1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
Get wrong rom when loading 2 different firmware to 2 cpu.
Description of problem:
HI, I'm trying to model a machine with 2 cortex-m7 cpu. The 2 CPUs have their own address spaces.
and when loading rom to init sp and pc, the CPU1 would load the rom of CPU0, because it seems not check
address space here.
```c
void *rom_ptr_for_as(AddressSpace *as, hwaddr addr, size_t size)
{
/*
* Find any ROM data for the given guest address range. If there
* is a ROM blob then return a pointer to the host memory
* corresponding to 'addr'; otherwise return NULL.
*
* We look not only for ROM blobs that were loaded directly to
* addr, but also for ROM blobs that were loaded to aliases of
* that memory at other addresses within the AddressSpace.
*
* Note that we do not check @as against the 'as' member in the
* 'struct Rom' returned by rom_ptr(). The Rom::as is the
* AddressSpace which the rom blob should be written to, whereas
* our @as argument is the AddressSpace which we are (effectively)
* reading from, and the same underlying RAM will often be visible
* in multiple AddressSpaces. (A common example is a ROM blob
* written to the 'system' address space but then read back via a
* CPU's cpu->as pointer.) This does mean we might potentially
* return a false-positive match if a ROM blob was loaded into an
* AS which is entirely separate and distinct from the one we're
* querying, but this issue exists also for rom_ptr() and hasn't
* caused any problems in practice.
*/
FlatView *fv;
void *rom;
hwaddr len_unused;
FindRomCBData cbdata = {};
/* Easy case: there's data at the actual address */
rom = rom_ptr(addr, size);
if (rom) {
return rom;
}
```
Steps to reproduce:
1. create a machine with 2 cortex-m7 cores and their own rom/ram.
2. Set different ram size for them. for example, cpu0 ram size:0x40000, cpu1 ram size:0x20000
3. build firmware of 2 cpu. make sure the init SP(local at 0x0) is set to the top the ram.
4. use command:
```
./qemu-system-arm -M mymachine -smp 2 \
-device loader,file=./cpu0.elf,addr=0x0,cpu-num=0 \
-device loader,file=./cpu1.elf,addr=0x0,cpu-num=1 \
-serial stdio -serial tcp::5678,server=on,wait=off
```
to start this machine.
5. the cpu1 will panic when it try to use stack:
`qemu-system-arm: ../target/arm/cpu.h:2396: arm_is_secure_below_el3: Assertion failed.`
Sorry that I'm not sure whether this is an issue or I did something wrong. So post it here.
For local fix this problem, I add a func `rom_ptr_wit_as(addr,size,as)` to find a rom with addresspace check.
Is it proper?
Additional information:
|