Sorry, I need to correct my previous post:
If I set DBGWVR0_EL1 = 1<<23 // ie. 0x00800000 and DBGWCR0_EL1 = 0x17<<24 | 0xFF<<5 | 0b11<<3 | 0b11<<1 | 0b1<<0 // ie. MASK = 23 = 0b10111 and then access memory [0x0080007F] I get a watchpoint exception. (ie. watchpoints ARE working/enabled) But if I access [0x00800080] I *don’t* get an exception. **If the MASK field gets set to 0b0111 instead of 0b10111 then only the bottom 7 bits of the address get masked (instead of 23) and the masked address isn’t 0x00800000, and the exception won’t be triggered.** (if I *attempt* to set the MASK to 0b11111, but it actually gets set to 0b01111, then I get the behaviour quoted below). > On 24. Apr 2022, at 13:40, Chris Howard <cvz...@web.de> wrote: > > Hi, I’m new to qemu (and even bug-reporting) so apologies in advance… > > The MASK field in DBGWCRx_EL1 is **5** bits wide [28:24]. > > In target/arm/kvm64.c I found the line: > > wp.wcr = deposit32(wp.wcr, 24, 4, bits); // ie **4** bits > instead of **5** > > > If it’s not copying (or calculating?) the number of bits correctly this would > explain the behaviour I’m seeing: > > If I set > > DBGWVR0_EL1 = 0x00800000 > > and > > DBGWCR0_EL1 = 0x1F<<24 | 0xFF<<5 | 0b11<<3 | 0b11<<1 | 0b1<<0 > > and then access memory [0x00807FFF] I get a watchpoint exception. (ie. > watchpoints ARE working/enabled) > > But if I access [0x008080000] I *don’t* get an exception. > > **If the MASK field gets set to 0b1111 instead of 0b11111 then only the > bottom 15 bits of the address get masked (instead of 31) and the masked > address isn’t 0x00800000, and the exception won’t be triggered.** > > > Unfortunately, changing the 4 to a 5 and recompiling had no effect :-( > > I may well have misunderstood something. :-/ > > —Chris