summary refs log tree commit diff stats
path: root/results/classifier/105/instruction/1838913
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/105/instruction/1838913')
-rw-r--r--results/classifier/105/instruction/183891364
1 files changed, 64 insertions, 0 deletions
diff --git a/results/classifier/105/instruction/1838913 b/results/classifier/105/instruction/1838913
new file mode 100644
index 00000000..494d2f58
--- /dev/null
+++ b/results/classifier/105/instruction/1838913
@@ -0,0 +1,64 @@
+instruction: 0.644
+graphic: 0.625
+device: 0.590
+semantic: 0.587
+socket: 0.466
+mistranslation: 0.362
+other: 0.356
+vnc: 0.352
+network: 0.346
+assembly: 0.334
+boot: 0.312
+KVM: 0.219
+
+Single-step exceptions incorrectly routed to EL1 when ELD is EL2 (TDE = 1) (qemu version 3.1)
+
+Hi,
+
+I've been encountering issues with QEMU 3.1 when trying to single-step EL1 code, with ELD = EL2 (MDCR_EL2.TDE = 1). I could test with latest commit in a few hours, if you want.
+
+EL1 is Aarch64.
+
+These happen as soon as MDSCR_EL1.SS is set to 1 and ERET is executed:
+
+1) Single-step exceptions are generated even if they should not be (SPSR_EL2.SS = 0)
+
+2) Single-step exceptions are routed to EL1
+
+Exception return from AArch64 EL2 to AArch64 EL1 PC 0x4000005c
+Taking exception 1 [Undefined Instruction]
+...from EL1 to EL1
+...with ESR 0x32/0xca000022
+...with ELR 0x4000005c
+...to EL1 PC 0x200 PSTATE 0x3c5
+
+EC 0x32 (0b110010) is Exception_SoftwareStepLowerEl.
+
+You can find enclosed minimal code (and resulting .elf) for reproduction. 
+
+qemu-system-aarch64 -nographic -machine virt,virtualization=on -d unimp,int -cpu cortex-a57 -kernel test_hyp.elf
+
+
+
+Yes, we're directing single-step exceptions to the wrong EL. (I think this is probably a hangover from the fact that we implemented singlestep at about the same time or before we properly implemented EL2 support, so we haven't shaken out all the "assumes debug EL is EL1" assumptions still.)
+
+
+I've just submitted this patchset:
+https://<email address hidden>/
+
+which I think should fix this bug. With those changes, the test image takes a single-step exception to EL2, and then (because there's no code at the exception entry point) takes a series of EL2-to-EL2 undef exceptions, which I think is expected and correct behaviour.
+
+
+Thanks for the patch!
+
+I tested it with more complex code, it seems to work fine (and fixes the bug), e.g. with an infinite loop of 2 instructions:
+
+Single-step exeception ELR = 0x0000000060100000, ISV = 1, EX = 0
+Single-step exeception ELR = 0x0000000060100004, ISV = 1, EX = 0
+(and so on)
+
+(I haven't been able to test load-exclusive instructions yet but I don't see why it would fail for EL2 specifically, anyway)
+
+This is fixed in master by commit 8bd587c1066f445 which will be in the 4.2 release.
+
+