qemu-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] 9ed866: target/arm: Fix CNTPOFF_EL2 trap to m

From: Peter Maydell
Subject: [Qemu-commits] [qemu/qemu] 9ed866: target/arm: Fix CNTPOFF_EL2 trap to missing EL3
Date: Tue, 09 Apr 2024 01:47:47 -0700 
  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: 9ed866e10f196d588580ed8a701d278abd8372ee
      
https://github.com/qemu/qemu/commit/9ed866e10f196d588580ed8a701d278abd8372ee
  Author: Pierre-Clément Tosi <ptosi@google.com>
  Date:   2024-04-05 (Fri, 05 Apr 2024)

  Changed paths:
    M target/arm/helper.c

  Log Message:
  -----------
  target/arm: Fix CNTPOFF_EL2 trap to missing EL3

EL2 accesses to CNTPOFF_EL2 should only ever trap to EL3 if EL3 is
present, as described by the reference manual (for MRS):

  /* ... */
  elsif PSTATE.EL == EL2 then
      if Halted() && HaveEL(EL3) && /*...*/ then
          UNDEFINED;
      elsif HaveEL(EL3) && SCR_EL3.ECVEn == '0' then
          /* ... */
      else
          X[t, 64] = CNTPOFF_EL2;

However, the existing implementation of gt_cntpoff_access() always
returns CP_ACCESS_TRAP_EL3 for EL2 accesses with SCR_EL3.ECVEn unset. In
pseudo-code terminology, this corresponds to assuming that HaveEL(EL3)
is always true, which is wrong. As a result, QEMU panics in
access_check_cp_reg() when started without EL3 and running EL2 code
accessing the register (e.g. any recent KVM booting a guest).

Therefore, add the HaveEL(EL3) check to gt_cntpoff_access().

Fixes: 2808d3b38a52 ("target/arm: Implement FEAT_ECV CNTPOFF_EL2 handling")
Signed-off-by: Pierre-Clément Tosi <ptosi@google.com>
Message-id: m3al6amhdkmsiy2f62w72ufth6dzn45xg5cz6xljceyibphnf4@ezmmpwk4tnhl
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


  Commit: 7afbdada7effbc2b97281bfbce0c6df351a3cf88
      
https://github.com/qemu/qemu/commit/7afbdada7effbc2b97281bfbce0c6df351a3cf88
  Author: Wei Wang <wei.w.wang@intel.com>
  Date:   2024-04-07 (Sun, 07 Apr 2024)

  Changed paths:
    M migration/savevm.c

  Log Message:
  -----------
  migration/postcopy: ensure preempt channel is ready before loading states

Before loading the guest states, ensure that the preempt channel has been
ready to use, as some of the states (e.g. via virtio_load) might trigger
page faults that will be handled through the preempt channel. So yield to
the main thread in the case that the channel create event hasn't been
dispatched.

Cc: qemu-stable <qemu-stable@nongnu.org>
Fixes: 9358982744 ("migration: Send requested page directly in rp-return 
thread")
Originally-by: Lei Wang <lei4.wang@intel.com>
Link: 
https://lore.kernel.org/all/9aa5d1be-7801-40dd-83fd-f7e041ced249@intel.com/T/
Signed-off-by: Lei Wang <lei4.wang@intel.com>
Signed-off-by: Wei Wang <wei.w.wang@intel.com>
Link: https://lore.kernel.org/r/20240405034056.23933-1-wei.w.wang@intel.com
[peterx: add a todo section, add Fixes and copy stable for 8.0+]
Signed-off-by: Peter Xu <peterx@redhat.com>


  Commit: 8e0b21e375f0f6e6dbaeaecc1d52e2220f163e40
      
https://github.com/qemu/qemu/commit/8e0b21e375f0f6e6dbaeaecc1d52e2220f163e40
  Author: Avihai Horon <avihaih@nvidia.com>
  Date:   2024-04-07 (Sun, 07 Apr 2024)

  Changed paths:
    M MAINTAINERS

  Log Message:
  -----------
  MAINTAINERS: Adjust migration documentation files

Commit 8cb2f8b172e7 ("docs/migration: Create migration/ directory")
changed migration documentation file structure but forgot to update the
entries in the MAINTAINERS file.

Commit 4c6f8a79ae53 ("docs/migration: Split 'dirty limit'") extracted
dirty limit documentation to a new file without updating dirty limit
section in MAINTAINERS file.

Fix the above.

Fixes: 8cb2f8b172e7 ("docs/migration: Create migration/ directory")
Fixes: 4c6f8a79ae53 ("docs/migration: Split 'dirty limit'")
Signed-off-by: Avihai Horon <avihaih@nvidia.com>
Link: https://lore.kernel.org/r/20240407081125.13951-1-avihaih@nvidia.com
Signed-off-by: Peter Xu <peterx@redhat.com>


  Commit: 19b254e86a900dc5ee332e3ac0baf9c521301abf
      
https://github.com/qemu/qemu/commit/19b254e86a900dc5ee332e3ac0baf9c521301abf
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2024-04-08 (Mon, 08 Apr 2024)

  Changed paths:
    M target/arm/helper.c

  Log Message:
  -----------
  target/arm: Use correct SecuritySpace for AArch64 AT ops at EL3

When we do an AT address translation operation, the page table walk
is supposed to be performed in the context of the EL we're doing the
walk for, so for instance an AT S1E2R walk is done for EL2.  In the
pseudocode an EL is passed to AArch64.AT(), which calls
SecurityStateAtEL() to find the security state that we should be
doing the walk with.

