diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2023-05-12 15:43:37 +0100 |
|---|---|---|
| committer | Michael Tokarev <mjt@tls.msk.ru> | 2023-11-03 19:19:06 +0300 |
| commit | 6861482deaf802e401def432ed730d99e06871c7 (patch) | |
| tree | 34e611541324d80371502754b3f93cc72512689a /target | |
| parent | d9da3f8dbd58109bf7bd9d67b63300fa7cb6539f (diff) | |
target/arm: Don't allow stage 2 page table walks to downgrade to NS
Bit 63 in a Table descriptor is only the NSTable bit for stage 1
translations; in stage 2 it is RES0. We were incorrectly looking at
it all the time.
This causes problems if:
* the stage 2 table descriptor was incorrectly setting the RES0 bit
* we are doing a stage 2 translation in Secure address space for
a NonSecure stage 1 regime -- in this case we would incorrectly
do an immediate downgrade to NonSecure
A bug elsewhere in the code currently prevents us from getting
to the second situation, but when we fix that it will be possible.
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20230504135425.2748672-2-peter.maydell@linaro.org
(cherry picked from commit 21a4ab8318ba6f049aac244e237cd1557586e216)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Diffstat (limited to 'target')
| -rw-r--r-- | target/arm/ptw.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/target/arm/ptw.c b/target/arm/ptw.c index fa013044c1..e593bc339a 100644 --- a/target/arm/ptw.c +++ b/target/arm/ptw.c @@ -1382,17 +1382,18 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw, descaddrmask &= ~indexmask_grainsize; /* - * Secure accesses start with the page table in secure memory and + * Secure stage 1 accesses start with the page table in secure memory and * can be downgraded to non-secure at any step. Non-secure accesses * remain non-secure. We implement this by just ORing in the NSTable/NS * bits at each step. + * Stage 2 never gets this kind of downgrade. */ tableattrs = is_secure ? 0 : (1 << 4); next_level: descaddr |= (address >> (stride * (4 - level))) & indexmask; descaddr &= ~7ULL; - nstable = extract32(tableattrs, 4, 1); + nstable = !regime_is_stage2(mmu_idx) && extract32(tableattrs, 4, 1); if (nstable) { /* * Stage2_S -> Stage2 or Phys_S -> Phys_NS |