From patchwork Wed Feb 22 02:33:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Henderson X-Patchwork-Id: 655661 Delivered-To: patch@linaro.org Received: by 2002:adf:a3c6:0:0:0:0:0 with SMTP id m6csp455884wrb; Tue, 21 Feb 2023 18:34:49 -0800 (PST) X-Google-Smtp-Source: AK7set9vaTiakjRnh60fqKJNCVmudmkQiK+XhPcnifbZ8ZR7Cm7MGJk6Tb4E/toTyYLGfigl2A/e X-Received: by 2002:a05:6214:d4d:b0:56b:fb30:49c6 with SMTP id 13-20020a0562140d4d00b0056bfb3049c6mr15243571qvr.50.1677033289736; Tue, 21 Feb 2023 18:34:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1677033289; cv=none; d=google.com; s=arc-20160816; b=vFhHHekLQ/nPMq7sgD2ZLBEXUcN7RJjKLE3BEhgftBh3Pog4aOOEijZ8MHXV1tgSud eEnnGgJ9YfIz6BlOPncbXeXi5UxuSt6LM3hRpb6AFdz1vIZ5s7RP0VC6P3c5nQAsjoZ3 MwJOOU9lVtotuqxIptA0FQN01enB2ugQyetXzMtFW2GNufypEQucHmqPlL37eJOLdVMH Mgz/ENi49Ur98kZQ7aWYCCR+YciNSJ/LKf8YikNIR9REVZbh0BJm15xE0LkUlGBJPg7G wlIhkSzOvcGjhD0WDpuSvr6S94XErFMdvunsivoolnZC9Sq8LEk3AmyRJTPrfzbqUdja x/sA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Sp5dyg/bRPedb4z1tKWhvvEgmxz3Z+nJXy57x/hLb5A=; b=s17PUM7HHcXS0E4qwcHJpNeskYd13Um1b2XgKoPUfoxwMcHoNkI4Z8K22QozeXsSzB T464Q0OSCrAk1EGfoJuwxJ1tD0IN6XBmvyMl31K9tkU3nRxieMmtBqgJJjSzAEM1E3Ac ya0XWdO/kBYgO+TBdsGfaQRnPCombh/RPpFGXzBk9tsE+FkHaaTvqaFw7ITJJO4yQU6t 0Gn/UzVoPWYvdyGH2ehMRDEOFoLyAgjjIV1hUliq0GbtWcnn3USfDm/CV5R9XiyN2m/G oSzqNvJiXKtxF243zghIIZ7HsHzCs3Rs3TEnp7kCJtuWYKxDdTHx/1+UOIyi5VWBqi9f uPog== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=JnFxYy3h; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id b1-20020a0cf041000000b0057115385fd0si9311755qvl.373.2023.02.21.18.34.49 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Tue, 21 Feb 2023 18:34:49 -0800 (PST) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=JnFxYy3h; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pUexS-0007em-Dy; Tue, 21 Feb 2023 21:34:14 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pUexL-0007Om-EM for qemu-devel@nongnu.org; Tue, 21 Feb 2023 21:34:07 -0500 Received: from mail-pj1-x102b.google.com ([2607:f8b0:4864:20::102b]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pUexG-0001bT-Ld for qemu-devel@nongnu.org; Tue, 21 Feb 2023 21:34:04 -0500 Received: by mail-pj1-x102b.google.com with SMTP id qi12-20020a17090b274c00b002341621377cso6969591pjb.2 for ; Tue, 21 Feb 2023 18:34:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Sp5dyg/bRPedb4z1tKWhvvEgmxz3Z+nJXy57x/hLb5A=; b=JnFxYy3ho8EVDHT1UkQEBFABlBuKjIsOffvpqqizLYQaPPmnNPK+qkBxvoe+7ZPOmh hSuGnmh0u4q/2CSqH2S1TUHAXda7aRK55R7PgUygiS/2Uk2HmLCWZO8mMN/sljzUE9fU o9604fCrBHWqd9ecoUjyCHvID4oFe0fA3zL0UeWkoRlFDyKkTnqEkeKD1n5fwGitBI2w pD4W2Ofme85/kAD1B8tsnjLZCZXho14wGH/oMpGeyeRoJ+GP8WeFrl9Jew6ZUVONRmA/ 8Tf+dbAuEpSxLJEnArZv7nkVfbj53e6GNzzFlEVYf524YAUv+2fldOhAvDGgzYPhVlTM 34Qw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Sp5dyg/bRPedb4z1tKWhvvEgmxz3Z+nJXy57x/hLb5A=; b=GvB/eMDrq+MZOrBN3Qe4Pbb1uPgP2Zr5rxqv2fl65lU9yh1BxByAo+1gTyOjCxxGce bIGe9O6segTUUfsJm3y4TljH75TM707uKUCmusxgTcy+xej8bsbQh0FuLYgZPgxNp2ic u0XezvpjhUyBGhkOwcR8FJYLFgOOhfzgrWt/Nh61Mu+cMHqzBLykDbTotT/cSa2XsWF/ K61Jv3j9mN7hXsjCjbVOEgF6QZ5+bZHAcByFTPGnngJiaGdyXeJ418SJEWUMQOn/o16Q eD0jCMpe0Efj3Sg97CdP5Wc0SE0GcirNNfFGjpxpMwu23q5UmeEetNozmPb/6uytGAzO