[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 31/35] target/arm: Pass security space rather than flag for AT ins
From: |
Peter Maydell |
Subject: |
[PULL 31/35] target/arm: Pass security space rather than flag for AT instructions |
Date: |
Thu, 24 Aug 2023 10:28:32 +0100 |
From: Jean-Philippe Brucker <jean-philippe@linaro.org>
At the moment we only handle Secure and Nonsecure security spaces for
the AT instructions. Add support for Realm and Root.
For AArch64, arm_security_space() gives the desired space. ARM DDI0487J
says (R_NYXTL):
If EL3 is implemented, then when an address translation instruction
that applies to an Exception level lower than EL3 is executed, the
Effective value of SCR_EL3.{NSE, NS} determines the target Security
state that the instruction applies to.
For AArch32, some instructions can access NonSecure space from Secure,
so we still need to pass the state explicitly to do_ats_write().
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20230809123706.1842548-5-jean-philippe@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/internals.h | 18 +++++++++---------
target/arm/helper.c | 27 ++++++++++++---------------
target/arm/ptw.c | 12 ++++++------
3 files changed, 27 insertions(+), 30 deletions(-)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index fc90c364f77..cf13bb94f59 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1217,24 +1217,24 @@ bool get_phys_addr(CPUARMState *env, target_ulong
address,
__attribute__((nonnull));
/**
- * get_phys_addr_with_secure_nogpc: get the physical address for a virtual
- * address
+ * get_phys_addr_with_space_nogpc: get the physical address for a virtual
+ * address
* @env: CPUARMState
* @address: virtual address to get physical address for
* @access_type: 0 for read, 1 for write, 2 for execute
* @mmu_idx: MMU index indicating required translation regime
- * @is_secure: security state for the access
+ * @space: security space for the access
* @result: set on translation success.
* @fi: set to fault info if the translation fails
*
- * Similar to get_phys_addr, but use the given security regime and don't
perform
+ * Similar to get_phys_addr, but use the given security space and don't perform
* a Granule Protection Check on the resulting address.
*/
-bool get_phys_addr_with_secure_nogpc(CPUARMState *env, target_ulong address,
- MMUAccessType access_type,
- ARMMMUIdx mmu_idx, bool is_secure,
- GetPhysAddrResult *result,
- ARMMMUFaultInfo *fi)
+bool get_phys_addr_with_space_nogpc(CPUARMState *env, target_ulong address,
+ MMUAccessType access_type,
+ ARMMMUIdx mmu_idx, ARMSecuritySpace space,
+ GetPhysAddrResult *result,
+ ARMMMUFaultInfo *fi)
__attribute__((nonnull));
bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
diff --git a/target/arm/helper.c b/target/arm/helper.c
index e8a232a1f89..de639d40871 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -3357,7 +3357,7 @@ static int par_el1_shareability(GetPhysAddrResult *res)
static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- bool is_secure)
+ ARMSecuritySpace ss)
{
bool ret;
uint64_t par64;
@@ -3369,8 +3369,8 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t
value,
* I_MXTJT: Granule protection checks are not performed on the final
address
* of a successful translation.
*/
- ret = get_phys_addr_with_secure_nogpc(env, value, access_type, mmu_idx,
- is_secure, &res, &fi);
+ ret = get_phys_addr_with_space_nogpc(env, value, access_type, mmu_idx, ss,
+ &res, &fi);
/*
* ATS operations only do S1 or S1+S2 translations, so we never
@@ -3535,7 +3535,7 @@ static void ats_write(CPUARMState *env, const
ARMCPRegInfo *ri, uint64_t value)
uint64_t par64;
ARMMMUIdx mmu_idx;
int el = arm_current_el(env);
- bool secure = arm_is_secure_below_el3(env);
+ ARMSecuritySpace ss = arm_security_space(env);
switch (ri->opc2 & 6) {
case 0:
@@ -3543,10 +3543,9 @@ static void ats_write(CPUARMState *env, const
ARMCPRegInfo *ri, uint64_t value)
switch (el) {
case 3:
mmu_idx = ARMMMUIdx_E3;
- secure = true;
break;
case 2:
- g_assert(!secure); /* ARMv8.4-SecEL2 is 64-bit only */
+ g_assert(ss != ARMSS_Secure); /* ARMv8.4-SecEL2 is 64-bit only */
/* fall through */
case 1:
if (ri->crm == 9 && (env->uncached_cpsr & CPSR_PAN)) {
@@ -3564,10 +3563,9 @@ static void ats_write(CPUARMState *env, const
ARMCPRegInfo *ri, uint64_t value)
switch (el) {
case 3:
mmu_idx = ARMMMUIdx_E10_0;
- secure = true;
break;
case 2:
- g_assert(!secure); /* ARMv8.4-SecEL2 is 64-bit only */
+ g_assert(ss != ARMSS_Secure); /* ARMv8.4-SecEL2 is 64-bit only */
mmu_idx = ARMMMUIdx_Stage1_E0;
break;
case 1:
@@ -3580,18 +3578,18 @@ static void ats_write(CPUARMState *env, const
