armqemuarm64trustzone

Segmentation fault when returned from el3 to nwd 32-bit proccess when FIQ occured


I run qemu with trust zone emulation. 64 bit Linux is run in Normal world (NWD) EL1 and some proprietary code are run in EL3 and Secure World (SWD) EL1. Also i have such configuration for interrupts: 1) FIQ is assigned for SWD; 2) IRQ is assigned for NWD.

Also there are three cases when nwd can be interrupted by FIQ: 1) NWD was executed in kernel mode (64-bit Linux) 2) NWD was executed in 64-bit user mode 3) NWD was executed in 32-bit user mode

When FIQ is occured it trapped by EL3. Then NWD context is saved by EL3's code and handler of FIQ starts to execute. After returning from el3 to NWD for 1),2)cases all works good - interrupted process continues to work. But after returning from el3 to NWD for case 3) segmentaion fault occured for interrupted proccess. Also this is value of spsr_el3 register before returning from el3 to NWD EL0 - 0x600f0010 - looks ok. Also i have already compared saved and restored context in EL3 for case 3 and it also looks ok. Looks like this is some bug in qemu. Does some one know what is the problem?


Solution

  • Actually I have already fixed that. The problem was in file 'op_helper.c' in implementation of 'eret' instruction: 'env->regs [15]=env->elr_el [1] & ~0x1;'. '1' need change to 'cur_el'. Also this bug has been fixed in latest qemu so i need to update my one.