[15/20] target/arm: Fix calculation of secure mm_idx values

Message ID	1506092407-26985-16-git-send-email-peter.maydell@linaro.org
State	Superseded
Headers	show Delivered-To: patches@linaro.org Received-SPF: pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) client-ip=2001:8b0:1d0::2; From: Peter Maydell <peter.maydell@linaro.org> To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Cc: patches@linaro.org Subject: [PATCH 15/20] target/arm: Fix calculation of secure mm_idx values Date: Fri, 22 Sep 2017 16:00:02 +0100 Message-Id: <1506092407-26985-16-git-send-email-peter.maydell@linaro.org> In-Reply-To: <1506092407-26985-1-git-send-email-peter.maydell@linaro.org> References: <1506092407-26985-1-git-send-email-peter.maydell@linaro.org>
Series	ARM v8M: exception entry, exit and security \| expand [00/20] ARM v8M: exception entry, exit and security [01/20] nvic: Clear the vector arrays and prigroup on reset [02/20] target/arm: Don't switch to target stack early in v7M exception return [03/20] target/arm: Prepare for CONTROL.SPSEL being nonzero in Handler mode [04/20] target/arm: Restore security state on exception return [05/20] target/arm: Restore SPSEL to correct CONTROL register on exception return [06/20] target/arm: Check for xPSR mismatch usage faults earlier for v8M [07/20] target/arm: Warn about restoring to unaligned stack [08/20] target/arm: Don't warn about exception return with PC low bit set for v8M [09/20] target/arm: Add new-in-v8M SFSR and SFAR [10/20] target/arm: Update excret sanity checks for v8M [11/20] target/arm: Add support for restoring v8M additional state context [12/20] target/arm: Add v8M support to exception entry code [13/20] nvic: Implement Security Attribution Unit registers [14/20] target/arm: Implement security attribute lookups for memory accesses [15/20] target/arm: Fix calculation of secure mm_idx values [16/20] target/arm: Factor out "get mmuidx for specified security state" [17/20] target/arm: Implement SG instruction [18/20] target/arm: Implement BLXNS [19/20] target/arm: Implement secure function return [20/20] nvic: Add missing code for writing SHCSR.HARDFAULTPENDED bit

Message ID

1506092407-26985-16-git-send-email-peter.maydell@linaro.org

State

Superseded

Headers

Received-SPF: pass (google.com: best guess record for domain of
	pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted
	sender) client-ip=2001:8b0:1d0::2; 
From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-arm@nongnu.org,
	qemu-devel@nongnu.org
Cc: patches@linaro.org
Subject: [PATCH 15/20] target/arm: Fix calculation of secure mm_idx values
Date: Fri, 22 Sep 2017 16:00:02 +0100
Message-Id: <1506092407-26985-16-git-send-email-peter.maydell@linaro.org>
In-Reply-To: <1506092407-26985-1-git-send-email-peter.maydell@linaro.org>
References: <1506092407-26985-1-git-send-email-peter.maydell@linaro.org>

Series

ARM v8M: exception entry, exit and security | expand

Commit Message

Peter Maydell Sept. 22, 2017, 3 p.m. UTC

In cpu_mmu_index() we try to do this:
        if (env->v7m.secure) {
            mmu_idx += ARMMMUIdx_MSUser;
        }
but it will give the wrong answer, because ARMMMUIdx_MSUser
includes the 0x40 ARM_MMU_IDX_M field, and so does the
mmu_idx we're adding to, and we'll end up with 0x8n rather
than 0x4n. This error is then nullified by the call to
arm_to_core_mmu_idx() which masks out the high part, but
we're about to factor out the code that calculates the
ARMMMUIdx values so it can be used without passing it through
arm_to_core_mmu_idx(), so fix this bug first.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---
 target/arm/cpu.h | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

-- 
2.7.4

Comments

Philippe Mathieu-Daudé Oct. 5, 2017, 4:46 a.m. UTC | #1

On 09/22/2017 12:00 PM, Peter Maydell wrote:
> In cpu_mmu_index() we try to do this:

>         if (env->v7m.secure) {

>             mmu_idx += ARMMMUIdx_MSUser;

>         }

> but it will give the wrong answer, because ARMMMUIdx_MSUser

> includes the 0x40 ARM_MMU_IDX_M field, and so does the

> mmu_idx we're adding to, and we'll end up with 0x8n rather

> than 0x4n. This error is then nullified by the call to

> arm_to_core_mmu_idx() which masks out the high part, but

> we're about to factor out the code that calculates the

> ARMMMUIdx values so it can be used without passing it through

> arm_to_core_mmu_idx(), so fix this bug first.