In ats_write64() we get this wrong, instead using the current
security space always.  This is fine for AT operations performed from
EL1 and EL2, because there the current security state and the
security state for the lower EL are the same.  But for AT operations
performed from EL3, the current security state is always either
Secure or Root, whereas we want to use the security state defined by
SCR_EL3.{NS,NSE} for the walk. This affects not just guests using
FEAT_RME but also ones where EL3 is Secure state and the EL3 code
is trying to do an AT for a NonSecure EL2 or EL1.

Use arm_security_space_below_el3() to get the SecuritySpace to
pass to do_ats_write() for all AT operations except the
AT S1E3* operations.

Cc: qemu-stable@nongnu.org
Fixes: e1ee56ec2383 ("target/arm: Pass security space rather than flag for AT 
instructions")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2250
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240405180232.3570066-1-peter.maydell@linaro.org


  Commit: d276a51d1835d40fb19733f394f5de32cd89b5be
      
https://github.com/qemu/qemu/commit/d276a51d1835d40fb19733f394f5de32cd89b5be
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2024-04-08 (Mon, 08 Apr 2024)

  Changed paths:
    M MAINTAINERS
    M migration/savevm.c

  Log Message:
  -----------
  Merge tag 'migration-20240407-pull-request' of https://gitlab.com/peterx/qemu 
into staging

Migration pull for 9.0-rc3

- Wei/Lei's fix on a rare postcopy race that can hang the channel (since 8.0)
- Avihai's fix on maintainers file, points to the right doc links

# -----BEGIN PGP SIGNATURE-----
#
# iIgEABYKADAWIQS5GE3CDMRX2s990ak7X8zN86vXBgUCZhLpJBIccGV0ZXJ4QHJl
# ZGhhdC5jb20ACgkQO1/MzfOr1wa87AEAhvXqJyLxYYdlQ5fqp4hVV6O/3N1vNHMu
# kT3d9tmM0jsBAJ5KxK176iGDp+ej5MEyYSm1gG7ivj3y3v3wlPnSmJMJ
# =T1lk
# -----END PGP SIGNATURE-----
# gpg: Signature made Sun 07 Apr 2024 19:42:44 BST
# gpg:                using EDDSA key B9184DC20CC457DACF7DD1A93B5FCCCDF3ABD706
# gpg:                issuer "peterx@redhat.com"
# gpg: Good signature from "Peter Xu <xzpeter@gmail.com>" [marginal]
# gpg:                 aka "Peter Xu <peterx@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: B918 4DC2 0CC4 57DA CF7D  D1A9 3B5F CCCD F3AB D706

* tag 'migration-20240407-pull-request' of https://gitlab.com/peterx/qemu:
  MAINTAINERS: Adjust migration documentation files
  migration/postcopy: ensure preempt channel is ready before loading states

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


  Commit: fa706e013dc0ad9cfcf6e69f42806c321afdbae2
      
https://github.com/qemu/qemu/commit/fa706e013dc0ad9cfcf6e69f42806c321afdbae2
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2024-04-08 (Mon, 08 Apr 2024)

  Changed paths:
    M target/arm/helper.c

  Log Message:
  -----------
  Merge tag 'pull-target-arm-20240408' of 
https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm:
 * Use correct SecuritySpace for AArch64 AT ops at EL3
 * Fix CNTPOFF_EL2 trap to missing EL3

# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmYUC2EZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3kyhD/9QQb8qrtd7Lan/ODI1PKuv
# gHl1MNCpf1qxfCzl/hL2+Ci2p220AL22EIBUBwzTXoIjidRKoqmUAkKvNk3xANI2
# ZiO1+NZIOqdVLbQGboJDbd4jEDuABPok6fOSyw1WCs9FvGFOWYswx1Eb/T9X31hz
# cSxakeW1cIQo0FNtVEGldUdKQLTxAw6pO/fuL/YleXq2Heiw6ktIe48LxQ0ufVLU
# 7ebpTWSbVeEqwKb4H1HixZ54a2in4NnsHQkkIxup7mPjH78l78WvQjEn1d4CDqJB
# /hzCV/tDrPzUYET7wYN5gHFYuMOOeDDcOn42Lj+qF+dyjMgg64qMMdZ46wxQKSdr
# KInSkcnKCsMWNN8fYFDrGcefuXmvFd81l368DczxCHOgTWZdnZj+M3yQQ85a6TER
# 5f9mmUOMLtvrogfxrlKJklo9P+FzHFp5luT3d8c8wXY46B5wkpS43tJGjZEyvHps
# 1cQnJN+Y3ys6VU7FfLO9Dl/qI4dR0xUhDvjqPEicuu79lTBPgFoQox7xSGVAk90y
# QKzz0eXV/ECy1kabMFDrZNINkg07KtNFKLrRgrHCPt4gdTO1Nu9UMWUTVjiNYSh4
# aEMy3xHCIKo315BvUsVVwpQLa98CYfLF/rw3J6ECaPTCYN7uCrlWyDEcDdbFfPXD
# xPbXgH7ocQoDn7Tj+KxfhQ==
# =WmlH
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 08 Apr 2024 16:21:05 BST
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" 
[ultimate]
# gpg:                 aka "Peter Maydell <peter@archaic.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* tag 'pull-target-arm-20240408' of 
https://git.linaro.org/people/pmaydell/qemu-arm:
  target/arm: Use correct SecuritySpace for AArch64 AT ops at EL3
  target/arm: Fix CNTPOFF_EL2 trap to missing EL3

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


Compare: https://github.com/qemu/qemu/compare/ce64e6224aff...fa706e013dc0

To unsubscribe from these emails, change your notification settings at 
https://github.com/qemu/qemu/settings/notifications
reply via email to
[Prev in Thread] Current Thread [Next in Thread]