From patchwork Fri Oct 6 15:59:26 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 115088 Delivered-To: patch@linaro.org Received: by 10.140.22.163 with SMTP id 32csp1990499qgn; Fri, 6 Oct 2017 09:35:44 -0700 (PDT) X-Google-Smtp-Source: AOwi7QDbG8u/V4/vrj3NquNVmQ+E0W7rgpG7Soj9u54IANiKeVG3OMVkvMjvxfGqZK8erJXuQXT1 X-Received: by 10.55.98.205 with SMTP id w196mr30389961qkb.322.1507307744414; Fri, 06 Oct 2017 09:35:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1507307744; cv=none; d=google.com; s=arc-20160816; b=UCN6JF595k6jU5vwY2D6XBMoi8eplkCKZjXqJTr0BkM9uxAkw94tp+aDuggwPr2YO3 JBeupuNU3CGqWUJ7FAch/CPCv7hNoCrIMJStXNiyDATlqWxg57ky6Lv4evxI7rDVaaaA r01C/JpysSAC9EgpNvHuEWv3mBiVV0EplF5qJaNF6SuoCpklrQDSwl1Ukcv9x/fG3jG9 TVaUaqC8pTWhpvPcjZYTMN03+NBzfNmLSvSbuS4cWtXFJ1p1mPj8iM/Vgd1vFn4aDVg+ 0qG8r03YznPB+vGMIj+l/rDnm+WDx0o5l/RHttwgCd/1l5Bh9i2jYRlDsB+Mhkh4ii6k aF2w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:references:in-reply-to :message-id:date:to:from:arc-authentication-results; bh=HH3e1lDurrZUn03FLfXiIkYhpZNdgEhxWVFK0lUKgxE=; b=HAkQbvTlsWiW7zgSuMmBYIwpdqmQZyjO1lTwrRmVZXHPnjpRB1Nmiq16W3a2KH4Y0P OPWpJOkp7oiBbB6/SDoedG/PZMTpxcBHMhCXxxCnQlura54MRxWgLByqk9ljGj2gap/Y E0FYzBgVJuGel4CMjGRHeS2cjzeBjZhMUgPKyFwG8MqGTBuL76TLTD7XYStgctmZ2kFt UEp1OjbyXwYZHCJTX2oJHCOUJEX0O/pXRhAEMUbAj70DYF5QQvMquygJqxmaykMv5oUx OmHsdn49MTe4FWPz65b8APhn1hNjqs2nCF438x9FIXVs5rmIeNcnSmrahA5dhV8HPzVd uYhQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id e8si1061284qkb.113.2017.10.06.09.35.44 for (version=TLS1 cipher=AES128-SHA bits=128/128); Fri, 06 Oct 2017 09:35:44 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:45830 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0VbD-0002Pv-Ve for patch@linaro.org; Fri, 06 Oct 2017 12:35:44 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58223) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0V1o-0004I0-24 for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:09 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e0V1m-0007rg-6x for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:08 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:37720) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e0V1l-0007p7-W7 for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:06 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1e0V1Y-0002rG-41 for qemu-devel@nongnu.org; Fri, 06 Oct 2017 16:58:52 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Date: Fri, 6 Oct 2017 16:59:26 +0100 Message-Id: <1507305585-20608-2-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> References: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PULL 01/20] arm: Fix SMC reporting to EL2 when QEMU provides PSCI X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: Jan Kiszka This properly forwards SMC events to EL2 when PSCI is provided by QEMU itself and, thus, ARM_FEATURE_EL3 is off. Found and tested with the Jailhouse hypervisor. Solution based on suggestions by Peter Maydell. Signed-off-by: Jan Kiszka Message-id: 4f243068-aaea-776f-d18f-f9e05e7be9cd@siemens.com Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- target/arm/helper.c | 9 ++++++++- target/arm/op_helper.c | 27 +++++++++++++++++---------- 2 files changed, 25 insertions(+), 11 deletions(-) -- 2.7.4 diff --git a/target/arm/helper.c b/target/arm/helper.c index 8be78ea..0b9c9fd 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -3717,7 +3717,14 @@ static void hcr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) if (arm_feature(env, ARM_FEATURE_EL3)) { valid_mask &= ~HCR_HCD; - } else { + } else if (cpu->psci_conduit != QEMU_PSCI_CONDUIT_SMC) { + /* Architecturally HCR.TSC is RES0 if EL3 is not implemented. + * However, if we're using the SMC PSCI conduit then QEMU is + * effectively acting like EL3 firmware and so the guest at + * EL2 should retain the ability to prevent EL1 from being + * able to make SMC calls into the ersatz firmware, so in + * that case HCR.TSC should be read/write. + */ valid_mask &= ~HCR_TSC; } diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c index 6a60464..3914145 100644 --- a/target/arm/op_helper.c +++ b/target/arm/op_helper.c @@ -953,22 +953,29 @@ void HELPER(pre_smc)(CPUARMState *env, uint32_t syndrome) */ bool undef = arm_feature(env, ARM_FEATURE_AARCH64) ? smd : smd && !secure; - if (arm_is_psci_call(cpu, EXCP_SMC)) { - /* If PSCI is enabled and this looks like a valid PSCI call then - * that overrides the architecturally mandated SMC behaviour. + if (!arm_feature(env, ARM_FEATURE_EL3) && + cpu->psci_conduit != QEMU_PSCI_CONDUIT_SMC) { + /* If we have no EL3 then SMC always UNDEFs and can't be + * trapped to EL2. PSCI-via-SMC is a sort of ersatz EL3 + * firmware within QEMU, and we want an EL2 guest to be able + * to forbid its EL1 from making PSCI calls into QEMU's + * "firmware" via HCR.TSC, so for these purposes treat + * PSCI-via-SMC as implying an EL3. */ - return; - } - - if (!arm_feature(env, ARM_FEATURE_EL3)) { - /* If we have no EL3 then SMC always UNDEFs */ undef = true; } else if (!secure && cur_el == 1 && (env->cp15.hcr_el2 & HCR_TSC)) { - /* In NS EL1, HCR controlled routing to EL2 has priority over SMD. */ + /* In NS EL1, HCR controlled routing to EL2 has priority over SMD. + * We also want an EL2 guest to be able to forbid its EL1 from + * making PSCI calls into QEMU's "firmware" via HCR.TSC. + */ raise_exception(env, EXCP_HYP_TRAP, syndrome, 2); } - if (undef) { + /* If PSCI is enabled and this looks like a valid PSCI call then + * suppress the UNDEF -- we'll catch the SMC exception and + * implement the PSCI call behaviour there. + */ + if (undef && !arm_is_psci_call(cpu, EXCP_SMC)) { raise_exception(env, EXCP_UDEF, syn_uncategorized(), exception_target_el(env)); } From patchwork Fri Oct 6 15:59:27 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 115087 Delivered-To: patch@linaro.org Received: by 10.140.22.163 with SMTP id 32csp1989499qgn; Fri, 6 Oct 2017 09:34:46 -0700 (PDT) X-Google-Smtp-Source: AOwi7QBPVWvMww6yE4C28BY5aYGjp4dc5Fi097Sn+t2U9LMI/UDTcCRbCpwZE4jIqV8uX3y5QsJN X-Received: by 10.55.150.195 with SMTP id y186mr34515246qkd.36.1507307686292; Fri, 06 Oct 2017 09:34:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1507307686; cv=none; d=google.com; s=arc-20160816; b=AtSCInugMVC50oMZ9azfIcqvNh2VGVQQNFDr3vpYXU1+frSvRyo/97QcLHkeWUsBQ6 h//PIjiFWxjirxjYYgjP5XIZK7EspNpsVCYC/WjhiglIlvpAb8E8SvawKUrRIbCN15z+ SDRbK5dF+hzGvEf3Byj1qG8WvRDBL/q7pQ37zRmwfBic65x07LY5hG7qkvJovjS4+HJX sOVdYrBu6RpEQxWcJXVt9JXQ2MZW3oEeJR9wT33q9MEqhMPbr3FLQlpv1WBaoxq1Blkj DkIKpT7FLZ6OeEkix0ADYroAVnAIhVOr4mvAzezL3ka6UT+YqwGdpv+J9NYmOYzeO/8O FAUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:references:in-reply-to :message-id:date:to:from:arc-authentication-results; bh=3urrIY3zMCPTeFNnRIF3cHr5jOFIPbbQF4z3AJW7nng=; b=HpKliEUGt6Nvjdkf5XJrlP29E+jutUegtzTDjJqQ5VFIZoUGwQ6gKlloq5mQirTpO2 hKBdpCKyTeT5AqO+xxE/YaeW7onmxUnpHctN2+oA6W8aDNvu8FwdGvs12W24/A4B6EUk txnBWOFF2rP5VMiAGOhrckPo61VrTxcdopfWC4QbV5t6gPS9C3tjAsCmsvxswGc90CSr M/1uVCEdiBiOxtdiQX3frgR20NfSYFJnTMNYJk/9UuDm7mPudyEvjNoLTuZYjlUy1IwZ K3EsxjQ8aPFRvP7mvXkeex0tLpUeVTmwc+sKir3I5PG/KRyH8sRyykWmOydotMWr1Iqi I62g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id o28si1541450qtk.83.2017.10.06.09.34.46 for (version=TLS1 cipher=AES128-SHA bits=128/128); Fri, 06 Oct 2017 09:34:46 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:45814 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0VaH-0001YH-Ru for patch@linaro.org; Fri, 06 Oct 2017 12:34:45 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58188) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0V1n-0004Gu-FD for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e0V1m-0007rU-0U for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:07 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:37718) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e0V1l-0007nY-MG for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:05 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1e0V1Y-0002rj-Nl for qemu-devel@nongnu.org; Fri, 06 Oct 2017 16:58:52 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Date: Fri, 6 Oct 2017 16:59:27 +0100 Message-Id: <1507305585-20608-3-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> References: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PULL 02/20] hw/sd: fix out-of-bounds check for multi block reads X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: Michael Olbrich The current code checks if the next block exceeds the size of the card. This generates an error while reading the last block of the card. Do the out-of-bounds check when starting to read a new block to fix this. This issue became visible with increased error checking in Linux 4.13. Cc: qemu-stable@nongnu.org Signed-off-by: Michael Olbrich Reviewed-by: Alistair Francis Message-id: 20170916091611.10241-1-m.olbrich@pengutronix.de Signed-off-by: Peter Maydell --- hw/sd/sd.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) -- 2.7.4 diff --git a/hw/sd/sd.c b/hw/sd/sd.c index ba47bff..35347a5 100644 --- a/hw/sd/sd.c +++ b/hw/sd/sd.c @@ -1797,8 +1797,13 @@ uint8_t sd_read_data(SDState *sd) break; case 18: /* CMD18: READ_MULTIPLE_BLOCK */ - if (sd->data_offset == 0) + if (sd->data_offset == 0) { + if (sd->data_start + io_len > sd->size) { + sd->card_status |= ADDRESS_ERROR; + return 0x00; + } BLK_READ_BLOCK(sd->data_start, io_len); + } ret = sd->data[sd->data_offset ++]; if (sd->data_offset >= io_len) { @@ -1812,11 +1817,6 @@ uint8_t sd_read_data(SDState *sd) break; } } - - if (sd->data_start + io_len > sd->size) { - sd->card_status |= ADDRESS_ERROR; - break; - } } break; From patchwork Fri Oct 6 15:59:28 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 115102 Delivered-To: patch@linaro.org Received: by 10.140.22.163 with SMTP id 32csp2005669qgn; Fri, 6 Oct 2017 09:52:27 -0700 (PDT) X-Google-Smtp-Source: AOwi7QCWvFjASvvxFtyCcKFcSQqB6ZHqhYfbXONuHj/6IW5G6oYFwiXveU3Ji/8QtswBu9WngWsB X-Received: by 10.55.212.200 with SMTP id s69mr10892873qks.65.1507308747223; Fri, 06 Oct 2017 09:52:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1507308747; cv=none; d=google.com; s=arc-20160816; b=Uclti4XtQegyfbNw+qRi/2eFGJuWGbFwyDZf8rfehjTc0AyX26NhwwkXJvtcW7xmIn uDMbuul+avTQpN/IRkSyIUTisAe3sHNa5+CF3iRKV1fytsqnZSZzSjknfSlHAahWgKwb yQI5wdkMq4Z1Q3AqcXSCOdPlX/DgtifQHbtbbIbRXS3Fqr7MVwpTGD5yMED0xhGx19Zf iOHIyLRJJ5XAms0VXp3WEdYeU0IeMJE38M6e0kc/T1Ph2xUj04c2TrkE40Yf5+4wOBUI pJ2cqbaL5VFWrsBBj9Q0b7boyrVhT4falUGzBfbRqKoNRpHwed62t9KExvGJde5Vq7bc 1qug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:references:in-reply-to :message-id:date:to:from:arc-authentication-results; bh=eLQyZX3XsXtNF0pO4EsYRcwki7Cv03uVZi6fkd4OMBo=; b=dh89btjwjAUFHW1ZjFp2OZpRqFhnoG3dyP3jPa+GhYXdvgmKoIcN/y9zyGhv/J9Sqo /UvbhjCDHhbB2T/oTdXsl88FlBcP3l4wKGQ9/EO27xoiA0HDeGs8spgzG/wvH7PtecJb jcRUWQNfiVGLG5JqaESh+/oszSd74rDxLXJ8/074zW+8g+acrbVcuwBepe/BLpHRsiLw hGLuho8zNG5Pwza052Ps6GQzjO+WzyzOd6ZG14/DbVQXuOFcn1eueiXnOCJ1s8bWq+nS qC+ebGiccCDG36QTBCQgIXQ6Ns04BY/Xg+q8qfYRdoDzlkkjNP97ccguaO/pQdZJjKh+ 9RoA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id n54si1592633qtb.48.2017.10.06.09.52.27 for (version=TLS1 cipher=AES128-SHA bits=128/128); Fri, 06 Oct 2017 09:52:27 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:45963 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0VrO-0000NA-On for patch@linaro.org; Fri, 06 Oct 2017 12:52:26 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58170) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0V1n-0004GK-2c for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:13 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e0V1l-0007rB-Lr for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:07 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:37716) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e0V1l-0007kt-BR for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:05 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1e0V1Z-0002sD-Ch for qemu-devel@nongnu.org; Fri, 06 Oct 2017 16:58:53 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Date: Fri, 6 Oct 2017 16:59:28 +0100 Message-Id: <1507305585-20608-4-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> References: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PULL 03/20] hw/arm/xlnx-zynqmp: Mark the "xlnx, zynqmp" device with user_creatable = false X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: Thomas Huth The device uses serial_hds in its realize function and thus can't be used twice. Apart from that, the comma in its name makes it quite hard to use for the user anyway, since a comma is normally used to separate the device name from its properties when using the "-device" parameter or the "device_add" HMP command. Signed-off-by: Thomas Huth Reviewed-by: Alistair Francis Message-id: 1506441116-16627-1-git-send-email-thuth@redhat.com Signed-off-by: Peter Maydell --- hw/arm/xlnx-zynqmp.c | 2 ++ 1 file changed, 2 insertions(+) -- 2.7.4 diff --git a/hw/arm/xlnx-zynqmp.c b/hw/arm/xlnx-zynqmp.c index 2b27daf..d4b6560 100644 --- a/hw/arm/xlnx-zynqmp.c +++ b/hw/arm/xlnx-zynqmp.c @@ -440,6 +440,8 @@ static void xlnx_zynqmp_class_init(ObjectClass *oc, void *data) dc->props = xlnx_zynqmp_props; dc->realize = xlnx_zynqmp_realize; + /* Reason: Uses serial_hds in realize function, thus can't be used twice */ + dc->user_creatable = false; } static const TypeInfo xlnx_zynqmp_type_info = { From patchwork Fri Oct 6 15:59:29 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 115105 Delivered-To: patch@linaro.org Received: by 10.140.22.163 with SMTP id 32csp2008153qgn; Fri, 6 Oct 2017 09:55:09 -0700 (PDT) X-Google-Smtp-Source: AOwi7QBkaOsv2kLvmUHSoc/+0GKhs7Im4WCV0OEX+P7fltolw14jJMCMIt/7UwAak7xy+hX3PdxZ X-Received: by 10.237.43.228 with SMTP id e91mr4074704qtd.75.1507308909341; Fri, 06 Oct 2017 09:55:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1507308909; cv=none; d=google.com; s=arc-20160816; b=C67hXns2HLh0HZxZB1egPrWhJ+UuMJFNXf1D1amD8tnM3VtVzp11hUPjphgQoqn4ck xK24CPNuFz6wvrTJQiuMsQU+ak7S13ryruYH9Xsq1P3tbqm/iRcbygBVSQykiof4LnIR hXIPA2rQIlusEB+LShNeqH4U6BNBwIyg5x4iZl0252YE0dm/H9pDuwX29xOYTJNma6oZ khWCJQ9H7qOYbfF528PcopTXUDJeRYBgVO9fdsF9Fe4Q73/ozRCLPi6Jyiax4XBEaHK7 fhCBW9jDZdBJf3jGxI53V1rY3gOD5vgu0LYXM/rmz5VzdVV3TgGVfYRE+ghH+MdlZGwN IAWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject :content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:to:from:arc-authentication-results; bh=Do07MzEksW4wyW9kJ+YUWExo7kK6xy+aWIpBkWKH9H0=; b=y7VXNPO2cOdylzcBxnJdUaFXyAiSeRZTU202kAjQz86cZmnQHyMpQU9eYfqoN9iM30 VgqrrPwUtJ0dudlEaKK8zZRMxjzw+gbz3L90uGi4uAQe6qFpQQ93RN7ld7557sub0Vy2 n4rkmV+Co/VXkj+pj9dWBdkNWKR075WR8j2VUK9ewAd9mc2K9BlrfyCvxU92BTREnxaN i+xWS4mvYOhy/2ZFDmAIVXx37cwNrf7vqTdz7vPKENviOe6D7RURCi2C7B4EnLbugyjN B5vGKV21briTI+kx0aaSCdzR720vPV4t0J8PN4aW8B1XYVq6kKJRp0xzzHV2Vvf8yjrk a97A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id v201si1541006qka.435.2017.10.06.09.55.09 for (version=TLS1 cipher=AES128-SHA bits=128/128); Fri, 06 Oct 2017 09:55:09 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:45991 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0Vu1-0002Ki-0G for patch@linaro.org; Fri, 06 Oct 2017 12:55:09 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58271) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0V1q-0004Ng-1a for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:13 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e0V1l-0007qv-J9 for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:10 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:37712) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e0V1l-0007eF-AN for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:05 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1e0V1a-0002se-0F for qemu-devel@nongnu.org; Fri, 06 Oct 2017 16:58:54 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Date: Fri, 6 Oct 2017 16:59:29 +0100 Message-Id: <1507305585-20608-5-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> References: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PULL 04/20] nvic: Clear the vector arrays and prigroup on reset X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" Reset for devices does not include an automatic clear of the device state (unlike CPU state, where most of the state structure is cleared to zero). Add some missing initialization of NVIC state that meant that the device was left in the wrong state if the guest did a warm reset. (In particular, since we were resetting the computed state like s->exception_prio but not all the state it was computed from like s->vectors[x].active, the NVIC wound up in an inconsistent state that could later trigger assertion failures.) Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Reviewed-by: Philippe Mathieu-Daudé Message-id: 1506092407-26985-2-git-send-email-peter.maydell@linaro.org --- hw/intc/armv7m_nvic.c | 5 +++++ 1 file changed, 5 insertions(+) -- 2.7.4 diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c index d90d8d0..bc7b66d 100644 --- a/hw/intc/armv7m_nvic.c +++ b/hw/intc/armv7m_nvic.c @@ -1782,6 +1782,11 @@ static void armv7m_nvic_reset(DeviceState *dev) int resetprio; NVICState *s = NVIC(dev); + memset(s->vectors, 0, sizeof(s->vectors)); + memset(s->sec_vectors, 0, sizeof(s->sec_vectors)); + s->prigroup[M_REG_NS] = 0; + s->prigroup[M_REG_S] = 0; + s->vectors[ARMV7M_EXCP_NMI].enabled = 1; /* MEM, BUS, and USAGE are enabled through * the System Handler Control register From patchwork Fri Oct 6 15:59:30 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 115091 Delivered-To: patch@linaro.org Received: by 10.140.22.163 with SMTP id 32csp1994547qgn; Fri, 6 Oct 2017 09:39:56 -0700 (PDT) X-Google-Smtp-Source: AOwi7QAWfVOSIpBSikwafnBXblDNozFIQz0ahyZD0go6iS/HT69QOjUXo9dPlQkb7KhxlDwF1N/r X-Received: by 10.200.43.42 with SMTP id 39mr4052297qtu.51.1507307996136; Fri, 06 Oct 2017 09:39:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1507307996; cv=none; d=google.com; s=arc-20160816; b=Gpxdu70XdZ/PB6KTWGnDP2lhxjbbL/3nYo4d9xSCK0XELYAY8Lz4uI29pdGcbsf3kl DIuuIDJZzb+Y0MJr8v3VhHLpZrIua7tw1VUA2ZhleavDe12ZEgU/9+YIsd5xOJr9XwKL AIwd6g+Q9xt8v+kDiGwSmRhP3Z7YPG2ZNEvMktoQdCoQaUPbIS0dtmKP+9JSSlR4PXfg 0fqPr2d1Zy1hF/zDD2EgEXL7UYkE2Tj3OVmANz/Z9vCi4jnYBHS4qOdbyTq42n8trVWw Hj/7ST/8BzoW6edziXRwR1s5OnUS5r05jT0BDnLiwkKX3WNa+0iLJ4aE8TwDFBvKgip8 R58g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject :content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:to:from:arc-authentication-results; bh=gz4HUn4ymbebJV9u+cRu3CoLc0oaNI2oCkGpOwOBt5Q=; b=BIiNmg1azbXE8Am8sRiwjR5sKaQHxy8RX1TG003G+5yU4D/fehlNcysmcHquK5T1iG IPA18c/3fdhvCg33c9tOBc8mjdQYAqr9N1302486qUcXE2JOx1ZebCY67Y2eCskIu3Ka U53nTQ/Qx4YnAZJYrKhPV6hMkLrGcZLg0sr8b6g4UummjhWqpwqbHXMiOaiONXouhCEy GlL/QVeJJhl2moIjpZwoEkT0SE3Xl1ycNQLk+yOCOsrD8vdgX3uucIxHTkCd50VuQ8iv +/2/TAx7hKFLZD3hgBoXguhJgKTxAaKg9QFsUwdyLVdVdyspTMQ2BRwkdU4jxH4hYRsU oCHw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id y90si1509249qtd.484.2017.10.06.09.39.56 for (version=TLS1 cipher=AES128-SHA bits=128/128); Fri, 06 Oct 2017 09:39:56 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:45843 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0VfH-0005fq-Kh for patch@linaro.org; Fri, 06 Oct 2017 12:39:55 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58218) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0V1n-0004HU-SO for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:09 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e0V1l-0007qd-Bx for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:07 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:37714) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e0V1l-0007js-1p for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:05 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1e0V1a-0002t5-Jl for qemu-devel@nongnu.org; Fri, 06 Oct 2017 16:58:54 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Date: Fri, 6 Oct 2017 16:59:30 +0100 Message-Id: <1507305585-20608-6-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> References: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PULL 05/20] target/arm: Don't switch to target stack early in v7M exception return X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" Currently our M profile exception return code switches to the target stack pointer relatively early in the process, before it tries to pop the exception frame off the stack. This is awkward for v8M for two reasons: * in v8M the process vs main stack pointer is not selected purely by the value of CONTROL.SPSEL, so updating SPSEL and relying on that to switch to the right stack pointer won't work * the stack we should be reading the stack frame from and the stack we will eventually switch to might not be the same if the guest is doing strange things Change our exception return code to use a 'frame pointer' to read the exception frame rather than assuming that we can switch the live stack pointer this early. Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Richard Henderson Message-id: 1506092407-26985-3-git-send-email-peter.maydell@linaro.org --- target/arm/helper.c | 130 +++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 98 insertions(+), 32 deletions(-) -- 2.7.4 diff --git a/target/arm/helper.c b/target/arm/helper.c index 0b9c9fd..7548d4c 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -6047,16 +6047,6 @@ static void v7m_push(CPUARMState *env, uint32_t val) stl_phys(cs->as, env->regs[13], val); } -static uint32_t v7m_pop(CPUARMState *env) -{ - CPUState *cs = CPU(arm_env_get_cpu(env)); - uint32_t val; - - val = ldl_phys(cs->as, env->regs[13]); - env->regs[13] += 4; - return val; -} - /* Return true if we're using the process stack pointer (not the MSP) */ static bool v7m_using_psp(CPUARMState *env) { @@ -6148,6 +6138,43 @@ void HELPER(v7m_bxns)(CPUARMState *env, uint32_t dest) env->regs[15] = dest & ~1; } +static uint32_t *get_v7m_sp_ptr(CPUARMState *env, bool secure, bool threadmode, + bool spsel) +{ + /* Return a pointer to the location where we currently store the + * stack pointer for the requested security state and thread mode. + * This pointer will become invalid if the CPU state is updated + * such that the stack pointers are switched around (eg changing + * the SPSEL control bit). + * Compare the v8M ARM ARM pseudocode LookUpSP_with_security_mode(). + * Unlike that pseudocode, we require the caller to pass us in the + * SPSEL control bit value; this is because we also use this + * function in handling of pushing of the callee-saves registers + * part of the v8M stack frame (pseudocode PushCalleeStack()), + * and in the tailchain codepath the SPSEL bit comes from the exception + * return magic LR value from the previous exception. The pseudocode + * opencodes the stack-selection in PushCalleeStack(), but we prefer + * to make this utility function generic enough to do the job. + */ + bool want_psp = threadmode && spsel; + + if (secure == env->v7m.secure) { + /* Currently switch_v7m_sp switches SP as it updates SPSEL, + * so the SP we want is always in regs[13]. + * When we decouple SPSEL from the actually selected SP + * we need to check want_psp against v7m_using_psp() + * to see whether we need regs[13] or v7m.other_sp. + */ + return &env->regs[13]; + } else { + if (want_psp) { + return &env->v7m.other_ss_psp; + } else { + return &env->v7m.other_ss_msp; + } + } +} + static uint32_t arm_v7m_load_vector(ARMCPU *cpu) { CPUState *cs = CPU(cpu); @@ -6219,6 +6246,7 @@ static void v7m_push_stack(ARMCPU *cpu) static void do_v7m_exception_exit(ARMCPU *cpu) { CPUARMState *env = &cpu->env; + CPUState *cs = CPU(cpu); uint32_t excret; uint32_t xpsr; bool ufault = false; @@ -6226,6 +6254,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu) bool return_to_handler = false; bool rettobase = false; bool exc_secure = false; + bool return_to_secure; /* We can only get here from an EXCP_EXCEPTION_EXIT, and * gen_bx_excret() enforces the architectural rule @@ -6293,6 +6322,9 @@ static void do_v7m_exception_exit(ARMCPU *cpu) g_assert_not_reached(); } + return_to_secure = arm_feature(env, ARM_FEATURE_M_SECURITY) && + (excret & R_V7M_EXCRET_S_MASK); + switch (excret & 0xf) { case 1: /* Return to Handler */ return_to_handler = true; @@ -6322,32 +6354,66 @@ static void do_v7m_exception_exit(ARMCPU *cpu) return; } - /* Switch to the target stack. */ + /* Set CONTROL.SPSEL from excret.SPSEL. For QEMU this currently + * causes us to switch the active SP, but we will change this + * later to not do that so we can support v8M. + */ switch_v7m_sp(env, return_to_sp_process); - /* Pop registers. */ - env->regs[0] = v7m_pop(env); - env->regs[1] = v7m_pop(env); - env->regs[2] = v7m_pop(env); - env->regs[3] = v7m_pop(env); - env->regs[12] = v7m_pop(env); - env->regs[14] = v7m_pop(env); - env->regs[15] = v7m_pop(env); - if (env->regs[15] & 1) { - qemu_log_mask(LOG_GUEST_ERROR, - "M profile return from interrupt with misaligned " - "PC is UNPREDICTABLE\n"); - /* Actual hardware seems to ignore the lsbit, and there are several - * RTOSes out there which incorrectly assume the r15 in the stack - * frame should be a Thumb-style "lsbit indicates ARM/Thumb" value. + + { + /* The stack pointer we should be reading the exception frame from + * depends on bits in the magic exception return type value (and + * for v8M isn't necessarily the stack pointer we will eventually + * end up resuming execution with). Get a pointer to the location + * in the CPU state struct where the SP we need is currently being + * stored; we will use and modify it in place. + * We use this limited C variable scope so we don't accidentally + * use 'frame_sp_p' after we do something that makes it invalid. + */ + uint32_t *frame_sp_p = get_v7m_sp_ptr(env, + return_to_secure, + !return_to_handler, + return_to_sp_process); + uint32_t frameptr = *frame_sp_p; + + /* Pop registers. TODO: make these accesses use the correct + * attributes and address space (S/NS, priv/unpriv) and handle + * memory transaction failures. */ - env->regs[15] &= ~1U; + env->regs[0] = ldl_phys(cs->as, frameptr); + env->regs[1] = ldl_phys(cs->as, frameptr + 0x4); + env->regs[2] = ldl_phys(cs->as, frameptr + 0x8); + env->regs[3] = ldl_phys(cs->as, frameptr + 0xc); + env->regs[12] = ldl_phys(cs->as, frameptr + 0x10); + env->regs[14] = ldl_phys(cs->as, frameptr + 0x14); + env->regs[15] = ldl_phys(cs->as, frameptr + 0x18); + if (env->regs[15] & 1) { + qemu_log_mask(LOG_GUEST_ERROR, + "M profile return from interrupt with misaligned " + "PC is UNPREDICTABLE\n"); + /* Actual hardware seems to ignore the lsbit, and there are several + * RTOSes out there which incorrectly assume the r15 in the stack + * frame should be a Thumb-style "lsbit indicates ARM/Thumb" value. + */ + env->regs[15] &= ~1U; + } + xpsr = ldl_phys(cs->as, frameptr + 0x1c); + + /* Commit to consuming the stack frame */ + frameptr += 0x20; + /* Undo stack alignment (the SPREALIGN bit indicates that the original + * pre-exception SP was not 8-aligned and we added a padding word to + * align it, so we undo this by ORing in the bit that increases it + * from the current 8-aligned value to the 8-unaligned value. (Adding 4 + * would work too but a logical OR is how the pseudocode specifies it.) + */ + if (xpsr & XPSR_SPREALIGN) { + frameptr |= 4; + } + *frame_sp_p = frameptr; } - xpsr = v7m_pop(env); + /* This xpsr_write() will invalidate frame_sp_p as it may switch stack */ xpsr_write(env, xpsr, ~XPSR_SPREALIGN); - /* Undo stack alignment. */ - if (xpsr & XPSR_SPREALIGN) { - env->regs[13] |= 4; - } /* The restored xPSR exception field will be zero if we're * resuming in Thread mode. If that doesn't match what the From patchwork Fri Oct 6 15:59:31 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 115094 Delivered-To: patch@linaro.org Received: by 10.140.22.163 with SMTP id 32csp1995991qgn; Fri, 6 Oct 2017 09:41:34 -0700 (PDT) X-Google-Smtp-Source: AOwi7QBj1BLE82pajtxSZQbmWxKxSB8q4hqQcgRujI6mweUF2x3Ruc43WjSDDH8BRWgVREK071Nd X-Received: by 10.200.40.142 with SMTP id i14mr3898348qti.326.1507308094150; Fri, 06 Oct 2017 09:41:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1507308094; cv=none; d=google.com; s=arc-20160816; b=qpMekmniVbqTKWSPXsPmGYnWtz8J5SOCyTVEVAierFsNTLxBi8kzhyFQlRZrAZmCF7 LdNREYHyI0gm5xoSQZcj8CPSEWwe2RGBSo/VgoBmmvlRKKFhWdhQuKIW3n+Xkx7g6jKn f+XRPAC/I2vspU1rQ7CJcYL+r6c7KyjxNnhWasxKZR5/u1iBp/2gyc7Qgfwe48hG1K5F 6vh7YHEzcR2+TkvhXyIATciD4Pg0Tkx/Kgc7b8dfjJSFd4HMQ/owyDr3w088EbvCIS4n bquH8s8vzVnrZxSl4jaVJwRVupDz01mPg5OHqSvtyWmJK0kECTmdc4HXYKyLiFJoT2on oPrQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject :content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:to:from:arc-authentication-results; bh=6OYPXthRNa4VFVi27apxPdj0sTmACbtn6rUQeoel++A=; b=ihLnU5WBAK2qG/tr8EBZ0/+XL7LkBNvI+cWXzSDtinGFo78HAq9Ax4pMbU1BqLQvkl w3pxdlIMzW3NR0UAWcq+fpXZVtwM46oupRSlnhAbdMROrmaFSGQfXI61AxShH8LFBt9G M1p6L4mSF1zSmxaLBS7WbTskWNnig+s0HOCgWR1WKCwToFECNSzmZs76m7tZR1w+9GIZ lwZh6JDh4KJPTevhLq9v5OzTGjBsStP210RU4F55COJU4eEQbK3bXsvC28n6K6F29zBu S7qi0dWKypBw/GqIj+J/kMG2Jm1JoF+FIlQX5q84u9A5tmyPjJ36axbeGsOR8s+pvEt+ J5pA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id e59si1484531qtd.433.2017.10.06.09.41.34 for (version=TLS1 cipher=AES128-SHA bits=128/128); Fri, 06 Oct 2017 09:41:34 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:45856 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0Vgr-0007CH-MF for patch@linaro.org; Fri, 06 Oct 2017 12:41:33 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58290) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0V1r-0004Nq-4s for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:13 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e0V1k-0007q3-Vu for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:11 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:37718) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e0V1k-0007nY-Kd for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:04 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1e0V1b-0002tW-5u for qemu-devel@nongnu.org; Fri, 06 Oct 2017 16:58:55 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Date: Fri, 6 Oct 2017 16:59:31 +0100 Message-Id: <1507305585-20608-7-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> References: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PULL 06/20] target/arm: Prepare for CONTROL.SPSEL being nonzero in Handler mode X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" In the v7M architecture, there is an invariant that if the CPU is in Handler mode then the CONTROL.SPSEL bit cannot be nonzero. This in turn means that the current stack pointer is always indicated by CONTROL.SPSEL, even though Handler mode always uses the Main stack pointer. In v8M, this invariant is removed, and CONTROL.SPSEL may now be nonzero in Handler mode (though Handler mode still always uses the Main stack pointer). In preparation for this change, change how we handle this bit: rename switch_v7m_sp() to the now more accurate write_v7m_control_spsel(), and make it check both the handler mode state and the SPSEL bit. Note that this implicitly changes the point at which we switch active SP on exception exit from before we pop the exception frame to after it. Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Richard Henderson Message-id: 1506092407-26985-4-git-send-email-peter.maydell@linaro.org --- target/arm/cpu.h | 8 ++++++- hw/intc/armv7m_nvic.c | 2 +- target/arm/helper.c | 65 ++++++++++++++++++++++++++++++++++----------------- 3 files changed, 51 insertions(+), 24 deletions(-) -- 2.7.4 diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 8afceca..ad6eff4 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -991,6 +991,11 @@ void pmccntr_sync(CPUARMState *env); #define PSTATE_MODE_EL1t 4 #define PSTATE_MODE_EL0t 0 +/* Write a new value to v7m.exception, thus transitioning into or out + * of Handler mode; this may result in a change of active stack pointer. + */ +void write_v7m_exception(CPUARMState *env, uint32_t new_exc); + /* Map EL and handler into a PSTATE_MODE. */ static inline unsigned int aarch64_pstate_mode(unsigned int el, bool handler) { @@ -1071,7 +1076,8 @@ static inline void xpsr_write(CPUARMState *env, uint32_t val, uint32_t mask) env->condexec_bits |= (val >> 8) & 0xfc; } if (mask & XPSR_EXCP) { - env->v7m.exception = val & XPSR_EXCP; + /* Note that this only happens on exception exit */ + write_v7m_exception(env, val & XPSR_EXCP); } } diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c index bc7b66d..a1041c2 100644 --- a/hw/intc/armv7m_nvic.c +++ b/hw/intc/armv7m_nvic.c @@ -616,7 +616,7 @@ bool armv7m_nvic_acknowledge_irq(void *opaque) vec->active = 1; vec->pending = 0; - env->v7m.exception = s->vectpending; + write_v7m_exception(env, s->vectpending); nvic_irq_update(s); diff --git a/target/arm/helper.c b/target/arm/helper.c index 7548d4c..36173e2 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -6059,21 +6059,44 @@ static bool v7m_using_psp(CPUARMState *env) env->v7m.control[env->v7m.secure] & R_V7M_CONTROL_SPSEL_MASK; } -/* Switch to V7M main or process stack pointer. */ -static void switch_v7m_sp(CPUARMState *env, bool new_spsel) +/* Write to v7M CONTROL.SPSEL bit. This may change the current + * stack pointer between Main and Process stack pointers. + */ +static void write_v7m_control_spsel(CPUARMState *env, bool new_spsel) { uint32_t tmp; - uint32_t old_control = env->v7m.control[env->v7m.secure]; - bool old_spsel = old_control & R_V7M_CONTROL_SPSEL_MASK; + bool new_is_psp, old_is_psp = v7m_using_psp(env); + + env->v7m.control[env->v7m.secure] = + deposit32(env->v7m.control[env->v7m.secure], + R_V7M_CONTROL_SPSEL_SHIFT, + R_V7M_CONTROL_SPSEL_LENGTH, new_spsel); + + new_is_psp = v7m_using_psp(env); - if (old_spsel != new_spsel) { + if (old_is_psp != new_is_psp) { tmp = env->v7m.other_sp; env->v7m.other_sp = env->regs[13]; env->regs[13] = tmp; + } +} + +void write_v7m_exception(CPUARMState *env, uint32_t new_exc) +{ + /* Write a new value to v7m.exception, thus transitioning into or out + * of Handler mode; this may result in a change of active stack pointer. + */ + bool new_is_psp, old_is_psp = v7m_using_psp(env); + uint32_t tmp; - env->v7m.control[env->v7m.secure] = deposit32(old_control, - R_V7M_CONTROL_SPSEL_SHIFT, - R_V7M_CONTROL_SPSEL_LENGTH, new_spsel); + env->v7m.exception = new_exc; + + new_is_psp = v7m_using_psp(env); + + if (old_is_psp != new_is_psp) { + tmp = env->v7m.other_sp; + env->v7m.other_sp = env->regs[13]; + env->regs[13] = tmp; } } @@ -6159,13 +6182,11 @@ static uint32_t *get_v7m_sp_ptr(CPUARMState *env, bool secure, bool threadmode, bool want_psp = threadmode && spsel; if (secure == env->v7m.secure) { - /* Currently switch_v7m_sp switches SP as it updates SPSEL, - * so the SP we want is always in regs[13]. - * When we decouple SPSEL from the actually selected SP - * we need to check want_psp against v7m_using_psp() - * to see whether we need regs[13] or v7m.other_sp. - */ - return &env->regs[13]; + if (want_psp == v7m_using_psp(env)) { + return &env->regs[13]; + } else { + return &env->v7m.other_sp; + } } else { if (want_psp) { return &env->v7m.other_ss_psp; @@ -6208,7 +6229,7 @@ static void v7m_exception_taken(ARMCPU *cpu, uint32_t lr) uint32_t addr; armv7m_nvic_acknowledge_irq(env->nvic); - switch_v7m_sp(env, 0); + write_v7m_control_spsel(env, 0); arm_clear_exclusive(env); /* Clear IT bits */ env->condexec_bits = 0; @@ -6354,11 +6375,11 @@ static void do_v7m_exception_exit(ARMCPU *cpu) return; } - /* Set CONTROL.SPSEL from excret.SPSEL. For QEMU this currently - * causes us to switch the active SP, but we will change this - * later to not do that so we can support v8M. + /* Set CONTROL.SPSEL from excret.SPSEL. Since we're still in + * Handler mode (and will be until we write the new XPSR.Interrupt + * field) this does not switch around the current stack pointer. */ - switch_v7m_sp(env, return_to_sp_process); + write_v7m_control_spsel(env, return_to_sp_process); { /* The stack pointer we should be reading the exception frame from @@ -9173,11 +9194,11 @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val) case 20: /* CONTROL */ /* Writing to the SPSEL bit only has an effect if we are in * thread mode; other bits can be updated by any privileged code. - * switch_v7m_sp() deals with updating the SPSEL bit in + * write_v7m_control_spsel() deals with updating the SPSEL bit in * env->v7m.control, so we only need update the others. */ if (!arm_v7m_is_handler_mode(env)) { - switch_v7m_sp(env, (val & R_V7M_CONTROL_SPSEL_MASK) != 0); + write_v7m_control_spsel(env, (val & R_V7M_CONTROL_SPSEL_MASK) != 0); } env->v7m.control[env->v7m.secure] &= ~R_V7M_CONTROL_NPRIV_MASK; env->v7m.control[env->v7m.secure] |= val & R_V7M_CONTROL_NPRIV_MASK; From patchwork Fri Oct 6 15:59:32 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 115086 Delivered-To: patch@linaro.org Received: by 10.140.22.163 with SMTP id 32csp1989416qgn; Fri, 6 Oct 2017 09:34:42 -0700 (PDT) X-Google-Smtp-Source: AOwi7QAOffhLAORy3ZA3ECoUboo0+EWXiXf9ms1juI/rBdHH5pV9GEqtfduay7/UcoeK3Oo6JG5z X-Received: by 10.55.212.70 with SMTP id l67mr8288881qki.140.1507307682620; Fri, 06 Oct 2017 09:34:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1507307682; cv=none; d=google.com; s=arc-20160816; b=kbgA9RNK5YV1VYeWTSsHjWI4lCcB6QxUzLEqjCUmGaEYzdMq4CvWwxD0Z57QP20NZK tqCnvpme/9pKNJtETUU3a+o6w+RjC0vqaOaveaigmybvsr0DtNU/R2EjdMp8YXhSGZ9p VvpYomBt7KgNbe7xi0HnZj1ZCj7lEKUmfO6eFR0EpUC9DNuBunGX8oktEFrGqv0x7te0 d5UZuVH+fKKnOSTwHEmBxq/nqW/OWgg52hSj2FIXlAymNYIPf07Ykuo2ftFxvl5syIW0 eWr985Mq/uKTw1drrhct4DPMixjgorKBWjiVu3PKGMnFqsyJvubfk4RFPhQxs7Fd6CXy /xNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:references:in-reply-to :message-id:date:to:from:arc-authentication-results; bh=NxHDbuYRgk7IUo3dht+JAwzxrblHyi+zcWeamfz+JFI=; b=GBOxr9CABi855+7YrPOH2KZ3Mxy8061hQSu1bEd/QgmSEYbfZu18Xb5ScRPKciE6YA v5dMSOz10zF2hBqQojJlPuDfNklF3rhb4QT9AymqR5wxOh75qzXOdRX/qBQFQZd+tdgf tXgkAw5AcPXybt+TmXljkofrqJ6YQPRtF4Qcrd7OTBTtFFqezzUIs4R8DJlYx/zZzydg s91VU7Zd/IwN0ZpqKWD7xScyItc73cyoiVffFyL0390ZSBV/Ge0uUXpMrWHXEOXo3b4+ n2esKZpkZ9IUN8RRHptlbHPYaBuwsmwq1CVhNXWPmH4sa0e9qi8PG16w2vKTWplvvhqa CUBg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id r64si631383qkb.215.2017.10.06.09.34.42 for (version=TLS1 cipher=AES128-SHA bits=128/128); Fri, 06 Oct 2017 09:34:42 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:45812 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0VaE-0001IR-5J for patch@linaro.org; Fri, 06 Oct 2017 12:34:42 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58136) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0V1m-0004Eq-9x for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e0V1k-0007pU-LK for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:06 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:37712) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e0V1k-0007eF-DH for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:04 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1e0V1b-0002u1-PK for qemu-devel@nongnu.org; Fri, 06 Oct 2017 16:58:55 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Date: Fri, 6 Oct 2017 16:59:32 +0100 Message-Id: <1507305585-20608-8-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> References: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PULL 07/20] target/arm: Restore security state on exception return X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" Now that we can handle the CONTROL.SPSEL bit not necessarily being in sync with the current stack pointer, we can restore the correct security state on exception return. This happens before we start to read registers off the stack frame, but after we have taken possible usage faults for bad exception return magic values and updated CONTROL.SPSEL. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 1506092407-26985-5-git-send-email-peter.maydell@linaro.org --- target/arm/helper.c | 2 ++ 1 file changed, 2 insertions(+) -- 2.7.4 diff --git a/target/arm/helper.c b/target/arm/helper.c index 36173e2..b82fc9f 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -6381,6 +6381,8 @@ static void do_v7m_exception_exit(ARMCPU *cpu) */ write_v7m_control_spsel(env, return_to_sp_process); + switch_v7m_security_state(env, return_to_secure); + { /* The stack pointer we should be reading the exception frame from * depends on bits in the magic exception return type value (and From patchwork Fri Oct 6 15:59:33 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 115083 Delivered-To: patch@linaro.org Received: by 10.140.22.163 with SMTP id 32csp1984198qgn; Fri, 6 Oct 2017 09:29:28 -0700 (PDT) X-Google-Smtp-Source: AOwi7QCO5FNtPASETHt94Rs29/c9JqWtM9OyxnOPA/uTVNL8XAXfvw2Q2xxTEComZrP6SJeb/lmJ X-Received: by 10.55.176.132 with SMTP id z126mr30575195qke.133.1507307368362; Fri, 06 Oct 2017 09:29:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1507307368; cv=none; d=google.com; s=arc-20160816; b=Me0LttYBPSDMsFpIXv/c+tvoX1eBZvDz5eIBP3OlY0Am1c7yhIEX5Gr39nktlZk5Og j2VdfTQpq1heu2m1GOTExbbQPtFGSYcnwZTMFoWMQpFm9hVwtIlehFiwuvI4zSQHiWVQ 8OCoGM9o9IagOVG/O/5mD2Y5zyz0pmr1TwsWrAwWAootVt2tUKUypLLVlJLvpzqnMGle /tBJ9cYDG8WuRhDenq509JHdjZqi52bYQRM2aFBLedv4LyL2wn+/xLG90bQntm2Cfmxk 21YqzHzeTTYAXIDrlshmAZ/Bfl5U6G7oJWjr7KhLE4EOoLlT+dW5HVR/9wmrBjvH0Bj6 r2jw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:references:in-reply-to :message-id:date:to:from:arc-authentication-results; bh=04Y4RGUOjFI/6oHl4yK/zYWTa2ZhfvBMzX1sPOCjCKw=; b=Z2AHvltIOXuiPO4ihT0FfxnaeNBIfJZBVOUH0vXIyyJknjVFduKBM2I7Fz2xBD3H6k fM0jxMc1i/waI3FsvVTYWPCm2KMz0dtPoZHjDxcpfU6a9Sh+N8oE0cVD67hGyuMLMUkm KkjDFo2iDH6Q9fuXPUzI8Hrs2zYC/UcL3tk/aM+4cKfpugJHkOqOOHt38srhAlPsEe3g Pj+ABNGXdZqzHiDQ4pM8UU/uHtFeDGti0IdG1o+dIBLBatUiK5un/GS8bxZ+JhuuQFlY wQ6P2tBQ1p2tK/uxqExxExwf1qd8N7fQOgE9DhsD4acFl3eBLffySjWw4DK18MyVSFUu s8JA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [208.118.235.17]) by mx.google.com with ESMTPS id 12si1519328qkf.383.2017.10.06.09.29.28 for (version=TLS1 cipher=AES128-SHA bits=128/128); Fri, 06 Oct 2017 09:29:28 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:45791 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0VV9-0005bs-SY for patch@linaro.org; Fri, 06 Oct 2017 12:29:27 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58143) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0V1m-0004F6-IP for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e0V1k-0007p2-8S for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:06 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:37714) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e0V1j-0007js-VZ for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:04 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1e0V1c-0002uS-DR for qemu-devel@nongnu.org; Fri, 06 Oct 2017 16:58:56 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Date: Fri, 6 Oct 2017 16:59:33 +0100 Message-Id: <1507305585-20608-9-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> References: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PULL 08/20] target/arm: Restore SPSEL to correct CONTROL register on exception return X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" On exception return for v8M, the SPSEL bit in the EXC_RETURN magic value should be restored to the SPSEL bit in the CONTROL register banked specified by the EXC_RETURN.ES bit. Add write_v7m_control_spsel_for_secstate() which behaves like write_v7m_control_spsel() but allows the caller to specify which CONTROL bank to use, reimplement write_v7m_control_spsel() in terms of it, and use it in exception return. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 1506092407-26985-6-git-send-email-peter.maydell@linaro.org --- target/arm/helper.c | 40 +++++++++++++++++++++++++++------------- 1 file changed, 27 insertions(+), 13 deletions(-) -- 2.7.4 diff --git a/target/arm/helper.c b/target/arm/helper.c index b82fc9f..1bab86c 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -6059,28 +6059,42 @@ static bool v7m_using_psp(CPUARMState *env) env->v7m.control[env->v7m.secure] & R_V7M_CONTROL_SPSEL_MASK; } -/* Write to v7M CONTROL.SPSEL bit. This may change the current - * stack pointer between Main and Process stack pointers. +/* Write to v7M CONTROL.SPSEL bit for the specified security bank. + * This may change the current stack pointer between Main and Process + * stack pointers if it is done for the CONTROL register for the current + * security state. */ -static void write_v7m_control_spsel(CPUARMState *env, bool new_spsel) +static void write_v7m_control_spsel_for_secstate(CPUARMState *env, + bool new_spsel, + bool secstate) { - uint32_t tmp; - bool new_is_psp, old_is_psp = v7m_using_psp(env); + bool old_is_psp = v7m_using_psp(env); - env->v7m.control[env->v7m.secure] = - deposit32(env->v7m.control[env->v7m.secure], + env->v7m.control[secstate] = + deposit32(env->v7m.control[secstate], R_V7M_CONTROL_SPSEL_SHIFT, R_V7M_CONTROL_SPSEL_LENGTH, new_spsel); - new_is_psp = v7m_using_psp(env); + if (secstate == env->v7m.secure) { + bool new_is_psp = v7m_using_psp(env); + uint32_t tmp; - if (old_is_psp != new_is_psp) { - tmp = env->v7m.other_sp; - env->v7m.other_sp = env->regs[13]; - env->regs[13] = tmp; + if (old_is_psp != new_is_psp) { + tmp = env->v7m.other_sp; + env->v7m.other_sp = env->regs[13]; + env->regs[13] = tmp; + } } } +/* Write to v7M CONTROL.SPSEL bit. This may change the current + * stack pointer between Main and Process stack pointers. + */ +static void write_v7m_control_spsel(CPUARMState *env, bool new_spsel) +{ + write_v7m_control_spsel_for_secstate(env, new_spsel, env->v7m.secure); +} + void write_v7m_exception(CPUARMState *env, uint32_t new_exc) { /* Write a new value to v7m.exception, thus transitioning into or out @@ -6379,7 +6393,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu) * Handler mode (and will be until we write the new XPSR.Interrupt * field) this does not switch around the current stack pointer. */ - write_v7m_control_spsel(env, return_to_sp_process); + write_v7m_control_spsel_for_secstate(env, return_to_sp_process, exc_secure); switch_v7m_security_state(env, return_to_secure); From patchwork Fri Oct 6 15:59:34 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 115103 Delivered-To: patch@linaro.org Received: by 10.140.22.163 with SMTP id 32csp2006052qgn; Fri, 6 Oct 2017 09:52:53 -0700 (PDT) X-Google-Smtp-Source: AOwi7QB1gskU1J2G66WP1nm3uie/a8bfO4e/xbYyLjX+Q/DUkNRrB3SNtDVoJylEBZbtRCZN8K4S X-Received: by 10.55.21.30 with SMTP id f30mr38363347qkh.335.1507308773806; Fri, 06 Oct 2017 09:52:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1507308773; cv=none; d=google.com; s=arc-20160816; b=LbY3Hj0+0NjYZTejivGyrgdXHqzMxEcewjogsvVqfDOeE0b2F3L7DE2yHb2TGlhPLr Y9uqAIIY5YrQWyPwT6maYE6s8X9azgqIMyvJdI4CgMgj4+yQRbn15U6QG9R91itoUDkM xtawxcXjxmkiBapZx1bbntNLxWDxddjDzPpOkbA/H2M/Onw+K34w19OXhcS0PMd7buon pxGwGSr9JqPhQF7/1F5jGwSozewooH7i0hzlUpnqGm6U3D1zm96b1tRj7+JWSq8tEj+C XX/OU8hiDFbXj4SWFciSmn6fSrL1yttne0fakcw/sT50wyU/0G/ICFcvPJht66jgVy4F HvMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:references:in-reply-to :message-id:date:to:from:arc-authentication-results; bh=e8XSPcm3zctDMMAepp88G+rx3DlRaDL4hak9iAOM5WE=; b=n8l67fKKgsbHBtH7q5FkylqOL+ZmhKdhYKtmkWvjQ0z5JLpYa1eyo1eKtqy1GS/Eey 3F2A8ulkfL0VveJ7Ij/oBwevlpb9AWXZNF6Ai6hw4sduujDh1J+8v+uPu/z9q3dFyMYi kePtZGMsakCBCVcHGgmDeRmRRYx2du7gHY7vbSNQae5FKg/idxrlGbO5Ec3HdMgGlw47 D/njmDPDaKSBLtimypEOkCPc95uY+j3NGfPnBB37cwE6sq0qY3gd0nxpA7ErK2GpVeMt lvIc3Jy1JwyctJbWIqyxuGuLTfy+zGd6WF0zYMeu9uaaK+9Qy9t7iiFu6188Uiy3BdDI mBwQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id j19si916528qkh.286.2017.10.06.09.52.53 for (version=TLS1 cipher=AES128-SHA bits=128/128); Fri, 06 Oct 2017 09:52:53 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:45969 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0Vrp-0000fa-FE for patch@linaro.org; Fri, 06 Oct 2017 12:52:53 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58092) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0V1k-0004DQ-VN for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e0V1j-0007o9-MX for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:05 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:37712) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e0V1j-0007eF-F2 for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:03 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1e0V1c-0002ut-Vs for qemu-devel@nongnu.org; Fri, 06 Oct 2017 16:58:56 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Date: Fri, 6 Oct 2017 16:59:34 +0100 Message-Id: <1507305585-20608-10-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> References: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PULL 09/20] target/arm: Check for xPSR mismatch usage faults earlier for v8M X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" ARM v8M specifies that the INVPC usage fault for mismatched xPSR exception field and handler mode bit should be checked before updating the PSR and SP, so that the fault is taken with the existing stack frame rather than by pushing a new one. Perform this check in the right place for v8M. Since v7M specifies in its pseudocode that this usage fault check should happen later, we have to retain the original code for that check rather than being able to merge the two. (The distinction is architecturally visible but only in very obscure corner cases like attempting an invalid exception return with an exception frame in read only memory.) Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 1506092407-26985-7-git-send-email-peter.maydell@linaro.org --- target/arm/helper.c | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) -- 2.7.4 diff --git a/target/arm/helper.c b/target/arm/helper.c index 1bab86c..bee0f5d 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -6436,6 +6436,29 @@ static void do_v7m_exception_exit(ARMCPU *cpu) } xpsr = ldl_phys(cs->as, frameptr + 0x1c); + if (arm_feature(env, ARM_FEATURE_V8)) { + /* For v8M we have to check whether the xPSR exception field + * matches the EXCRET value for return to handler/thread + * before we commit to changing the SP and xPSR. + */ + bool will_be_handler = (xpsr & XPSR_EXCP) != 0; + if (return_to_handler != will_be_handler) { + /* Take an INVPC UsageFault on the current stack. + * By this point we will have switched to the security state + * for the background state, so this UsageFault will target + * that state. + */ + armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, + env->v7m.secure); + env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVPC_MASK; + v7m_exception_taken(cpu, excret); + qemu_log_mask(CPU_LOG_INT, "...taking UsageFault on existing " + "stackframe: failed exception return integrity " + "check\n"); + return; + } + } + /* Commit to consuming the stack frame */ frameptr += 0x20; /* Undo stack alignment (the SPREALIGN bit indicates that the original @@ -6455,12 +6478,13 @@ static void do_v7m_exception_exit(ARMCPU *cpu) /* The restored xPSR exception field will be zero if we're * resuming in Thread mode. If that doesn't match what the * exception return excret specified then this is a UsageFault. + * v7M requires we make this check here; v8M did it earlier. */ if (return_to_handler != arm_v7m_is_handler_mode(env)) { - /* Take an INVPC UsageFault by pushing the stack again. - * TODO: the v8M version of this code should target the - * background state for this exception. + /* Take an INVPC UsageFault by pushing the stack again; + * we know we're v7M so this is never a Secure UsageFault. */ + assert(!arm_feature(env, ARM_FEATURE_V8)); armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, false); env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVPC_MASK; v7m_push_stack(cpu); From patchwork Fri Oct 6 15:59:35 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 115082 Delivered-To: patch@linaro.org Received: by 10.140.22.163 with SMTP id 32csp1982048qgn; Fri, 6 Oct 2017 09:26:58 -0700 (PDT) X-Google-Smtp-Source: AOwi7QCSfSOGKXT/ew47wl0iqIBmqrwqwxGcSuei7x8+9Yxhn501kDJAbYgRnvgmR6TdBt8toYvQ X-Received: by 10.55.10.18 with SMTP id 18mr20011204qkk.184.1507307218690; Fri, 06 Oct 2017 09:26:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1507307218; cv=none; d=google.com; s=arc-20160816; b=jP5YQsbDOMN5d0+64Q1xHGXhO3EN8ySvU9mZTPFeAXF/pbQBjR/+NaI/BA7jcuopdU rVcy+4As9pE/XbwGKBIVH9LnO2UJAUXZYS5fBSpkEkuqSScBgBFTrAL158zpyy2j3WZk QOpzmPv9T83wpcyqLEIrYhTmyQDfjCJ1klBx6OWLF+EEumvfpjY2TfVCldD6kxyPut0x tdKEnGKZPuiJgKt2cbP2ZVKGxEQx12dyTEXjSaZFlTvkKdMt7wDxcpldW7A+1nK/Xnsi 1jovplloXzMbVEtqrjl6swwYnNvGB64KJzEECnrNWFt4Txco3Qf0amCx6L/mvj57FfaO NY3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject :content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:to:from:arc-authentication-results; bh=uGntMuov0PXQ1HWhpiROJ6BqNkjhi1zN40D065L8AeA=; b=SCC0E18LTQLKFE86srNL2i4MjxyrxVLPrArcwvIJRc/VVmQEoCusrDYFrJQvO3Ijse jWZuDLG3p99oK8R6RemoSNf8q+oxL5RuTEIwpdo3yaHhhGCLFR1hX8bzbH++xfOMaR/t LVtPaFi/Nz+4b0xjt3dcez4/gfjQyw3nYHgN0oobhCJl/G92q1WDBsIc9q6/7yVHYjKC Gub/g8QsmHVz2QOuMpkgHBV2OIRRP78h5F24pgHndimC9CdbFfsem2f2YZGwQOUR/9Fw ten1Z/TCfVKjlbYo9pWi403h8h0WfxTSBpYI/6Xai5zHLO4BCXdE2JbueARwZ+YbRx2B PJ5A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id u53si1554175qte.379.2017.10.06.09.26.58 for (version=TLS1 cipher=AES128-SHA bits=128/128); Fri, 06 Oct 2017 09:26:58 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:45778 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0VSk-0003Eg-5Y for patch@linaro.org; Fri, 06 Oct 2017 12:26:58 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58071) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0V1k-0004B1-A5 for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e0V1j-0007o0-Js for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:04 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:37716) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e0V1j-0007kt-Cf for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:03 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1e0V1d-0002vL-JO for qemu-devel@nongnu.org; Fri, 06 Oct 2017 16:58:57 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Date: Fri, 6 Oct 2017 16:59:35 +0100 Message-Id: <1507305585-20608-11-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> References: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PULL 10/20] target/arm: Warn about restoring to unaligned stack X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" Attempting to do an exception return with an exception frame that is not 8-aligned is UNPREDICTABLE in v8M; warn about this. (It is not UNPREDICTABLE in v7M, and our implementation can handle the merely-4-aligned case fine, so we don't need to do anything except warn.) Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Richard Henderson Message-id: 1506092407-26985-8-git-send-email-peter.maydell@linaro.org --- target/arm/helper.c | 7 +++++++ 1 file changed, 7 insertions(+) -- 2.7.4 diff --git a/target/arm/helper.c b/target/arm/helper.c index bee0f5d..bb57be7 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -6413,6 +6413,13 @@ static void do_v7m_exception_exit(ARMCPU *cpu) return_to_sp_process); uint32_t frameptr = *frame_sp_p; + if (!QEMU_IS_ALIGNED(frameptr, 8) && + arm_feature(env, ARM_FEATURE_V8)) { + qemu_log_mask(LOG_GUEST_ERROR, + "M profile exception return with non-8-aligned SP " + "for destination state is UNPREDICTABLE\n"); + } + /* Pop registers. TODO: make these accesses use the correct * attributes and address space (S/NS, priv/unpriv) and handle * memory transaction failures. From patchwork Fri Oct 6 15:59:36 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 115085 Delivered-To: patch@linaro.org Received: by 10.140.22.163 with SMTP id 32csp1988601qgn; Fri, 6 Oct 2017 09:33:44 -0700 (PDT) X-Google-Smtp-Source: AOwi7QBSYC9b4P5P+mmBantpcW2RSeGfs/o6tCxdqbfrbxUHwOlsjep2TC6IKQV+wvgnCR54bhOO X-Received: by 10.55.99.10 with SMTP id x10mr12837825qkb.112.1507307624933; Fri, 06 Oct 2017 09:33:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1507307624; cv=none; d=google.com; s=arc-20160816; b=na1JBsx6KDeNbIyRxFr02ReiMWdL6HaEc0GPPj6vnW+G7S3h7/Lc+nddcr2Oi5MKg5 CwIZTbxCsvZUkurZcXgCJGXyYelBv+A6Ii6UzKY4NYfCipKoJ51jbnX2N5/Luq0ZT0jR DRlMHqAuhPQHc4lRvNSgudff49a1VUuruQhwzwysaTXh3QPoIl2Ch2x5P5p8Pc0AVK8Q OYFYjFjmnRWVY1DNcNCN0qLkvbvQda0vKFf22GBuY4HQbroFXoFcQ2L7qrthj12P0Mhy qzhtfmVkSRDYHFpxnFkHGT9JBR2IhL44n0hQXJ2Fy33y4j1vu3SFAkk1HNcuJPl0PmUZ EDig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject :content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:to:from:arc-authentication-results; bh=GQw9eO/4G+fiEc3q+AI+w/OHCXi9xEaG+EnsGLptaOI=; b=F4kLBdMVo6btO16KG210AciP+w5wZW2gB1NxHWpulcFSqr0FtCTsobv/vORkiQz439 Ir5QzvnJJJ/RvkY33LJGusLF7sU4REcptVXosWC/ecek4FZLyrcRIMPSRWQCu7TRCIBz aXSKXWIpwCcC9r2pGs24N2VExdu3aJnX3GfcEVWEWQdCo9Fmy1HHxr6wYXCbOlk0V4dD hy1KT/wgvEla6c79ouy3L18wPTg4etk84rul5ZNuuHZFHeKhIn6UsdhoHUPRomB8IpEe zD/D+s5ieZlKKa5FG4ThDjKPQNcCCdylK3P0A/tAKWC29eeWEUt0rIEIaNLQZx6bNA9F j2sA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id p11si1562147qtb.373.2017.10.06.09.33.44 for (version=TLS1 cipher=AES128-SHA bits=128/128); Fri, 06 Oct 2017 09:33:44 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:45810 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0VZI-0000W4-F3 for patch@linaro.org; Fri, 06 Oct 2017 12:33:44 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58154) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0V1m-0004FK-Nm for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e0V1i-0007n8-Mn for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:06 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:37712) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e0V1i-0007eF-EE for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:02 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1e0V1e-0002vn-5F for qemu-devel@nongnu.org; Fri, 06 Oct 2017 16:58:58 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Date: Fri, 6 Oct 2017 16:59:36 +0100 Message-Id: <1507305585-20608-12-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> References: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PULL 11/20] target/arm: Don't warn about exception return with PC low bit set for v8M X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" In the v8M architecture, return from an exception to a PC which has bit 0 set is not UNPREDICTABLE; it is defined that bit 0 is discarded [R_HRJH]. Restrict our complaint about this to v7M. Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Richard Henderson Message-id: 1506092407-26985-9-git-send-email-peter.maydell@linaro.org --- target/arm/helper.c | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) -- 2.7.4 diff --git a/target/arm/helper.c b/target/arm/helper.c index bb57be7..c7cf24c 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -6431,16 +6431,24 @@ static void do_v7m_exception_exit(ARMCPU *cpu) env->regs[12] = ldl_phys(cs->as, frameptr + 0x10); env->regs[14] = ldl_phys(cs->as, frameptr + 0x14); env->regs[15] = ldl_phys(cs->as, frameptr + 0x18); + + /* Returning from an exception with a PC with bit 0 set is defined + * behaviour on v8M (bit 0 is ignored), but for v7M it was specified + * to be UNPREDICTABLE. In practice actual v7M hardware seems to ignore + * the lsbit, and there are several RTOSes out there which incorrectly + * assume the r15 in the stack frame should be a Thumb-style "lsbit + * indicates ARM/Thumb" value, so ignore the bit on v7M as well, but + * complain about the badly behaved guest. + */ if (env->regs[15] & 1) { - qemu_log_mask(LOG_GUEST_ERROR, - "M profile return from interrupt with misaligned " - "PC is UNPREDICTABLE\n"); - /* Actual hardware seems to ignore the lsbit, and there are several - * RTOSes out there which incorrectly assume the r15 in the stack - * frame should be a Thumb-style "lsbit indicates ARM/Thumb" value. - */ env->regs[15] &= ~1U; + if (!arm_feature(env, ARM_FEATURE_V8)) { + qemu_log_mask(LOG_GUEST_ERROR, + "M profile return from interrupt with misaligned " + "PC is UNPREDICTABLE on v7M\n"); + } } + xpsr = ldl_phys(cs->as, frameptr + 0x1c); if (arm_feature(env, ARM_FEATURE_V8)) { From patchwork Fri Oct 6 15:59:37 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 115099 Delivered-To: patch@linaro.org Received: by 10.140.22.163 with SMTP id 32csp2001234qgn; Fri, 6 Oct 2017 09:47:39 -0700 (PDT) X-Google-Smtp-Source: AOwi7QCz2Ef/N9oNGjPq3kZaSBZuJdMR069HNmHEvhz3JiAjn3O6JZXXigpw5g8w0c0ubxgRd1Tq X-Received: by 10.200.45.50 with SMTP id n47mr3900960qta.253.1507308459472; Fri, 06 Oct 2017 09:47:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1507308459; cv=none; d=google.com; s=arc-20160816; b=RU3lkNt2FNu92O+z+tLWdsPXUm5GQZsDcCNnd3IN395ers/L0W+VzSgytu0Qr6/WWR /VPZrNRPlJunw2GlT2Rjmapqca3SOkiNK5Fr9qpZAzg2RLskXy0VPX9/xcZJoAgmS2sj rnCFIT/5GcDyH23jGsfls6kisvtp1pTHxSRhxZ7P2Pz1E+8QDLDh9TpnwFvkYJdLNgUh oX5Tq1/WpeBID5KuHZ0+2fCw4jmmg/Q5UKZhEv1nBst7dOt8y2PVWDC39pWgiuC4uxw5 eZ2FTIr10HGxQF2+MWQLO1Mos+2wOaTon0y2G+ZyFZIK0zuRQtFw3eAeu667yOd6w3ST Bnqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:references:in-reply-to :message-id:date:to:from:arc-authentication-results; bh=J2kvuPUftGnsn1SnyY4OaAT0P12qSu/hxVtNy38Dlqw=; b=bADTyLZ4x20Ht4RxK92M9UULC4liu/rzFrX0w6CLSX1v6NNhL+KKA8vgGkaM4JGxxy BaCmXvXnsh9p0qzlo8nXR/TCGEGzqjpwHhhmuvT8QxLJvYGPnCDLDXUJllCCtDgy+Yub wgVswH0eWgGVYbkkXWxOjqKpgM7btmR/9qyIv4lJ31mLx2XVY+9gWEW5dsBDHAm2cMAL U5zpItnOpZN0CzYI1vn5PG5/ne7uvesvnfXjhHqvuKQwYQ2PjRRnb5gTQFrvla1hembY /Jv1FpMD6iJQGnYYq+lEyC1fPj3JKUanZyVCsqHjq0z8RRrpag4W9qTNbff5S918Uia8 BvRA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id d205si1575603qke.70.2017.10.06.09.47.39 for (version=TLS1 cipher=AES128-SHA bits=128/128); Fri, 06 Oct 2017 09:47:39 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:45941 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0Vml-0004MX-2m for patch@linaro.org; Fri, 06 Oct 2017 12:47:39 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58035) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0V1i-00048w-Gu for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:03 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e0V1h-0007lK-LL for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:02 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:37712) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e0V1h-0007eF-Ep for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:01 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1e0V1e-0002wF-Nv for qemu-devel@nongnu.org; Fri, 06 Oct 2017 16:58:58 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Date: Fri, 6 Oct 2017 16:59:37 +0100 Message-Id: <1507305585-20608-13-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> References: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PULL 12/20] target/arm: Add new-in-v8M SFSR and SFAR X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" Add the new M profile Secure Fault Status Register and Secure Fault Address Register. