[PULL for-6.2 0/1] target-arm queue

[PULL for-6.2 0/1] target-arm queue

[Peter Maydell]

Last minute pullreq with one patch, fixing the GICv3 ICH_MISR_EL2.LRENP
calculation. I went back-and-forth on whether to put this in, but:
 * it's an effective regression from 6.1 (the bug itself has been
   present since before then, but it was previously masked by the
   other bug which we fixed in 9cee1efe92)
 * I just realized it could cause a screaming maintenance interrupt
   even for hypervisors like KVM that don't set LRENPIE

On the other hand this is very late and we haven't seen it be a
problem with any guest except Qualcomm's hypervisor. So if you want
to decide it's better not going in that's OK too.

Tested on the gitlab CI and with a local test of nested KVM.

-- PMM

The following changes since commit 7635eff97104242d618400e4b6746d0a5c97af82:

  Merge tag 'block-pull-request' of https://gitlab.com/stefanha/qemu into staging (2021-12-06 11:18:06 -0800)

are available in the Git repository at:

  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20211207

for you to fetch changes up to 2958e5150dfa297dd5a51fe57a29156b8744f07f:

  gicv3: fix ICH_MISR's LRENP computation (2021-12-07 15:30:08 +0000)

----------------------------------------------------------------
target-arm queue:
 * Fix calculation of ICH_MISR_EL2.LRENP to avoid incorrect generation
   of maintenance interrupts

----------------------------------------------------------------
Damien Hedde (1):
      gicv3: fix ICH_MISR's LRENP computation

 hw/intc/arm_gicv3_cpuif.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

[PULL 1/1] gicv3: fix ICH_MISR's LRENP computation

[Peter Maydell]

From: Damien Hedde <damien.hedde@greensocs.com>

According to the "Arm Generic Interrupt Controller Architecture
Specification GIC architecture version 3 and 4" (version G: page 345
for aarch64 or 509 for aarch32):
LRENP bit of ICH_MISR is set when ICH_HCR.LRENPIE==1 and
ICH_HCR.EOIcount is non-zero.

When only LRENPIE was set (and EOI count was zero), the LRENP bit was
wrongly set and MISR value was wrong.

As an additional consequence, if an hypervisor set ICH_HCR.LRENPIE,
the maintenance interrupt was constantly fired. It happens since patch
9cee1efe92 ("hw/intc: Set GIC maintenance interrupt level to only 0 or 1")
which fixed another bug about maintenance interrupt (most significant
bits of misr, including this one, were ignored in the interrupt trigger).

Fixes: 83f036fe3d ("hw/intc/arm_gicv3: Add accessors for ICH_ system registers")
Signed-off-by: Damien Hedde <damien.hedde@greensocs.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20211207094427.3473-1-damien.hedde@greensocs.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/intc/arm_gicv3_cpuif.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/intc/arm_gicv3_cpuif.c b/hw/intc/arm_gicv3_cpuif.c
index 7fba9314508..85fc369e550 100644
--- a/hw/intc/arm_gicv3_cpuif.c
+++ b/hw/intc/arm_gicv3_cpuif.c
@@ -351,7 +351,8 @@ static uint32_t maintenance_interrupt_state(GICv3CPUState *cs)
     /* Scan list registers and fill in the U, NP and EOI bits */
     eoi_maintenance_interrupt_state(cs, &value);
 
-    if (cs->ich_hcr_el2 & (ICH_HCR_EL2_LRENPIE | ICH_HCR_EL2_EOICOUNT_MASK)) {
+    if ((cs->ich_hcr_el2 & ICH_HCR_EL2_LRENPIE) &&
+        (cs->ich_hcr_el2 & ICH_HCR_EL2_EOICOUNT_MASK)) {
         value |= ICH_MISR_EL2_LRENP;
     }
 
-- 
2.25.1

Re: [PULL for-6.2 0/1] target-arm queue

[Richard Henderson]

On 12/7/21 9:25 AM, Peter Maydell wrote:
> Last minute pullreq with one patch, fixing the GICv3 ICH_MISR_EL2.LRENP
> calculation. I went back-and-forth on whether to put this in, but:
>   * it's an effective regression from 6.1 (the bug itself has been
>     present since before then, but it was previously masked by the
>     other bug which we fixed in 9cee1efe92)
>   * I just realized it could cause a screaming maintenance interrupt
>     even for hypervisors like KVM that don't set LRENPIE
> 
> On the other hand this is very late and we haven't seen it be a
> problem with any guest except Qualcomm's hypervisor. So if you want
> to decide it's better not going in that's OK too.
> 
> Tested on the gitlab CI and with a local test of nested KVM.
> 
> -- PMM
> 
> The following changes since commit 7635eff97104242d618400e4b6746d0a5c97af82:
> 
>    Merge tag 'block-pull-request' of https://gitlab.com/stefanha/qemu into staging (2021-12-06 11:18:06 -0800)
> 
> are available in the Git repository at:
> 
>    https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20211207
> 
> for you to fetch changes up to 2958e5150dfa297dd5a51fe57a29156b8744f07f:
> 
>    gicv3: fix ICH_MISR's LRENP computation (2021-12-07 15:30:08 +0000)
> 
> ----------------------------------------------------------------
> target-arm queue:
>   * Fix calculation of ICH_MISR_EL2.LRENP to avoid incorrect generation
>     of maintenance interrupts
> 
> ----------------------------------------------------------------
> Damien Hedde (1):
>        gicv3: fix ICH_MISR's LRENP computation
> 
>   hw/intc/arm_gicv3_cpuif.c | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)

Applied, thanks.

r~