Message ID | 20240208153346.970021-1-peter.maydell@linaro.org |
---|---|
State | Superseded |
Headers | show |
Series | target/arm: Don't get MDCR_EL2 in pmu_counter_enabled() before checking ARM_FEATURE_PMU | expand |
On 8/2/24 16:33, Peter Maydell wrote: > It doesn't make sense to read the value of MDCR_EL2 on a non-A-profile > CPU, and in fact if you try to do it we will assert: > > #6 0x00007ffff4b95e96 in __GI___assert_fail > (assertion=0x5555565a8c70 "!arm_feature(env, ARM_FEATURE_M)", file=0x5555565a6e5c "../../target/arm/helper.c", line=12600, function=0x5555565a9560 <__PRETTY_FUNCTION__.0> "arm_security_space_below_el3") at ./assert/assert.c:101 > #7 0x0000555555ebf412 in arm_security_space_below_el3 (env=0x555557bc8190) at ../../target/arm/helper.c:12600 > #8 0x0000555555ea6f89 in arm_is_el2_enabled (env=0x555557bc8190) at ../../target/arm/cpu.h:2595 > #9 0x0000555555ea942f in arm_mdcr_el2_eff (env=0x555557bc8190) at ../../target/arm/internals.h:1512 > > We might call pmu_counter_enabled() on an M-profile CPU (for example > from the migration pre/post hooks in machine.c); this should always > return false because these CPUs don't set ARM_FEATURE_PMU. > > Avoid the assertion by not calling arm_mdcr_el2_eff() before we > have done the early return for "PMU not present". > > This fixes an assertion failure if you try to do a loadvm or > savevm for an M-profile board. > > Cc: qemu-stable@nongnu.org > Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2155 > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> > --- > target/arm/helper.c | 12 ++++++++++-- > 1 file changed, 10 insertions(+), 2 deletions(-) Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
On 2/8/24 05:33, Peter Maydell wrote: > It doesn't make sense to read the value of MDCR_EL2 on a non-A-profile > CPU, and in fact if you try to do it we will assert: > > #6 0x00007ffff4b95e96 in __GI___assert_fail > (assertion=0x5555565a8c70 "!arm_feature(env, ARM_FEATURE_M)", > file=0x5555565a6e5c "../../target/arm/helper.c", line=12600, > function=0x5555565a9560 <__PRETTY_FUNCTION__.0> > "arm_security_space_below_el3") at ./assert/assert.c:101 > #7 0x0000555555ebf412 in arm_security_space_below_el3 > (env=0x555557bc8190) at ../../target/arm/helper.c:12600 > #8 0x0000555555ea6f89 in arm_is_el2_enabled (env=0x555557bc8190) at > ../../target/arm/cpu.h:2595 > #9 0x0000555555ea942f in arm_mdcr_el2_eff (env=0x555557bc8190) at > ../../target/arm/internals.h:1512 > > We might call pmu_counter_enabled() on an M-profile CPU (for example > from the migration pre/post hooks in machine.c); this should always > return false because these CPUs don't set ARM_FEATURE_PMU. > > Avoid the assertion by not calling arm_mdcr_el2_eff() before we > have done the early return for "PMU not present". > > This fixes an assertion failure if you try to do a loadvm or > savevm for an M-profile board. > > Cc:qemu-stable@nongnu.org > Resolves:https://gitlab.com/qemu-project/qemu/-/issues/2155 > Signed-off-by: Peter Maydell<peter.maydell@linaro.org> > --- > target/arm/helper.c | 12 ++++++++++-- > 1 file changed, 10 insertions(+), 2 deletions(-) Reviewed-by: Richard Henderson <richard.henderson@linaro.org> r~
diff --git a/target/arm/helper.c b/target/arm/helper.c index 8c1ff16f0d9..7c531ee9cff 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -1187,13 +1187,21 @@ static bool pmu_counter_enabled(CPUARMState *env, uint8_t counter) bool enabled, prohibited = false, filtered; bool secure = arm_is_secure(env); int el = arm_current_el(env); - uint64_t mdcr_el2 = arm_mdcr_el2_eff(env); - uint8_t hpmn = mdcr_el2 & MDCR_HPMN; + uint64_t mdcr_el2; + uint8_t hpmn; + /* + * We might be called for M-profile cores where MDCR_EL2 doesn't + * exist and arm_mdcr_el2_eff() will assert, so this early-exit check + * must be before we read that value. + */ if (!arm_feature(env, ARM_FEATURE_PMU)) { return false; } + mdcr_el2 = arm_mdcr_el2_eff(env); + hpmn = mdcr_el2 & MDCR_HPMN; + if (!arm_feature(env, ARM_FEATURE_EL2) || (counter < hpmn || counter == 31)) { e = env->cp15.c9_pmcr & PMCRE;
It doesn't make sense to read the value of MDCR_EL2 on a non-A-profile CPU, and in fact if you try to do it we will assert: #6 0x00007ffff4b95e96 in __GI___assert_fail (assertion=0x5555565a8c70 "!arm_feature(env, ARM_FEATURE_M)", file=0x5555565a6e5c "../../target/arm/helper.c", line=12600, function=0x5555565a9560 <__PRETTY_FUNCTION__.0> "arm_security_space_below_el3") at ./assert/assert.c:101 #7 0x0000555555ebf412 in arm_security_space_below_el3 (env=0x555557bc8190) at ../../target/arm/helper.c:12600 #8 0x0000555555ea6f89 in arm_is_el2_enabled (env=0x555557bc8190) at ../../target/arm/cpu.h:2595 #9 0x0000555555ea942f in arm_mdcr_el2_eff (env=0x555557bc8190) at ../../target/arm/internals.h:1512 We might call pmu_counter_enabled() on an M-profile CPU (for example from the migration pre/post hooks in machine.c); this should always return false because these CPUs don't set ARM_FEATURE_PMU. Avoid the assertion by not calling arm_mdcr_el2_eff() before we have done the early return for "PMU not present". This fixes an assertion failure if you try to do a loadvm or savevm for an M-profile board. Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2155 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/helper.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-)