From patchwork Mon Sep 4 12:25:46 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 111568 Delivered-To: patch@linaro.org Received: by 10.140.94.166 with SMTP id g35csp1473564qge; Mon, 4 Sep 2017 05:38:51 -0700 (PDT) X-Google-Smtp-Source: ADKCNb5lmehNZLf90fZBBwAHubksNRkUoQD6fKH2k/ay+mlXulmKtLyzaiqbeh2sToSMt2zz75Qf X-Received: by 10.55.76.196 with SMTP id z187mr644542qka.100.1504528731583; Mon, 04 Sep 2017 05:38:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1504528731; cv=none; d=google.com; s=arc-20160816; b=HjTetU01tVokOq17fKgjV1EWRq14UaGdlfEVsXRek2PrwipFLiBPErUW3ew5u3rLa0 9fo3dhcfFIncGyU/fZ+IYBvNJBUwLsLdLdhxHeOWKN8fNs0xLOJRiOuP4UT+AabbIXs3 QtlNamAAIBbkbY2zvRl2gruWFSkNlKKPPP52FlA46LvBql95EFS0N9USZPfiPWLv2beZ WYbHke1VT6KlZiWwus+YFV2D9cdKY+s4YC772dgaofT6Y8vZLc4NGQJhIIsW5t4xeStk If0gpCMQo2c/m7dYnHqcEOhhUYJdCqqWabo9/AtxGWI+bHyNh6Jl7CL5Cb/jIVotiOIA 2L5g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:references:in-reply-to :message-id:date:to:from:arc-authentication-results; bh=mthgaQ+JY23MjmRqUJ0M99xsHBiE93FZ/2mAlcO9AY8=; b=OQXaodHq8oUugPJmsNkXbRCsfkmR53Un4cGDO3QzD8EGwJdKhPDulG09yegOvo2yLA 5wib+9pSSKDyUwcPNvlwPV06lsS1DYAyAAK3BUWUejysAN+r47qiCUDee6aGrczgGz1L LbsYdAWWR5FvgoVem+tk/JhLS1ap0dS/c9P6Vg9jjJ4ZZ8DdLqbfcmczXaOOIi8PSRQ+ hAwNQDexjWcxEke0xS/4juxgsxbLwSXsYS3+DFzf519EK2jO+nwl1ctaHUA0BMJBIu7k pMiCw9VZEMzWQa96hgFnqibosGf7yW3xybhvPjwaISNZRJ2Swzn2/0l3qgLNWgNjUA5t qFqA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id l1si6814391qtc.505.2017.09.04.05.38.51 for (version=TLS1 cipher=AES128-SHA bits=128/128); Mon, 04 Sep 2017 05:38:51 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:59604 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1doqeP-0005uT-BG for patch@linaro.org; Mon, 04 Sep 2017 08:38:49 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52588) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1doqSS-00051a-GD for qemu-devel@nongnu.org; Mon, 04 Sep 2017 08:26:44 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1doqSC-0004mW-UZ for qemu-devel@nongnu.org; Mon, 04 Sep 2017 08:26:28 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:37116) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1doqSC-0004l7-MS for qemu-devel@nongnu.org; Mon, 04 Sep 2017 08:26:12 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1doqSB-0005Ve-Hx for qemu-devel@nongnu.org; Mon, 04 Sep 2017 13:26:11 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Date: Mon, 4 Sep 2017 13:25:46 +0100 Message-Id: <1504527967-29248-16-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1504527967-29248-1-git-send-email-peter.maydell@linaro.org> References: <1504527967-29248-1-git-send-email-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PULL 15/36] nvic: Implement "user accesses BusFault" SCS region behaviour X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" The ARMv7M architecture specifies that most of the addresses in the PPB region (which includes the NVIC, systick and system registers) are not accessible to unprivileged accesses, which should BusFault with a few exceptions: * the STIR is configurably user-accessible * the ITM (which we don't implement at all) is always user-accessible Implement this by switching the register access functions to the _with_attrs scheme that lets us distinguish user mode accesses. This allows us to pull the handling of the CCR.USERSETMPEND flag up to the level where we can make it generate a BusFault as it should for non-permitted accesses. Note that until the core ARM CPU code implements turning MEMTX_ERROR into a BusFault the registers will continue to act as RAZ/WI to user accesses. Signed-off-by: Peter Maydell Reviewed-by: Edgar E. Iglesias Reviewed-by: Richard Henderson Message-id: 1501692241-23310-16-git-send-email-peter.maydell@linaro.org --- hw/intc/armv7m_nvic.c | 58 ++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 41 insertions(+), 17 