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 1506092407-26985-10-git-send-email-peter.maydell@linaro.org --- target/arm/cpu.h | 12 ++++++++++++ hw/intc/armv7m_nvic.c | 34 ++++++++++++++++++++++++++++++++++ target/arm/machine.c | 2 ++ 3 files changed, 48 insertions(+) -- 2.7.4 diff --git a/target/arm/cpu.h b/target/arm/cpu.h index ad6eff4..9e3a16d 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -443,8 +443,10 @@ typedef struct CPUARMState { uint32_t cfsr[M_REG_NUM_BANKS]; /* Configurable Fault Status */ uint32_t hfsr; /* HardFault Status */ uint32_t dfsr; /* Debug Fault Status Register */ + uint32_t sfsr; /* Secure Fault Status Register */ uint32_t mmfar[M_REG_NUM_BANKS]; /* MemManage Fault Address */ uint32_t bfar; /* BusFault Address */ + uint32_t sfar; /* Secure Fault Address Register */ unsigned mpu_ctrl[M_REG_NUM_BANKS]; /* MPU_CTRL */ int exception; uint32_t primask[M_REG_NUM_BANKS]; @@ -1260,6 +1262,16 @@ FIELD(V7M_DFSR, DWTTRAP, 2, 1) FIELD(V7M_DFSR, VCATCH, 3, 1) FIELD(V7M_DFSR, EXTERNAL, 4, 1) +/* V7M SFSR bits */ +FIELD(V7M_SFSR, INVEP, 0, 1) +FIELD(V7M_SFSR, INVIS, 1, 1) +FIELD(V7M_SFSR, INVER, 2, 1) +FIELD(V7M_SFSR, AUVIOL, 3, 1) +FIELD(V7M_SFSR, INVTRAN, 4, 1) +FIELD(V7M_SFSR, LSPERR, 5, 1) +FIELD(V7M_SFSR, SFARVALID, 6, 1) +FIELD(V7M_SFSR, LSERR, 7, 1) + /* v7M MPU_CTRL bits */ FIELD(V7M_MPU_CTRL, ENABLE, 0, 1) FIELD(V7M_MPU_CTRL, HFNMIENA, 1, 1) diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c index a1041c2..deea637 100644 --- a/hw/intc/armv7m_nvic.c +++ b/hw/intc/armv7m_nvic.c @@ -1017,6 +1017,22 @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs) goto bad_offset; } return cpu->env.pmsav8.mair1[attrs.secure]; + case 0xde4: /* SFSR */ + if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { + goto bad_offset; + } + if (!attrs.secure) { + return 0; + } + return cpu->env.v7m.sfsr; + case 0xde8: /* SFAR */ + if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { + goto bad_offset; + } + if (!attrs.secure) { + return 0; + } + return cpu->env.v7m.sfar; default: bad_offset: qemu_log_mask(LOG_GUEST_ERROR, "NVIC: Bad read offset 0x%x\n", offset); @@ -1368,6 +1384,24 @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value, * only affect cacheability, and we don't implement caching. */ break; + case 0xde4: /* SFSR */ + if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { + goto bad_offset; + } + if (!attrs.secure) { + return; + } + cpu->env.v7m.sfsr &= ~value; /* W1C */ + break; + case 0xde8: /* SFAR */ + if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { + goto bad_offset; + } + if (!attrs.secure) { + return; + } + cpu->env.v7m.sfsr = value; + break; case 0xf00: /* Software Triggered Interrupt Register */ { int excnum = (value & 0x1ff) + NVIC_FIRST_IRQ; diff --git a/target/arm/machine.c b/target/arm/machine.c index 29df7ac..a0d7ed8 100644 --- a/target/arm/machine.c +++ b/target/arm/machine.c @@ -276,6 +276,8 @@ static const VMStateDescription vmstate_m_security = { VMSTATE_UINT32(env.v7m.ccr[M_REG_S], ARMCPU), VMSTATE_UINT32(env.v7m.mmfar[M_REG_S], ARMCPU), VMSTATE_UINT32(env.v7m.cfsr[M_REG_S], ARMCPU), + VMSTATE_UINT32(env.v7m.sfsr, ARMCPU), + VMSTATE_UINT32(env.v7m.sfar, ARMCPU), VMSTATE_END_OF_LIST() } }; From patchwork Fri Oct 6 15:59:38 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 115084 Delivered-To: patch@linaro.org Received: by 10.140.22.163 with SMTP id 32csp1985062qgn; Fri, 6 Oct 2017 09:30:20 -0700 (PDT) X-Google-Smtp-Source: AOwi7QDax6OmEQYBv1yu9rg9+f4L8st+JF9FKYl30WPlEhsnVWxM6G+xjoYrIHBOeU3igTJyCTTa X-Received: by 10.200.42.244 with SMTP id c49mr3884158qta.46.1507307420474; Fri, 06 Oct 2017 09:30:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1507307420; cv=none; d=google.com; s=arc-20160816; b=l5YSUsC1uez4kAT4AsV66S4woeokg8Eg6ZGf1UXzIhm9Jo0QCM4uwrOi2MgFSKV8Dj Wc4XKnTXQBrpyXSvc0LJvJnSjqaY+a3aOW8uXIoa3fV6vNNuv1TDDxfNS7gh7XkF0PKc eWL6ymWp+W7OzeztAh9DlvdmZJeqOybBz9//9GWofCVJ7ej86ov/8TqJSdz68ugEXYYX 1EYEPMc5pWibHUjNJIluVHs2U21pjjAohM2qb2cGUGPTD2ZLp1egjtF7sToEoI8pHAGI vnlAYMEHC08eQxKoqtKw1S9tVBNYgiWhXJzXF+LTs2aRiHWtQEW/eWXB+bVq/uhPVPPq yn1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:references:in-reply-to :message-id:date:to:from:arc-authentication-results; bh=uGLq3zn7PPskEs+d+f53l6hhZhOGYCQAPhp1aRb9yz0=; b=vsyT0rvH4iCeL/f4xYv5SvcEfk+Ay5ZMdDeZfvjqEiISV72pEZ6X9FuAAnp+xfWvKl O8x9/jiurgPYy7XK4SgkBjzxsr2o+OPAU9JpbNVPryrpnJGFTSnTkIPizV2TyB/5h0jM l2kRw3coW4WFMGknycsE5YtSB1EzWjn3/i1amJzkrORszUsN09NZK2Oa8C1ijbSAy8zR MutqWUsMPIr+LxXUTNEsE0W9xB26vm3tb9JJHMiewuzT0611OtdBOWFT6odqrdOu6SfT JMUeEJYy+3oFHZ7i7R/DlPvQqxpf5ToZ2PRBTDc3oT8wikGP86EDb+/gsqBhWz+lNlUL iA4Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id o6si1042258qtd.134.2017.10.06.09.30.20 for (version=TLS1 cipher=AES128-SHA bits=128/128); Fri, 06 Oct 2017 09:30:20 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:45793 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0VVz-0006KY-Nj for patch@linaro.org; Fri, 06 Oct 2017 12:30:19 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58018) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0V1h-000487-N1 for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:02 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e0V1g-0007kE-O3 for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:01 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:37712) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e0V1g-0007eF-GA for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:00 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1e0V1f-0002wg-9d for qemu-devel@nongnu.org; Fri, 06 Oct 2017 16:58:59 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Date: Fri, 6 Oct 2017 16:59:38 +0100 Message-Id: <1507305585-20608-14-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> References: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PULL 13/20] target/arm: Update excret sanity checks for v8M X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" In v8M, more bits are defined in the exception-return magic values; update the code that checks these so we accept the v8M values when the CPU permits them. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 1506092407-26985-11-git-send-email-peter.maydell@linaro.org --- target/arm/helper.c | 73 ++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 58 insertions(+), 15 deletions(-) -- 2.7.4 diff --git a/target/arm/helper.c b/target/arm/helper.c index c7cf24c..4aa32d0 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -6285,8 +6285,9 @@ static void do_v7m_exception_exit(ARMCPU *cpu) uint32_t excret; uint32_t xpsr; bool ufault = false; - bool return_to_sp_process = false; - bool return_to_handler = false; + bool sfault = false; + bool return_to_sp_process; + bool return_to_handler; bool rettobase = false; bool exc_secure = false; bool return_to_secure; @@ -6320,6 +6321,19 @@ static void do_v7m_exception_exit(ARMCPU *cpu) excret); } + if (arm_feature(env, ARM_FEATURE_M_SECURITY)) { + /* EXC_RETURN.ES validation check (R_SMFL). We must do this before + * we pick which FAULTMASK to clear. + */ + if (!env->v7m.secure && + ((excret & R_V7M_EXCRET_ES_MASK) || + !(excret & R_V7M_EXCRET_DCRS_MASK))) { + sfault = 1; + /* For all other purposes, treat ES as 0 (R_HXSR) */ + excret &= ~R_V7M_EXCRET_ES_MASK; + } + } + if (env->v7m.exception != ARMV7M_EXCP_NMI) { /* Auto-clear FAULTMASK on return from other than NMI. * If the security extension is implemented then this only @@ -6357,24 +6371,53 @@ static void do_v7m_exception_exit(ARMCPU *cpu) g_assert_not_reached(); } + return_to_handler = !(excret & R_V7M_EXCRET_MODE_MASK); + return_to_sp_process = excret & R_V7M_EXCRET_SPSEL_MASK; return_to_secure = arm_feature(env, ARM_FEATURE_M_SECURITY) && (excret & R_V7M_EXCRET_S_MASK); - switch (excret & 0xf) { - case 1: /* Return to Handler */ - return_to_handler = true; - break; - case 13: /* Return to Thread using Process stack */ - return_to_sp_process = true; - /* fall through */ - case 9: /* Return to Thread using Main stack */ - if (!rettobase && - !(env->v7m.ccr[env->v7m.secure] & R_V7M_CCR_NONBASETHRDENA_MASK)) { + if (arm_feature(env, ARM_FEATURE_V8)) { + if (!arm_feature(env, ARM_FEATURE_M_SECURITY)) { + /* UNPREDICTABLE if S == 1 or DCRS == 0 or ES == 1 (R_XLCP); + * we choose to take the UsageFault. + */ + if ((excret & R_V7M_EXCRET_S_MASK) || + (excret & R_V7M_EXCRET_ES_MASK) || + !(excret & R_V7M_EXCRET_DCRS_MASK)) { + ufault = true; + } + } + if (excret & R_V7M_EXCRET_RES0_MASK) { ufault = true; } - break; - default: - ufault = true; + } else { + /* For v7M we only recognize certain combinations of the low bits */ + switch (excret & 0xf) { + case 1: /* Return to Handler */ + break; + case 13: /* Return to Thread using Process stack */ + case 9: /* Return to Thread using Main stack */ + /* We only need to check NONBASETHRDENA for v7M, because in + * v8M this bit does not exist (it is RES1). + */ + if (!rettobase && + !(env->v7m.ccr[env->v7m.secure] & + R_V7M_CCR_NONBASETHRDENA_MASK)) { + ufault = true; + } + break; + default: + ufault = true; + } + } + + if (sfault) { + env->v7m.sfsr |= R_V7M_SFSR_INVER_MASK; + armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false); + v7m_exception_taken(cpu, excret); + qemu_log_mask(CPU_LOG_INT, "...taking SecureFault on existing " + "stackframe: failed EXC_RETURN.ES validity check\n"); + return; } if (ufault) { From patchwork Fri Oct 6 15:59:39 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 115097 Delivered-To: patch@linaro.org Received: by 10.140.22.163 with SMTP id 32csp1998917qgn; Fri, 6 Oct 2017 09:44:58 -0700 (PDT) X-Google-Smtp-Source: AOwi7QCoQm9a8AknX/kuStPdnYRlaaQ4YlzF/Ss92W5decJVf3CI9FGInTZp/JNbZU2J9beNwT8s X-Received: by 10.200.16.136 with SMTP id a8mr4033451qtj.267.1507308298878; Fri, 06 Oct 2017 09:44:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1507308298; cv=none; d=google.com; s=arc-20160816; b=tgWI/C/7w24dAJyVdbicQCC5ykQVLcPYD9OjCe24mHbEsUHaDfa1A4+5FFtBMF2EFp qSTPaxgdNOJGXqoQ9hwSRKhVZlO0iuBZm+aahW/3hLzqbVrE7vmnEgOJfYotFVqtsLya u3S4XEvRNn5Hje/bPqUAukZKwgHxkJVBlumE2xAIf2HNTyY4WFEXHka3acKpn1Y5mJEl gRw+FXi4kJ1l40bZ8Qn6e5X+G+9lMgFe1hMzhrto7xDLbquKOTIPuibgJQb51w2/bbUx S9bMinBNH1P0j5QAuhxcJ38piiC4mJCNgdAAZjB2ueQtTV5VhzMkKaIfcHHgQhMlMtvg qsQw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:references:in-reply-to :message-id:date:to:from:arc-authentication-results; bh=R+3SjEJTSpJILtQfpVgBG2FkOLzvGAHO4PIr+2S06+M=; b=cR16cyEKicrnDmpsUTkg/H9pB9cBY+AWc61kGzbbRd91fC4GpnbJIPDecLfuyHjyLy kHsZKIALWRxKsh+QkSSO5SZrOvCIN6XeJM9c7aV+yAWuysMCErTbAlGp8tf8OA0je3AO AT4K/gHxkkKKQl1X8Rz/r8KKaeNpkHOteBDFe1TvN5p5y0nG2EVbhycey299JvWWhfOc YmIQtuSET2sWFpTDv6Ykhe0koG4gdfLzC3pThdbh+5ryrhXgwTClX9WzNafy/65Vad6T pptcgdkmTFs2pQMTdzHIdc8sTbOB0u6t8IOCNx44ywRNWmCvfhp3QSwN1ngqPOs8mVDp UDcg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id z33si914069qtg.282.2017.10.06.09.44.58 for (version=TLS1 cipher=AES128-SHA bits=128/128); Fri, 06 Oct 2017 09:44:58 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:45899 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0VkA-0001yT-D3 for patch@linaro.org; Fri, 06 Oct 2017 12:44:58 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58021) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0V1i-00048S-0E for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:02 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e0V1h-0007kd-6b for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:02 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:37714) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e0V1g-0007js-W5 for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:01 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1e0V1f-0002x9-Sv for qemu-devel@nongnu.org; Fri, 06 Oct 2017 16:58:59 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Date: Fri, 6 Oct 2017 16:59:39 +0100 Message-Id: <1507305585-20608-15-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> References: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PULL 14/20] target/arm: Add support for restoring v8M additional state context X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" For v8M, exceptions from Secure to Non-Secure state will save callee-saved registers to the exception frame as well as the caller-saved registers. Add support for unstacking these registers in exception exit when necessary. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 1506092407-26985-12-git-send-email-peter.maydell@linaro.org --- target/arm/helper.c | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) -- 2.7.4 diff --git a/target/arm/helper.c b/target/arm/helper.c index 4aa32d0..f93a214 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -6463,6 +6463,36 @@ static void do_v7m_exception_exit(ARMCPU *cpu) "for destination state is UNPREDICTABLE\n"); } + /* Do we need to pop callee-saved registers? */ + if (return_to_secure && + ((excret & R_V7M_EXCRET_ES_MASK) == 0 || + (excret & R_V7M_EXCRET_DCRS_MASK) == 0)) { + uint32_t expected_sig = 0xfefa125b; + uint32_t actual_sig = ldl_phys(cs->as, frameptr); + + if (expected_sig != actual_sig) { + /* Take a SecureFault on the current stack */ + env->v7m.sfsr |= R_V7M_SFSR_INVIS_MASK; + armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false); + v7m_exception_taken(cpu, excret); + qemu_log_mask(CPU_LOG_INT, "...taking SecureFault on existing " + "stackframe: failed exception return integrity " + "signature check\n"); + return; + } + + env->regs[4] = ldl_phys(cs->as, frameptr + 0x8); + env->regs[5] = ldl_phys(cs->as, frameptr + 0xc); + env->regs[6] = ldl_phys(cs->as, frameptr + 0x10); + env->regs[7] = ldl_phys(cs->as, frameptr + 0x14); + env->regs[8] = ldl_phys(cs->as, frameptr + 0x18); + env->regs[9] = ldl_phys(cs->as, frameptr + 0x1c); + env->regs[10] = ldl_phys(cs->as, frameptr + 0x20); + env->regs[11] = ldl_phys(cs->as, frameptr + 0x24); + + frameptr += 0x28; + } + /* Pop registers. TODO: make these accesses use the correct * attributes and address space (S/NS, priv/unpriv) and handle * memory transaction failures. From patchwork Fri Oct 6 15:59:40 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 115096 Delivered-To: patch@linaro.org Received: by 10.140.22.163 with SMTP id 32csp1998493qgn; Fri, 6 Oct 2017 09:44:25 -0700 (PDT) X-Google-Smtp-Source: AOwi7QDtKWBPM1why7nrjDnB0CH1zaqu3QQLkMtflmhqky6SRlg+Z/2baaNxCmVBICGAOwbHxo2S X-Received: by 10.200.47.80 with SMTP id k16mr3801690qta.258.1507308265140; Fri, 06 Oct 2017 09:44:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1507308265; cv=none; d=google.com; s=arc-20160816; b=S1XJ+ilQiB/sY3FuJY9V3vrF9DkfG674ZBcQ/uLZbh/JYI62smsmb+65VHvNHgH1ab SChFrDC/cmNBYUGIJBfyKWyq1lqLET/T3YHCGS4HtBh4bj6Aay6qURniWePEmc6VjLVS 4gjtQnAay6HKj40uw3Qs94F/LSdCyexr45ZrXVmnIvCKl4LOv1N8KAh218vvs8eYmblP iD0vS2JxgZFjZnO9P6cX/B9lGG+RAfcAqhf/irllWXTHOIWyFQTOJypHaVa5rcn8LTIC 5dAxqzsldBszV5GaKunx3Ctk99KDHBhW8oAW7JWgbs6yabktXJ6jhXVvE27fRcKwVhwN pY8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:references:in-reply-to :message-id:date:to:from:arc-authentication-results; bh=SxeI/hNBynvpYwlDm3TZgsgmgPjQTWE1JQpvglaoago=; b=zzenSeola9LsFjuiF7EfDA32Fti/gmbW6vcE+D1uK2jkQ4ju+iypDieJ+o6Yj9ngMy oUI4cU2OXrwjzn684pUqn+9GNkB2yEwL82cylF4w91iOLav3917GLwtcq3KQYDwdFOav yGtomo7ebDy2SRw7iGaqg24UsWFwxNBCx/Vt9Wv3LYOCUwPd5QvVCqomdBPTIb7PID03 4IjL5iQL+dBkOZy0iJleX4ZQdvFiIiIyyQTluirUUb4gFd2HEVXMQy1W++V5Y8Qd83np