From patchwork Thu May 23 15:34:33 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 798399 Delivered-To: patch@linaro.org Received: by 2002:a5d:6a47:0:b0:354:fb4b:99cd with SMTP id t7csp285208wrw; Thu, 23 May 2024 08:36:10 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWEhNGqDRHiCyTvbq4of1gs9zdijNRcIYT2xrs7sND0DJSBwHgpOTK8fwY2gaGc6BGxlAHsQDIrXdoPWTww7AB8 X-Google-Smtp-Source: AGHT+IFMoXJjq069Jb8UQ0hgM8hVw26+38f//o7n9aPSPc/wDxlvfKtguoGEomsSbizpg8sMX+80 X-Received: by 2002:a05:6820:1ad0:b0:5ac:5c78:390e with SMTP id 006d021491bc7-5b6a0e08226mr6163122eaf.2.1716478570005; Thu, 23 May 2024 08:36:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1716478569; cv=none; d=google.com; s=arc-20160816; b=H6YiYIEbut42RDB8ieO/TcuGYWu4hXdq+KplxDCAqJKYSWtVcs//JF88Tvi3M8E0NN ezvPSOPDNN9bDgsh70OShbCyFiChD0qzIZ1L5rn+DnwBBex7xH72LsTOpZxFfO6U23qW XuatmmM1j74rVOBWWV1S1I1suZ0fZjHAlNqAxMBZ4n63Z5sGIKa97rx0cl/pHA8fanty QIau6FSYrZtdKTRcvR0n0mkgX5P1fYAXQioKw86W4rSsRAJYf+VfSYsfzixExTKS+H1k FjIOKXlhMRiyiZnvmrtHpODi47nI0pdb4D4jnSPoSL7ebe4s2xTXrOM9ua8XugjKfSBE /6lw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:to:from :dkim-signature; bh=cix61aPqu8KvNLcJRTXQi8LmaQzXhkWR11FG/+cNvi0=; fh=PnYt+qEB9tAfMKoqBm2xjKOFpYyFFGPudh5cVIoieJM=; b=BettYmdAdMtMQwFQRKKqCxIvMqC7nwkBAsoqR8DRvHUWmyPnIooB1DGWKSHKqVlCXV h8ef8q1NPt2ms/+lSL0shOkz93OTsTWQR9B4J5nrwDK80+DJ1KeOVplmfrwkXPiDI6FJ RUj13HzOC7E9v99alUUURuwy/HK9B6KAF8+xjCztc6mDZ6YaUTUObHtxLHq8dE48j8cO 0W3yPHeip8zXfMg3ZZ69s0/FK/WgsQoP8QzthiQ9R48ZjdrEQITf3hWDJ9OusniOsjLQ N2+7gw5Hi38/8iV1VXQEfAZsANaoyY3XBntDyWu5eHiKNpaJYl/4VR4aQ2Faz+BgDvvR i0VA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ziknbGru; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id d75a77b69052e-43e122b90e4si25038951cf.170.2024.05.23.08.36.09 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 23 May 2024 08:36:09 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ziknbGru; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sAATU-0007l1-BQ; Thu, 23 May 2024 11:35:24 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sAATJ-0007kI-Na for qemu-devel@nongnu.org; Thu, 23 May 2024 11:35:13 -0400 Received: from mail-wr1-x432.google.com ([2a00:1450:4864:20::432]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sAATG-0002SE-VW for qemu-devel@nongnu.org; Thu, 23 May 2024 11:35:13 -0400 Received: by mail-wr1-x432.google.com with SMTP id ffacd0b85a97d-34d8d11a523so4396205f8f.2 for ; Thu, 23 May 2024 08:35:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1716478509; x=1717083309; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=cix61aPqu8KvNLcJRTXQi8LmaQzXhkWR11FG/+cNvi0=; b=ziknbGrukqmCc06aXFV4uOjnuZtEzOYh5dnflB4mWEyZEJeDYqYR0ya/lH5O6kJ8so hhqGfE0S8np11DXw1r0kLJJJRWlPniHtydkgdeNxVVKdyfyjMOjQfYSCQOuZu9YZ2D5x VBNXzG/eK14Pbwp0lKxoNhBjpHiSHy5/wBon6I4IRUSoHnx7jb6vWGQmTfkBGTo5BMDY JfNNYMLVFWMcHbTdjgby462f56KSKz0uoKRKbkUwYmdIxZIEpGXBp4Et31HCRwnh8KK8 3RLHfnezGD8DkdhKYPgD/aSk9UWxpojZopZbBoAobs/9xMjnDmq4FHiYWD0Gr1LA40j8 eJFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716478509; x=1717083309; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=cix61aPqu8KvNLcJRTXQi8LmaQzXhkWR11FG/+cNvi0=; b=w2f+vhVQoBLaxHkPjHJWyP1EcD+utt0xMLba67uK/m57Tze+inzFiYheOUUkh8mD7+ OW3XaUvnDoRvzYUmjGhoZqbZnDV0IGwsanytsHKswaiMi24huTvVgq0zfm+mhNo93yr0 BgplaMMX9uETsVG765K/pUjThit95xG/JHtEnJGysXfP6gWa04AmyxcCJmGKkwKVuuP/ BNe7cZy5wnJsul7Hglnq49ByilGqHjOYcfbt3zwZENP7gBJIrajiwiL535bkTMREcsF9 AUSgjy/100G/ah6RTb5iUQq8d5nT4bt5N/6Flx4mVzO4SQoZvzjVAsiIO8jaLNC0q8Xh /CZQ== X-Gm-Message-State: AOJu0Yxft+Fywjr+x7rLTL7AIM4XwSjBuw33agk/9kZLJ7Rvq6gaguov WdC7MtmszAs8NtYRqEs7fiZGcHad2yaIsTim5RwTwgw7KfNz210ruQaYqxBsB88lBK5V5WlGz2y N X-Received: by 2002:adf:f04c:0:b0:352:e4d5:5e12 with SMTP id ffacd0b85a97d-354d8cdd4d9mr4059736f8f.20.1716478509483; Thu, 23 May 2024 08:35:09 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-354df9b51f7sm3888255f8f.59.2024.05.23.08.35.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 May 2024 08:35:09 -0700 (PDT) From: Peter Maydell To: qemu-devel@nongnu.org Subject: [PULL 05/37] hw/intc/arm_gic: Fix handling of NS view of GICC_APR Date: Thu, 23 May 2024 16:34:33 +0100 Message-Id: <20240523153505.2900433-6-peter.maydell@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240523153505.2900433-1-peter.maydell@linaro.org> References: <20240523153505.2900433-1-peter.maydell@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::432; envelope-from=peter.maydell@linaro.org; helo=mail-wr1-x432.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Andrey Shumilin In gic_cpu_read() and gic_cpu_write(), we delegate the handling of reading and writing the Non-Secure view of the GICC_APR registers to functions gic_apr_ns_view() and gic_apr_write_ns_view(). Unfortunately we got the order of the arguments wrong, swapping the CPU number and the register number (which the compiler doesn't catch because they're both integers). Most guests probably didn't notice this bug because directly accessing the APR registers is typically something only done by firmware when it is doing state save for going into a sleep mode. Correct the mismatched call arguments. Found by Linux Verification Center (linuxtesting.org) with SVACE. Cc: qemu-stable@nongnu.org Fixes: 51fd06e0ee ("hw/intc/arm_gic: Fix handling of GICC_APR, GICC_NSAPR registers") Signed-off-by: Andrey Shumilin [PMM: Rewrote commit message] Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Alex Bennée --- hw/intc/arm_gic.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c index 074cf50af25..e4b8437f8b8 100644 --- a/hw/intc/arm_gic.c +++ b/hw/intc/arm_gic.c @@ -1658,7 +1658,7 @@ static MemTxResult gic_cpu_read(GICState *s, int cpu, int offset, *data = s->h_apr[gic_get_vcpu_real_id(cpu)]; } else if (gic_cpu_ns_access(s, cpu, attrs)) { /* NS view of GICC_APR is the top half of GIC_NSAPR */ - *data = gic_apr_ns_view(s, regno, cpu); + *data = gic_apr_ns_view(s, cpu, regno); } else { *data = s->apr[regno][cpu]; } @@ -1746,7 +1746,7 @@ static MemTxResult gic_cpu_write(GICState *s, int cpu, int offset, s->h_apr[gic_get_vcpu_real_id(cpu)] = value; } else if (gic_cpu_ns_access(s, cpu, attrs)) { /* NS view of GICC_APR is the top half of GIC_NSAPR */ - gic_apr_write_ns_view(s, regno, cpu, value); + gic_apr_write_ns_view(s, cpu, regno, value); } else { s->apr[regno][cpu] = value; }