From bd71d640e5d3731a91ccd6cc4ded251d401b4b2d Mon Sep 17 00:00:00 2001 From: boringandboring Date: Tue, 28 Nov 2023 09:38:09 +0800 Subject: [PATCH] hw/intc/arm_gicv3: ICC_PMR_EL1 high bits should be RAZ cherry picked from 70726a15bc7e61d16f3efe5bfd9b061ca077f533 The ICC_PMR_ELx and ICV_PMR_ELx bit masks returned from ic{c,v}_fullprio_mask should technically also remove any bit above 7 as these are marked reserved (read 0) and should therefore should not be written as anything other than 0. This was noted during a run of a proprietary test system and discused on the mailing list [1] and initially thought not to be an issue due to RES0 being technically allowed to be written to and read back as long as the implementation does not use the RES0 bits. It is very possible that the values are used in comparison without masking, as pointed out by Peter in [2], if (cs->hppi.prio >= cs->icc_pmr_el1) may well do the wrong thing. Masking these values in ic{c,v}_fullprio_mask() should fix this and prevent any future problems with playing with the values. [1]: https://lists.nongnu.org/archive/html/qemu-arm/2023-11/msg00607.html [2]: https://lists.nongnu.org/archive/html/qemu-arm/2023-11/msg00737.html Signed-off-by: Ben Dooks Message-id: 20231116172818.792364-1-ben.dooks@codethink.co.uk Suggested-by: Peter Maydell Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell Signed-off-by: boringandboring --- hw/intc/arm_gicv3_cpuif.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/intc/arm_gicv3_cpuif.c b/hw/intc/arm_gicv3_cpuif.c index 274a40a40c..eaa1381b3d 100644 --- a/hw/intc/arm_gicv3_cpuif.c +++ b/hw/intc/arm_gicv3_cpuif.c @@ -137,7 +137,7 @@ static uint32_t icv_fullprio_mask(GICv3CPUState *cs) * with the group priority, whose mask depends on the value of VBPR * for the interrupt group.) */ - return ~0U << (8 - cs->vpribits); + return (~0U << (8 - cs->vpribits)) & 0xff; } static int ich_highest_active_virt_prio(GICv3CPUState *cs) -- 2.27.0