From ecd3f0a5df291796193fab061c13a327e7e621b1 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 8 Aug 2019 19:53:25 -0400 Subject: [PATCH] target/arm: Deliver BKPT/BRK exceptions to correct exception level Most Arm architectural debug exceptions (eg watchpoints) are ignored if the configured "debug exception level" is below the current exception level (so for example EL1 can't arrange to get debug exceptions for EL2 execution). Exceptions generated by the BRK or BPKT instructions are a special case -- they must always cause an exception, so if we're executing above the debug exception level then we must take them to the current exception level. This fixes a bug where executing BRK at EL2 could result in an exception being taken at EL1 (which is strictly forbidden by the architecture). Fixes: https://bugs.launchpad.net/qemu/+bug/1838277 Backports commit 987a23224218fa3bb3aa0024ad236dcf29ebde9e from qemu --- qemu/target/arm/op_helper.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/qemu/target/arm/op_helper.c b/qemu/target/arm/op_helper.c index 392248e7..28d351aa 100644 --- a/qemu/target/arm/op_helper.c +++ b/qemu/target/arm/op_helper.c @@ -377,6 +377,9 @@ void HELPER(exception_with_syndrome)(CPUARMState *env, uint32_t excp, */ void HELPER(exception_bkpt_insn)(CPUARMState *env, uint32_t syndrome) { + int debug_el = arm_debug_target_el(env); + int cur_el = arm_current_el(env); + /* FSR will only be used if the debug target EL is AArch32. */ env->exception.fsr = arm_debug_exception_fsr(env); /* @@ -385,7 +388,18 @@ void HELPER(exception_bkpt_insn)(CPUARMState *env, uint32_t syndrome) * exception/security level. */ env->exception.vaddress = 0; - raise_exception(env, EXCP_BKPT, syndrome, arm_debug_target_el(env)); + /* + * Other kinds of architectural debug exception are ignored if + * they target an exception level below the current one (in QEMU + * this is checked by arm_generate_debug_exceptions()). Breakpoint + * instructions are special because they always generate an exception + * to somewhere: if they can't go to the configured debug exception + * level they are taken to the current exception level. + */ + if (debug_el < cur_el) { + debug_el = cur_el; + } + raise_exception(env, EXCP_BKPT, syndrome, debug_el); } uint32_t HELPER(cpsr_read)(CPUARMState *env)