aboutsummaryrefslogtreecommitdiff
path: root/target/arm/ptw.c
diff options
context:
space:
mode:
authorPeter Maydell <peter.maydell@linaro.org>2024-11-19 14:23:34 +0000
committerPeter Maydell <peter.maydell@linaro.org>2024-11-19 14:23:34 +0000
commite6459afb1ff4d86b361b14f4a2fc43f0d2b4d679 (patch)
treef0a3b25fea4a0dd3486d478a7dcbc1069cc6e80f /target/arm/ptw.c
parent70e651279541424404788d55d5b3c40846f04215 (diff)
parentc5275c734233d6457f2340ca01d4577a971ea328 (diff)
Merge tag 'pull-target-arm-20241119' of https://git.linaro.org/people/pmaydell/qemu-arm into stagingHEADmaster
target-arm queue: * hw/timer/exynos4210_mct: fix possible int overflow * hw/net/rocker/rocker_of_dpa.c: Remove superfluous error check * hw/intc/openpic: Avoid taking address of out-of-bounds array index * hw/watchdog/cmsdk_apb_watchdog: Fix INTEN issues * arm/ptw: Honour WXN/UWXN and SIF in short-format descriptors * hw/intc/loongarch_extioi: Use set_bit32() and clear_bit32() to avoid UB * system/dma-helpers.c: Move trace events to system/trace-events * target/arm/hvf: Add trace.h header * trace: Don't include trace-root.h in control.c or control-target.c # -----BEGIN PGP SIGNATURE----- # # iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmc8nrwZHHBldGVyLm1h # eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3n2nEACc4N7TI2QFbuqa1k4G+C5y # 1bpWVnkPjeqnTGUyYshtl/ByZi+IH4RDFqlCJxUYgfSvfD74+u78haXcx/ukZL/x # zNbNu/hjP0v6nQF+upzRcQip5PIBjkbIUJSC3ga90HbsNWv8rvTjVSwQmstQ2b8J # 9mCNA2ri+NVJ4+kBL5xRSzDqxdu/7sC/eooYfcETlVXcnvL/oMWoF//iThvkaBve # LyySM+PS1Ni4oApx6LY9VpLzabtaCXh5R4yDMsFW0WucKZf58lm9Z1yU2wdPjuwj # uauHBbQnJy03LazprIyVNXlaT7SI2Qr+7CV4lAco66DoBsaIP16+Kby1XILbY8qo # JjJmuNQ8DA9c7F9bPqagZ0PLVRy9Wj0UiXKuqaTHrnnKzbgBprPCApR8bj0XPISs # xv6qsSrd4u9joSCkrD3XEC9ddzdWMi1xN1Hfw+lkuHOvnWKJJ7O3hortuupGhpeq # h90VBQ8Gb9S15BlLPfSmSmiO+XjRWU53CcZasQew5bFBIMEha1sPnwz01/KrSZqG # sN/nBBuVUhT6YjRY/7k7tqT1ATigXrEZPtRgCjap7W+zIILWaO9QUb2y2LlJfofp # febu0L++xw1JvtHnNin1vImmM5rgCMLMLx3QQ5Kq9jc5ytKnZwzJarLV4LbqIpuv # h1QzI2SJQXsL2zfBem/0yg== # =lqA0 # -----END PGP SIGNATURE----- # gpg: Signature made Tue 19 Nov 2024 14:20:44 GMT # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate] # gpg: aka "Peter Maydell <peter@archaic.org.uk>" [ultimate] # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * tag 'pull-target-arm-20241119' of https://git.linaro.org/people/pmaydell/qemu-arm: trace: Don't include trace-root.h in control.c or control-target.c target/arm/hvf: Add trace.h header system/dma-helpers.c: Move trace events to system/trace-events hw/intc/loongarch_extioi: Use set_bit32() and clear_bit32() for s->isr hw/intc/arm_gicv3: Use bitops.h uint32_t bit array functions bitops.h: Define bit operations on 'uint32_t' arrays arm/ptw: Honour WXN/UWXN and SIF in short-format descriptors arm/ptw: Make get_S1prot accept decoded AP tests/qtest/cmsdk-apb-watchdog-test: Test INTEN as counter enable tests/qtest/cmsdk-apb-watchdog-test: Don't abort on assertion failure tests/qtest/cmsdk-apb-watchdog-test: Parameterize tests hw/watchdog/cmsdk_apb_watchdog: Fix INTEN issues hw/intc/openpic: Avoid taking address of out-of-bounds array index hw/net/rocker/rocker_of_dpa.c: Remove superfluous error check hw/timer/exynos4210_mct: fix possible int overflow Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'target/arm/ptw.c')
