From 952ebdc207dc0ff2e60485776856bbc5347cc4a7 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Wed, 3 Mar 2021 17:52:28 -0500 Subject: [PATCH] target/arm: Don't clobber ID_PFR1.Security on M-profile cores In arm_cpu_realizefn() we check whether the board code disabled EL3 via the has_el3 CPU object property, which we create if the CPU starts with the ARM_FEATURE_EL3 feature bit. If it is disabled, then we turn off ARM_FEATURE_EL3 and also zero out the relevant fields in the ID_PFR1 and ID_AA64PFR0 registers. This codepath was incorrectly being taken for M-profile CPUs, which do not have an EL3 and don't set ARM_FEATURE_EL3, but which may have the M-profile Security extension and so should have non-zero values in the ID_PFR1.Security field. Restrict the handling of the feature flag to A/R-profile cores. Backports 4018818840f499d0a478508aedbb6802c8eae928 --- qemu/target/arm/cpu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qemu/target/arm/cpu.c b/qemu/target/arm/cpu.c index bb4f83d7..39247c16 100644 --- a/qemu/target/arm/cpu.c +++ b/qemu/target/arm/cpu.c @@ -916,7 +916,7 @@ static int arm_cpu_realizefn(struct uc_struct *uc, DeviceState *dev, Error **err } } - if (!cpu->has_el3) { + if (!arm_feature(env, ARM_FEATURE_M) && !cpu->has_el3) { /* If the has_el3 CPU property is disabled then we need to disable the * feature. */