[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 03/10] hw/intc/arm_gicv3: Fix secure-GIC NS ICC_PMR a
From: |
Peter Maydell |
Subject: |
[Qemu-devel] [PULL 03/10] hw/intc/arm_gicv3: Fix secure-GIC NS ICC_PMR and ICC_RPR accesses |
Date: |
Fri, 23 Mar 2018 18:49:51 +0000 |
If the GIC has the security extension support enabled, then a
non-secure access to ICC_PMR must take account of the non-secure
view of interrupt priorities, where real priorities 0x00..0x7f
are secure-only and not visible to the non-secure guest, and
priorities 0x80..0xff are shown to the guest as if they were
0x00..0xff. We had the logic here wrong:
* on reads, the priority is in the secure range if bit 7
is clear, not if it is set
* on writes, we want to set bit 7, not mask everything else
Our ICC_RPR read code had the same error as ICC_PMR.
(Compare the GICv3 spec pseudocode functions ICC_RPR_EL1
and ICC_PMR_EL1.)
Fixes: https://bugs.launchpad.net/qemu/+bug/1748434
Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Andrew Jones <address@hidden>
Message-id: address@hidden
---
hw/intc/arm_gicv3_cpuif.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/hw/intc/arm_gicv3_cpuif.c b/hw/intc/arm_gicv3_cpuif.c
index 5cbafaf497..26f5eeda94 100644
--- a/hw/intc/arm_gicv3_cpuif.c
+++ b/hw/intc/arm_gicv3_cpuif.c
@@ -836,7 +836,7 @@ static uint64_t icc_pmr_read(CPUARMState *env, const
ARMCPRegInfo *ri)
/* NS access and Group 0 is inaccessible to NS: return the
* NS view of the current priority
*/
- if (value & 0x80) {
+ if ((value & 0x80) == 0) {
/* Secure priorities not visible to NS */
value = 0;
} else if (value != 0xff) {
@@ -871,7 +871,7 @@ static void icc_pmr_write(CPUARMState *env, const
ARMCPRegInfo *ri,
/* Current PMR in the secure range, don't allow NS to change it */
return;
}
- value = (value >> 1) & 0x80;
+ value = (value >> 1) | 0x80;
}
cs->icc_pmr_el1 = value;
gicv3_cpuif_update(cs);
@@ -1609,7 +1609,7 @@ static uint64_t icc_rpr_read(CPUARMState *env, const
ARMCPRegInfo *ri)
if (arm_feature(env, ARM_FEATURE_EL3) &&
!arm_is_secure(env) && (env->cp15.scr_el3 & SCR_FIQ)) {
/* NS GIC access and Group 0 is inaccessible to NS */
- if (prio & 0x80) {
+ if ((prio & 0x80) == 0) {
/* NS mustn't see priorities in the Secure half of the range */
prio = 0;
} else if (prio != 0xff) {
--
2.16.2
- [Qemu-devel] [PULL 00/10] target-arm queue, Peter Maydell, 2018/03/23
- [Qemu-devel] [PULL 02/10] sdhci: fix incorrect use of Error *, Peter Maydell, 2018/03/23
- [Qemu-devel] [PULL 03/10] hw/intc/arm_gicv3: Fix secure-GIC NS ICC_PMR and ICC_RPR accesses,
Peter Maydell <=
- [Qemu-devel] [PULL 04/10] hw/arm/bcm2836: Use the Cortex-A7 instead of Cortex-A15, Peter Maydell, 2018/03/23
- [Qemu-devel] [PULL 05/10] i.MX: Support serial RS-232 break properly, Peter Maydell, 2018/03/23
- [Qemu-devel] [PULL 07/10] target/arm: Honour MDCR_EL2.TDE when routing exceptions due to BKPT/BRK, Peter Maydell, 2018/03/23
- [Qemu-devel] [PULL 01/10] arm/translate-a64: treat DISAS_UPDATE as variant of DISAS_EXIT, Peter Maydell, 2018/03/23
- [Qemu-devel] [PULL 10/10] target/arm: Always set FAR to a known unknown value for debug exceptions, Peter Maydell, 2018/03/23
- [Qemu-devel] [PULL 08/10] target/arm: Factor out code to calculate FSR for debug exceptions, Peter Maydell, 2018/03/23
- [Qemu-devel] [PULL 06/10] mach-virt: Set VM's SMBIOS system version to mc->name, Peter Maydell, 2018/03/23
- [Qemu-devel] [PULL 09/10] target/arm: Set FSR for BKPT, BRK when raising exception, Peter Maydell, 2018/03/23
- Re: [Qemu-devel] [PULL 00/10] target-arm queue, no-reply, 2018/03/23
- Re: [Qemu-devel] [PULL 00/10] target-arm queue, Peter Maydell, 2018/03/25