From 8bd587c1066f4456ddfe611b571d9439a947d74c Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 15 Aug 2019 09:46:42 +0100 Subject: target/arm: Fix routing of singlestep exceptions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When generating an architectural single-step exception we were routing it to the "default exception level", which is to say the same exception level we execute at except that EL0 exceptions go to EL1. This is incorrect because the debug exception level can be configured by the guest for situations such as single stepping of EL0 and EL1 code by EL2. We have to track the target debug exception level in the TB flags, because it is dependent on CPU state like HCR_EL2.TGE and MDCR_EL2.TDE. (That we were previously calling the arm_debug_target_el() function to determine dc->ss_same_el is itself a bug, though one that would only have manifested as incorrect syndrome information.) Since we are out of TB flag bits unless we want to expand into the cs_base field, we share some bits with the M-profile only HANDLER and STACKCHECK bits, since only A-profile has this singlestep. Fixes: https://bugs.launchpad.net/qemu/+bug/1838913 Signed-off-by: Peter Maydell Reviewed-by: Alex Bennée Tested-by: Alex Bennée Message-id: 20190805130952.4415-3-peter.maydell@linaro.org --- target/arm/helper.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'target/arm/helper.c') diff --git a/target/arm/helper.c b/target/arm/helper.c index b74c23a9bc..24806c16ca 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -11170,6 +11170,12 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc, } } + if (!arm_feature(env, ARM_FEATURE_M)) { + int target_el = arm_debug_target_el(env); + + flags = FIELD_DP32(flags, TBFLAG_ANY, DEBUG_TARGET_EL, target_el); + } + *pflags = flags; *cs_base = 0; } -- cgit v1.2.3 From 7b351d98709d3f77d6bb18562e1bf228862b0d57 Mon Sep 17 00:00:00 2001 From: Andrew Jones Date: Fri, 2 Aug 2019 14:25:30 +0200 Subject: target/arm/helper: zcr: Add build bug next to value range assumption The current implementation of ZCR_ELx matches the architecture, only implementing the lower four bits, with the rest RAZ/WI. This puts a strict limit on ARM_MAX_VQ of 16. Make sure we don't let ARM_MAX_VQ grow without a corresponding update here. Suggested-by: Dave Martin Signed-off-by: Andrew Jones Reviewed-by: Richard Henderson Reviewed-by: Eric Auger Signed-off-by: Peter Maydell --- target/arm/helper.c | 1 + 1 file changed, 1 insertion(+) (limited to 'target/arm/helper.c') diff --git a/target/arm/helper.c b/target/arm/helper.c index 24806c16ca..2fd504ea7a 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -5300,6 +5300,7 @@ static void zcr_write(CPUARMState *env, const ARMCPRegInfo *ri, int new_len; /* Bits other than [3:0] are RAZ/WI. */ + QEMU_BUILD_BUG_ON(ARM_MAX_VQ > 16); raw_write(env, ri, value & 0xf); /* -- cgit v1.2.3