summary refs log tree commit diff stats
path: root/results/classifier/105/instruction/2226
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/105/instruction/2226')
-rw-r--r--results/classifier/105/instruction/222669
1 files changed, 69 insertions, 0 deletions
diff --git a/results/classifier/105/instruction/2226 b/results/classifier/105/instruction/2226
new file mode 100644
index 00000000..c890b8fe
--- /dev/null
+++ b/results/classifier/105/instruction/2226
@@ -0,0 +1,69 @@
+instruction: 0.881
+boot: 0.855
+socket: 0.855
+graphic: 0.852
+vnc: 0.795
+device: 0.777
+assembly: 0.722
+network: 0.683
+semantic: 0.609
+KVM: 0.509
+mistranslation: 0.494
+other: 0.426
+
+arm HSTR trap settings routed to EL1 instead of EL2
+Description of problem:
+ARM's HSTR register is used to trap CP15 access from EL1/0. qemu's implementation seems to be inconsistent with ARM's documentation.
+
+Take the system register VBAR for example, the following pseudo code is grabbed from ARM DDI 0487J.a ID042523 G8-10651, which is the logics behind when reading VBAR.
+```
+if PSTATE.EL == EL0 then
+    UNDEFINED;
+elsif PSTATE.EL == EL1 then
+    if EL2Enabled() && !ELUsingAArch32(EL2) && HSTR_EL2.T12 == '1' then
+        AArch64.AArch32SystemAccessTrap(EL2, 0x03);
+    elsif EL2Enabled() && ELUsingAArch32(EL2) && HSTR.T12 == '1' then
+        AArch32.TakeHypTrapException(0x03);
+    elsif HaveEL(EL3) && ELUsingAArch32(EL3) then
+        R[t] = VBAR_NS;
+    else
+        R[t] = VBAR;
+elsif PSTATE.EL == EL2 then
+    if HaveEL(EL3) && ELUsingAArch32(EL3) then
+        R[t] = VBAR_NS;
+    else
+        R[t] = VBAR;
+elsif PSTATE.EL == EL3 then
+    if SCR.NS == '0' then
+        R[t] = VBAR_S;
+    else
+        R[t] = VBAR_NS;
+```
+
+The main logics in my attached test program are:
+1. Setting EL2 and EL1's exception table
+2. Set HSTR.T12
+3. ERET to EL1, and read VBAR from EL1
+
+As the document mentions, when CPU running on EL1 && HSTR.T12 is set, HypTrapException 0x3 should be taken, which is EL2. But the test program shows, on such circumstances, CPU is being routed to EL1's undefined exception.
+Steps to reproduce:
+1. Clone this repo https://github.com/roolrz/reproduce-qemu-arm-hstr-issue
+2. Use make to build the test program
+3. Use following command to launch it
+```
+qemu-system-arm \
+	-nographic \
+	-cpu cortex-a7 \
+	-M virt,virtualization=on \
+	-m 1G \
+	-kernel el2.elf
+```
+4. The following message is printed by the program, problem reproduced
+```
+EL2 Booted
+Jumping to el1
+el1 reached, triggering trap
+EL1 undefined sync triggered
+```
+Additional information:
+