[Qemu-devel] [PATCH] x86: enforce DPL checking on task gate switches invoked through IDT

2012-08-17 Thread Alex ZUEPKE
lege levels on task gate switches ... so one can invoke a kernel's double fault handler from user space. Signed-off-by: Alex Zuepke diff --git a/target-i386/seg_helper.c b/target-i386/seg_helper.c index 5fff8d5..23c5542 100644 --- a/target-i386/seg_helper.c +++ b/target-i386/seg_he

[Qemu-devel] [PATCH] x86: enforce DPL checking on task gate switches invoked through IDT

2012-08-17 Thread Alex ZUEPKE
#x27;s double fault handler from user space. Signed-off-by: Alex Zuepke diff --git a/target-i386/seg_helper.c b/target-i386/seg_helper.c index 5fff8d5..23c5542 100644 --- a/target-i386/seg_helper.c +++ b/target-i386/seg_helper.c @@ -578,12 +578,17 @@ static void do_interrupt_protected(CPUX86State *

Re: [Qemu-devel] [PATCH] x86: enforce DPL checking on task gate switches invoked through IDT

2012-08-27 Thread Alex ZUEPKE
Ping, no response so far ... Thanks, Alex Alex ZUEPKE wrote: > Hi, > > x86 software emulation (non-KVM mode) does not check privilege levels on > task gate switches ... so one can invoke a kernel's double fault handler > from user space -- very bad. > > Expected beha

[Qemu-devel] [PATCH 1/1] x86: enforce DPL checking on task gate switches

2014-05-14 Thread Alex Zuepke
main(void) { __asm__ volatile ("int $8"); } $ gcc test.c $ ./a.out panic ... Signed-off-by: Alex Zuepke --- target-i386/seg_helper.c |8 ++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/target-i386/seg_helper.c b/target-i386/seg_helper.c index 8c3f92c..

Re: [Qemu-devel] ARM: BKPT instructions should raise prefetch aborts with IFSR type 00010

2011-05-18 Thread Alex Zuepke
Hi, Peter Maydell schrieb: > On 25 March 2011 10:54, Alex Zuepke wrote: >> while digging through some problems with BKPT exceptions on ARM, I >> discovered that QEMU does not update IFSR on prefetch aborts. This >> should be done since ARMv6 according to ARM docs. Please inc

[Qemu-devel] [PATCH 2/4] target-tricore: typo in BOL format

2014-12-12 Thread Alex Zuepke
Signed-off-by: Alex Zuepke --- target-tricore/translate.c |4 ++-- target-tricore/tricore-opcodes.h |2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/target-tricore/translate.c b/target-tricore/translate.c index 65abf45..c132223 100644 --- a/target-tricore

[Qemu-devel] [PATCH 3/4] target-tricore: add missing 64-bit MOV in RLC format

2014-12-12 Thread Alex Zuepke
Signed-off-by: Alex Zuepke --- target-tricore/translate.c | 12 target-tricore/tricore-opcodes.h |1 + 2 files changed, 13 insertions(+) diff --git a/target-tricore/translate.c b/target-tricore/translate.c index c132223..e3eeedb 100644 --- a/target-tricore/translate.c

[Qemu-devel] [PATCH 1/4] target-tricore: fix offset masking in BOL format

2014-12-12 Thread Alex Zuepke
Signed-off-by: Alex Zuepke --- target-tricore/tricore-opcodes.h |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target-tricore/tricore-opcodes.h b/target-tricore/tricore-opcodes.h index 0a9122c..70ac5ff 100644 --- a/target-tricore/tricore-opcodes.h +++ b/target-tricore

[Qemu-devel] [PATCH v2 0/4] target-tricore: fixes to opcode encoding and register dump

2014-12-12 Thread Alex Zuepke
Hi Bastian, my previous patches again, I hope they are well-formed now: 1. fix the offset masking in BOL format 2. fix a typo in BOL format 3. add the missing 64-bit "MOV Ex, simm16" variant in RLC format 4. pretty-print register dump Best regards Alex Alex Zuepke (4): target-tr

