From patchwork Thu Nov 9 13:59:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 742581 Delivered-To: patch@linaro.org Received: by 2002:a05:6000:110f:b0:32d:baff:b0ca with SMTP id z15csp858399wrw; Thu, 9 Nov 2023 06:11:21 -0800 (PST) X-Google-Smtp-Source: AGHT+IHQcjXbGk5mlcSrp1zW2uBLqYOc+h77hs2kAi/4pbwZCuvI5lQb8gWittqjOLQIrLX8CHP8 X-Received: by 2002:a5d:64ec:0:b0:32f:84e3:9db5 with SMTP id g12-20020a5d64ec000000b0032f84e39db5mr4723506wri.6.1699539081388; Thu, 09 Nov 2023 06:11:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1699539081; cv=none; d=google.com; s=arc-20160816; b=KcFpmMLmdTcF4i4aMjUb9AUeSwPSwl//V0mvSshL/hpddJ4oHYgl5ZtqfW6+MVoPNQ gMCFGLKvP51GcuCY7TnQPhHKd2sOKp989MNI2EK2St0ekBKURjy4t2Ikw5zvSWtlDp1F /VMGhmC6ZgrN/tNieMH4R2RIO6c4U27W4xB7I6ZELmv+/kXq89/AGFPO1kV3w2SXiXba fy5nCQpK88frHmjHhKUeTzTdCkACe2dnvqhkvQW5bnwYzfWNOOYqiVHxSj7+p1iyFFju EX6Qva7gpUEYV2EBzwrQX4fq/KD+rWlAgxREjy0vLLHG4p9xSNrrn1bVEUwCX57Dh7JF n3+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=vKg+3L1vvq4iJd6C7plk9sAdg3HTkIkAYrxVD0OWf48=; fh=xJ1URYKcMN3TM0/XAv5v+aCN+5tIbzAdcfBx5UNgoLw=; b=gYGDsL+lB1OGtPYjUTRjFnceHnc4YXMMCAIuwWv83zXFw9cdcM42To5Hi91itJ+VyW IctpuiKzz6IYi6GuKlVqznwuM3U+kyoz+764bC9SYgYaejUJsVQDsm00KzaHWEzVMPLd /YVnokZ64P8uVJHuiOGl2WTtfpXV7ENJJG4dM21CqzCFg26YESjqqJQhMe/z/5dvYD58 bX2ooZZVKyetRYlMTaXrLaZRmLNp2gbsgmxsuF0t41hT8Hxce9hMHNUETNmepZNW41he RpBgNLTUn/KRP0wH0NncbAPJBP4FheIGGMmXL5e2Rdip+aLVzfMbpyGWRSfdEWTo2s6B 2xMA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id c15-20020adfef4f000000b0032fb9c5aa33si5551023wrp.530.2023.11.09.06.11.21 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 09 Nov 2023 06:11:21 -0800 (PST) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1r15fy-0006Ry-2v; Thu, 09 Nov 2023 09:06:30 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r15dm-0000fn-KD; Thu, 09 Nov 2023 09:04:19 -0500 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r15dk-0007ES-MX; Thu, 09 Nov 2023 09:04:14 -0500 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 04F7431BEA; Thu, 9 Nov 2023 16:59:58 +0300 (MSK) Received: from tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with SMTP id 0FCFB34521; Thu, 9 Nov 2023 16:59:50 +0300 (MSK) Received: (nullmailer pid 1462931 invoked by uid 1000); Thu, 09 Nov 2023 13:59:47 -0000 From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Peter Maydell , Richard Henderson , Michael Tokarev Subject: [Stable-7.2.7 50/62] target/arm: Correctly propagate stage 1 BTI guarded bit in a two-stage walk Date: Thu, 9 Nov 2023 16:59:18 +0300 Message-Id: <20231109135933.1462615-50-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Peter Maydell In a two-stage translation, the result of the BTI guarded bit should be the guarded bit from the first stage of translation, as there is no BTI guard information in stage two. Our code tried to do this, but got it wrong, because we currently have two fields where the GP bit information might live (ARMCacheAttrs::guarded and CPUTLBEntryFull::extra::arm::guarded), and we were storing the GP bit in the latter during the stage 1 walk but trying to copy the former in combine_cacheattrs(). Remove the duplicated storage, and always use the field in CPUTLBEntryFull; correctly propagate the stage 1 value to the output in get_phys_addr_twostage(). Note for stable backports: in v8.0 and earlier the field is named result->f.guarded, not result->f.extra.arm.guarded. Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1950 Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20231031173723.26582-1-peter.maydell@linaro.org (cherry picked from commit 4c09abeae8704970ff03bf2196973f6bf08ab6f9) Signed-off-by: Michael Tokarev (Mjt: replace f.extra.arm.guarded -> f.guarded due to v8.1.0-1179-ga81fef4b64) diff --git a/target/arm/internals.h b/target/arm/internals.h index 161e42d50f..3c7ff51c99 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -1129,7 +1129,6 @@ typedef struct ARMCacheAttrs { unsigned int attrs:8; unsigned int shareability:2; /* as in the SH field of the VMSAv8-64 PTEs */ bool is_s2_format:1; - bool guarded:1; /* guarded bit of the v8-64 PTE */ } ARMCacheAttrs; /* Fields that are valid upon success. */ diff --git a/target/arm/ptw.c b/target/arm/ptw.c index 97c85f3c95..be0cc3e347 100644 --- a/target/arm/ptw.c +++ b/target/arm/ptw.c @@ -2635,7 +2635,7 @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw, hwaddr ipa; int s1_prot, s1_lgpgsz; bool is_secure = ptw->in_secure; - bool ret, ipa_secure; + bool ret, ipa_secure, s1_guarded; ARMCacheAttrs cacheattrs1; bool is_el0; uint64_t hcr; @@ -2661,6 +2661,7 @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw, */ s1_prot = result->f.prot; s1_lgpgsz = result->f.lg_page_size; + s1_guarded = result->f.guarded; cacheattrs1 = result->cacheattrs; memset(result, 0, sizeof(*result)); @@ -2701,6 +2702,9 @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw, result->cacheattrs = combine_cacheattrs(hcr, cacheattrs1, result->cacheattrs); + /* No BTI GP information in stage 2, we just use the S1 value */ + result->f.guarded = s1_guarded; + /* * Check if IPA translates to secure or non-secure PA space. * Note that VSTCR overrides VTCR and {N}SW overrides {N}SA.