From patchwork Thu Nov 9 13:58:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 742578 Delivered-To: patch@linaro.org Received: by 2002:a05:6000:110f:b0:32d:baff:b0ca with SMTP id z15csp851860wrw; Thu, 9 Nov 2023 06:02:20 -0800 (PST) X-Google-Smtp-Source: AGHT+IGbDiTaUDHQIFCnJnxuisqEM7r80DFip4KvZNERrm0VtsOEJrS6MwMldBcRwrbmnqezlsbE X-Received: by 2002:a05:6000:1843:b0:32f:7e96:b1a2 with SMTP id c3-20020a056000184300b0032f7e96b1a2mr6135381wri.33.1699538539107; Thu, 09 Nov 2023 06:02:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1699538539; cv=none; d=google.com; s=arc-20160816; b=byZG8ngQ8Wuyv3g9zc/1OZyY+6WDjNvYxpaEADeqIWwrKVrcw9bwTRdhtgFo+tqZXT 32BJAOIsdqZPwhuZ9UI5omv1BH0puW0bf0JYcHYbRBOSLkAuEzZiKl797tVisqiMznUf eY06e11T9xpv0N2BhVdvSjzYoZCVWYccZQ0L3TMSe7poGZjOn/O7/tF8Yc0soxqHrVXF RM+ARnvLeZkJJ8ShelHeBqvRJsrejNMYoaoSREhTgYhKvELGdCm+vRoEO/EoIDXTjFT8 bouRXi39sN++jiqUpTjAmD1vv2Bu6XUVoieELnIDsGaDLIXwNJFWf/VU3meZSqit0DG0 QXaQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=E8oXINCkBmsOEg0hOaK3vjiuc3+eYxJCP7wgiwLF22o=; fh=xJ1URYKcMN3TM0/XAv5v+aCN+5tIbzAdcfBx5UNgoLw=; b=b2dfzTjKo7W9txHcrLnN6/SJO+zm9xdqNJPdIjUX88wZ//KCx2mcNwBYBrq3xPI7/2 iaQT+mIFHOyktsxYxEtUGqTrEuL1OCxdfWez+MzmBHC4dXgWIbhauOJs6GN6Lna3saRq LuXWKo4U/E+9tg9uJ5uRwBP1hzFjKuj1INJmI2dEyW/W3979W1ghvwVv0XaXm4ddQYFH 0Mgh6xPw8JWUO6ircO8diShtc+TyzscQk7DOsIgHYgKSM2viW1Jy0ocGejSXS0Y066Wn bEhjiIkJPM+nv78at463O4nz24/Vlhs8l2GpPORx4/U77iE/lfm4TF9JZyuGKodocCtc zV2A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id b1-20020a5d4b81000000b0032320f3293esi5582102wrt.933.2023.11.09.06.02.19 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 09 Nov 2023 06:02:19 -0800 (PST) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1r15ba-0000vM-AQ; Thu, 09 Nov 2023 09:01:59 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r15a3-0005ef-Mz; Thu, 09 Nov 2023 09:00:28 -0500 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r15Zl-0005Wu-Ir; Thu, 09 Nov 2023 09:00:19 -0500 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id E78BF31BC1; Thu, 9 Nov 2023 16:59:41 +0300 (MSK) Received: from tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with SMTP id F2E77344FA; Thu, 9 Nov 2023 16:59:33 +0300 (MSK) Received: (nullmailer pid 1462788 invoked by uid 1000); Thu, 09 Nov 2023 13:59:33 -0000 From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Peter Maydell , Richard Henderson , Michael Tokarev Subject: [Stable-7.2.7 11/62] target/arm: Don't skip MTE checks for LDRT/STRT at EL0 Date: Thu, 9 Nov 2023 16:58:39 +0300 Message-Id: <20231109135933.1462615-11-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_HELO_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Peter Maydell The LDRT/STRT "unprivileged load/store" instructions behave like normal ones if executed at EL0. We handle this correctly for the load/store semantics, but get the MTE checking wrong. We always look at s->mte_active[is_unpriv] to see whether we should be doing MTE checks, but in hflags.c when we set the TB flags that will be used to fill the mte_active[] array we only set the MTE0_ACTIVE bit if UNPRIV is true (i.e. we are not at EL0). This means that a LDRT at EL0 will see s->mte_active[1] as 0, and will not do MTE checks even when MTE is enabled. To avoid the translate-time code having to do an explicit check on s->unpriv to see if it is OK to index into the mte_active[] array, duplicate MTE_ACTIVE into MTE0_ACTIVE when UNPRIV is false. (This isn't a very serious bug because generally nobody executes LDRT/STRT at EL0, because they have no use there.) Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20230912140434.1333369-2-peter.maydell@linaro.org (cherry picked from commit 903dbefc2b6918c10d12d9aafa0168cee8d287c7) Signed-off-by: Michael Tokarev (Mjt: before v7.2.0-1636-g671efad16a this code was in target/arm/helper.c) diff --git a/target/arm/helper.c b/target/arm/helper.c index 22bc935242..a52ef3dfe4 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -11301,6 +11301,15 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *env, int el, int fp_el, && !