-rw-r--r--target/arm/ptw.c72
1 files changed, 33 insertions, 39 deletions
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 9849949508..64bb6878a4 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -85,6 +85,10 @@ static bool get_phys_addr_gpc(CPUARMState *env, S1Translate *ptw,
GetPhysAddrResult *result,
ARMMMUFaultInfo *fi);
+static int get_S1prot(CPUARMState *env, ARMMMUIdx mmu_idx, bool is_aa64,
+ int user_rw, int prot_rw, int xn, int pxn,
+ ARMSecuritySpace in_pa, ARMSecuritySpace out_pa);
+
/* This mapping is common between ID_AA64MMFR0.PARANGE and TCR_ELx.{I}PS. */
static const uint8_t pamax_map[] = {
[0] = 32,
@@ -1148,7 +1152,7 @@ static bool get_phys_addr_v6(CPUARMState *env, S1Translate *ptw,
hwaddr phys_addr;
uint32_t dacr;
bool ns;
- int user_prot;
+ ARMSecuritySpace out_space;
/* Pagetable walk. */
/* Lookup l1 descriptor. */
@@ -1240,16 +1244,19 @@ static bool get_phys_addr_v6(CPUARMState *env, S1Translate *ptw,
g_assert_not_reached();
}
}
+ out_space = ptw->in_space;
+ if (ns) {
+ /*
+ * The NS bit will (as required by the architecture) have no effect if
+ * the CPU doesn't support TZ or this is a non-secure translation
+ * regime, because the output space will already be non-secure.
+ */
+ out_space = ARMSS_NonSecure;
+ }
if (domain_prot == 3) {
result->f.prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
} else {
- if (pxn && !regime_is_user(env, mmu_idx)) {
- xn = 1;
- }
- if (xn && access_type == MMU_INST_FETCH) {
- fi->type = ARMFault_Permission;
- goto do_fault;
- }
+ int user_rw, prot_rw;
if (arm_feature(env, ARM_FEATURE_V6K) &&
(regime_sctlr(env, mmu_idx) & SCTLR_AFE)) {
@@ -1259,37 +1266,23 @@ static bool get_phys_addr_v6(CPUARMState *env, S1Translate *ptw,
fi->type = ARMFault_AccessFlag;
goto do_fault;
}
- result->f.prot = simple_ap_to_rw_prot(env, mmu_idx, ap >> 1);
- user_prot = simple_ap_to_rw_prot_is_user(ap >> 1, 1);
+ prot_rw = simple_ap_to_rw_prot(env, mmu_idx, ap >> 1);
+ user_rw = simple_ap_to_rw_prot_is_user(ap >> 1, 1);
} else {
- result->f.prot = ap_to_rw_prot(env, mmu_idx, ap, domain_prot);
- user_prot = ap_to_rw_prot_is_user(env, mmu_idx, ap, domain_prot, 1);
- }
- if (result->f.prot && !xn) {
- result->f.prot |= PAGE_EXEC;
+ prot_rw = ap_to_rw_prot(env, mmu_idx, ap, domain_prot);
+ user_rw = ap_to_rw_prot_is_user(env, mmu_idx, ap, domain_prot, 1);
}
+
+ result->f.prot = get_S1prot(env, mmu_idx, false, user_rw, prot_rw,
+ xn, pxn, result->f.attrs.space, out_space);
if (!(result->f.prot & (1 << access_type))) {
/* Access permission fault. */
fi->type = ARMFault_Permission;
goto do_fault;
}
- if (regime_is_pan(env, mmu_idx) &&
- !regime_is_user(env, mmu_idx) &&
- user_prot &&
- access_type != MMU_INST_FETCH) {
- /* Privileged Access Never fault */
- fi->type = ARMFault_Permission;
- goto do_fault;
- }
- }
- if (ns) {
- /* The NS bit will (as required by the architecture) have no effect if
- * the CPU doesn't support TZ or this is a non-secure translation
- * regime, because the attribute will already be non-secure.
