From: Peter Maydell <[email protected]>
In do_ats_write() we try to assert that the cacheattrs from
get_phys_addr_for_at() are in the form we expect:
/*
* ATS operations only do S1 or S1+S2 translations, so we never
* have to deal with the ARMCacheAttrs format for S2 only.
*/
assert(!res.cacheattrs.is_s2_format);
However, the GetPhysAddrResult struct documents that its fields are
only valid when the page table walk succeeded. For a two stage page
table walk which fails during stage two, we will return early from
get_phys_addr_twostage() and depending on the fault type the
res.cacheattrs may have been initialized with the stage 2 cache attr
information in stage 2 format. In this case we will incorrectly
assert here.
Fix the assertion to not look at the res fields if the lookup failed.
Note for stable backports: the do_ats_write() function is in
target/arm/helper.c in older QEMU versions, but the change to the
assert line is the same.
Cc: [email protected]
Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3328
Fixes: 9f225e607f21 ("target/arm: Postpone interpretation of stage 2 descriptor
attribute bits")
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-id: [email protected]
(cherry picked from commit 84771c64a5ae0f28d4bacc3f85a1f852a70c6edc)
Signed-off-by: Michael Tokarev <[email protected]>
diff --git a/target/arm/helper.c b/target/arm/helper.c
index cd577e794f..e607f4a458 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -3507,8 +3507,9 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t
value,
/*
* ATS operations only do S1 or S1+S2 translations, so we never
* have to deal with the ARMCacheAttrs format for S2 only.
+ * (Note that res fields are only valid on ptw success.)
*/
- assert(!res.cacheattrs.is_s2_format);
+ assert(ret || !res.cacheattrs.is_s2_format);
if (ret) {
/*
--
2.47.3
