From patchwork Wed Apr 10 07:22:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 787481 Delivered-To: patch@linaro.org Received: by 2002:adf:fdd2:0:b0:346:15ad:a2a with SMTP id i18csp568714wrs; Wed, 10 Apr 2024 00:32:14 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXfyFR9mitTnM9ExFX3G27ldCtdyKWHweUDPk4v4mexnze32aPGp9q++LGt2FH9ideu2Vyq2NLjDh4o1nuCHIAy X-Google-Smtp-Source: AGHT+IHIc+5OUnGmurj0FhOzyP2qmZOuGDfjTJZqKS5XNUCkQMXhj0rqV8jmQCMESDGhu85OsF05 X-Received: by 2002:ac8:138b:0:b0:434:fd7d:636f with SMTP id h11-20020ac8138b000000b00434fd7d636fmr2992771qtj.4.1712734334291; Wed, 10 Apr 2024 00:32:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1712734334; cv=none; d=google.com; s=arc-20160816; b=GG1R72fflnSHhQ/EmKhBoSGBWs40paq8mARjyPrI0/BREjZCBuxCYZrgAFUVE6CceS o9beo3v5eMh3Q8Bifmjko9f743SCJfkez/t5htfmgb5uSCZ57arJqrZqQrkLjRLL08my jnfSExl3+Nn6sRoNfpSdh9LZH7MFIw98si+1qtrrbMuFGrBck6MsFUPiS+5wcM4uZGsL ADQVmGhENyT1SWNHYOqnM4jTB293VH4YwNrL3ItxjaOjsN+a5t9OBcAfX6QmDCRtUTaE WAlBsVRB+kJ2FrUrddGn1CmQ/SOE6KFb4Sn1ryP0Gn5UPySCBXrgubETOHO2RTWNTs4v Za6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=Iu2iKOxaxxOCVlBupUr1F9RLVwCRf2NJ3Y/NCahQvAI=; fh=xJ1URYKcMN3TM0/XAv5v+aCN+5tIbzAdcfBx5UNgoLw=; b=02T5SA1sJEtzgvW66JEXu0MDWPSaG06QXxXJESinovbS4ITxInpVs1tY0voOUg/tCo 63u+3h+5SypQdTDUNuILA3UiFnFftsF1ZMKTV2vMc5jlzHKxuJJzgLzr6I/szZsO9m+n RUPYj6xNbbce5zBC57pHm7hXMGNK6RJPfXyWeccyQXxgJR1FBeaP/aMleB+dpyYVNh+s gNJ/XWMGtCWppb8094UzZDtxK9siWndNu8A4BeGQD6xXCoU2BVHqAWJxdUCL4s1IKGJt +g6UrB3gvVUHamg6Gt/p1OlT5vbzbqkoVBWKz5Nzg7aaf05Kb769nW1LG8ylc8ZqeHT9 ZTkQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id v9-20020a05622a188900b00434f39edd11si2142943qtc.660.2024.04.10.00.32.14 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Wed, 10 Apr 2024 00:32:14 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ruSQu-0005bt-Tm; Wed, 10 Apr 2024 03:31:49 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ruSQU-0005J0-Ph; Wed, 10 Apr 2024 03:31:23 -0400 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ruSQR-0005QD-RE; Wed, 10 Apr 2024 03:31:21 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 89AA45D6C3; Wed, 10 Apr 2024 10:25:08 +0300 (MSK) Received: from tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with SMTP id 2E992B0303; Wed, 10 Apr 2024 10:23:10 +0300 (MSK) Received: (nullmailer pid 4191901 invoked by uid 1000); Wed, 10 Apr 2024 07:23:04 -0000 From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Peter Maydell , Richard Henderson , Michael Tokarev Subject: [Stable-8.2.3 83/87] target/arm: Use correct SecuritySpace for AArch64 AT ops at EL3 Date: Wed, 10 Apr 2024 10:22:56 +0300 Message-Id: <20240410072303.4191455-83-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Peter Maydell When we do an AT address translation operation, the page table walk is supposed to be performed in the context of the EL we're doing the walk for, so for instance an AT S1E2R walk is done for EL2. In the pseudocode an EL is passed to AArch64.AT(), which calls SecurityStateAtEL() to find the security state that we should be doing the walk with. In ats_write64() we get this wrong, instead using the current security space always. This is fine for AT operations performed from EL1 and EL2, because there the current security state and the security state for the lower EL are the same. But for AT operations performed from EL3, the current security state is always either Secure or Root, whereas we want to use the security state defined by SCR_EL3.{NS,NSE} for the walk. This affects not just guests using FEAT_RME but also ones where EL3 is Secure state and the EL3 code is trying to do an AT for a NonSecure EL2 or EL1. Use arm_security_space_below_el3() to get the SecuritySpace to pass to do_ats_write() for all AT operations except the AT S1E3* operations. Cc: qemu-stable@nongnu.org Fixes: e1ee56ec2383 ("target/arm: Pass security space rather than flag for AT instructions") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2250 Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20240405180232.3570066-1-peter.maydell@linaro.org (cherry picked from commit 19b254e86a900dc5ee332e3ac0baf9c521301abf) Signed-off-by: Michael Tokarev diff --git a/target/arm/helper.c b/target/arm/helper.c index df1646de3a..ca2c6e9732 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -3703,6 +3703,8 @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri, ARMMMUIdx mmu_idx; uint64_t hcr_el2 = arm_hcr_el2_eff(env); bool regime_e20 = (hcr_el2 & (HCR_E2H | HCR_TGE)) == (HCR_E2H | HCR_TGE); + bool for_el3 = false; + ARMSecuritySpace ss; switch (ri->opc2 & 6) { case 0: @@ -3720,6 +3722,7 @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri, break; case 6: /* AT S1E3R, AT S1E3W */ mmu_idx = ARMMMUIdx_E3; + for_el3 = true; break; default: g_assert_not_reached(); @@ -3738,8 +3741,8 @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri, g_assert_not_reached(); } - env->cp15.par_el[1] = do_ats_write(env, value, access_type, - mmu_idx, arm_security_space(env)); + ss = for_el3 ? arm_security_space(env) : arm_security_space_below_el3(env); + env->cp15.par_el[1] = do_ats_write(env, value, access_type, mmu_idx, ss); #else /* Handled by hardware accelerator. */ g_assert_not_reached();