[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 03/12] target/arm: Don't allow stage 2 page table walks to downgra
|
From: |
Peter Maydell |
|
Subject: |
[PULL 03/12] target/arm: Don't allow stage 2 page table walks to downgrade to NS |
|
Date: |
Fri, 12 May 2023 16:34:14 +0100 |
Bit 63 in a Table descriptor is only the NSTable bit for stage 1
translations; in stage 2 it is RES0. We were incorrectly looking at
it all the time.
This causes problems if:
* the stage 2 table descriptor was incorrectly setting the RES0 bit
* we are doing a stage 2 translation in Secure address space for
a NonSecure stage 1 regime -- in this case we would incorrectly
do an immediate downgrade to NonSecure
A bug elsewhere in the code currently prevents us from getting
to the second situation, but when we fix that it will be possible.
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20230504135425.2748672-2-peter.maydell@linaro.org
---
target/arm/ptw.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index bd75da8dbcf..8ac6d9b1d0c 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1415,17 +1415,18 @@ static bool get_phys_addr_lpae(CPUARMState *env,
S1Translate *ptw,
descaddrmask &= ~indexmask_grainsize;
/*
- * Secure accesses start with the page table in secure memory and
+ * Secure stage 1 accesses start with the page table in secure memory and
* can be downgraded to non-secure at any step. Non-secure accesses
* remain non-secure. We implement this by just ORing in the NSTable/NS
* bits at each step.
+ * Stage 2 never gets this kind of downgrade.
*/
tableattrs = is_secure ? 0 : (1 << 4);
next_level:
descaddr |= (address >> (stride * (4 - level))) & indexmask;
descaddr &= ~7ULL;
- nstable = extract32(tableattrs, 4, 1);
+ nstable = !regime_is_stage2(mmu_idx) && extract32(tableattrs, 4, 1);
if (nstable) {
/*
* Stage2_S -> Stage2 or Phys_S -> Phys_NS
--
2.34.1
- [PULL 00/12] target-arm queue, Peter Maydell, 2023/05/12
- [PULL 01/12] target/arm: Move translate-a32.h, arm_ldst.h, sve_ldst_internal.h to tcg/, Peter Maydell, 2023/05/12
- [PULL 04/12] target/arm: Fix handling of SW and NSW bits for stage 2 walks, Peter Maydell, 2023/05/12
- [PULL 07/12] docs: Remove unused weirdly-named cross-reference targets, Peter Maydell, 2023/05/12
- [PULL 11/12] tests/qtest: Don't run cdrom boot tests if no accelerator is present, Peter Maydell, 2023/05/12
- [PULL 02/12] target/arm: Move helper-{a64,mve,sme,sve}.h to tcg/, Peter Maydell, 2023/05/12
- [PULL 03/12] target/arm: Don't allow stage 2 page table walks to downgrade to NS,
Peter Maydell <=
- [PULL 05/12] MAINTAINERS: Update Akihiko Odaki's email address, Peter Maydell, 2023/05/12
- [PULL 08/12] hw/mips/malta: Fix minor dead code issue, Peter Maydell, 2023/05/12
- [PULL 09/12] target/arm: Select SEMIHOSTING when using TCG, Peter Maydell, 2023/05/12
- [PULL 06/12] ui: Fix pixel colour channel order for PNG screenshots, Peter Maydell, 2023/05/12
- [PULL 10/12] target/arm: Select CONFIG_ARM_V7M when TCG is enabled, Peter Maydell, 2023/05/12
- [PULL 12/12] target/arm: Correct AArch64.S2MinTxSZ 32-bit EL1 input size check, Peter Maydell, 2023/05/12
- Re: [PULL 00/12] target-arm queue, Richard Henderson, 2023/05/13