From patchwork Thu Mar 15 13:34:41 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Peter Maydell <peter.maydell@linaro.org>
X-Patchwork-Id: 131779
Delivered-To: patches@linaro.org
Received: by 10.46.84.17 with SMTP id i17csp1129415ljb;
 Thu, 15 Mar 2018 06:34:44 -0700 (PDT)
X-Google-Smtp-Source: AG47ELvU0t6XSxJpmFgljjC9LjDDukReU585hv5uxm2swtoQf6jDH5QqnOTQu377GIqBjnistXBs
X-Received: by 10.223.136.24 with SMTP id d24mr4413703wrd.127.1521120884018; 
 Thu, 15 Mar 2018 06:34:44 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1521120884; cv=none;
 d=google.com; s=arc-20160816;
 b=eU4bpM4l8xUYVsG09DQ5e6i29ycZJA9DZ8da9rJuwQ5tR8FO+ZcXn7FkIqEmzA2wmW
 GrLh7OWt12837kCQUr3dyGmBGEfn58jFOXmxUU/5dO/H85q35+dCwxNXsWj5dDTg3QGV
 Xij0uqMXmomoKGMDylGcUZ12pzPKIV7BVakRyLnupZwm1Mj/QOhJq2rAN3ofla9SJA8o
 SMrxl+x3nhrssaFMcTVd6BMBRPzJX9knpoISBQ6l05grmdnSTE9qrELNE7OMGVs3gnkK
 S/po4Du51YJW4BKbyZRiHLfCMgNA1TB7QMrO3NeWvcZHowJHx400xlh8RfDmX93QGfyc
 gONA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=message-id:date:subject:cc:to:from:arc-authentication-results;
 bh=jG2eMsuJH4GEGjLxOxgGT/DM6TpDjLW3BP9pGZs6YA0=;
 b=GTCPI6lr3ldrbP699BxU1ZSfrlP0rOo5x5uCJRkPYNEqk0PKQwP5HnFy0mMT7n6RfY
 Dwb1RSCfhZuwhTN5fqpW4FJodw2Qu8ZRP3zhWPpoeAw/rhJZtYAOMrtv0Z3HMW2swI/T
 78IzhQLndkx+7M8DvXasx0mXGV1BaqlzB5NR428mLViTYXU6ri/uZlce8SQvI7Vv5K1f
 9gbuDZ1lQO8ujehuGUWZsxuiiFXGmPF5VoXwKhuUV7Ft7LYDjR4egriIqP0HXvjlkfr9
 l08IaxZS1ojyNsAWZCl6dsxO4CeDk4hCZD10zxqdFRjtHij7wsVWYhp5vjXDEotyi89q
 vHTw==
ARC-Authentication-Results: i=1; mx.google.com;
 spf=pass (google.com: best guess record for domain of
 pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted
 sender) smtp.mailfrom=pm215@archaic.org.uk; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <pm215@archaic.org.uk>
Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2])
 by mx.google.com with ESMTPS id
 u33si3610860wrf.463.2018.03.15.06.34.43 for <patches@linaro.org>
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Thu, 15 Mar 2018 06:34:43 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
 pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted
 sender) client-ip=2001:8b0:1d0::2; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: best guess record for domain of
 pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted
 sender) smtp.mailfrom=pm215@archaic.org.uk; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89)
 (envelope-from <pm215@archaic.org.uk>)
 id 1ewT1m-0005Xh-ND; Thu, 15 Mar 2018 13:34:42 +0000
From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-arm@nongnu.org,
	qemu-devel@nongnu.org
Cc: patches@linaro.org
Subject: [PATCH for-2.12] hw/intc/arm_gicv3: Fix secure-GIC NS ICC_PMR and
 ICC_RPR accesses
Date: Thu, 15 Mar 2018 13:34:41 +0000
Message-Id: <20180315133441.24149-1-peter.maydell@linaro.org>
X-Mailer: git-send-email 2.16.2

If the GIC has the security extension support enabled, then a
non-secure access to ICC_PMR must take account of the non-secure
view of interrupt priorities, where real priorities 0..0x7f
are secure-only and not visible to the non-secure guest, and
priorities 0x80..0xff are shown to the guest as if they were
0x00..0xff. We had the logic here wrong:
 * on reads, the priority is in the secure range if bit 7
   is clear, not if it is set
 * on writes, we want to set bit 7, not mask everything else

Our ICC_RPR read code had the same error as ICC_PMR.

(Compare the GICv3 spec pseudocode functions ICC_RPR_EL1
and ICC_PMR_EL1.)

Fixes: https://bugs.launchpad.net/qemu/+bug/1748434
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/intc/arm_gicv3_cpuif.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

-- 
2.16.2
Reviewed-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

diff --git a/hw/intc/arm_gicv3_cpuif.c b/hw/intc/arm_gicv3_cpuif.c
index 5cbafaf497..26f5eeda94 100644
--- a/hw/intc/arm_gicv3_cpuif.c
+++ b/hw/intc/arm_gicv3_cpuif.c
@@ -836,7 +836,7 @@ static uint64_t icc_pmr_read(CPUARMState *env, const ARMCPRegInfo *ri)
         /* NS access and Group 0 is inaccessible to NS: return the
          * NS view of the current priority
          */
-        if (value & 0x80) {
+        if ((value & 0x80) == 0) {
             /* Secure priorities not visible to NS */
             value = 0;
         } else if (value != 0xff) {
@@ -871,7 +871,7 @@ static void icc_pmr_write(CPUARMState *env, const ARMCPRegInfo *ri,
             /* Current PMR in the secure range, don't allow NS to change it */
             return;
         }
-        value = (value >> 1) & 0x80;
+        value = (value >> 1) | 0x80;
     }
     cs->icc_pmr_el1 = value;
     gicv3_cpuif_update(cs);
@@ -1609,7 +1609,7 @@ static uint64_t icc_rpr_read(CPUARMState *env, const ARMCPRegInfo *ri)
     if (arm_feature(env, ARM_FEATURE_EL3) &&
         !arm_is_secure(env) && (env->cp15.scr_el3 & SCR_FIQ)) {
         /* NS GIC access and Group 0 is inaccessible to NS */
-        if (prio & 0x80) {
+        if ((prio & 0x80) == 0) {
             /* NS mustn't see priorities in the Secure half of the range */
             prio = 0;
         } else if (prio != 0xff) {