Skip to content

FEAT_RME enabled, fix Illegal check for EL3 Transitions with SCR_EL3.{NSE,NS}

Host environment

  • Operating system: Linux
  • OS/kernel version: Any
  • Architecture: ARM
  • QEMU flavor: qemu-system-aarch64
  • QEMU version: 8.2.0

Emulated/Virtualized environment

  • Operating system: Linux
  • OS/kernel version: Any
  • Architecture: ARM

Description of problem The issue is related to the following commit: https://github.com/qemu/qemu/commit/35aa6715ddcd9748bae5bc01563331e8eae8d7cf As mentioned, the architecture requires (R_TYTWB) that an attempt to return from EL3 when SCR_EL3.{NSE,NS} are {1,0} is an illegal exception return. (This enforces that the CPU can't ever be executing below EL3 with the NSE,NS bits indicating an invalid security state).

You defined the following check: if (cur_el == 3 && (env->cp15.scr_el3 & (SCR_NS | SCR_NSE)) == SCR_NSE) { goto illegal_return; }

This check doesn't cover a legal case of moving from EL3 to EL3. Therefore, it is better to the the following addition: if (cur_el == 3 && new_el != 3 && (env->cp15.scr_el3 & (SCR_NS | SCR_NSE)) == SCR_NSE) { goto illegal_return; }

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information