aboutsummaryrefslogtreecommitdiff
path: root/target
diff options
context:
space:
mode:
authorPeter Maydell <peter.maydell@linaro.org>2020-03-30 18:06:51 +0100
committerPeter Maydell <peter.maydell@linaro.org>2020-04-03 19:23:53 +0100
commitf4e1dbc578a051db08a40c05276ebf525b98f949 (patch)
tree522c5adde80898ba14cb425d6e4dec22b30c33a0 /target
parent8a2b76ffc9ff610c3439617e19f1eb9be02be50f (diff)
target/arm: PSTATE.PAN should not clear exec bits
Our implementation of the PSTATE.PAN bit incorrectly cleared all access permission bits for privileged access to memory which is user-accessible. It should only affect the privileged read and write permissions; execute permission is dealt with via XN/PXN instead. Fixes: 81636b70c226dc27d7ebc8d Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20200330170651.20901-1-peter.maydell@linaro.org
Diffstat (limited to 'target')
-rw-r--r--target/arm/helper.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 163c91a1cc..ed7eb8ab54 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -10025,9 +10025,11 @@ static int get_S1prot(CPUARMState *env, ARMMMUIdx mmu_idx, bool is_aa64,
prot_rw = user_rw;
} else {
if (user_rw && regime_is_pan(env, mmu_idx)) {
- return 0;
+ /* PAN forbids data accesses but doesn't affect insn fetch */
+ prot_rw = 0;
+ } else {
+ prot_rw = simple_ap_to_rw_prot_is_user(ap, false);
}
- prot_rw = simple_ap_to_rw_prot_is_user(ap, false);
}
if (ns && arm_is_secure(env) && (env->cp15.scr_el3 & SCR_SIF)) {