wlu2MP9BZNPN+FWdI6xweUjbiY7JkMbf61DMk2GebDqzIFzDJp+viSLrgRW8PaZBlD/M 91RA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id s62si1590795qks.229.2017.10.06.09.44.25 for (version=TLS1 cipher=AES128-SHA bits=128/128); Fri, 06 Oct 2017 09:44:25 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:45892 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0Vjc-0001ZF-Ng for patch@linaro.org; Fri, 06 Oct 2017 12:44:24 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58064) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0V1j-0004AW-SG for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:06 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e0V1i-0007mT-7e for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:03 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:37714) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e0V1h-0007js-TL for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:02 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1e0V1g-0002xO-Gc for qemu-devel@nongnu.org; Fri, 06 Oct 2017 16:59:00 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Date: Fri, 6 Oct 2017 16:59:40 +0100 Message-Id: <1507305585-20608-16-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> References: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PULL 15/20] target/arm: Add v8M support to exception entry code X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" Add support for v8M and in particular the security extension to the exception entry code. This requires changes to: * calculation of the exception-return magic LR value * push the callee-saves registers in certain cases * clear registers when taking non-secure exceptions to avoid leaking information from the interrupted secure code * switch to the correct security state on entry * use the vector table for the security state we're targeting Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 1506092407-26985-13-git-send-email-peter.maydell@linaro.org --- target/arm/helper.c | 165 +++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 145 insertions(+), 20 deletions(-) -- 2.7.4 diff --git a/target/arm/helper.c b/target/arm/helper.c index f93a214..707dbb7 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -6210,12 +6210,12 @@ static uint32_t *get_v7m_sp_ptr(CPUARMState *env, bool secure, bool threadmode, } } -static uint32_t arm_v7m_load_vector(ARMCPU *cpu) +static uint32_t arm_v7m_load_vector(ARMCPU *cpu, bool targets_secure) { CPUState *cs = CPU(cpu); CPUARMState *env = &cpu->env; MemTxResult result; - hwaddr vec = env->v7m.vecbase[env->v7m.secure] + env->v7m.exception * 4; + hwaddr vec = env->v7m.vecbase[targets_secure] + env->v7m.exception * 4; uint32_t addr; addr = address_space_ldl(cs->as, vec, @@ -6227,13 +6227,48 @@ static uint32_t arm_v7m_load_vector(ARMCPU *cpu) * Since we don't model Lockup, we just report this guest error * via cpu_abort(). */ - cpu_abort(cs, "Failed to read from exception vector table " - "entry %08x\n", (unsigned)vec); + cpu_abort(cs, "Failed to read from %s exception vector table " + "entry %08x\n", targets_secure ? "secure" : "nonsecure", + (unsigned)vec); } return addr; } -static void v7m_exception_taken(ARMCPU *cpu, uint32_t lr) +static void v7m_push_callee_stack(ARMCPU *cpu, uint32_t lr, bool dotailchain) +{ + /* For v8M, push the callee-saves register part of the stack frame. + * Compare the v8M pseudocode PushCalleeStack(). + * In the tailchaining case this may not be the current stack. + */ + CPUARMState *env = &cpu->env; + CPUState *cs = CPU(cpu); + uint32_t *frame_sp_p; + uint32_t frameptr; + + if (dotailchain) { + frame_sp_p = get_v7m_sp_ptr(env, true, + lr & R_V7M_EXCRET_MODE_MASK, + lr & R_V7M_EXCRET_SPSEL_MASK); + } else { + frame_sp_p = &env->regs[13]; + } + + frameptr = *frame_sp_p - 0x28; + + stl_phys(cs->as, frameptr, 0xfefa125b); + stl_phys(cs->as, frameptr + 0x8, env->regs[4]); + stl_phys(cs->as, frameptr + 0xc, env->regs[5]); + stl_phys(cs->as, frameptr + 0x10, env->regs[6]); + stl_phys(cs->as, frameptr + 0x14, env->regs[7]); + stl_phys(cs->as, frameptr + 0x18, env->regs[8]); + stl_phys(cs->as, frameptr + 0x1c, env->regs[9]); + stl_phys(cs->as, frameptr + 0x20, env->regs[10]); + stl_phys(cs->as, frameptr + 0x24, env->regs[11]); + + *frame_sp_p = frameptr; +} + +static void v7m_exception_taken(ARMCPU *cpu, uint32_t lr, bool dotailchain) { /* Do the "take the exception" parts of exception entry, * but not the pushing of state to the stack. This is @@ -6241,14 +6276,84 @@ static void v7m_exception_taken(ARMCPU *cpu, uint32_t lr) */ CPUARMState *env = &cpu->env; uint32_t addr; + bool targets_secure; + + targets_secure = armv7m_nvic_acknowledge_irq(env->nvic); - armv7m_nvic_acknowledge_irq(env->nvic); + if (arm_feature(env, ARM_FEATURE_V8)) { + if (arm_feature(env, ARM_FEATURE_M_SECURITY) && + (lr & R_V7M_EXCRET_S_MASK)) { + /* The background code (the owner of the registers in the + * exception frame) is Secure. This means it may either already + * have or now needs to push callee-saves registers. + */ + if (targets_secure) { + if (dotailchain && !(lr & R_V7M_EXCRET_ES_MASK)) { + /* We took an exception from Secure to NonSecure + * (which means the callee-saved registers got stacked) + * and are now tailchaining to a Secure exception. + * Clear DCRS so eventual return from this Secure + * exception unstacks the callee-saved registers. + */ + lr &= ~R_V7M_EXCRET_DCRS_MASK; + } + } else { + /* We're going to a non-secure exception; push the + * callee-saves registers to the stack now, if they're + * not already saved. + */ + if (lr & R_V7M_EXCRET_DCRS_MASK && + !(dotailchain && (lr & R_V7M_EXCRET_ES_MASK))) { + v7m_push_callee_stack(cpu, lr, dotailchain); + } + lr |= R_V7M_EXCRET_DCRS_MASK; + } + } + + lr &= ~R_V7M_EXCRET_ES_MASK; + if (targets_secure || !arm_feature(env, ARM_FEATURE_M_SECURITY)) { + lr |= R_V7M_EXCRET_ES_MASK; + } + lr &= ~R_V7M_EXCRET_SPSEL_MASK; + if (env->v7m.control[targets_secure] & R_V7M_CONTROL_SPSEL_MASK) { + lr |= R_V7M_EXCRET_SPSEL_MASK; + } + + /* Clear registers if necessary to prevent non-secure exception + * code being able to see register values from secure code. + * Where register values become architecturally UNKNOWN we leave + * them with their previous values. + */ + if (arm_feature(env, ARM_FEATURE_M_SECURITY)) { + if (!targets_secure) { + /* Always clear the caller-saved registers (they have been + * pushed to the stack earlier in v7m_push_stack()). + * Clear callee-saved registers if the background code is + * Secure (in which case these regs were saved in + * v7m_push_callee_stack()). + */ + int i; + + for (i = 0; i < 13; i++) { + /* r4..r11 are callee-saves, zero only if EXCRET.S == 1 */ + if (i < 4 || i > 11 || (lr & R_V7M_EXCRET_S_MASK)) { + env->regs[i] = 0; + } + } + /* Clear EAPSR */ + xpsr_write(env, 0, XPSR_NZCV | XPSR_Q | XPSR_GE | XPSR_IT); + } + } + } + + /* Switch to target security state -- must do this before writing SPSEL */ + switch_v7m_security_state(env, targets_secure); write_v7m_control_spsel(env, 0); arm_clear_exclusive(env); /* Clear IT bits */ env->condexec_bits = 0; env->regs[14] = lr; - addr = arm_v7m_load_vector(cpu); + addr = arm_v7m_load_vector(cpu, targets_secure); env->regs[15] = addr & 0xfffffffe; env->thumb = addr & 1; } @@ -6414,7 +6519,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu) if (sfault) { env->v7m.sfsr |= R_V7M_SFSR_INVER_MASK; armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false); - v7m_exception_taken(cpu, excret); + v7m_exception_taken(cpu, excret, true); qemu_log_mask(CPU_LOG_INT, "...taking SecureFault on existing " "stackframe: failed EXC_RETURN.ES validity check\n"); return; @@ -6426,7 +6531,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu) */ env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVPC_MASK; armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, env->v7m.secure); - v7m_exception_taken(cpu, excret); + v7m_exception_taken(cpu, excret, true); qemu_log_mask(CPU_LOG_INT, "...taking UsageFault on existing " "stackframe: failed exception return integrity check\n"); return; @@ -6474,7 +6579,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu) /* Take a SecureFault on the current stack */ env->v7m.sfsr |= R_V7M_SFSR_INVIS_MASK; armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false); - v7m_exception_taken(cpu, excret); + v7m_exception_taken(cpu, excret, true); qemu_log_mask(CPU_LOG_INT, "...taking SecureFault on existing " "stackframe: failed exception return integrity " "signature check\n"); @@ -6539,7 +6644,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu) armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, env->v7m.secure); env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVPC_MASK; - v7m_exception_taken(cpu, excret); + v7m_exception_taken(cpu, excret, true); qemu_log_mask(CPU_LOG_INT, "...taking UsageFault on existing " "stackframe: failed exception return integrity " "check\n"); @@ -6576,7 +6681,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu) armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, false); env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVPC_MASK; v7m_push_stack(cpu); - v7m_exception_taken(cpu, excret); + v7m_exception_taken(cpu, excret, false); qemu_log_mask(CPU_LOG_INT, "...taking UsageFault on new stackframe: " "failed exception return integrity check\n"); return; @@ -6720,20 +6825,40 @@ void arm_v7m_cpu_do_interrupt(CPUState *cs) return; /* Never happens. Keep compiler happy. */ } - lr = R_V7M_EXCRET_RES1_MASK | - R_V7M_EXCRET_S_MASK | - R_V7M_EXCRET_DCRS_MASK | - R_V7M_EXCRET_FTYPE_MASK | - R_V7M_EXCRET_ES_MASK; - if (env->v7m.control[env->v7m.secure] & R_V7M_CONTROL_SPSEL_MASK) { - lr |= R_V7M_EXCRET_SPSEL_MASK; + if (arm_feature(env, ARM_FEATURE_V8)) { + lr = R_V7M_EXCRET_RES1_MASK | + R_V7M_EXCRET_DCRS_MASK | + R_V7M_EXCRET_FTYPE_MASK; + /* The S bit indicates whether we should return to Secure + * or NonSecure (ie our current state). + * The ES bit indicates whether we're taking this exception + * to Secure or NonSecure (ie our target state). We set it + * later, in v7m_exception_taken(). + * The SPSEL bit is also set in v7m_exception_taken() for v8M. + * This corresponds to the ARM ARM pseudocode for v8M setting + * some LR bits in PushStack() and some in ExceptionTaken(); + * the distinction matters for the tailchain cases where we + * can take an exception without pushing the stack. + */ + if (env->v7m.secure) { + lr |= R_V7M_EXCRET_S_MASK; + } + } else { + lr = R_V7M_EXCRET_RES1_MASK | + R_V7M_EXCRET_S_MASK | + R_V7M_EXCRET_DCRS_MASK | + R_V7M_EXCRET_FTYPE_MASK | + R_V7M_EXCRET_ES_MASK; + if (env->v7m.control[M_REG_NS] & R_V7M_CONTROL_SPSEL_MASK) { + lr |= R_V7M_EXCRET_SPSEL_MASK; + } } if (!arm_v7m_is_handler_mode(env)) { lr |= R_V7M_EXCRET_MODE_MASK; } v7m_push_stack(cpu); - v7m_exception_taken(cpu, lr); + v7m_exception_taken(cpu, lr, false); qemu_log_mask(CPU_LOG_INT, "... as %d\n", env->v7m.exception); } From patchwork Fri Oct 6 15:59:41 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 115100 Delivered-To: patch@linaro.org Received: by 10.140.22.163 with SMTP id 32csp2002288qgn; Fri, 6 Oct 2017 09:48:43 -0700 (PDT) X-Google-Smtp-Source: AOwi7QCPPJdwB4ENIZW6HnBdqNQMsou3tPnVLlSeNBB90/uJHwdUwISBdjZeWTs2+m9820UQoDAu X-Received: by 10.55.43.75 with SMTP id r72mr34155759qkh.307.1507308523649; Fri, 06 Oct 2017 09:48:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1507308523; cv=none; d=google.com; s=arc-20160816; b=GWCEsyrXhBUCEImAlgwV0yadwYkc6juFYb5sgQR9lmj5p+0crdeSoc5fdSBPXJNWi2 0YOq/ljipzVSa4Tl1HmFtmfG9G+lWGRjSDYZwBp90/9dwS/J7tW1DQPt1XuvsDR1rxZo +2ESubjWrHDHgNUY7Jl/G1is/IxgD3dRC/3w/pHcOPYaMvm9AMghme9EF4WAbSeh59Yb dbDWwj1fJW1f33mzLkLWVV9qA/ByZUogNaIycZUV2bfCB4rqEyxmw0raCAANdsTdnrX9 OVB09/KSCiSP7J/+j4fkz18/3/QpTX9Z+nXkBT4VSTbJVyKr0F9mN6pX1LdkdTKYvztH 6y/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:references:in-reply-to :message-id:date:to:from:arc-authentication-results; bh=lpCBaVWRGHLjWuaTWN5z5zxEGeFgHNJjg/Yv7ASafBg=; b=rJNvTh5xBgwwG/quXH0SFsUGkVIS32syiccYa1zdURHD4pASMK/u1iawiTO1IrPkMd MEGC/tjoR7m+vqK1cadfBLrItO/Zl7E4W4Ubhk7QVhF1HvqbR+miy1Qxb7Sz2TFCV9Ew NBSt0Mp9SE357ZeLUfvhVV4N44E0jrI9xEwHg4xV5NtVIcxi2oROgUlbTG6pKxoYtQvq Q22gmvFJqEOMAfsG8f0TVPKND16q8R5UgrK5fEOn71wEHDWydPVyVmWxL+Vqe9MtzGKj quFurOBLPro52UWSQVDcUQNukaprG+hA92FP2PC0P7JO5jh3JC/ZnMGNnm1o3cz3+0gD hbgA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id i66si1519619qkd.378.2017.10.06.09.48.43 for (version=TLS1 cipher=AES128-SHA bits=128/128); Fri, 06 Oct 2017 09:48:43 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:45945 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0Vnn-0005WJ-5r for patch@linaro.org; Fri, 06 Oct 2017 12:48:43 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58061) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0V1j-0004AU-Qp for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e0V1i-0007me-Gn for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:03 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:37716) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e0V1i-0007kt-6P for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:02 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1e0V1h-0002xs-3E for qemu-devel@nongnu.org; Fri, 06 Oct 2017 16:59:01 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Date: Fri, 6 Oct 2017 16:59:41 +0100 Message-Id: <1507305585-20608-17-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> References: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PULL 16/20] nvic: Implement Security Attribution Unit registers X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" Implement the register interface for the SAU: SAU_CTRL, SAU_TYPE, SAU_RNR, SAU_RBAR and SAU_RLAR. None of the actual behaviour is implemented here; registers just read back as written. When the CPU definition for Cortex-M33 is eventually added, its initfn will set cpu->sau_sregion, in the same way that we currently set cpu->pmsav7_dregion for the M3 and M4. Number of SAU regions is typically a configurable CPU parameter, but this patch doesn't provide a QEMU CPU property for it. We can easily add one when we have a board that requires it. