All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] target/arm: Fix qemu-system-arm handling of LPAE block descriptors for highmem
@ 2022-06-27 13:46 Peter Maydell
  2022-06-27 13:48 ` Peter Maydell
  2022-06-27 22:53 ` Richard Henderson
  0 siblings, 2 replies; 3+ messages in thread
From: Peter Maydell @ 2022-06-27 13:46 UTC (permalink / raw)
  To: qemu-arm, qemu-devel; +Cc: Richard Henderson, He Zhe

In commit 39a1fd25287f5d we fixed a bug in the handling of LPAE block
descriptors where we weren't correctly zeroing out some RES0 bits.
However this fix has a bug because the calculation of the mask is
done at the wrong width: in
  descaddr &= ~(page_size - 1);
page_size is a target_ulong, so in the 'qemu-system-arm' binary it is
only 32 bits, and the effect is that we always zero out the top 32
bits of the calculated address.  Fix the calculation by forcing the
mask to be calculated with the same type as descaddr.

This only affects 32-bit CPUs which support LPAE (e.g. cortex-a15)
when used on board models which put RAM or devices above the 4GB
mark and when the 'qemu-system-arm' executable is being used.
It was also masked in 7.0 by the main bug reported in
https://gitlab.com/qemu-project/qemu/-/issues/1078 where the
virt board incorrectly does not enable 'highmem' for 32-bit CPUs.

The workaround is to use 'qemu-system-aarch64' with the same
command line.

Reported-by: He Zhe <zhe.he@windriver.com>
Fixes: 39a1fd25287f5de
("target/arm: Fix handling of LPAE block descriptors")
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/ptw.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index da478104f05..e71fc1f4293 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1257,7 +1257,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
          * clear the lower bits here before ORing in the low vaddr bits.
          */
         page_size = (1ULL << ((stride * (4 - level)) + 3));
-        descaddr &= ~(page_size - 1);
+        descaddr &= ~(hwaddr)(page_size - 1);
         descaddr |= (address & (page_size - 1));
         /* Extract attributes from the descriptor */
         attrs = extract64(descriptor, 2, 10)
-- 
2.25.1



^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] target/arm: Fix qemu-system-arm handling of LPAE block descriptors for highmem
  2022-06-27 13:46 [PATCH] target/arm: Fix qemu-system-arm handling of LPAE block descriptors for highmem Peter Maydell
@ 2022-06-27 13:48 ` Peter Maydell
  2022-06-27 22:53 ` Richard Henderson
  1 sibling, 0 replies; 3+ messages in thread
From: Peter Maydell @ 2022-06-27 13:48 UTC (permalink / raw)
  To: qemu-arm, qemu-devel; +Cc: Richard Henderson, He Zhe, qemu-stable

...forgot to actually cc qemu-stable. (I'm still not sure if
that's important to the stable-branch process...)

-- PMM

On Mon, 27 Jun 2022 at 14:46, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> In commit 39a1fd25287f5d we fixed a bug in the handling of LPAE block
> descriptors where we weren't correctly zeroing out some RES0 bits.
> However this fix has a bug because the calculation of the mask is
> done at the wrong width: in
>   descaddr &= ~(page_size - 1);
> page_size is a target_ulong, so in the 'qemu-system-arm' binary it is
> only 32 bits, and the effect is that we always zero out the top 32
> bits of the calculated address.  Fix the calculation by forcing the
> mask to be calculated with the same type as descaddr.
>
> This only affects 32-bit CPUs which support LPAE (e.g. cortex-a15)
> when used on board models which put RAM or devices above the 4GB
> mark and when the 'qemu-system-arm' executable is being used.
> It was also masked in 7.0 by the main bug reported in
> https://gitlab.com/qemu-project/qemu/-/issues/1078 where the
> virt board incorrectly does not enable 'highmem' for 32-bit CPUs.
>
> The workaround is to use 'qemu-system-aarch64' with the same
> command line.
>
> Reported-by: He Zhe <zhe.he@windriver.com>
> Fixes: 39a1fd25287f5de
> ("target/arm: Fix handling of LPAE block descriptors")
> Cc: qemu-stable@nongnu.org
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>  target/arm/ptw.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/target/arm/ptw.c b/target/arm/ptw.c
> index da478104f05..e71fc1f4293 100644
> --- a/target/arm/ptw.c
> +++ b/target/arm/ptw.c
> @@ -1257,7 +1257,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
>           * clear the lower bits here before ORing in the low vaddr bits.
>           */
>          page_size = (1ULL << ((stride * (4 - level)) + 3));
> -        descaddr &= ~(page_size - 1);
> +        descaddr &= ~(hwaddr)(page_size - 1);
>          descaddr |= (address & (page_size - 1));
>          /* Extract attributes from the descriptor */
>          attrs = extract64(descriptor, 2, 10)
> --
> 2.25.1
>


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] target/arm: Fix qemu-system-arm handling of LPAE block descriptors for highmem
  2022-06-27 13:46 [PATCH] target/arm: Fix qemu-system-arm handling of LPAE block descriptors for highmem Peter Maydell
  2022-06-27 13:48 ` Peter Maydell
@ 2022-06-27 22:53 ` Richard Henderson
  1 sibling, 0 replies; 3+ messages in thread
From: Richard Henderson @ 2022-06-27 22:53 UTC (permalink / raw)
  To: Peter Maydell, qemu-arm, qemu-devel; +Cc: He Zhe

On 6/27/22 19:16, Peter Maydell wrote:
> In commit 39a1fd25287f5d we fixed a bug in the handling of LPAE block
> descriptors where we weren't correctly zeroing out some RES0 bits.
> However this fix has a bug because the calculation of the mask is
> done at the wrong width: in
>    descaddr &= ~(page_size - 1);
> page_size is a target_ulong, so in the 'qemu-system-arm' binary it is
> only 32 bits, and the effect is that we always zero out the top 32
> bits of the calculated address.  Fix the calculation by forcing the
> mask to be calculated with the same type as descaddr.
> 
> This only affects 32-bit CPUs which support LPAE (e.g. cortex-a15)
> when used on board models which put RAM or devices above the 4GB
> mark and when the 'qemu-system-arm' executable is being used.
> It was also masked in 7.0 by the main bug reported in
> https://gitlab.com/qemu-project/qemu/-/issues/1078 where the
> virt board incorrectly does not enable 'highmem' for 32-bit CPUs.
> 
> The workaround is to use 'qemu-system-aarch64' with the same
> command line.
> 
> Reported-by: He Zhe <zhe.he@windriver.com>
> Fixes: 39a1fd25287f5de
> ("target/arm: Fix handling of LPAE block descriptors")
> Cc: qemu-stable@nongnu.org
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>   target/arm/ptw.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/target/arm/ptw.c b/target/arm/ptw.c
> index da478104f05..e71fc1f4293 100644
> --- a/target/arm/ptw.c
> +++ b/target/arm/ptw.c
> @@ -1257,7 +1257,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
>            * clear the lower bits here before ORing in the low vaddr bits.
>            */
>           page_size = (1ULL << ((stride * (4 - level)) + 3));
> -        descaddr &= ~(page_size - 1);
> +        descaddr &= ~(hwaddr)(page_size - 1);
>           descaddr |= (address & (page_size - 1));
>           /* Extract attributes from the descriptor */
>           attrs = extract64(descriptor, 2, 10)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~


^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-06-27 22:55 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-27 13:46 [PATCH] target/arm: Fix qemu-system-arm handling of LPAE block descriptors for highmem Peter Maydell
2022-06-27 13:48 ` Peter Maydell
2022-06-27 22:53 ` Richard Henderson

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.