deletions(-) -- 2.7.4 diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c index 5a18025..bbfe2d5 100644 --- a/hw/intc/armv7m_nvic.c +++ b/hw/intc/armv7m_nvic.c @@ -733,11 +733,8 @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value) } case 0xf00: /* Software Triggered Interrupt Register */ { - /* user mode can only write to STIR if CCR.USERSETMPEND permits it */ int excnum = (value & 0x1ff) + NVIC_FIRST_IRQ; - if (excnum < s->num_irq && - (arm_current_el(&cpu->env) || - (cpu->env.v7m.ccr & R_V7M_CCR_USERSETMPEND_MASK))) { + if (excnum < s->num_irq) { armv7m_nvic_set_pending(s, excnum); } break; @@ -748,14 +745,32 @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value) } } -static uint64_t nvic_sysreg_read(void *opaque, hwaddr addr, - unsigned size) +static bool nvic_user_access_ok(NVICState *s, hwaddr offset) +{ + /* Return true if unprivileged access to this register is permitted. */ + switch (offset) { + case 0xf00: /* STIR: accessible only if CCR.USERSETMPEND permits */ + return s->cpu->env.v7m.ccr & R_V7M_CCR_USERSETMPEND_MASK; + default: + /* All other user accesses cause a BusFault unconditionally */ + return false; + } +} + +static MemTxResult nvic_sysreg_read(void *opaque, hwaddr addr, + uint64_t *data, unsigned size, + MemTxAttrs attrs) { NVICState *s = (NVICState *)opaque; uint32_t offset = addr; unsigned i, startvec, end; uint32_t val; + if (attrs.user && !nvic_user_access_ok(s, addr)) { + /* Generate BusFault for unprivileged accesses */ + return MEMTX_ERROR; + } + switch (offset) { /* reads of set and clear both return the status */ case 0x100 ... 0x13f: /* NVIC Set enable */ @@ -826,11 +841,13 @@ static uint64_t nvic_sysreg_read(void *opaque, hwaddr addr, } trace_nvic_sysreg_read(addr, val, size); - return val; + *data = val; + return MEMTX_OK; } -static void nvic_sysreg_write(void *opaque, hwaddr addr, - uint64_t value, unsigned size) +static MemTxResult nvic_sysreg_write(void *opaque, hwaddr addr, + uint64_t value, unsigned size, + MemTxAttrs attrs) { NVICState *s = (NVICState *)opaque; uint32_t offset = addr; @@ -839,6 +856,11 @@ static void nvic_sysreg_write(void *opaque, hwaddr addr, trace_nvic_sysreg_write(addr, value, size); + if (attrs.user && !nvic_user_access_ok(s, addr)) { + /* Generate BusFault for unprivileged accesses */ + return MEMTX_ERROR; + } + switch (offset) { case 0x100 ... 0x13f: /* NVIC Set enable */ offset += 0x80; @@ -853,7 +875,7 @@ static void nvic_sysreg_write(void *opaque, hwaddr addr, } } nvic_irq_update(s); - return; + return MEMTX_OK; case 0x200 ... 0x23f: /* NVIC Set pend */ /* the special logic in armv7m_nvic_set_pending() * is not needed since IRQs are never escalated @@ -870,9 +892,9 @@ static void nvic_sysreg_write(void *opaque, hwaddr addr, } } nvic_irq_update(s); - return; + return MEMTX_OK; case 0x300 ... 0x33f: /* NVIC Active */ - return; /* R/O */ + return MEMTX_OK; /* R/O */ case 0x400 ... 0x5ef: /* NVIC Priority */ startvec = 8 * (offset - 0x400) + NVIC_FIRST_IRQ; /* vector # */ @@ -880,26 +902,28 @@ static void nvic_sysreg_write(void *opaque, hwaddr addr, set_prio(s, startvec + i, (value >> (i * 8)) & 0xff); } nvic_irq_update(s); - return; + return MEMTX_OK; case 0xd18 ... 0xd23: /* System Handler Priority. */ for (i = 0; i < size; i++) { unsigned hdlidx = (offset - 0xd14) + i; set_prio(s, hdlidx, (value >> (i * 8)) & 0xff); } nvic_irq_update(s); - return; + return MEMTX_OK; } if (size == 4) { nvic_writel(s, offset, value); - return; + return MEMTX_OK; } qemu_log_mask(LOG_GUEST_ERROR, "NVIC: Bad write of size %d at offset 0x%x\n", size, offset); + /* This is UNPREDICTABLE; treat as RAZ/WI */ + return MEMTX_OK; } static const MemoryRegionOps nvic_sysreg_ops = { - .read = nvic_sysreg_read, - .write = nvic_sysreg_write, + .read_with_attrs = nvic_sysreg_read, + .write_with_attrs = nvic_sysreg_write, .endianness = DEVICE_NATIVE_ENDIAN, };