ARMCPRegInfo *ri, uint64_t value)
case 4:
/* stage 1+2 NonSecure PL1: ATS12NSOPR, ATS12NSOPW */
mmu_idx = ARMMMUIdx_E10_1;
- secure = false;
+ ss = ARMSS_NonSecure;
break;
case 6:
/* stage 1+2 NonSecure PL0: ATS12NSOUR, ATS12NSOUW */
mmu_idx = ARMMMUIdx_E10_0;
- secure = false;
+ ss = ARMSS_NonSecure;
break;
default:
g_assert_not_reached();
}
- par64 = do_ats_write(env, value, access_type, mmu_idx, secure);
+ par64 = do_ats_write(env, value, access_type, mmu_idx, ss);
A32_BANKED_CURRENT_REG_SET(env, par, par64);
#else
@@ -3608,7 +3606,8 @@ static void ats1h_write(CPUARMState *env, const
ARMCPRegInfo *ri,
uint64_t par64;
/* There is no SecureEL2 for AArch32. */
- par64 = do_ats_write(env, value, access_type, ARMMMUIdx_E2, false);
+ par64 = do_ats_write(env, value, access_type, ARMMMUIdx_E2,
+ ARMSS_NonSecure);
A32_BANKED_CURRENT_REG_SET(env, par, par64);
#else
@@ -3633,7 +3632,6 @@ static void ats_write64(CPUARMState *env, const
ARMCPRegInfo *ri,
#ifdef CONFIG_TCG
MMUAccessType access_type = ri->opc2 & 1 ? MMU_DATA_STORE : MMU_DATA_LOAD;
ARMMMUIdx mmu_idx;
- int secure = arm_is_secure_below_el3(env);
uint64_t hcr_el2 = arm_hcr_el2_eff(env);
bool regime_e20 = (hcr_el2 & (HCR_E2H | HCR_TGE)) == (HCR_E2H | HCR_TGE);
@@ -3653,7 +3651,6 @@ static void ats_write64(CPUARMState *env, const
ARMCPRegInfo *ri,
break;
case 6: /* AT S1E3R, AT S1E3W */
mmu_idx = ARMMMUIdx_E3;
- secure = true;
break;
default:
g_assert_not_reached();
@@ -3673,7 +3670,7 @@ static void ats_write64(CPUARMState *env, const
ARMCPRegInfo *ri,
}
env->cp15.par_el[1] = do_ats_write(env, value, access_type,
- mmu_idx, secure);
+ mmu_idx, arm_security_space(env));
#else
/* Handled by hardware accelerator. */
g_assert_not_reached();
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index ca4de6e3999..bfbab26b9b4 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -3420,15 +3420,15 @@ static bool get_phys_addr_gpc(CPUARMState *env,
S1Translate *ptw,
return false;
}
-bool get_phys_addr_with_secure_nogpc(CPUARMState *env, target_ulong address,
- MMUAccessType access_type,
- ARMMMUIdx mmu_idx, bool is_secure,
- GetPhysAddrResult *result,
- ARMMMUFaultInfo *fi)
+bool get_phys_addr_with_space_nogpc(CPUARMState *env, target_ulong address,
+ MMUAccessType access_type,
+ ARMMMUIdx mmu_idx, ARMSecuritySpace space,
+ GetPhysAddrResult *result,
+ ARMMMUFaultInfo *fi)
{
S1Translate ptw = {
.in_mmu_idx = mmu_idx,
- .in_space = arm_secure_to_space(is_secure),
+ .in_space = space,
};
return get_phys_addr_nogpc(env, &ptw, address, access_type, result, fi);
}
--
2.34.1
- [PULL 30/35] target/arm: Skip granule protection checks for AT instructions, (continued)
- [PULL 30/35] target/arm: Skip granule protection checks for AT instructions, Peter Maydell, 2023/08/24
- [PULL 17/35] target/arm/ptw: Pass ARMSecurityState to regime_translation_disabled(), Peter Maydell, 2023/08/24
- [PULL 07/35] kvm: Introduce kvm_arch_get_default_type hook, Peter Maydell, 2023/08/24
- [PULL 19/35] target/arm: Pass an ARMSecuritySpace to arm_is_el2_enabled_secstate(), Peter Maydell, 2023/08/24
- [PULL 25/35] target/arm/ptw: Check for block descriptors at invalid levels, Peter Maydell, 2023/08/24
- [PULL 26/35] target/arm/ptw: Report stage 2 fault level for stage 2 faults on stage 1 ptw, Peter Maydell, 2023/08/24
- [PULL 23/35] target/arm/ptw: Drop S1Translate::out_secure, Peter Maydell, 2023/08/24
- [PULL 22/35] target/arm/ptw: Remove S1Translate::in_secure, Peter Maydell, 2023/08/24
- [PULL 08/35] accel/kvm: Specify default IPA size for arm64, Peter Maydell, 2023/08/24
- [PULL 27/35] target/arm: Adjust PAR_EL1.SH for Device and Normal-NC memory types, Peter Maydell, 2023/08/24
- [PULL 31/35] target/arm: Pass security space rather than flag for AT instructions,
Peter Maydell <=
- [PULL 12/35] accel/kvm: Make kvm_dirty_ring_reaper_init() void, Peter Maydell, 2023/08/24
- [PULL 34/35] target/arm: Fix SME ST1Q, Peter Maydell, 2023/08/24
- [PULL 33/35] target/arm/helper: Implement CNTHCTL_EL2.CNT[VP]MASK, Peter Maydell, 2023/08/24
- [PULL 18/35] target/arm/ptw: Pass an ARMSecuritySpace to arm_hcr_el2_eff_secstate(), Peter Maydell, 2023/08/24
- [PULL 14/35] target/arm/ptw: Don't report GPC faults on stage 1 ptw as stage2 faults, Peter Maydell, 2023/08/24
- [PULL 21/35] target/arm/ptw: Remove last uses of ptw->in_secure, Peter Maydell, 2023/08/24
- [PULL 20/35] target/arm/ptw: Only fold in NSTable bit effects in Secure state, Peter Maydell, 2023/08/24
- [PULL 29/35] target/arm/helper: Fix tlbmask and tlbbits for TLBI VAE2*, Peter Maydell, 2023/08/24
- Re: [PULL 00/35] target-arm queue, Stefan Hajnoczi, 2023/08/24