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 1506092407-26985-14-git-send-email-peter.maydell@linaro.org --- target/arm/cpu.h | 10 +++++ hw/intc/armv7m_nvic.c | 116 ++++++++++++++++++++++++++++++++++++++++++++++++++ target/arm/cpu.c | 27 ++++++++++++ target/arm/machine.c | 14 ++++++ 4 files changed, 167 insertions(+) -- 2.7.4 diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 9e3a16d..441e584 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -568,6 +568,14 @@ typedef struct CPUARMState { uint32_t mair1[M_REG_NUM_BANKS]; } pmsav8; + /* v8M SAU */ + struct { + uint32_t *rbar; + uint32_t *rlar; + uint32_t rnr; + uint32_t ctrl; + } sau; + void *nvic; const struct arm_boot_info *boot_info; /* Store GICv3CPUState to access from this struct */ @@ -663,6 +671,8 @@ struct ARMCPU { bool has_mpu; /* PMSAv7 MPU number of supported regions */ uint32_t pmsav7_dregion; + /* v8M SAU number of supported regions */ + uint32_t sau_sregion; /* PSCI conduit used to invoke PSCI methods * 0 - disabled, 1 - smc, 2 - hvc diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c index deea637..bd1d5d3 100644 --- a/hw/intc/armv7m_nvic.c +++ b/hw/intc/armv7m_nvic.c @@ -1017,6 +1017,60 @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs) goto bad_offset; } return cpu->env.pmsav8.mair1[attrs.secure]; + case 0xdd0: /* SAU_CTRL */ + if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { + goto bad_offset; + } + if (!attrs.secure) { + return 0; + } + return cpu->env.sau.ctrl; + case 0xdd4: /* SAU_TYPE */ + if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { + goto bad_offset; + } + if (!attrs.secure) { + return 0; + } + return cpu->sau_sregion; + case 0xdd8: /* SAU_RNR */ + if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { + goto bad_offset; + } + if (!attrs.secure) { + return 0; + } + return cpu->env.sau.rnr; + case 0xddc: /* SAU_RBAR */ + { + int region = cpu->env.sau.rnr; + + if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { + goto bad_offset; + } + if (!attrs.secure) { + return 0; + } + if (region >= cpu->sau_sregion) { + return 0; + } + return cpu->env.sau.rbar[region]; + } + case 0xde0: /* SAU_RLAR */ + { + int region = cpu->env.sau.rnr; + + if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { + goto bad_offset; + } + if (!attrs.secure) { + return 0; + } + if (region >= cpu->sau_sregion) { + return 0; + } + return cpu->env.sau.rlar[region]; + } case 0xde4: /* SFSR */ if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { goto bad_offset; @@ -1384,6 +1438,68 @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value, * only affect cacheability, and we don't implement caching. */ break; + case 0xdd0: /* SAU_CTRL */ + if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { + goto bad_offset; + } + if (!attrs.secure) { + return; + } + cpu->env.sau.ctrl = value & 3; + case 0xdd4: /* SAU_TYPE */ + if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { + goto bad_offset; + } + break; + case 0xdd8: /* SAU_RNR */ + if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { + goto bad_offset; + } + if (!attrs.secure) { + return; + } + if (value >= cpu->sau_sregion) { + qemu_log_mask(LOG_GUEST_ERROR, "SAU region out of range %" + PRIu32 "/%" PRIu32 "\n", + value, cpu->sau_sregion); + } else { + cpu->env.sau.rnr = value; + } + break; + case 0xddc: /* SAU_RBAR */ + { + int region = cpu->env.sau.rnr; + + if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { + goto bad_offset; + } + if (!attrs.secure) { + return; + } + if (region >= cpu->sau_sregion) { + return; + } + cpu->env.sau.rbar[region] = value & ~0x1f; + tlb_flush(CPU(cpu)); + break; + } + case 0xde0: /* SAU_RLAR */ + { + int region = cpu->env.sau.rnr; + + if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { + goto bad_offset; + } + if (!attrs.secure) { + return; + } + if (region >= cpu->sau_sregion) { + return; + } + cpu->env.sau.rlar[region] = value & ~0x1c; + tlb_flush(CPU(cpu)); + break; + } case 0xde4: /* SFSR */ if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { goto bad_offset; diff --git a/target/arm/cpu.c b/target/arm/cpu.c index 4300de6..f4f601f 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -285,6 +285,18 @@ static void arm_cpu_reset(CPUState *s) env->pmsav8.mair1[M_REG_S] = 0; } + if (arm_feature(env, ARM_FEATURE_M_SECURITY)) { + if (cpu->sau_sregion > 0) { + memset(env->sau.rbar, 0, sizeof(*env->sau.rbar) * cpu->sau_sregion); + memset(env->sau.rlar, 0, sizeof(*env->sau.rlar) * cpu->sau_sregion); + } + env->sau.rnr = 0; + /* SAU_CTRL reset value is IMPDEF; we choose 0, which is what + * the Cortex-M33 does. + */ + env->sau.ctrl = 0; + } + set_flush_to_zero(1, &env->vfp.standard_fp_status); set_flush_inputs_to_zero(1, &env->vfp.standard_fp_status); set_default_nan_mode(1, &env->vfp.standard_fp_status); @@ -873,6 +885,20 @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp) } } + if (arm_feature(env, ARM_FEATURE_M_SECURITY)) { + uint32_t nr = cpu->sau_sregion; + + if (nr > 0xff) { + error_setg(errp, "v8M SAU #regions invalid %" PRIu32, nr); + return; + } + + if (nr) { + env->sau.rbar = g_new0(uint32_t, nr); + env->sau.rlar = g_new0(uint32_t, nr); + } + } + if (arm_feature(env, ARM_FEATURE_EL3)) { set_feature(env, ARM_FEATURE_VBAR); } @@ -1141,6 +1167,7 @@ static void cortex_m4_initfn(Object *obj) cpu->midr = 0x410fc240; /* r0p0 */ cpu->pmsav7_dregion = 8; } + static void arm_v7m_class_init(ObjectClass *oc, void *data) { CPUClass *cc = CPU_CLASS(oc); diff --git a/target/arm/machine.c b/target/arm/machine.c index a0d7ed8..1762746 100644 --- a/target/arm/machine.c +++ b/target/arm/machine.c @@ -242,6 +242,13 @@ static bool s_rnr_vmstate_validate(void *opaque, int version_id) return cpu->env.pmsav7.rnr[M_REG_S] < cpu->pmsav7_dregion; } +static bool sau_rnr_vmstate_validate(void *opaque, int version_id) +{ + ARMCPU *cpu = opaque; + + return cpu->env.sau.rnr < cpu->sau_sregion; +} + static bool m_security_needed(void *opaque) { ARMCPU *cpu = opaque; @@ -278,6 +285,13 @@ static const VMStateDescription vmstate_m_security = { VMSTATE_UINT32(env.v7m.cfsr[M_REG_S], ARMCPU), VMSTATE_UINT32(env.v7m.sfsr, ARMCPU), VMSTATE_UINT32(env.v7m.sfar, ARMCPU), + VMSTATE_VARRAY_UINT32(env.sau.rbar, ARMCPU, sau_sregion, 0, + vmstate_info_uint32, uint32_t), + VMSTATE_VARRAY_UINT32(env.sau.rlar, ARMCPU, sau_sregion, 0, + vmstate_info_uint32, uint32_t), + VMSTATE_UINT32(env.sau.rnr, ARMCPU), + VMSTATE_VALIDATE("SAU_RNR is valid", sau_rnr_vmstate_validate), + VMSTATE_UINT32(env.sau.ctrl, ARMCPU), VMSTATE_END_OF_LIST() } }; From patchwork Fri Oct 6 15:59:42 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 115089 Delivered-To: patch@linaro.org Received: by 10.140.22.163 with SMTP id 32csp1993701qgn; Fri, 6 Oct 2017 09:39:03 -0700 (PDT) X-Google-Smtp-Source: AOwi7QA07UwLM47TuYaLzcYM8kAC9FgToQobcQThBlWs0Ymn9Pl9N8aktJAcQD4gcaOzPxUinvWu X-Received: by 10.55.192.204 with SMTP id v73mr5639015qkv.117.1507307943060; Fri, 06 Oct 2017 09:39:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1507307943; cv=none; d=google.com; s=arc-20160816; b=bkK9hUvv/32flufMDfM9eLSEr0mnFybWG4vuaS2DOOyRApjel8lSnWTB4mHB3cnxeX WedMkLO7yuXi1lewEzQgiQwScPVKhd5mSc5BvYW7Fx+Dng956Bo1R8OJPkwh0b6q1GAT lsL2ziPy8khfpZ62EPJy+yAJEYV8MbVVV/Wi1KOHzh1rO/5efEr8uyPkRDe6VXua51jK Ok4Kh/aJl1imr4EVuUyv4QxFdlBjEIQBAaJeyKM53K67PR+JNryJ0DXSJl0lpXt5i6WH raRtFAtnujKa077rZS/6wC7w8oLLCcLmxp2Ka72dR3w+RP60D8MKFjP5h5vs8GRkEuX5 BLuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:references:in-reply-to :message-id:date:to:from:arc-authentication-results; bh=k/lAsRFD9ETkgfB+CWOXWIrFRGLXDvrmq8vhc1daTsE=; b=oUbE8NEVxcNEbbJ+M/pWCnN6XPmGybFJOiWlGqbCc0Mt1BX3B44cEVAqix3YbNusl6 cYucvJYSpDoIdggMn9m7Vikqqw1MP307JNZZcoUi+ou5JdIEMOBykS6Rg0PjKr0UUH+/ ndPDeetac8gXUQANxux7I9VDPB3LWtkRZI8ivWOIn65OQMuZIQ09uXFLAI254/aZRiPO obujtrHxR6UonMMiOjElD++oaYYApdQxlK8pKsypx9AUS8Jdy5qGe2k8ns+2kSqds+zx 0aCNc965DjoftKPyEo2JZhxCLOwB1UGE3P9Bp5prOXXJBdF3Ied6CE/f9y+8YQvMmBg8 Jeng== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id u72si1567943qki.161.2017.10.06.09.39.02 for (version=TLS1 cipher=AES128-SHA bits=128/128); Fri, 06 Oct 2017 09:39:03 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:45840 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0VeQ-0004uW-Ir for patch@linaro.org; Fri, 06 Oct 2017 12:39:02 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58103) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0V1l-0004Dn-9r for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e0V1j-0007ni-8A for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:05 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:37714) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e0V1i-0007js-UV for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:03 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1e0V1h-0002y9-PM for qemu-devel@nongnu.org; Fri, 06 Oct 2017 16:59:01 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Date: Fri, 6 Oct 2017 16:59:42 +0100 Message-Id: <1507305585-20608-18-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> References: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PULL 17/20] target/arm: Implement security attribute lookups for memory accesses X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" Implement the security attribute lookups for memory accesses in the get_phys_addr() functions, causing these to generate various kinds of SecureFault for bad accesses. The major subtlety in this code relates to handling of the case when the security attributes the SAU assigns to the address don't match the current security state of the CPU. In the ARM ARM pseudocode for validating instruction accesses, the security attributes of the address determine whether the Secure or NonSecure MPU state is used. At face value, handling this would require us to encode the relevant bits of state into mmu_idx for both S and NS at once, which would result in our needing 16 mmu indexes. Fortunately we don't actually need to do this because a mismatch between address attributes and CPU state means either: * some kind of fault (usually a SecureFault, but in theory perhaps a UserFault for unaligned access to Device memory) * execution of the SG instruction in NS state from a Secure & NonSecure code region The purpose of SG is simply to flip the CPU into Secure state, so we can handle it by emulating execution of that instruction directly in arm_v7m_cpu_do_interrupt(), which means we can treat all the mismatch cases as "throw an exception" and we don't need to encode the state of the other MPU bank into our mmu_idx values. This commit doesn't include the actual emulation of SG; it also doesn't include implementation of the IDAU, which is a per-board way to specify hard-coded memory attributes for addresses, which override the CPU-internal SAU if they specify a more secure setting than the SAU is programmed to. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 1506092407-26985-15-git-send-email-peter.maydell@linaro.org --- target/arm/internals.h | 15 ++++ target/arm/helper.c | 182 ++++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 195 insertions(+), 2 deletions(-) -- 2.7.4 diff --git a/target/arm/internals.h b/target/arm/internals.h index 18be370..fd9a7e8 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -71,6 +71,21 @@ FIELD(V7M_EXCRET, DCRS, 5, 1) FIELD(V7M_EXCRET, S, 6, 1) FIELD(V7M_EXCRET, RES1, 7, 25) /* including the must-be-1 prefix */ +/* We use a few fake FSR values for internal purposes in M profile. + * M profile cores don't have A/R format FSRs, but currently our + * get_phys_addr() code assumes A/R profile and reports failures via + * an A/R format FSR value. We then translate that into the proper + * M profile exception and FSR status bit in arm_v7m_cpu_do_interrupt(). + * Mostly the FSR values we use for this are those defined for v7PMSA, + * since we share some of that codepath. A few kinds of fault are + * only for M profile and have no A/R equivalent, though, so we have + * to pick a value from the reserved range (which we never otherwise + * generate) to use for these. + * These values will never be visible to the guest. + */ +#define M_FAKE_FSR_NSC_EXEC 0xf /* NS executing in S&NSC memory */ +#define M_FAKE_FSR_SFAULT 0xe /* SecureFault INVTRAN, INVEP or AUVIOL */ + /* * For AArch64, map a given EL to an index in the banked_spsr array. * Note that this mapping and the AArch32 mapping defined in bank_number() diff --git a/target/arm/helper.c b/target/arm/helper.c index 707dbb7..1d689f0 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -31,6 +31,16 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address, target_ulong *page_size_ptr, uint32_t *fsr, ARMMMUFaultInfo *fi); +/* Security attributes for an address, as returned by v8m_security_lookup. */ +typedef struct V8M_SAttributes { + bool ns; + bool nsc; + uint8_t sregion; + bool srvalid; + uint8_t iregion; + bool irvalid; +} V8M_SAttributes; + /* Definitions for the PMCCNTR and PMCR registers */ #define PMCRD 0x8 #define PMCRC 0x4 @@ -6760,6 +6770,46 @@ void arm_v7m_cpu_do_interrupt(CPUState *cs) * raises the fault, in the A profile short-descriptor format. */ switch (env->exception.fsr & 0xf) { + case M_FAKE_FSR_NSC_EXEC: + /* Exception generated when we try to execute code at an address + * which is marked as Secure & Non-Secure Callable and the CPU + * is in the Non-Secure state. The only instruction which can + * be executed like this is SG (and that only if both halves of + * the SG instruction have the same security attributes.) + * Everything else must generate an INVEP SecureFault, so we + * emulate the SG instruction here. + * TODO: actually emulate SG. + */ + env->v7m.sfsr |= R_V7M_SFSR_INVEP_MASK; + armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false); + qemu_log_mask(CPU_LOG_INT, + "...really SecureFault with SFSR.INVEP\n"); + break; + case M_FAKE_FSR_SFAULT: + /* Various flavours of SecureFault for attempts to execute or + * access data in the wrong security state. + */ + switch (cs->exception_index) { + case EXCP_PREFETCH_ABORT: + if (env->v7m.secure) { + env->v7m.sfsr |= R_V7M_SFSR_INVTRAN_MASK; + qemu_log_mask(CPU_LOG_INT, + "...really SecureFault with SFSR.INVTRAN\n"); + } else { + env->v7m.sfsr |= R_V7M_SFSR_INVEP_MASK; + qemu_log_mask(CPU_LOG_INT, + "...really SecureFault with SFSR.INVEP\n"); + } + break; + case EXCP_DATA_ABORT: + /* This must be an NS access to S memory */ + env->v7m.sfsr |= R_V7M_SFSR_AUVIOL_MASK; + qemu_log_mask(CPU_LOG_INT, + "...really SecureFault with SFSR.AUVIOL\n"); + break; + } + armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false); + break; case 0x8: /* External Abort */ switch (cs->exception_index) { case EXCP_PREFETCH_ABORT: @@ -8846,9 +8896,89 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address, return !