qemu-arm
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 8/9] target/arm: Check addresses for disabled regimes

From: Peter Maydell
Subject: Re: [PATCH v2 8/9] target/arm: Check addresses for disabled regimes
Date: Thu, 5 Mar 2020 14:21:14 +0000 
On Mon, 2 Mar 2020 at 17:58, Richard Henderson
<address@hidden> wrote:
>
> We fail to validate the upper bits of a virtual address on a
> translation disabled regime, as per AArch64.TranslateAddressS1Off.
>
> Signed-off-by: Richard Henderson <address@hidden>
> ---
>  target/arm/helper.c | 33 ++++++++++++++++++++++++++++++++-
>  1 file changed, 32 insertions(+), 1 deletion(-)
>
> diff --git a/target/arm/helper.c b/target/arm/helper.c
> index addbec91d8..0ef32d3c24 100644
> --- a/target/arm/helper.c
> +++ b/target/arm/helper.c
> @@ -11634,7 +11634,38 @@ bool get_phys_addr(CPUARMState *env, target_ulong 
> address,
>      /* Definitely a real MMU, not an MPU */
>
>      if (regime_translation_disabled(env, mmu_idx)) {
> -        /* MMU disabled. */
> +        /*
> +         * MMU disabled.  S1 addresses are still checked for bounds.
> +         * C.f. AArch64.TranslateAddressS1Off.
> +         */
> +        if (is_a64(env) && mmu_idx != ARMMMUIdx_Stage2) {

This looks weird -- why do we care about whether the current
EL is aarch64, rather than looking at the controlling EL
for the translation regime ?

thanks
-- PMM
reply via email to
[Prev in Thread] Current Thread [Next in Thread]