[Qemu-devel] [PATCH 4/4] target-tricore: pretty-print register dump and show more status registers

2014-12-12 Thread Alex Zuepke
Signed-off-by: Alex Zuepke --- target-tricore/translate.c | 16 +++- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/target-tricore/translate.c b/target-tricore/translate.c index e3eeedb..d1b845b 100644 --- a/target-tricore/translate.c +++ b/target-tricore

[Qemu-devel] [PATCH v3] target-tricore: pretty-print register dump and show more status registers

2014-12-19 Thread Alex Zuepke
Now using psw_read() to retrieve the status bits correctly. Signed-off-by: Alex Zuepke --- target-tricore/translate.c | 21 +++-- 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/target-tricore/translate.c b/target-tricore/translate.c index e3eeedb..3d87346

[Qemu-devel] (no subject)

2014-05-28 Thread Alex Zuepke
Put qemu-devel on CC

[Qemu-devel] [PATCH 1/1] ppc-e500: on write to MMUCSR0, pass GPR content, not SPR number, to low-level TLB-flush routine

2014-05-28 Thread Alex Zuepke
A "mtspr SPRMMUCSR0, reg" always flushed TLB0, because it passed the SPR number 0x3f4 to the flush routine. But we want to flush either TLB0 or TBL1 depending on the GPR value. Signed-off-by: Alex Zuepke --- target-ppc/translate_init.c |4 +--- 1 file changed, 1 insertion(+), 3

[Qemu-devel] [PATCH] sparc: allow CASA with ASI 0xa from user space

2015-12-04 Thread Alex Zuepke
LEON3 allows the CASA instruction to be used from user space if the ASI is set to 0xa (user data). Signed-off-by: Alex Zuepke --- target-sparc/translate.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/target-sparc/translate.c b/target-sparc/translate.c index 41a3319

[Qemu-devel] [PATCH 0/6] ARM: MPU support for Cortex-M3/M4 emulation

2015-07-07 Thread Alex Zuepke
fault decoding are implemented. Like on Cortex-R5, the MPU can be turned off by setting "pmsav7-dregion" to zero. Alex Zuepke (6): ARM: add Cortex-M3/M4 exception configuration and status registers ARM: accessors to Cortex-M3/M4 exception configuration and status registers ARM: Co

[Qemu-devel] [PATCH 5/6] ARM: enable ARM_FEATURE_MPU for Cortex-M3/M4

2015-07-07 Thread Alex Zuepke
Signed-off-by: Alex Zuepke --- hw/arm/armv7m.c | 17 - target-arm/cpu.c|2 ++ target-arm/helper.c | 30 -- 3 files changed, 46 insertions(+), 3 deletions(-) diff --git a/hw/arm/armv7m.c b/hw/arm/armv7m.c index c6eab6d..db6bc3c 100644

[Qemu-devel] [PATCH 4/6] ARM: Cortex-M3/M4: on exception, set basic bits in exhandling registers

2015-07-07 Thread Alex Zuepke
Signed-off-by: Alex Zuepke --- target-arm/helper.c |7 --- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/target-arm/helper.c b/target-arm/helper.c index 812204f..555bc5f 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -4541,6 +4541,7 @@ void

[Qemu-devel] [PATCH 3/6] ARM: Cortex-M3/M4: honor STKALIGN in CCR

2015-07-07 Thread Alex Zuepke
Signed-off-by: Alex Zuepke --- hw/intc/armv7m_nvic.c |2 +- target-arm/helper.c |5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c index e6ae047..369ef94 100644 --- a/hw/intc/armv7m_nvic.c +++ b/hw/intc/armv7m_nvic.c

[Qemu-devel] [PATCH 1/6] ARM: add Cortex-M3/M4 exception configuration and status registers

