qemu-e2k/hw
Peter Maydell 90feffad2a hw/intc/arm_gicv3: fix handling of LPIs in list registers
It is valid for an OS to put virtual interrupt ID values into the
list registers ICH_LR<n> which are greater than 1023.  This
corresponds to (for example) KVM using the in-kernel emulated ITS to
give a (nested) guest an ITS.  LPIs are delivered by the L1 kernel to
the L2 guest via the list registers in the same way as non-LPI
interrupts.

QEMU's code for handling writes to ICV_IARn (which happen when the L2
guest acknowledges an interrupt) and to ICV_EOIRn (which happen at
the end of the interrupt) did not consider LPIs, so it would
incorrectly treat interrupt IDs above 1023 as invalid.  Fix this by
using the correct condition, which is gicv3_intid_is_special().

Note that the condition in icv_dir_write() is correct -- LPIs
are not valid there and so we want to ignore both "special" ID
values and LPIs.

(In the pseudocode this logic is in:
 - VirtualReadIAR0(), VirtualReadIAR1(), which call IsSpecial()
 - VirtualWriteEOIR0(), VirtualWriteEOIR1(), which call
     VirtualIdentifierValid(data, TRUE) meaning "LPIs OK"
 - VirtualWriteDIR(), which calls VirtualIdentifierValid(data, FALSE)
     meaning "LPIs not OK")

This bug doesn't seem to have any visible effect on Linux L2 guests
most of the time, because the two bugs cancel each other out: we
neither mark the interrupt active nor deactivate it.  However it does
mean that the L2 vCPU priority while the LPI handler is running will
not be correct, so the interrupt handler could be unexpectedly
interrupted by a different interrupt.

(NB: this has nothing to do with using QEMU's emulated ITS.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Marc Zyngier <maz@kernel.org>
2021-11-29 10:10:21 +00:00
..
9pfs 9pfs: use P9Array in v9fs_walk() 2021-10-27 14:45:22 +02:00
acpi hw/acpi/ich9: Add compat prop to keep HPC bit set for 6.1 machine type 2021-11-15 09:44:46 -05:00
adc hw/adc: Add basic Aspeed ADC model 2021-10-12 08:20:08 +02:00
alpha
arm hw/arm/virt: Extend nested and mte checks to hvf 2021-11-26 16:51:21 +00:00
audio qbus: Rename qbus_create_inplace() to qbus_init() 2021-09-30 13:42:10 +01:00
avr
block qbus: Rename qbus_create_inplace() to qbus_init() 2021-09-30 13:42:10 +01:00
char escc: update the R_SPEC register SPEC_ALLSENT bit when writing to W_TXCTRL1 2021-11-21 09:56:52 +00:00
core hw/nvme: change nvme-ns 'shared' default 2021-11-19 07:31:56 +01:00
cpu
cris
display macfb: fix a memory leak (CID 1465231) 2021-11-09 16:42:49 +01:00
dma hw/dma: sifive_pdma: Don't run DMA when channel is disclaimed 2021-10-07 08:41:33 +10:00
gpio hw: aspeed_gpio: Fix GPIO array indexing 2021-10-12 08:20:08 +02:00
hppa
hyperv qbus: Rename qbus_create() to qbus_new() 2021-09-30 13:44:08 +01:00
i2c aspeed/i2c: QOMify AspeedI2CBus 2021-10-12 08:20:08 +02:00
i386 microvm: check g_file_set_contents() return value 2021-11-22 11:14:28 +01:00
ide ide: Cap LBA28 capacity announcement to 2^28-1 2021-11-02 13:02:46 +01:00
input hw/input/lasips2: Fix typos in function names 2021-10-31 21:05:40 +01:00
intc hw/intc/arm_gicv3: fix handling of LPIs in list registers 2021-11-29 10:10:21 +00:00
ipack qbus: Rename qbus_create_inplace() to qbus_init() 2021-09-30 13:42:10 +01:00
ipmi
isa vt82c686: Add a method to VIA_ISA to raise ISA interrupts 2021-10-18 00:41:36 +02:00
m68k m68k pull request 20211109 2021-11-09 13:16:56 +01:00
mem hw/mem/pc-dimm: Restrict NUMA-specific code to NUMA machines 2021-11-11 03:13:05 -05:00
microblaze
mips hw/mips/boston: Add FDT generator 2021-10-18 00:41:36 +02:00
misc hw/misc/sifive_u_otp: Do not reset OTP content on hardware reset 2021-11-22 10:46:22 +10:00
net net: vmxnet3: validate configuration values during activate (CVE-2021-20203) 2021-11-19 11:43:47 +08:00
nios2
nubus qbus: Rename qbus_create_inplace() to qbus_init() 2021-09-30 13:42:10 +01:00
nvme hw/nvme: fix buffer overrun in nvme_changed_nslist (CVE-2021-3947) 2021-11-19 07:32:19 +01:00
nvram hw/nvram: Fix Memory Leak in Xilinx ZynqMP eFuse device 2021-10-23 18:50:33 +02:00
openrisc
pci pcie: expire pending delete 2021-11-15 11:10:11 -05:00
pci-bridge qdev: Make DeviceState.id independent of QemuOpts 2021-10-15 16:06:35 +02:00
pci-host hw/sh4: Coding style: White space fixes 2021-10-30 11:46:40 +02:00
pcmcia
ppc spapr_numa.c: fix FORM1 distance-less nodes 2021-11-10 13:48:13 +01:00
rdma qapi: introduce x-query-rdma QMP command 2021-11-02 15:55:14 +00:00
remote hw/remote/proxy: Categorize Wireless devices as 'Network' ones 2021-10-04 09:47:26 +02:00
riscv hw/riscv: opentitan: Fixup the PLIC context addresses 2021-10-28 14:39:23 +10:00
rtc hw/rtc/pl031: Send RTC_CHANGE QMP event 2021-11-15 18:53:00 +00:00
rx
s390x pci: Export pci_for_each_device_under_bus*() 2021-11-01 19:36:11 -04:00
scsi esp: ensure that async_len is reset to 0 during esp_hard_reset() 2021-11-19 10:14:30 +01:00
sd hw/sd: add nuvoton MMC 2021-11-02 14:14:55 -04:00
sensor
sh4 hw/intc/sh_intc: Inline and drop sh_intc_source() function 2021-10-30 18:39:37 +02:00
smbios
sparc
sparc64
ssi aspeed/smc: Use a container for the flash mmio address space 2021-10-22 09:52:17 +02:00
timer hw/timer/sh_timer: Remove use of hw_error 2021-10-30 18:39:37 +02:00
tpm tpm: mark correct memory region range dirty when clearing RAM 2021-10-02 08:43:21 +02:00
tricore
usb Initial conversion of HMP debugging commands to QMP 2021-11-03 08:04:32 -04:00
vfio vfio: Fix memory leak of hostwin 2021-11-17 11:25:55 -07:00
virtio virtio: use virtio accessor to access packed event 2021-11-15 09:44:46 -05:00
watchdog watchdog: remove select_watchdog_action 2021-11-02 15:57:27 +01:00
xen pci: Export pci_for_each_device_under_bus*() 2021-11-01 19:36:11 -04:00
xenpv
xtensa
Kconfig hw/arm: xlnx-zcu102: Add Xilinx eFUSE device 2021-09-30 13:42:10 +01:00
meson.build