From: Jan Kiszka <jan.kis...@siemens.com>
The issue fixed this way is visible so far only visible with the
upcoming RPi4 kernel update but conceptually affects all GICv2 targets.
Signed-off-by: Jan Kiszka <jan.kis...@siemens.com>
---
...on-gicv2-Fix-byte-access-to-ITARGETR.patch | 52 +++++++++++++++++++
recipes-jailhouse/jailhouse/jailhouse_0.12.bb | 1 +
2 files changed, 53 insertions(+)
create mode 100644
recipes-jailhouse/jailhouse/files/0002-arm-common-gicv2-Fix-byte-access-to-ITARGETR.patch
diff --git
a/recipes-jailhouse/jailhouse/files/0002-arm-common-gicv2-Fix-byte-access-to-ITARGETR.patch
b/recipes-jailhouse/jailhouse/files/0002-arm-common-gicv2-Fix-byte-access-to-ITARGETR.patch
new file mode 100644
index 0000000..8682f1b
--- /dev/null
+++
b/recipes-jailhouse/jailhouse/files/0002-arm-common-gicv2-Fix-byte-access-to-ITARGETR.patch
@@ -0,0 +1,52 @@
+From 8e1aea00f77d1c1a4b2313255966b741c2f1fd93 Mon Sep 17 00:00:00 2001
+From: Jan Kiszka <jan.kis...@siemens.com>
+Date: Sat, 29 Aug 2020 08:08:08 +0200
+Subject: [PATCH 2/2] arm-common: gicv2: Fix byte access to ITARGETR
+
+Byte-size write accesses overwrote all fields the issuing cell owned,
+not only the target byte. And byte-size read accesses may have returned
+the wrong value. This was broken since the beginning, just wasn't
+stressed properly so far. Latest jailhouse-enabling/5.4-rpi revealed it
+finally.
+
+Fixes: ee6b35ba9037 ("arm: GICv2: handle SPI routing")
+Signed-off-by: Jan Kiszka <jan.kis...@siemens.com>
+---
+ hypervisor/arch/arm-common/gic-v2.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/hypervisor/arch/arm-common/gic-v2.c
b/hypervisor/arch/arm-common/gic-v2.c
+index 6a81f77b..b63b0fbc 100644
+--- a/hypervisor/arch/arm-common/gic-v2.c
++++ b/hypervisor/arch/arm-common/gic-v2.c
+@@ -421,9 +421,8 @@ static enum mmio_result gicv2_handle_irq_target(struct
mmio_access *mmio,
+ offset = irq % 4;
+ mmio->address &= ~0x3;
+ mmio->value <<= 8 * offset;
+- mmio->size = 4;
+
+- for (n = 0; n < 4; n++) {
++ for (n = offset; n < mmio->size + offset; n++) {
+ if (irqchip_irq_in_cell(cell, irq_base + n))
+ access_mask |= 0xff << (8 * n);
+ else
+@@ -441,6 +440,8 @@ static enum mmio_result gicv2_handle_irq_target(struct
mmio_access *mmio,
+ }
+ }
+
++ mmio->size = 4;
++
+ if (mmio->is_write) {
+ spin_lock(&dist_lock);
+ u32 itargetsr =
+@@ -454,6 +455,7 @@ static enum mmio_result gicv2_handle_irq_target(struct
mmio_access *mmio,
+ } else {
+ mmio_perform_access(gicd_base, mmio);
+ mmio->value &= access_mask;
++ mmio->value >>= 8 * offset;
+ }
+
+ return MMIO_HANDLED;
+--
+2.26.2
+
diff --git a/recipes-jailhouse/jailhouse/jailhouse_0.12.bb
b/recipes-jailhouse/jailhouse/jailhouse_0.12.bb
index a87b6ea..67df3fa 100644
--- a/recipes-jailhouse/jailhouse/jailhouse_0.12.bb
+++ b/recipes-jailhouse/jailhouse/jailhouse_0.12.bb
@@ -17,6 +17,7 @@ SRC_URI += " \
file://0002-configs-arm64-Add-inmate-demo-for-pine64-plus-board.patch \
file://0003-configs-arm64-Add-Linux-demo-for-pine64-plus.patch \
file://0001-inmates-x86-Add-LED-blinking-support-to-apic-demo.patch \
+ file://0002-arm-common-gicv2-Fix-byte-access-to-ITARGETR.patch \
"
SRCREV = "92db71f257fabd3c08fa4b99498fa61a41ea831d"
--
2.26.2
--
You received this message because you are subscribed to the Google Groups
"Jailhouse" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jailhouse-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/jailhouse-dev/c52407ae4a03855062c9c195d00aa50110127194.1598871229.git.jan.kiszka%40siemens.com.