2015-07-07 Thread Alex Zuepke
Signed-off-by: Alex Zuepke --- target-arm/cpu.h | 51 ++ target-arm/machine.c |6 ++ 2 files changed, 57 insertions(+) diff --git a/target-arm/cpu.h b/target-arm/cpu.h index 80297b3..1089f63 100644 --- a/target-arm/cpu.h +++ b

[Qemu-devel] [PATCH 6/6] ARM: enable PMSAv7-style MPU on Cortex-M3/M4

2015-07-07 Thread Alex Zuepke
Signed-off-by: Alex Zuepke --- hw/intc/armv7m_nvic.c | 113 + target-arm/cpu.h |6 +++ target-arm/helper.c |7 ++- target-arm/machine.c |1 + 4 files changed, 126 insertions(+), 1 deletion(-) diff --git a/hw/intc

[Qemu-devel] [PATCH 2/6] ARM: accessors to Cortex-M3/M4 exception configuration and status registers

2015-07-07 Thread Alex Zuepke
Signed-off-by: Alex Zuepke --- hw/intc/armv7m_nvic.c | 70 ++--- 1 file changed, 61 insertions(+), 9 deletions(-) diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c index e13b729..e6ae047 100644 --- a/hw/intc/armv7m_nvic.c +++ b/hw/intc

Re: [Qemu-devel] QEMU ARM SMP: IPI delivery delayed until next main loop event // how to improve IPI latency?

2015-06-15 Thread Alex Zuepke
Am 15.06.2015 um 20:58 schrieb Peter Maydell: On 15 June 2015 at 16:05, Alex Züpke wrote: Am 15.06.2015 um 16:51 schrieb Peter Maydell: On 15 June 2015 at 15:44, Alex Züpke wrote: Am 12.06.2015 um 20:03 schrieb Peter Maydell: Probably the best approach would be to have something in arm_cpu_

[Qemu-devel] ARM: BKPT instructions should raise prefetch aborts with IFSR type 00010

2011-03-25 Thread Alex Zuepke
SYSGO AG ~ Am Pfaffenstein 14 ~ 55270 Klein-Winternheim ~ Germany target-arm: BKPT instructions should raise prefetch aborts with IFSR type 00010 diff against qemu 0.14.0 Signed-off-by: Alex Zuepke --- qemu-0.14.0.orig/target-arm/translate.c 2011-02-16 15:44:05.0 +0100 +++ qemu-0.14.0

Re: [Qemu-devel] ARM: BKPT instructions should raise prefetch aborts with IFSR type 00010

2011-03-25 Thread Alex Zuepke
Hi Peter, Peter Maydell schrieb: > On 25 March 2011 10:54, Alex Zuepke wrote: >> while digging through some problems with BKPT exceptions on ARM, I >> discovered that QEMU does not update IFSR on prefetch aborts. This >> should be done since ARMv6 according to ARM docs. Plea

[PATCH] target/arm: read access to performance counters from EL0

2022-04-28 Thread Alex Zuepke
The ARMv8 manual defines that PMUSERENR_EL0.ER enables read-access to both PMXEVCNTR_EL0 and PMEVCNTR_EL0 registers, however, we only use it for PMXEVCNTR_EL0. Extend to PMEVCNTR_EL0 as well. Signed-off-by: Alex Zuepke --- target/arm/helper.c | 4 ++-- 1 file changed, 2 insertions(+), 2

Re: [PATCH] target/arm: read access to performance counters from EL0

2022-05-04 Thread Alex Zuepke
Hi, wanted to ping again on this issue before it gets lost. Am 28.04.22 um 15:27 schrieb Alex Zuepke: The ARMv8 manual defines that PMUSERENR_EL0.ER enables read-access to both PMXEVCNTR_EL0 and PMEVCNTR_EL0 registers, however, we only use it for PMXEVCNTR_EL0. Extend to PMEVCNTR_EL0 as well