(*prot & (1 << access_type)); } +static bool v8m_is_sau_exempt(CPUARMState *env, + uint32_t address, MMUAccessType access_type) +{ + /* The architecture specifies that certain address ranges are + * exempt from v8M SAU/IDAU checks. + */ + return + (access_type == MMU_INST_FETCH && m_is_system_region(env, address)) || + (address >= 0xe0000000 && address <= 0xe0002fff) || + (address >= 0xe000e000 && address <= 0xe000efff) || + (address >= 0xe002e000 && address <= 0xe002efff) || + (address >= 0xe0040000 && address <= 0xe0041fff) || + (address >= 0xe00ff000 && address <= 0xe00fffff); +} + +static void v8m_security_lookup(CPUARMState *env, uint32_t address, + MMUAccessType access_type, ARMMMUIdx mmu_idx, + V8M_SAttributes *sattrs) +{ + /* Look up the security attributes for this address. Compare the + * pseudocode SecurityCheck() function. + * We assume the caller has zero-initialized *sattrs. + */ + ARMCPU *cpu = arm_env_get_cpu(env); + int r; + + /* TODO: implement IDAU */ + + if (access_type == MMU_INST_FETCH && extract32(address, 28, 4) == 0xf) { + /* 0xf0000000..0xffffffff is always S for insn fetches */ + return; + } + + if (v8m_is_sau_exempt(env, address, access_type)) { + sattrs->ns = !regime_is_secure(env, mmu_idx); + return; + } + + switch (env->sau.ctrl & 3) { + case 0: /* SAU.ENABLE == 0, SAU.ALLNS == 0 */ + break; + case 2: /* SAU.ENABLE == 0, SAU.ALLNS == 1 */ + sattrs->ns = true; + break; + default: /* SAU.ENABLE == 1 */ + for (r = 0; r < cpu->sau_sregion; r++) { + if (env->sau.rlar[r] & 1) { + uint32_t base = env->sau.rbar[r] & ~0x1f; + uint32_t limit = env->sau.rlar[r] | 0x1f; + + if (base <= address && limit >= address) { + if (sattrs->srvalid) { + /* If we hit in more than one region then we must report + * as Secure, not NS-Callable, with no valid region + * number info. + */ + sattrs->ns = false; + sattrs->nsc = false; + sattrs->sregion = 0; + sattrs->srvalid = false; + break; + } else { + if (env->sau.rlar[r] & 2) { + sattrs->nsc = true; + } else { + sattrs->ns = true; + } + sattrs->srvalid = true; + sattrs->sregion = r; + } + } + } + } + + /* TODO when we support the IDAU then it may override the result here */ + break; + } +} + static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address, MMUAccessType access_type, ARMMMUIdx mmu_idx, - hwaddr *phys_ptr, int *prot, uint32_t *fsr) + hwaddr *phys_ptr, MemTxAttrs *txattrs, + int *prot, uint32_t *fsr) { ARMCPU *cpu = arm_env_get_cpu(env); bool is_user = regime_is_user(env, mmu_idx); @@ -8856,10 +8986,58 @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address, int n; int matchregion = -1; bool hit = false; + V8M_SAttributes sattrs = {}; *phys_ptr = address; *prot = 0; + if (arm_feature(env, ARM_FEATURE_M_SECURITY)) { + v8m_security_lookup(env, address, access_type, mmu_idx, &sattrs); + if (access_type == MMU_INST_FETCH) { + /* Instruction fetches always use the MMU bank and the + * transaction attribute determined by the fetch address, + * regardless of CPU state. This is painful for QEMU + * to handle, because it would mean we need to encode + * into the mmu_idx not just the (user, negpri) information + * for the current security state but also that for the + * other security state, which would balloon the number + * of mmu_idx values needed alarmingly. + * Fortunately we can avoid this because it's not actually + * possible to arbitrarily execute code from memory with + * the wrong security attribute: it will always generate + * an exception of some kind or another, apart from the + * special case of an NS CPU executing an SG instruction + * in S&NSC memory. So we always just fail the translation + * here and sort things out in the exception handler + * (including possibly emulating an SG instruction). + */ + if (sattrs.ns != !secure) { + *fsr = sattrs.nsc ? M_FAKE_FSR_NSC_EXEC : M_FAKE_FSR_SFAULT; + return true; + } + } else { + /* For data accesses we always use the MMU bank indicated + * by the current CPU state, but the security attributes + * might downgrade a secure access to nonsecure. + */ + if (sattrs.ns) { + txattrs->secure = false; + } else if (!secure) { + /* NS access to S memory must fault. + * Architecturally we should first check whether the + * MPU information for this address indicates that we + * are doing an unaligned access to Device memory, which + * should generate a UsageFault instead. QEMU does not + * currently check for that kind of unaligned access though. + * If we added it we would need to do so as a special case + * for M_FAKE_FSR_SFAULT in arm_v7m_cpu_do_interrupt(). + */ + *fsr = M_FAKE_FSR_SFAULT; + return true; + } + } + } + /* Unlike the ARM ARM pseudocode, we don't need to check whether this * was an exception vector read from the vector table (which is always * done using the default system address map), because those accesses @@ -9124,7 +9302,7 @@ static bool get_phys_addr(CPUARMState *env, target_ulong address, if (arm_feature(env, ARM_FEATURE_V8)) { /* PMSAv8 */ ret = get_phys_addr_pmsav8(env, address, access_type, mmu_idx, - phys_ptr, prot, fsr); + phys_ptr, attrs, prot, fsr); } else if (arm_feature(env, ARM_FEATURE_V7)) { /* PMSAv7 */ ret = get_phys_addr_pmsav7(env, address, access_type, mmu_idx, From patchwork Fri Oct 6 15:59:43 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 115098 Delivered-To: patch@linaro.org Received: by 10.140.22.163 with SMTP id 32csp2000742qgn; Fri, 6 Oct 2017 09:47:02 -0700 (PDT) X-Google-Smtp-Source: AOwi7QDg/vlowFYglUhXCzIT3wd0NdJLaJlM3/pXSz4Z/rixfyC6UeOGqD1N+5O9iU5HZst9m31W X-Received: by 10.55.140.68 with SMTP id o65mr32639972qkd.293.1507308422385; Fri, 06 Oct 2017 09:47:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1507308422; cv=none; d=google.com; s=arc-20160816; b=Y/P28EW3lzkiqMu19jQXFnvi5GG55B4fmukeDLuIvXsEA9Y3xXfJndT/uf+njbRbH1 fcc/Y8A0P/HJobGrezsk1ixU87gpXcsKBSTiAE94eOezVOPDQJw5fgaKcC0OEGR21f06 bfQT4bphpcaGNRZfy5cba7V9LXVXYGyXN9xEP0NNFEXebyhMe8mvvwtVvazbSXL3PpH3 vp8ln5l/A+2CzzyDlaw6iAWfSEIUI6LA8R0NeVBZoRiZBGpv7B3PSAsjyUNF/tUp9l6i xi8/8QWXEzOBoMf5uNN71LcfDUe3Ox7suRCHCTdRSokJ9WBpRw0SDoxL/LjKbUfERWrF HL/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject :content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:to:from:arc-authentication-results; bh=U5Kv1MH4GAxEOcnnbHByaHfHlSc1ydpMWOewW4A/CcA=; b=AhCx5e3ArZ5jCP8lApd4cHbNNEG0QKpLyyYDWjZZ5pezuF2wQ5EfmPUvfDuZ5DOg+a /h5Vd3P1L5Z/9zLP11si6OmqmqJHWEZCg/iVMA1ZuEX6F7ErylEGxrJwCFc3rOubzz6s NRRzOBr/xZsaNSSsgqmNoqVnyrrbm/gpCUgfGCKQLUCU1y6PoQsccizstEkHyn9lS7i1 +6MHQ03RFdLfdMhj2ybJMWZ9HB39WoATByJCOf/XrAx9a8HPs2xcIXyL9XcFM+D1UPDQ GIfQp4ReFUzU3MrQTPu+I2A8AOjmEsamyg+hzuTRav9laIOnzI3YLMF0CO7SpegOAZ+z xlxw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id q1si1594733qta.21.2017.10.06.09.47.02 for (version=TLS1 cipher=AES128-SHA bits=128/128); Fri, 06 Oct 2017 09:47:02 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:45937 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0Vm9-0003wo-T2 for patch@linaro.org; Fri, 06 Oct 2017 12:47:01 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58109) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0V1l-0004E1-FN for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e0V1j-0007oW-U6 for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:05 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:37718) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e0V1j-0007nY-Mq for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:03 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1e0V1i-0002yf-Gb for qemu-devel@nongnu.org; Fri, 06 Oct 2017 16:59:02 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Date: Fri, 6 Oct 2017 16:59:43 +0100 Message-Id: <1507305585-20608-19-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> References: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PULL 18/20] target/arm: Fix calculation of secure mm_idx values X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" In cpu_mmu_index() we try to do this: if (env->v7m.secure) { mmu_idx += ARMMMUIdx_MSUser; } but it will give the wrong answer, because ARMMMUIdx_MSUser includes the 0x40 ARM_MMU_IDX_M field, and so does the mmu_idx we're adding to, and we'll end up with 0x8n rather than 0x4n. This error is then nullified by the call to arm_to_core_mmu_idx() which masks out the high part, but we're about to factor out the code that calculates the ARMMMUIdx values so it can be used without passing it through arm_to_core_mmu_idx(), so fix this bug first. Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Richard Henderson Message-id: 1506092407-26985-16-git-send-email-peter.maydell@linaro.org --- target/arm/cpu.h | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) -- 2.7.4 diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 441e584..70c1f85 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -2335,14 +2335,16 @@ static inline int cpu_mmu_index(CPUARMState *env, bool ifetch) int el = arm_current_el(env); if (arm_feature(env, ARM_FEATURE_M)) { - ARMMMUIdx mmu_idx = el == 0 ? ARMMMUIdx_MUser : ARMMMUIdx_MPriv; + ARMMMUIdx mmu_idx; - if (armv7m_nvic_neg_prio_requested(env->nvic, env->v7m.secure)) { - mmu_idx = ARMMMUIdx_MNegPri; + if (el == 0) { + mmu_idx = env->v7m.secure ? ARMMMUIdx_MSUser : ARMMMUIdx_MUser; + } else { + mmu_idx = env->v7m.secure ? ARMMMUIdx_MSPriv : ARMMMUIdx_MPriv; } - if (env->v7m.secure) { - mmu_idx += ARMMMUIdx_MSUser; + if (armv7m_nvic_neg_prio_requested(env->nvic, env->v7m.secure)) { + mmu_idx = env->v7m.secure ? ARMMMUIdx_MSNegPri : ARMMMUIdx_MNegPri; } return arm_to_core_mmu_idx(mmu_idx); From patchwork Fri Oct 6 15:59:44 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 115104 Delivered-To: patch@linaro.org Received: by 10.140.22.163 with SMTP id 32csp2006692qgn; Fri, 6 Oct 2017 09:53:31 -0700 (PDT) X-Google-Smtp-Source: AOwi7QDa0HO0W0xb+aD2uj7uFi8wc3TqyZ34VFXOK+8SEOnxbFrN5gIiwiYr0C+gB4YPESJVpzf8 X-Received: by 10.55.74.133 with SMTP id x127mr33620634qka.239.1507308811592; Fri, 06 Oct 2017 09:53:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1507308811; cv=none; d=google.com; s=arc-20160816; b=pGTpBelpGRxT50VJXJLALPXz2HVOnEVVuY5zlerWn3f/AHbXsrn2OAb61/TE+OH8hz PIApttjVWXUdBkUrEwlQRErtKaQLNoBqprxWNo+Vowcv5apG9fD7yHOumLqOtt0hi8Y/ AmmOQp4VthhwvDvq3aj0+NOmQlNSQG6Pw2cipOncLafGZnuaX1ql5QlFjtGG5H0Ej89w OH6aFIf10Vdp6R2MYP92mG7sC5rZDnBDRK0BkT03ODJsBrRyborR3M/fDnrxRGdKja4O irQQkssRDEum/KjXAogsQkW0s1DqBxuZejzD+L6H+sEQNm8U4IuOUMG+xjAguAB7Mer0 0r+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject :content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:to:from:arc-authentication-results; bh=fEGAwcpCS+nm04ggDNGtQPqADUDK1z5PWV9GSaJnBdQ=; b=fwDe7ktoFLrouzXze1nVrfj0Ot+iQ2pTD027Q+UWD3weaUeCsmR41vmmPEeP8bV9mB 7MdmOsQ0m5IOHXtkW7ePlDZSRKyKl/HyWfPXVfo5Em+7mRX2uw9OQBcwKrCCKGBYo+iI lPzVLJCDF771EhwXaUH6FYtOZ+GkjwtIxI1+ewrGj1KlFCPjf2yRdRiFST2EKb9ZQfuS wmW3G1xEZP8P9/40KjeW2a83wOr5tfGC1Ap+1xJ4RiWvwwXiKPQfjT33ZcJnB+nf4jFl VIxyA96ijX2f2kguhbMYsTm6t623wrUAggv3+d/0Iw8gv4sxLr/yuJ7N5eTzSMyBdn7Q j05Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id t27si1552336qki.317.2017.10.06.09.53.31 for (version=TLS1 cipher=AES128-SHA bits=128/128); Fri, 06 Oct 2017 09:53:31 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:45976 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0VsR-0001Gc-9M for patch@linaro.org; Fri, 06 Oct 2017 12:53:31 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58158) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0V1m-0004FO-P8 for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e0V1k-0007pe-Ma for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:06 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:37716) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e0V1k-0007kt-DJ for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:04 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1e0V1j-0002yz-8B for qemu-devel@nongnu.org; Fri, 06 Oct 2017 16:59:03 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Date: Fri, 6 Oct 2017 16:59:44 +0100 Message-Id: <1507305585-20608-20-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> References: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PULL 19/20] target/arm: Factor out "get mmuidx for specified security state" X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" For the SG instruction and secure function return we are going to want to do memory accesses using the MMU index of the CPU in secure state, even though the CPU is currently in non-secure state. Write arm_v7m_mmu_idx_for_secstate() to do this job, and use it in cpu_mmu_index(). Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Richard Henderson Message-id: 1506092407-26985-17-git-send-email-peter.maydell@linaro.org --- target/arm/cpu.h | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) -- 2.7.4 diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 70c1f85..89d49cd 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -2329,23 +2329,33 @@ static inline int arm_mmu_idx_to_el(ARMMMUIdx mmu_idx) } } +/* Return the MMU index for a v7M CPU in the specified security state */ +static inline ARMMMUIdx arm_v7m_mmu_idx_for_secstate(CPUARMState *env, + bool secstate) +{ + int el = arm_current_el(env); + ARMMMUIdx mmu_idx; + + if (el == 0) { + mmu_idx = secstate ? ARMMMUIdx_MSUser : ARMMMUIdx_MUser; + } else { + mmu_idx = secstate ? ARMMMUIdx_MSPriv : ARMMMUIdx_MPriv; + } + + if (armv7m_nvic_neg_prio_requested(env->nvic, secstate)) { + mmu_idx = secstate ? ARMMMUIdx_MSNegPri : ARMMMUIdx_MNegPri; + } + + return mmu_idx; +} + /* Determine the current mmu_idx to use for normal loads/stores */ static inline int cpu_mmu_index(CPUARMState *env, bool ifetch) { int el = arm_current_el(env); if (arm_feature(env, ARM_FEATURE_M)) { - ARMMMUIdx mmu_idx; - - if (el == 0) { - mmu_idx = env->v7m.secure ? ARMMMUIdx_MSUser : ARMMMUIdx_MUser; - } else { - mmu_idx = env->v7m.secure ? ARMMMUIdx_MSPriv : ARMMMUIdx_MPriv; - } - - if (armv7m_nvic_neg_prio_requested(env->nvic, env->v7m.secure)) { - mmu_idx = env->v7m.secure ? ARMMMUIdx_MSNegPri : ARMMMUIdx_MNegPri; - } + ARMMMUIdx mmu_idx = arm_v7m_mmu_idx_for_secstate(env, env->v7m.secure); return arm_to_core_mmu_idx(mmu_idx); } From patchwork Fri Oct 6 15:59:45 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 115101 Delivered-To: patch@linaro.org Received: by 10.140.22.163 with SMTP id 32csp2004737qgn; Fri, 6 Oct 2017 09:51:28 -0700 (PDT) X-Google-Smtp-Source: AOwi7QBc35ObC6Z4sGn1km34A3YHAwsN7L4Ba3poBgdpQuEdQ2MZxWTEzO6niUlcm87FGGS4AnVT X-Received: by 10.55.186.71 with SMTP id k68mr2426518qkf.100.1507308688488; Fri, 06 Oct 2017 09:51:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1507308688; cv=none; d=google.com; s=arc-20160816; b=fBX22CCwJbbW3wDtwuZej3REpumLN3qY52ihkH6BZmnGJ7cD4qkB60B6mDaV/6MlhH rMl/zs0UsIhAp08eUG/3ugwjStfsqcnpM6N70HzWDEtqH6h61ccqHtLM5mfHNJGdH4aN lXnuDecqYewWre9k989BQi11iNGrXWWU0zzCMT6FnNqBHNp8ZX/OS0w3wHJFzC6q2nWT QtUwU/VAy2NsP9Zfr3+wNfSnP6kkpw1Jkz6/0PKiByKhC2XB9XVpmsoBujWIkFmgk8kL G7VgMcWkcZRu2Dpg0DSKrlrbvoTzfzwiKZEG16FYpjBo2NOKzEuaDcT1vDmWlm0RXzIx gtMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject :content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:to:from:arc-authentication-results; bh=mxwyTwtFbaAYlzD/gMcESKDAyakko+NPT/3be30uQ6s=; b=CwnCzm479P1Lz4rGlEtxO918tfzlsEEv3CVVxBJaVIF6fz+rA1rr/pbBxp731oi1Ky +Nbr0J17lqGOWDv6VoD+lCWdO+ucrvJVRfWLVgnqKC0l1Pjt+KSkIVK6VlwM37N7JtWs 57NXrfLeUqdf6MibYBgY3rb0umGh8fHeqHvgZ68yKxlazcC9ZNI/UB5hSlNDVsOD8Jzh tYoZx7efx6Dk87V/oiyChgYkRFZpioqKinsYun5aqpDU/+xqnfWkKVZEfTFdxKkxpnOH izyulYEcJHPEdyDUNIpTiYfGwWITJgwlBSSqfV4Y2axpM6x6X6e5Sd2w+3DZJfCHqe1p qfOw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id f190si880559qkd.419.2017.10.06.09.51.28 for (version=TLS1 cipher=AES128-SHA bits=128/128); Fri, 06 Oct 2017 09:51:28 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:45959 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0VqS-0007jl-2y for patch@linaro.org; Fri, 06 Oct 2017 12:51:28 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58151) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e0V1m-0004FH-Mc for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e0V1l-0007qQ-6K for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:06 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:37720) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e0V1k-0007p7-TL for qemu-devel@nongnu.org; Fri, 06 Oct 2017 11:59:05 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1e0V1j-0002zX-RM for qemu-devel@nongnu.org; Fri, 06 Oct 2017 16:59:03 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Date: Fri, 6 Oct 2017 16:59:45 +0100 Message-Id: <1507305585-20608-21-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> References: <1507305585-20608-1-git-send-email-peter.maydell@linaro.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PULL 20/20] nvic: Add missing code for writing SHCSR.HARDFAULTPENDED bit X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" When we added support for the new SHCSR bits in v8M in commit 437d59c17e9 the code to support writing to the new HARDFAULTPENDED bit was accidentally only added for non-secure writes; the secure banked version of the bit should also be writable. Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Richard Henderson Message-id: 1506092407-26985-21-git-send-email-peter.maydell@linaro.org --- hw/intc/armv7m_nvic.c | 1 + 1 file changed, 1 insertion(+) -- 2.7.4 diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c index bd1d5d3..22d5e6e 100644 --- a/hw/intc/armv7m_nvic.c +++ b/hw/intc/armv7m_nvic.c @@ -1230,6 +1230,7 @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value, s->sec_vectors[ARMV7M_EXCP_BUS].enabled = (value & (1 << 17)) != 0; s->sec_vectors[ARMV7M_EXCP_USAGE].enabled = (value & (1 << 18)) != 0; + s->sec_vectors[ARMV7M_EXCP_HARD].pending = (value & (1 << 21)) != 0; /* SecureFault not banked, but RAZ/WI to NS */ s->vectors[ARMV7M_EXCP_SECURE].active = (value & (1 << 4)) != 0; s->vectors[ARMV7M_EXCP_SECURE].enabled = (value & (1 << 19)) != 0;