From 76ca1cd7325d33f2c70a70be521dc2e4873bd4a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alex=20Benn=C3=A9e?= Date: Sat, 21 Mar 2020 16:27:30 -0400 Subject: [PATCH] target/arm: check TGE and E2H flags for EL0 pauth traps According to ARM ARM we should only trap from the EL1&0 regime. Backports commit a7469a3c1edc7687d7d25967bc2c0280de202bca from qemu --- qemu/target/arm/pauth_helper.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/qemu/target/arm/pauth_helper.c b/qemu/target/arm/pauth_helper.c index e0c401c4..9746e32b 100644 --- a/qemu/target/arm/pauth_helper.c +++ b/qemu/target/arm/pauth_helper.c @@ -371,7 +371,10 @@ static void pauth_check_trap(CPUARMState *env, int el, uintptr_t ra) if (el < 2 && arm_feature(env, ARM_FEATURE_EL2)) { uint64_t hcr = arm_hcr_el2_eff(env); bool trap = !(hcr & HCR_API); - /* FIXME: ARMv8.1-VHE: trap only applies to EL1&0 regime. */ + if (el == 0) { + /* Trap only applies to EL1&0 regime. */ + trap &= (hcr & (HCR_E2H | HCR_TGE)) != (HCR_E2H | HCR_TGE); + } /* FIXME: ARMv8.3-NV: HCR_NV trap takes precedence for ERETA[AB]. */ if (trap) { pauth_trap(env, 2, ra);