1 to EL1
  ...with ESR 0x32/0xca000022
  ...with ELR 0x4000005c
  ...to EL1 PC 0x200 PSTATE 0x3c5

  EC 0x32 (0b110010) is Exception_SoftwareStepLowerEl.

  You can find enclosed minimal code (and resulting .elf) for
  reproduction.

  qemu-system-aarch64 -nographic -machine virt,virtualization=on -d
  unimp,int -cpu cortex-a57 -kernel test_hyp.elf

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1838913/+subscriptions