Qemu 3.1 Aarch64 TLBI VAE1, x0
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| QEMU |
Expired
|
Undecided
|
Unassigned | ||
Bug Description
Hello,
In my code I'm trying to remove some permissions to a 4KiB MMU descriptor. After that I invalidate the MMU with
TLBI VAE1, x0
where x0 is the start of the address of the 4 KiB page.
In Qemu 2.12 this did not work, but I worked around it with:
/* invalidate the address */
TLBI VAE1, x0
/**
/**
/* NOTE: THIS IS A TRICK FOR QEMU!!!!!!!!!!!! */
/* Apparently we have to change the TTBR0_EL1 when we change a descriptor (especially to remove permissions) */
/* Otherwise qemu (2.12) will continue with the same descriptor with permissions! **/
/***
/***
/* do a trick (in qemu) */
mrs x1 , TTBR0_EL1
ldr x2 , =kernelTable0Table
msr TTBR0_EL1 , x2
isb
msr TTBR0_EL1 , x1
/* return from function */
ret
That is, I just replaced the TTBR0_EL1 with a temporary value, and then restored it. (guess qemu 2.12 just needed to reload the values again).
However, even this procedure is not working with qemu 3.1. (I just tested again with qemu 2.12 and the code works fine, with qemu 3.1 it does not).
Thanks,
Pharos team
| Peter Maydell (pmaydell) wrote | #1 |
| Peter Maydell (pmaydell) wrote | #2 |
| Changed in qemu: | |
| status: | New → Incomplete |
| Launchpad Janitor (janitor) wrote | #3 |
| Changed in qemu: | |
| status: | Incomplete → Expired |
Could you provide a test binary (and the QEMU command line to run it) that demonstrates the bug, please?