From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [Qemu-devel] [PULL 03/10] hw/intc/arm_gicv3: Fix secure-GIC NS ICC_PMR and ICC_RPR accesses
Date: Fri, 23 Mar 2018 18:49:51 +0000 [thread overview]
Message-ID: <20180323184958.14252-4-peter.maydell@linaro.org> (raw)
In-Reply-To: <20180323184958.14252-1-peter.maydell@linaro.org>
If the GIC has the security extension support enabled, then a
non-secure access to ICC_PMR must take account of the non-secure
view of interrupt priorities, where real priorities 0x00..0x7f
are secure-only and not visible to the non-secure guest, and
priorities 0x80..0xff are shown to the guest as if they were
0x00..0xff. We had the logic here wrong:
* on reads, the priority is in the secure range if bit 7
is clear, not if it is set
* on writes, we want to set bit 7, not mask everything else
Our ICC_RPR read code had the same error as ICC_PMR.
(Compare the GICv3 spec pseudocode functions ICC_RPR_EL1
and ICC_PMR_EL1.)
Fixes: https://bugs.launchpad.net/qemu/+bug/1748434
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Message-id: 20180315133441.24149-1-peter.maydell@linaro.org
---
hw/intc/arm_gicv3_cpuif.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/hw/intc/arm_gicv3_cpuif.c b/hw/intc/arm_gicv3_cpuif.c
index 5cbafaf497..26f5eeda94 100644
--- a/hw/intc/arm_gicv3_cpuif.c
+++ b/hw/intc/arm_gicv3_cpuif.c
@@ -836,7 +836,7 @@ static uint64_t icc_pmr_read(CPUARMState *env, const ARMCPRegInfo *ri)
/* NS access and Group 0 is inaccessible to NS: return the
* NS view of the current priority
*/
- if (value & 0x80) {
+ if ((value & 0x80) == 0) {
/* Secure priorities not visible to NS */
value = 0;
} else if (value != 0xff) {
@@ -871,7 +871,7 @@ static void icc_pmr_write(CPUARMState *env, const ARMCPRegInfo *ri,
/* Current PMR in the secure range, don't allow NS to change it */
return;
}
- value = (value >> 1) & 0x80;
+ value = (value >> 1) | 0x80;
}
cs->icc_pmr_el1 = value;
gicv3_cpuif_update(cs);
@@ -1609,7 +1609,7 @@ static uint64_t icc_rpr_read(CPUARMState *env, const ARMCPRegInfo *ri)
if (arm_feature(env, ARM_FEATURE_EL3) &&
!arm_is_secure(env) && (env->cp15.scr_el3 & SCR_FIQ)) {
/* NS GIC access and Group 0 is inaccessible to NS */
- if (prio & 0x80) {
+ if ((prio & 0x80) == 0) {
/* NS mustn't see priorities in the Secure half of the range */
prio = 0;
} else if (prio != 0xff) {
--
2.16.2
next prev parent reply other threads:[~2018-03-23 18:50 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-23 18:49 [Qemu-devel] [PULL 00/10] target-arm queue Peter Maydell
2018-03-23 18:49 ` [Qemu-devel] [PULL 01/10] arm/translate-a64: treat DISAS_UPDATE as variant of DISAS_EXIT Peter Maydell
2018-03-23 18:49 ` [Qemu-devel] [PULL 02/10] sdhci: fix incorrect use of Error * Peter Maydell
2018-03-23 18:49 ` Peter Maydell [this message]
2018-03-23 18:49 ` [Qemu-devel] [PULL 04/10] hw/arm/bcm2836: Use the Cortex-A7 instead of Cortex-A15 Peter Maydell
2018-03-23 18:49 ` [Qemu-devel] [PULL 05/10] i.MX: Support serial RS-232 break properly Peter Maydell
2018-03-23 18:49 ` [Qemu-devel] [PULL 06/10] mach-virt: Set VM's SMBIOS system version to mc->name Peter Maydell
2018-03-23 18:49 ` [Qemu-devel] [PULL 07/10] target/arm: Honour MDCR_EL2.TDE when routing exceptions due to BKPT/BRK Peter Maydell
2018-03-23 18:49 ` [Qemu-devel] [PULL 08/10] target/arm: Factor out code to calculate FSR for debug exceptions Peter Maydell
2018-03-23 18:49 ` [Qemu-devel] [PULL 09/10] target/arm: Set FSR for BKPT, BRK when raising exception Peter Maydell
2018-03-23 18:49 ` [Qemu-devel] [PULL 10/10] target/arm: Always set FAR to a known unknown value for debug exceptions Peter Maydell
2018-03-23 21:45 ` [Qemu-devel] [PULL 00/10] target-arm queue no-reply
2018-03-25 15:04 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180323184958.14252-4-peter.maydell@linaro.org \
--to=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.