All of lore.kernel.org
 help / color / mirror / Atom feed
* [Qemu-devel] [Bug 749522] [NEW] qemu-system-arm reads wrong entry in L1 page table for cortex-a8
@ 2011-04-03 17:10 Anup Patel
  2011-04-06 11:32 ` [Qemu-devel] [Bug 749522] " Peter Maydell
  2011-12-15 19:12 ` Peter Maydell
  0 siblings, 2 replies; 3+ messages in thread
From: Anup Patel @ 2011-04-03 17:10 UTC (permalink / raw)
  To: qemu-devel

Public bug reported:

target-arm/helper.c:920
[current] table |= (address >> 18) & 0x3ffc
[fix] table |= (address >> 20) & 0xfff

** Affects: qemu
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/749522

Title:
  qemu-system-arm reads wrong entry in L1 page table for cortex-a8

Status in QEMU:
  New

Bug description:
  target-arm/helper.c:920
  [current] table |= (address >> 18) & 0x3ffc
  [fix] table |= (address >> 20) & 0xfff

^ permalink raw reply	[flat|nested] 3+ messages in thread
* [Qemu-devel] [Bug 749522] Re: qemu-system-arm reads wrong entry in L1 page table for cortex-a8
  2011-04-03 17:10 [Qemu-devel] [Bug 749522] [NEW] qemu-system-arm reads wrong entry in L1 page table for cortex-a8 Anup Patel
@ 2011-04-06 11:32 ` Peter Maydell
  2011-12-15 19:12 ` Peter Maydell
  1 sibling, 0 replies; 3+ messages in thread
From: Peter Maydell @ 2011-04-06 11:32 UTC (permalink / raw)
  To: qemu-devel

Why do you think this is wrong? The ARM ARM says that the physical
address of the first level page table descriptor is (ignoring TTBCR.N)
the concatenation of bits [31..14] of the TTBR with bits [31..20] of the
MVA and two zero bits. In this code 'table' is initially the [31..14]
bits of the TTBR, and we move bits 31..20 of 'address' into bits [13..2]
with the shift by 18 and mask. If we weren't correctly calculating the
first level page table descriptor address then I don't think anything
that used the MMU would work...

(We do seem to not quite be getting the effect of TTBCR.N right, though:
if N > 0 then although we correctly take more bits from TTBR0 (by
adjusting c2_base_mask) we aren't masking out the high bits [31..32-N]
of the MVA. But that's a different problem.)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/749522

Title:
  qemu-system-arm reads wrong entry in L1 page table for cortex-a8

Status in QEMU:
  New

Bug description:
  target-arm/helper.c:920
  [current] table |= (address >> 18) & 0x3ffc
  [fix] table |= (address >> 20) & 0xfff

^ permalink raw reply	[flat|nested] 3+ messages in thread
* [Qemu-devel] [Bug 749522] Re: qemu-system-arm reads wrong entry in L1 page table for cortex-a8
  2011-04-03 17:10 [Qemu-devel] [Bug 749522] [NEW] qemu-system-arm reads wrong entry in L1 page table for cortex-a8 Anup Patel
  2011-04-06 11:32 ` [Qemu-devel] [Bug 749522] " Peter Maydell
@ 2011-12-15 19:12 ` Peter Maydell
  1 sibling, 0 replies; 3+ messages in thread
From: Peter Maydell @ 2011-12-15 19:12 UTC (permalink / raw)
  To: qemu-devel

"(We do seem to not quite be getting the effect of TTBCR.N right,
though: if N > 0 then although we correctly take more bits from TTBR0
(by adjusting c2_base_mask) we aren't masking out the high bits
[31..32-N] of the MVA. But that's a different problem.)"

Looking more closely, I was wrong here. In the case where N>0 and we're
using TTBR0 then we are guaranteed that [31..32-N] of the MVA are zero,
because that is exactly the condition that controls using TTBR0 rather
than TTBR1. So the code as it stands is correct.

"Why do you think this is wrong?"

Since the bug submitter never replied to this, and the code is as far as
I can tell correct both in theory and in practice, I'm going to resolve
this bug as invalid.


** Changed in: qemu
       Status: New => Invalid

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/749522

Title:
  qemu-system-arm reads wrong entry in L1 page table for cortex-a8

Status in QEMU:
  Invalid

Bug description:
  target-arm/helper.c:920
  [current] table |= (address >> 18) & 0x3ffc
  [fix] table |= (address >> 20) & 0xfff

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/749522/+subscriptions

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-12-15 19:20 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-04-03 17:10 [Qemu-devel] [Bug 749522] [NEW] qemu-system-arm reads wrong entry in L1 page table for cortex-a8 Anup Patel
2011-04-06 11:32 ` [Qemu-devel] [Bug 749522] " Peter Maydell
2011-12-15 19:12 ` Peter Maydell

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.