summary refs log tree commit diff stats
path: root/results/classifier/zero-shot/118/none/1817846
blob: e2274a0436ef858736d3991c44d906e0c4dc6036 (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85

graphic: 0.741
permissions: 0.728
architecture: 0.650
mistranslation: 0.633
device: 0.559
user-level: 0.477
semantic: 0.457
performance: 0.447
ppc: 0.399
kernel: 0.384
peripherals: 0.379
socket: 0.313
arm: 0.311
assembly: 0.301
i386: 0.292
register: 0.285
vnc: 0.280
network: 0.274
hypervisor: 0.247
VMM: 0.246
debug: 0.241
boot: 0.203
PID: 0.194
files: 0.178
risc-v: 0.146
TCG: 0.130
virtual: 0.128
KVM: 0.122
x86: 0.082

Qemu 3.1 Aarch64 TLBI VAE1, x0

Hello,

In my code I'm trying to remove some permissions to a 4KiB MMU descriptor. After that I invalidate the MMU with 

TLBI VAE1, x0

where x0 is the start of the address of the 4 KiB page. 

In Qemu 2.12 this did not work, but I worked around it with:


    /* invalidate the address */
    TLBI VAE1, x0


    /*****************************************************************/
    /*****************************************************************/
    /* NOTE: THIS IS A TRICK FOR QEMU!!!!!!!!!!!!                                                               */
    /* Apparently we have to change the TTBR0_EL1 when we change a descriptor (especially to remove permissions) */
    /* Otherwise qemu (2.12) will continue with the same descriptor with permissions!                          **/
   /*****************************************************************/
   /*****************************************************************/
     
    /* do a trick (in qemu) */
    mrs     x1 , TTBR0_EL1

    ldr     x2 , =kernelTable0Table

    msr     TTBR0_EL1 , x2

    isb

    msr     TTBR0_EL1 , x1

    /* return from function */
    ret


That is, I just replaced the TTBR0_EL1 with a temporary value, and then restored it. (guess qemu 2.12 just needed to reload the values again).

However, even this procedure is not working with qemu 3.1. (I just tested again with qemu 2.12 and the code works fine, with qemu 3.1 it does not).

Thanks,
Pharos team

Could you provide a test binary (and the QEMU command line to run it) that demonstrates the bug, please?


Marking bug as incomplete -- we can't investigate without a test case.


[Expired for QEMU because there has been no activity for 60 days.]