summary refs log tree commit diff stats
path: root/results/classifier/zero-shot/118/kernel/2226
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/zero-shot/118/kernel/2226')
-rw-r--r--results/classifier/zero-shot/118/kernel/222686
1 files changed, 86 insertions, 0 deletions
diff --git a/results/classifier/zero-shot/118/kernel/2226 b/results/classifier/zero-shot/118/kernel/2226
new file mode 100644
index 000000000..ff39aa9f4
--- /dev/null
+++ b/results/classifier/zero-shot/118/kernel/2226
@@ -0,0 +1,86 @@
+register: 0.977
+architecture: 0.976
+arm: 0.933
+kernel: 0.930
+virtual: 0.928
+ppc: 0.877
+boot: 0.855
+socket: 0.855
+graphic: 0.852
+risc-v: 0.844
+peripherals: 0.823
+performance: 0.802
+vnc: 0.795
+permissions: 0.790
+device: 0.777
+debug: 0.738
+assembly: 0.722
+PID: 0.702
+network: 0.683
+TCG: 0.679
+files: 0.660
+VMM: 0.652
+hypervisor: 0.619
+semantic: 0.609
+user-level: 0.607
+i386: 0.547
+KVM: 0.509
+mistranslation: 0.494
+x86: 0.480
+
+arm HSTR trap settings routed to EL1 instead of EL2
+Description of problem:
+ARM's HSTR register is used to trap CP15 access from EL1/0. qemu's implementation seems to be inconsistent with ARM's documentation.
+
+Take the system register VBAR for example, the following pseudo code is grabbed from ARM DDI 0487J.a ID042523 G8-10651, which is the logics behind when reading VBAR.
+```
+if PSTATE.EL == EL0 then
+    UNDEFINED;
+elsif PSTATE.EL == EL1 then
+    if EL2Enabled() && !ELUsingAArch32(EL2) && HSTR_EL2.T12 == '1' then
+        AArch64.AArch32SystemAccessTrap(EL2, 0x03);
+    elsif EL2Enabled() && ELUsingAArch32(EL2) && HSTR.T12 == '1' then
+        AArch32.TakeHypTrapException(0x03);
+    elsif HaveEL(EL3) && ELUsingAArch32(EL3) then
+        R[t] = VBAR_NS;
+    else
+        R[t] = VBAR;
+elsif PSTATE.EL == EL2 then
+    if HaveEL(EL3) && ELUsingAArch32(EL3) then
+        R[t] = VBAR_NS;
+    else
+        R[t] = VBAR;
+elsif PSTATE.EL == EL3 then
+    if SCR.NS == '0' then
+        R[t] = VBAR_S;
+    else
+        R[t] = VBAR_NS;
+```
+
+The main logics in my attached test program are:
+1. Setting EL2 and EL1's exception table
+2. Set HSTR.T12
+3. ERET to EL1, and read VBAR from EL1
+
+As the document mentions, when CPU running on EL1 && HSTR.T12 is set, HypTrapException 0x3 should be taken, which is EL2. But the test program shows, on such circumstances, CPU is being routed to EL1's undefined exception.
+Steps to reproduce:
+1. Clone this repo https://github.com/roolrz/reproduce-qemu-arm-hstr-issue
+2. Use make to build the test program
+3. Use following command to launch it
+```
+qemu-system-arm \
+	-nographic \
+	-cpu cortex-a7 \
+	-M virt,virtualization=on \
+	-m 1G \
+	-kernel el2.elf
+```
+4. The following message is printed by the program, problem reproduced
+```
+EL2 Booted
+Jumping to el1
+el1 reached, triggering trap
+EL1 undefined sync triggered
+```
+Additional information:
+