[Bug 1867072] Re: ARM: tag bits cleared in FAR_EL1
Fixed here: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=38d931687fa1 ** Changed in: qemu Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1867072 Title: ARM: tag bits cleared in FAR_EL1 Status in QEMU: Fix Released Bug description: The ARM Architecture Reference Manual provides the following for FAR_EL1: "For a Data Abort or Watchpoint exception, if address tagging is enabled for the address accessed by the data access that caused the exception, then this field includes the tag." However, I have found that the tag bits in FAR_EL1 are always clear, even if the tag bits were set in the original access. I can reproduce the problem on both 4.1.1 and master (6e8a73e911f066527e775e04b98f31ebd19db600). To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1867072/+subscriptions
[Bug 1867072] Re: ARM: tag bits cleared in FAR_EL1
Fix now in master. ** Changed in: qemu Status: In Progress => Fix Committed -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1867072 Title: ARM: tag bits cleared in FAR_EL1 Status in QEMU: Fix Committed Bug description: The ARM Architecture Reference Manual provides the following for FAR_EL1: "For a Data Abort or Watchpoint exception, if address tagging is enabled for the address accessed by the data access that caused the exception, then this field includes the tag." However, I have found that the tag bits in FAR_EL1 are always clear, even if the tag bits were set in the original access. I can reproduce the problem on both 4.1.1 and master (6e8a73e911f066527e775e04b98f31ebd19db600). To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1867072/+subscriptions
[Bug 1867072] Re: ARM: tag bits cleared in FAR_EL1
With those two patches applied I can no longer reproduce the problem,
thanks!
For posterity, this is how I've been reproducing the problem:
1. Build a Linux kernel with this patch applied:
https://patchwork.kernel.org/patch/11435077/
2. Run this program under the kernel:
#include
#include
#include
void handler(int signo, siginfo_t *siginfo, void *context) {
uint32_t *begin = (uint32_t *)context;
uint32_t *end = ((uint32_t *)context) + (sizeof(ucontext_t)/4);
for (uint32_t *i = begin; i != end; ++i) {
printf("%08p %08x\n", i, *i);
}
_exit(0);
}
int main() {
struct sigaction sa;
sa.sa_sigaction = handler;
sa.sa_flags = SA_SIGINFO;
sigaction(SIGSEGV, , 0);
return *(int *)((1ULL << 56) + 0x123456);
}
I would expect this program's output to include something like the
following:
0xd5869bd0 46415201
0xd5869bd4 0010
0xd5869bd8 00123456
0xd5869bdc 0100
But the output that I was seeing with the bad qemu looked like this:
0xd5869bd0 46415201
0xd5869bd4 0010
0xd5869bd8 00123456
0xd5869bdc
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1867072
Title:
ARM: tag bits cleared in FAR_EL1
Status in QEMU:
In Progress
Bug description:
The ARM Architecture Reference Manual provides the following for
FAR_EL1:
"For a Data Abort or Watchpoint exception, if address tagging is
enabled for the address accessed by the data access that caused the
exception, then this field includes the tag."
However, I have found that the tag bits in FAR_EL1 are always clear,
even if the tag bits were set in the original access.
I can reproduce the problem on both 4.1.1 and master
(6e8a73e911f066527e775e04b98f31ebd19db600).
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1867072/+subscriptions
[Bug 1867072] Re: ARM: tag bits cleared in FAR_EL1
Ho hum, I must have been asleep last night. Peter only merged 7 of 9 patches. The final 2 were re-posted: https://patchew.org/QEMU/20200308012946.16303-1-richard.hender...@linaro.org/ which includes the critical change that affects FAR_ELx. -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1867072 Title: ARM: tag bits cleared in FAR_EL1 Status in QEMU: In Progress Bug description: The ARM Architecture Reference Manual provides the following for FAR_EL1: "For a Data Abort or Watchpoint exception, if address tagging is enabled for the address accessed by the data access that caused the exception, then this field includes the tag." However, I have found that the tag bits in FAR_EL1 are always clear, even if the tag bits were set in the original access. I can reproduce the problem on both 4.1.1 and master (6e8a73e911f066527e775e04b98f31ebd19db600). To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1867072/+subscriptions
[Bug 1867072] Re: ARM: tag bits cleared in FAR_EL1
As it happens, I posted some cleanups for this last week: https://patchew.org/QEMU/20200302175829.2183-1-richard.hender...@linaro.org/ Some of them have been queued to Peter's target-arm.next branch, but that hasn't made it to master yet. ** Changed in: qemu Status: New => In Progress ** Changed in: qemu Assignee: (unassigned) => Richard Henderson (rth) -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1867072 Title: ARM: tag bits cleared in FAR_EL1 Status in QEMU: In Progress Bug description: The ARM Architecture Reference Manual provides the following for FAR_EL1: "For a Data Abort or Watchpoint exception, if address tagging is enabled for the address accessed by the data access that caused the exception, then this field includes the tag." However, I have found that the tag bits in FAR_EL1 are always clear, even if the tag bits were set in the original access. I can reproduce the problem on both 4.1.1 and master (6e8a73e911f066527e775e04b98f31ebd19db600). To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1867072/+subscriptions
[Bug 1867072] Re: ARM: tag bits cleared in FAR_EL1
Actually, I take that back: Peter has merged my TBI patch set, and is included in 6e8a73e911f066. Do you have a test case? -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1867072 Title: ARM: tag bits cleared in FAR_EL1 Status in QEMU: In Progress Bug description: The ARM Architecture Reference Manual provides the following for FAR_EL1: "For a Data Abort or Watchpoint exception, if address tagging is enabled for the address accessed by the data access that caused the exception, then this field includes the tag." However, I have found that the tag bits in FAR_EL1 are always clear, even if the tag bits were set in the original access. I can reproduce the problem on both 4.1.1 and master (6e8a73e911f066527e775e04b98f31ebd19db600). To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1867072/+subscriptions