- */
- result->f.attrs.secure = false;
- result->f.attrs.space = ARMSS_NonSecure;
}
+ result->f.attrs.space = out_space;
+ result->f.attrs.secure = arm_space_is_secure(out_space);
result->f.phys_addr = phys_addr;
return false;
do_fault:
@@ -1357,25 +1350,24 @@ static int get_S2prot(CPUARMState *env, int s2ap, int xn, bool s1_is_el0)
* @env: CPUARMState
* @mmu_idx: MMU index indicating required translation regime
* @is_aa64: TRUE if AArch64
- * @ap: The 2-bit simple AP (AP[2:1])
+ * @user_rw: Translated AP for user access
+ * @prot_rw: Translated AP for privileged access
* @xn: XN (execute-never) bit
* @pxn: PXN (privileged execute-never) bit
* @in_pa: The original input pa space
* @out_pa: The output pa space, modified by NSTable, NS, and NSE
*/
static int get_S1prot(CPUARMState *env, ARMMMUIdx mmu_idx, bool is_aa64,
- int ap, int xn, int pxn,
+ int user_rw, int prot_rw, int xn, int pxn,
ARMSecuritySpace in_pa, ARMSecuritySpace out_pa)
{
ARMCPU *cpu = env_archcpu(env);
bool is_user = regime_is_user(env, mmu_idx);
- int prot_rw, user_rw;
bool have_wxn;
int wxn = 0;
assert(!regime_is_stage2(mmu_idx));
- user_rw = simple_ap_to_rw_prot_is_user(ap, true);
if (is_user) {
prot_rw = user_rw;
} else {
@@ -1393,8 +1385,6 @@ static int get_S1prot(CPUARMState *env, ARMMMUIdx mmu_idx, bool is_aa64,
regime_is_pan(env, mmu_idx) &&
(regime_sctlr(env, mmu_idx) & SCTLR_EPAN) && !xn) {
prot_rw = 0;
- } else {
- prot_rw = simple_ap_to_rw_prot_is_user(ap, false);
}
}
@@ -2044,6 +2034,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
int nse, ns = extract32(attrs, 5, 1);
uint8_t attrindx;
uint64_t mair;
+ int user_rw, prot_rw;
switch (out_space) {
case ARMSS_Root:
@@ -2110,12 +2101,15 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
xn = 0;
ap &= ~1;
}
+
+ user_rw = simple_ap_to_rw_prot_is_user(ap, true);
+ prot_rw = simple_ap_to_rw_prot_is_user(ap, false);
/*
* Note that we modified ptw->in_space earlier for NSTable, but
* result->f.attrs retains a copy of the original security space.
*/
- result->f.prot = get_S1prot(env, mmu_idx, aarch64, ap, xn, pxn,
- result->f.attrs.space, out_space);
+ result->f.prot = get_S1prot(env, mmu_idx, aarch64, user_rw, prot_rw,
+ xn, pxn, result->f.attrs.space, out_space);
/* Index into MAIR registers for cache attributes */
attrindx = extract32(attrs, 2, 3);