[08/11] target/arm: Enforce PAN semantics in get_S1prot

Message ID 20191203225333.17055-9-richard.henderson@linaro.org
State New
Headers show
Series
  • target/arm: Implement ARMv8.1-PAN + ARMv8.2-ATS1E1
Related show

Commit Message

Richard Henderson Dec. 3, 2019, 10:53 p.m.
If we have a PAN-enforcing mmu_idx, set prot == 0 if user_rw != 0.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

---
 target/arm/internals.h | 13 +++++++++++++
 target/arm/helper.c    |  3 +++
 2 files changed, 16 insertions(+)

-- 
2.17.1

Comments

Peter Maydell Dec. 6, 2019, 7:12 p.m. | #1
On Tue, 3 Dec 2019 at 22:53, Richard Henderson
<richard.henderson@linaro.org> wrote:
>

> If we have a PAN-enforcing mmu_idx, set prot == 0 if user_rw != 0.

>

> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

> ---

>  target/arm/internals.h | 13 +++++++++++++

>  target/arm/helper.c    |  3 +++

>  2 files changed, 16 insertions(+)

>

> diff --git a/target/arm/internals.h b/target/arm/internals.h

> index 2408953031..ab3b436379 100644

> --- a/target/arm/internals.h

> +++ b/target/arm/internals.h

> @@ -893,6 +893,19 @@ static inline bool regime_is_secure(CPUARMState *env, ARMMMUIdx mmu_idx)

>      }

>  }

>

> +static inline bool regime_is_pan(CPUARMState *env, ARMMMUIdx mmu_idx)

> +{

> +    switch (mmu_idx) {

> +    case ARMMMUIdx_Stage1_E1_PAN:

> +    case ARMMMUIdx_EL10_1_PAN:

> +    case ARMMMUIdx_EL20_2_PAN:

> +    case ARMMMUIdx_SE1_PAN:

> +        return true;

> +    default:

> +        return false;

> +    }

> +}

> +

>  /* Return the FSR value for a debug exception (watchpoint, hardware

>   * breakpoint or BKPT insn) targeting the specified exception level.

>   */

> diff --git a/target/arm/helper.c b/target/arm/helper.c

> index 6c65dd799e..a1dbafb9b2 100644

> --- a/target/arm/helper.c

> +++ b/target/arm/helper.c

> @@ -9444,6 +9444,9 @@ static int get_S1prot(CPUARMState *env, ARMMMUIdx mmu_idx, bool is_aa64,

>      if (is_user) {

>          prot_rw = user_rw;

>      } else {

> +        if (user_rw && regime_is_pan(env, mmu_idx)) {

> +            return 0;

> +        }

>          prot_rw = simple_ap_to_rw_prot_is_user(ap, false);

>      }

>

> --

> 2.17.1

>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>


thanks
-- PMM

Patch

diff --git a/target/arm/internals.h b/target/arm/internals.h
index 2408953031..ab3b436379 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -893,6 +893,19 @@  static inline bool regime_is_secure(CPUARMState *env, ARMMMUIdx mmu_idx)
     }
 }
 
+static inline bool regime_is_pan(CPUARMState *env, ARMMMUIdx mmu_idx)
+{
+    switch (mmu_idx) {
+    case ARMMMUIdx_Stage1_E1_PAN:
+    case ARMMMUIdx_EL10_1_PAN:
+    case ARMMMUIdx_EL20_2_PAN:
+    case ARMMMUIdx_SE1_PAN:
+        return true;
+    default:
+        return false;
+    }
+}
+
 /* Return the FSR value for a debug exception (watchpoint, hardware
  * breakpoint or BKPT insn) targeting the specified exception level.
  */
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 6c65dd799e..a1dbafb9b2 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -9444,6 +9444,9 @@  static int get_S1prot(CPUARMState *env, ARMMMUIdx mmu_idx, bool is_aa64,
     if (is_user) {
         prot_rw = user_rw;
     } else {
+        if (user_rw && regime_is_pan(env, mmu_idx)) {
+            return 0;
+        }
         prot_rw = simple_ap_to_rw_prot_is_user(ap, false);
     }