QEMU

AArch64 emulation ignores SPSel=0 when taking (or returning from) an exception at EL1 or greater

Bug #1349277 reported by T McIntosh
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
QEMU
Fix Released
Undecided
Unassigned
qemu (Ubuntu)
Fix Released
Medium
Chris J Arges

Bug Description

The AArch64 emulation ignores SPSel=0 when:

(1) taking an interrupt from an exception level greater than EL0 (e.g., EL1t),

(2) returning from an exception (via ERET) to an exception level greater than EL0 (e.g., EL1t), with SPSR_ELx[SPSel]=0.

The attached patch fixes the problem in my application.

Background:

I'm running a standalone application (toy OS) that is performing preemptive multithreading between threads running at EL1t, with exception handling / context switching occurring at EL1h. This bug causes the stack pointer to be corrupted in the threads running at EL1t (they end up with a version of the EL1h stack pointer (SP_EL1)).

Occurs in:
 qemu-2.1.0-rc1 (found in)
 commit c60a57ff497667780132a3fcdc1500c83af5d5c0 (current master)

Tags: patch
Revision history for this message
T McIntosh (tkmcintosh) wrote :
Revision history for this message
Edgar E. Iglesias (edgar-iglesias) wrote : Re: [Qemu-devel] [Bug 1349277] [NEW] AArch64 emulation ignores SPSel=0 when taking (or returning from) an exception at EL1 or greater

On Mon, Jul 28, 2014 at 07:40:56AM -0000, T McIntosh wrote:
> Public bug reported:
>
> The AArch64 emulation ignores SPSel=0 when:
>
> (1) taking an interrupt from an exception level greater than EL0 (e.g.,
> EL1t),
>
> (2) returning from an exception (via ERET) to an exception level greater
> than EL0 (e.g., EL1t), with SPSR_ELx[SPSel]=0.
>
> The attached patch fixes the problem in my application.

Hi,

Patches 1-3 in the following series fix the this problem.
http://lists.gnu.org/archive/html/qemu-devel/2014-06/msg03675.html

Cheers,
Edgar

Chris J Arges (arges)
Changed in qemu (Ubuntu):
assignee: nobody → Chris J Arges (arges)
status: New → In Progress
importance: Undecided → Medium
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "Proposed fix" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Revision history for this message
Chris J Arges (arges) wrote :

Uploaded fixed package for Vivid: https://launchpad.net/ubuntu/+source/qemu/2.1+dfsg-7ubuntu3

Please let me know if this fixes the issue.

Changed in qemu (Ubuntu):
status: In Progress → Fix Committed
Peter Maydell (pmaydell)
Changed in qemu:
status: New → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package qemu - 2.1+dfsg-7ubuntu3

---------------
qemu (2.1+dfsg-7ubuntu3) vivid; urgency=medium

  * d/p/target-arm-A64-Break-out-aarch64_save-restore_sp.patch
    d/p/target-arm-A64-Respect-SPSEL-in-ERET-SP-restore.patch
    d/p/target-arm-A64-Respect-SPSEL-when-taking-exceptions.patch:
    Cherry-pick of upstream patches in order to fix AArch64 emulation ignoring
    SPSel=0 in certain conditions. (LP: #1349277)
 -- Chris J Arges <email address hidden> Thu, 04 Dec 2014 14:17:01 -0600

Changed in qemu (Ubuntu):
status: Fix Committed → Fix Released
Thomas Huth (th-huth)
Changed in qemu:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.