From: Jan Kiszka <jan.kis...@siemens.com> The issue fixed this way is visible so far only visible with the upcoming RPi4 kernel update but conceptually affects all GICv2 targets.
Signed-off-by: Jan Kiszka <jan.kis...@siemens.com> --- ...on-gicv2-Fix-byte-access-to-ITARGETR.patch | 52 +++++++++++++++++++ recipes-jailhouse/jailhouse/jailhouse_0.12.bb | 1 + 2 files changed, 53 insertions(+) create mode 100644 recipes-jailhouse/jailhouse/files/0002-arm-common-gicv2-Fix-byte-access-to-ITARGETR.patch diff --git a/recipes-jailhouse/jailhouse/files/0002-arm-common-gicv2-Fix-byte-access-to-ITARGETR.patch b/recipes-jailhouse/jailhouse/files/0002-arm-common-gicv2-Fix-byte-access-to-ITARGETR.patch new file mode 100644 index 0000000..8682f1b --- /dev/null +++ b/recipes-jailhouse/jailhouse/files/0002-arm-common-gicv2-Fix-byte-access-to-ITARGETR.patch @@ -0,0 +1,52 @@ +From 8e1aea00f77d1c1a4b2313255966b741c2f1fd93 Mon Sep 17 00:00:00 2001 +From: Jan Kiszka <jan.kis...@siemens.com> +Date: Sat, 29 Aug 2020 08:08:08 +0200 +Subject: [PATCH 2/2] arm-common: gicv2: Fix byte access to ITARGETR + +Byte-size write accesses overwrote all fields the issuing cell owned, +not only the target byte. And byte-size read accesses may have returned +the wrong value. This was broken since the beginning, just wasn't +stressed properly so far. Latest jailhouse-enabling/5.4-rpi revealed it +finally. + +Fixes: ee6b35ba9037 ("arm: GICv2: handle SPI routing") +Signed-off-by: Jan Kiszka <jan.kis...@siemens.com> +--- + hypervisor/arch/arm-common/gic-v2.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/hypervisor/arch/arm-common/gic-v2.c b/hypervisor/arch/arm-common/gic-v2.c +index 6a81f77b..b63b0fbc 100644 +--- a/hypervisor/arch/arm-common/gic-v2.c ++++ b/hypervisor/arch/arm-common/gic-v2.c +@@ -421,9 +421,8 @@ static enum mmio_result gicv2_handle_irq_target(struct mmio_access *mmio, + offset = irq % 4; + mmio->address &= ~0x3; + mmio->value <<= 8 * offset; +- mmio->size = 4; + +- for (n = 0; n < 4; n++) { ++ for (n = offset; n < mmio->size + offset; n++) { + if (irqchip_irq_in_cell(cell, irq_base + n)) + access_mask |= 0xff << (8 * n); + else +@@ -441,6 +440,8 @@ static enum mmio_result gicv2_handle_irq_target(struct mmio_access *mmio, + } + } + ++ mmio->size = 4; ++ + if (mmio->is_write) { + spin_lock(&dist_lock); + u32 itargetsr = +@@ -454,6 +455,7 @@ static enum mmio_result gicv2_handle_irq_target(struct mmio_access *mmio, + } else { + mmio_perform_access(gicd_base, mmio); + mmio->value &= access_mask; ++ mmio->value >>= 8 * offset; + } + + return MMIO_HANDLED; +-- +2.26.2 + diff --git a/recipes-jailhouse/jailhouse/jailhouse_0.12.bb b/recipes-jailhouse/jailhouse/jailhouse_0.12.bb index a87b6ea..67df3fa 100644 --- a/recipes-jailhouse/jailhouse/jailhouse_0.12.bb +++ b/recipes-jailhouse/jailhouse/jailhouse_0.12.bb @@ -17,6 +17,7 @@ SRC_URI += " \ file://0002-configs-arm64-Add-inmate-demo-for-pine64-plus-board.patch \ file://0003-configs-arm64-Add-Linux-demo-for-pine64-plus.patch \ file://0001-inmates-x86-Add-LED-blinking-support-to-apic-demo.patch \ + file://0002-arm-common-gicv2-Fix-byte-access-to-ITARGETR.patch \ " SRCREV = "92db71f257fabd3c08fa4b99498fa61a41ea831d" -- 2.26.2 -- You received this message because you are subscribed to the Google Groups "Jailhouse" group. To unsubscribe from this group and stop receiving emails from it, send an email to jailhouse-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jailhouse-dev/c52407ae4a03855062c9c195d00aa50110127194.1598871229.git.jan.kiszka%40siemens.com.