FYHA== X-Gm-Message-State: AO0yUKV1j20ft1fmwqNhTNXFOiLkgsSajWhd7ExXdzbOAQAwBfqQsO8p jsOuYx3jlFc1m/rvuakkaBVLP6P6ntMJjtgTIKg= X-Received: by 2002:a17:902:b286:b0:19c:a9b8:4349 with SMTP id u6-20020a170902b28600b0019ca9b84349mr329469plr.32.1677033241915; Tue, 21 Feb 2023 18:34:01 -0800 (PST) Received: from stoup.. (rrcs-173-198-77-218.west.biz.rr.com. [173.198.77.218]) by smtp.gmail.com with ESMTPSA id k3-20020a170902e90300b00198fde9178csm10520112pld.197.2023.02.21.18.34.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Feb 2023 18:34:01 -0800 (PST) From: Richard Henderson To: qemu-devel@nongnu.org Cc: qemu-arm@nongnu.org Subject: [PATCH v3 16/25] target/arm: Handle Block and Page bits for security space Date: Tue, 21 Feb 2023 16:33:27 -1000 Message-Id: <20230222023336.915045-17-richard.henderson@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230222023336.915045-1-richard.henderson@linaro.org> References: <20230222023336.915045-1-richard.henderson@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::102b; envelope-from=richard.henderson@linaro.org; helo=mail-pj1-x102b.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org With Realm security state, bit 55 of a block or page descriptor during the stage2 walk becomes the NS bit; during the stage1 walk the bit 5 NS bit is RES0. With Root security state, bit 11 of the block or page descriptor during the stage1 walk becomes the NSE bit. Rather than collecting an NS bit and applying it later, compute the output pa space from the input pa space and unconditionally assign. This means that we no longer need to adjust the output space earlier for the NSTable bit. Signed-off-by: Richard Henderson Reviewed-by: Peter Maydell --- target/arm/ptw.c | 91 ++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 73 insertions(+), 18 deletions(-) diff --git a/target/arm/ptw.c b/target/arm/ptw.c index 8b3deb0884..61c1227578 100644 --- a/target/arm/ptw.c +++ b/target/arm/ptw.c @@ -954,12 +954,14 @@ static int get_S2prot(CPUARMState *env, int s2ap, int xn, bool s1_is_el0) * @mmu_idx: MMU index indicating required translation regime * @is_aa64: TRUE if AArch64 * @ap: The 2-bit simple AP (AP[2:1]) - * @ns: NS (non-secure) bit * @xn: XN (execute-never) bit * @pxn: PXN (privileged execute-never) bit + * @in_pa: The original input pa space + * @out_pa: The output pa space, modified by NSTable, NS, and NSE */ static int get_S1prot(CPUARMState *env, ARMMMUIdx mmu_idx, bool is_aa64, - int ap, int ns, int xn, int pxn) + int ap, int xn, int pxn, + ARMSecuritySpace in_pa, ARMSecuritySpace out_pa) { bool is_user = regime_is_user(env, mmu_idx); int prot_rw, user_rw; @@ -980,7 +982,8 @@ static int get_S1prot(CPUARMState *env, ARMMMUIdx mmu_idx, bool is_aa64, } } - if (ns && arm_is_secure(env) && (env->cp15.scr_el3 & SCR_SIF)) { + if (out_pa == ARMSS_NonSecure && in_pa == ARMSS_Secure && + (env->cp15.scr_el3 & SCR_SIF)) { return prot_rw; } @@ -1248,11 +1251,12 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw, int32_t stride; int addrsize, inputsize, outputsize; uint64_t tcr = regime_tcr(env, mmu_idx); - int ap, ns, xn, pxn; + int ap, xn, pxn; uint32_t el = regime_el(env, mmu_idx); uint64_t