aboutsummaryrefslogtreecommitdiff
path: root/target
diff options
context:
space:
mode:
authorPierre-Clément Tosi <ptosi@google.com>2024-04-04 17:36:23 +0100
committerPeter Maydell <peter.maydell@linaro.org>2024-04-05 15:21:56 +0100
commit9ed866e10f196d588580ed8a701d278abd8372ee (patch)
tree66c57805384b8b1d1b14231281e42c4870268c3a /target
parentce64e6224affb8b4e4b019f76d2950270b391af5 (diff)
target/arm: Fix CNTPOFF_EL2 trap to missing EL3
EL2 accesses to CNTPOFF_EL2 should only ever trap to EL3 if EL3 is present, as described by the reference manual (for MRS): /* ... */ elsif PSTATE.EL == EL2 then if Halted() && HaveEL(EL3) && /*...*/ then UNDEFINED; elsif HaveEL(EL3) && SCR_EL3.ECVEn == '0' then /* ... */ else X[t, 64] = CNTPOFF_EL2; However, the existing implementation of gt_cntpoff_access() always returns CP_ACCESS_TRAP_EL3 for EL2 accesses with SCR_EL3.ECVEn unset. In pseudo-code terminology, this corresponds to assuming that HaveEL(EL3) is always true, which is wrong. As a result, QEMU panics in access_check_cp_reg() when started without EL3 and running EL2 code accessing the register (e.g. any recent KVM booting a guest). Therefore, add the HaveEL(EL3) check to gt_cntpoff_access(). Fixes: 2808d3b38a52 ("target/arm: Implement FEAT_ECV CNTPOFF_EL2 handling") Signed-off-by: Pierre-Clément Tosi <ptosi@google.com> Message-id: m3al6amhdkmsiy2f62w72ufth6dzn45xg5cz6xljceyibphnf4@ezmmpwk4tnhl Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'target')
-rw-r--r--target/arm/helper.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 3f3a5b55d4..13ad90cac1 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -3452,7 +3452,8 @@ static CPAccessResult gt_cntpoff_access(CPUARMState *env,
const ARMCPRegInfo *ri,
bool isread)
{
- if (arm_current_el(env) == 2 && !(env->cp15.scr_el3 & SCR_ECVEN)) {
+ if (arm_current_el(env) == 2 && arm_feature(env, ARM_FEATURE_EL3) &&
+ !(env->cp15.scr_el3 & SCR_ECVEN)) {
return CP_ACCESS_TRAP_EL3;
}
return CP_ACCESS_OK;