QEMU

  1. Bug #1907137
  2. Comment #1

Comment 1 for bug 1907137

Revision history for this message
Peter Collingbourne (pcc-goog) wrote :

The workaround patch above is insufficient if I change userspace to set TCF0=1. With that I get a kernel panic:

[ 13.336255][ C0] Bad mode in Synchronous Abort handler detected on CPU0, code 0x92000011 -- DABT (lower EL)
[ 13.337437][ C0] CPU: 0 PID: 1 Comm: init Not tainted 5.10.0-rc7-mainline-00300-gf4328758abb6 #1
[ 13.338086][ C0] Hardware name: linux,dummy-virt (DT)
[ 13.338948][ C0] pstate: 20400005 (nzCv daif +PAN -UAO -TCO BTYPE=--)
[ 13.339951][ C0] pc : __arch_copy_from_user+0x1e4/0x340
[ 13.340483][ C0] lr : _copy_from_user+0xbc/0x564
[ 13.340930][ C0] sp : ffffffc01000bda0
[ 13.341385][ C0] x29: ffffffc01000bda0
[ 13.342295][ C0] x28: ffffff804011c100
[ 13.342951][ C0]
[ 13.343321][ C0] x27: 0000000000000000
[ 13.343759][ C0] x26: 0000000000000000
[ 13.344178][ C0]
[ 13.344513][ C0] x25: 0000000000000000
[ 13.344954][ C0] x24: 0000000000000000
[ 13.345382][ C0]
[ 13.345713][ C0] x23: 0300007e18aca850
[ 13.346153][ C0] x22: 0300007e18aca860
[ 13.346809][ C0]
[ 13.347144][ C0] x21: ffffff8043d1ef80
[ 13.347596][ C0] x20: 0300007e18aca850
[ 13.348023][ C0]
[ 13.348354][ C0] x19: ffffff8043295000
[ 13.348806][ C0] x18: ffffff8040103c38
[ 13.349232][ C0]
[ 13.349557][ C0] x17: 0000000004000000
[ 13.349998][ C0] x16: 0000007fffffffff
[ 13.350634][ C0]
[ 13.350965][ C0] x15: 0000007f9fed34f8
[ 13.351409][ C0] x14: 006d65747379730c
[ 13.351844][ C0]
[ 13.352167][ C0] x13: 00000000000001ed
[ 13.352610][ C0] x12: 0000000000000000
[ 13.353034][ C0]
[ 13.353358][ C0] x11: 0000000000000000
[ 13.353802][ C0] x10: 0000000000000000
[ 13.354232][ C0]
[ 13.354785][ C0] x9 : 006d65747379730c
[ 13.355236][ C0] x8 : 0000000000000000
[ 13.355673][ C0]
[ 13.355998][ C0] x7 : 0000000000000000
[ 13.356448][ C0] x6 : ffffff8043295040
[ 13.356874][ C0]
[ 13.357200][ C0] x5 : ffffff8043296000
[ 13.357646][ C0] x4 : 0000000000000000
[ 13.358077][ C0]
[ 13.358423][ C0] x3 : 0000000000000001
[ 13.359055][ C0] x2 : 0000000000000f80
[ 13.359497][ C0]
[ 13.359829][ C0] x1 : 0300007e18aca8c0
[ 13.360278][ C0] x0 : ffffff8043295000
[ 13.360705][ C0]
[ 13.362315][ C0] Kernel panic - not syncing: bad mode
[ 13.362377][ C0] CPU: 0 PID: 1 Comm: init Not tainted 5.10.0-rc7-mainline-00300-gf4328758abb6 #1
[ 13.362410][ C0] Hardware name: linux,dummy-virt (DT)
[ 13.362442][ C0] Call trace:
[ 13.362474][ C0] dump_backtrace+0x0/0x1e0
[ 13.362507][ C0] show_stack+0x1c/0x2c
[ 13.362539][ C0] dump_stack+0xd0/0x154
[ 13.362570][ C0] panic+0x158/0x370
[ 13.362602][ C0] bad_el0_sync+0x0/0x5c
[ 13.362634][ C0] el1_inv+0x3c/0x5c
[ 13.362666][ C0] el1_sync_handler+0x64/0x8c
[ 13.362698][ C0] el1_sync+0x84/0x140
[ 13.362730][ C0] __arch_copy_from_user+0x1e4/0x340
[ 13.362762][ C0] copy_mount_options+0x40/0x1d0
[ 13.362794][ C0] __arm64_sys_mount+0x84/0x13c
[ 13.362826][ C0] el0_svc_common+0xc0/0x1b4
[ 13.362858][ C0] do_el0_svc+0x20/0x30
[ 13.362890][ C0] el0_svc+0x14/0x24
[ 13.362922][ C0] el0_sync_handler+0x88/0xec
[ 13.362953][ C0] el0_sync+0x17c/0x180
[ 13.363547][ C0] Kernel Offset: 0x2abd800000 from 0xffffffc010000000
[ 13.363580][ C0] PHYS_OFFSET: 0x40000000
[ 13.363613][ C0] CPU features: 0x27e0152,6180a230
[ 13.363644][ C0] Memory Limit: none

It looks like the tag check fault coming from the LDTR is reported using the wrong EL.