> 

> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>


> ---

>  target/arm/cpu.h | 12 +++++++-----

>  1 file changed, 7 insertions(+), 5 deletions(-)

> 

> diff --git a/target/arm/cpu.h b/target/arm/cpu.h

> index 441e584..70c1f85 100644

> --- a/target/arm/cpu.h

> +++ b/target/arm/cpu.h

> @@ -2335,14 +2335,16 @@ static inline int cpu_mmu_index(CPUARMState *env, bool ifetch)

>      int el = arm_current_el(env);

>  

>      if (arm_feature(env, ARM_FEATURE_M)) {

> -        ARMMMUIdx mmu_idx = el == 0 ? ARMMMUIdx_MUser : ARMMMUIdx_MPriv;

> +        ARMMMUIdx mmu_idx;

>  

> -        if (armv7m_nvic_neg_prio_requested(env->nvic, env->v7m.secure)) {

> -            mmu_idx = ARMMMUIdx_MNegPri;

> +        if (el == 0) {

> +            mmu_idx = env->v7m.secure ? ARMMMUIdx_MSUser : ARMMMUIdx_MUser;

> +        } else {

> +            mmu_idx = env->v7m.secure ? ARMMMUIdx_MSPriv : ARMMMUIdx_MPriv;

>          }

>  

> -        if (env->v7m.secure) {

> -            mmu_idx += ARMMMUIdx_MSUser;

> +        if (armv7m_nvic_neg_prio_requested(env->nvic, env->v7m.secure)) {

> +            mmu_idx = env->v7m.secure ? ARMMMUIdx_MSNegPri : ARMMMUIdx_MNegPri;

>          }

>  

>          return arm_to_core_mmu_idx(mmu_idx);

>

Richard Henderson Oct. 5, 2017, 6:41 p.m. UTC | #2

On 09/22/2017 11:00 AM, Peter Maydell wrote:
> In cpu_mmu_index() we try to do this:

>         if (env->v7m.secure) {

>             mmu_idx += ARMMMUIdx_MSUser;

>         }

> but it will give the wrong answer, because ARMMMUIdx_MSUser

> includes the 0x40 ARM_MMU_IDX_M field, and so does the

> mmu_idx we're adding to, and we'll end up with 0x8n rather

> than 0x4n. This error is then nullified by the call to

> arm_to_core_mmu_idx() which masks out the high part, but

> we're about to factor out the code that calculates the

> ARMMMUIdx values so it can be used without passing it through

> arm_to_core_mmu_idx(), so fix this bug first.

> 

> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

> ---

>  target/arm/cpu.h | 12 +++++++-----

>  1 file changed, 7 insertions(+), 5 deletions(-)


Reviewed-by: Richard Henderson <richard.henderson@linaro.org>



r~

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 441e584..70c1f85 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2335,14 +2335,16 @@  static inline int cpu_mmu_index(CPUARMState *env, bool ifetch)
     int el = arm_current_el(env);
 
     if (arm_feature(env, ARM_FEATURE_M)) {
-        ARMMMUIdx mmu_idx = el == 0 ? ARMMMUIdx_MUser : ARMMMUIdx_MPriv;
+        ARMMMUIdx mmu_idx;
 
-        if (armv7m_nvic_neg_prio_requested(env->nvic, env->v7m.secure)) {
-            mmu_idx = ARMMMUIdx_MNegPri;
+        if (el == 0) {
+            mmu_idx = env->v7m.secure ? ARMMMUIdx_MSUser : ARMMMUIdx_MUser;
+        } else {
+            mmu_idx = env->v7m.secure ? ARMMMUIdx_MSPriv : ARMMMUIdx_MPriv;
         }
 
-        if (env->v7m.secure) {
-            mmu_idx += ARMMMUIdx_MSUser;
+        if (armv7m_nvic_neg_prio_requested(env->nvic, env->v7m.secure)) {
+            mmu_idx = env->v7m.secure ? ARMMMUIdx_MSNegPri : ARMMMUIdx_MNegPri;
         }
 
         return arm_to_core_mmu_idx(mmu_idx);

[15/20] target/arm: Fix calculation of secure mm_idx values

Commit Message

Comments

Patch