descaddrmask; bool aarch64 = arm_el_is_aa64(env, el); uint64_t descriptor, new_descriptor; + ARMSecuritySpace out_space; /* TODO: This code does not support shareability levels. */ if (aarch64) { @@ -1435,8 +1439,6 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw, ptw->in_ptw_idx += 1; ptw->in_secure = false; ptw->in_space = ARMSS_NonSecure; - result->f.attrs.secure = false; - result->f.attrs.space = ARMSS_NonSecure; } if (!S1_ptw_translate(env, ptw, descaddr, fi)) { @@ -1554,15 +1556,75 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw, } ap = extract32(attrs, 6, 2); + out_space = ptw->in_space; if (regime_is_stage2(mmu_idx)) { - ns = mmu_idx == ARMMMUIdx_Stage2; + /* + * R_GYNXY: For stage2 in Realm security state, bit 55 is NS. + * The bit remains ignored for other security states. + */ + if (out_space == ARMSS_Realm && extract64(attrs, 55, 1)) { + out_space = ARMSS_NonSecure; + } xn = extract64(attrs, 53, 2); result->f.prot = get_S2prot(env, ap, xn, s1_is_el0); } else { - ns = extract32(attrs, 5, 1); + int nse, ns = extract32(attrs, 5, 1); + switch (out_space) { + case ARMSS_Root: + /* + * R_GVZML: Bit 11 becomes the NSE field in the EL3 regime. + * R_XTYPW: NSE and NS together select the output pa space. + */ + nse = extract32(attrs, 11, 1); + out_space = (nse << 1) | ns; + if (out_space == ARMSS_Secure && + !cpu_isar_feature(aa64_sel2, cpu)) { + out_space = ARMSS_NonSecure; + } + break; + case ARMSS_Secure: + if (ns) { + out_space = ARMSS_NonSecure; + } + break; + case ARMSS_Realm: + switch (mmu_idx) { + case ARMMMUIdx_Stage1_E0: + case ARMMMUIdx_Stage1_E1: + case ARMMMUIdx_Stage1_E1_PAN: + /* I_CZPRF: For Realm EL1&0 stage1, NS bit is RES0. */ + break; + case ARMMMUIdx_E2: + case ARMMMUIdx_E20_0: + case ARMMMUIdx_E20_2: + case ARMMMUIdx_E20_2_PAN: + /* + * R_LYKFZ, R_WGRZN: For Realm EL2 and EL2&1, + * NS changes the output to non-secure space. + */ + if (ns) { + out_space = ARMSS_NonSecure; + } + break; + default: + g_assert_not_reached(); + } + break; + case ARMSS_NonSecure: + /* R_QRMFF: For NonSecure state, the NS bit is RES0. */ + break; + default: + g_assert_not_reached(); + } xn = extract64(attrs, 54, 1); pxn = extract64(attrs, 53, 1); - result->f.prot = get_S1prot(env, mmu_idx, aarch64, ap, ns, xn, pxn); + + /* + * Note that we modified ptw->in_space earlier for NSTable, but + * result->f.attrs retains a copy of the original security space. + */ + result->f.prot = get_S1prot(env, mmu_idx, aarch64, ap, xn, pxn, + result->f.attrs.space, out_space); } if (!(result->f.prot & (1 << access_type))) { @@ -1589,15 +1651,8 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw, } } - if (ns) { - /* - * The NS bit will (as required by the architecture) have no effect if - * the CPU doesn't support TZ or this is a non-secure translation - * regime, because the attribute will already be non-secure. - */ - result->f.attrs.secure = false; - result->f.attrs.space = ARMSS_NonSecure; - } + result->f.attrs.space = out_space; + result->f.attrs.secure = arm_space_is_secure(out_space); /* When in aarch64 mode, and BTI is enabled, remember GP in the TLB. */ if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) {