(env->pstate & PSTATE_TCO) && (sctlr & (el == 0 ? SCTLR_TCF0 : SCTLR_TCF))) { DP_TBFLAG_A64(flags, MTE_ACTIVE, 1); + if (!EX_TBFLAG_A64(flags, UNPRIV)) { + /* + * In non-unpriv contexts (eg EL0), unpriv load/stores + * act like normal ones; duplicate the MTE info to + * avoid translate-a64.c having to check UNPRIV to see + * whether it is OK to index into MTE_ACTIVE[]. + */ + DP_TBFLAG_A64(flags, MTE0_ACTIVE, 1); + } } } /* And again for unprivileged accesses, if required. */ From patchwork Thu Nov 9 13:58:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 742579 Delivered-To: patch@linaro.org Received: by 2002:a05:6000:110f:b0:32d:baff:b0ca with SMTP id z15csp855350wrw; Thu, 9 Nov 2023 06:06:51 -0800 (PST) X-Google-Smtp-Source: AGHT+IFaOJqyvJL/z1CAu1dy5qBFZ+7ZfGFS+CV4V6xh5qxfkAhYJne+64pdpLyKgbZ7O8MtxTPP X-Received: by 2002:a05:6000:2c2:b0:32f:8c9a:67 with SMTP id o2-20020a05600002c200b0032f8c9a0067mr6559220wry.0.1699538810852; Thu, 09 Nov 2023 06:06:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1699538810; cv=none; d=google.com; s=arc-20160816; b=juYG0ukgs3xQNpqjvoh2+0HDa+sHBkTkPlKImN6Je1G6ywxN5MidOGyoXy/owGk84l Epjm4p3XHVXTvFRIK1MW8gzfcpFiGGzrlFdMqBX42dpMkr+CfooJyA4r7t2bGHlGtHT5 ub5rUYTWmKLaTRApKNdxGiRaBPI+DaS+AoBx4cASFxMFRTY9XC9EYLnGlfMNClL1cHZ6 Rc1pv8WBEcQNKdod5nT1uPXhU7I6Wn1G8LlsVhWvXEShMHh4aytTYz/6bHzK5UwH3BPr DKtN6rDdYI29bKBDUglLi/eUVbmJ4WARcZYMy9+w1aS190YYJN6BSwh0oIO0wQTo74+k 592g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=oBgRoti7O+7eP07J/jSBKsXBSeK+61S28et+vBG6Xi8=; fh=K4abbxCgZAPvqzOXA+PZ7RIZh+KufMVJze7rXLOwES0=; b=FRTs0P8+8RZEOb7EjWij3dbBK/FukCdbm2TVy2fsLdT3RY+9GlZz90CzcODPqYgLSu moCJ7DbK6TjHEFMHO0CxVjzRhijNI259ARkTz7GwXn613mCGqu+YiPk/t0B9HdznThlr djwN5JUgAksPHyUvmMAD3JMdFdNIg+AM1oU+2hawa4gIZzLs52rLu3BJYenrb7Mw446f ZrWCbvbTOGa+vWbfwE4u2B070XYKWFjlzR0K7gptOgUk5rwjiZHNO2XvRw3AqN0pDEez SgK6nJssiS77/VBrCO3og/3dmR1a3xapHWWY6E9dv/NcoS87Q77XSuONGvRXA/hxrLdu V+bA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id k12-20020a5d66cc000000b0032f91cc1515si5385825wrw.950.2023.11.09.06.06.50 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 09 Nov 2023 06:06:50 -0800 (PST) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1r15ei-0003Mg-HY; Thu, 09 Nov 2023 09:05:13 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r15bq-00030Q-1V; Thu, 09 Nov 2023 09:02:14 -0500 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r15bo-0006Sy-1v; Thu, 09 Nov 2023 09:02:13 -0500 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 58A7931BD3; Thu, 9 Nov 2023 16:59:56 +0300 (MSK) Received: from tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with SMTP id 63B963450C; Thu, 9 Nov 2023 16:59:48 +0300 (MSK) Received: (nullmailer pid 1462865 invoked by uid 1000); Thu, 09 Nov 2023 13:59:47 -0000 From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Richard Henderson , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Michael Tokarev Subject: [Stable-7.2.7 29/62] linux-user/hppa: Fix struct target_sigcontext layout Date: Thu, 9 Nov 2023 16:58:57 +0300 Message-Id: <20231109135933.1462615-29-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Richard Henderson Use abi_ullong not uint64_t so that the alignment of the field and therefore the layout of the struct is correct. Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Richard Henderson (cherry picked from commit 33bc4fa78b06fc4e5fe22e5576811a97707e0cc6) Signed-off-by: Michael Tokarev diff --git a/linux-user/hppa/signal.c b/linux-user/hppa/signal.c index bda6e54655..ec5f5412d1 100644 --- a/linux-user/hppa/signal.c +++ b/linux-user/hppa/signal.c @@ -25,7 +25,7 @@ struct target_sigcontext { abi_ulong sc_flags; abi_ulong sc_gr[32]; - uint64_t sc_fr[32]; + abi_ullong sc_fr[32]; abi_ulong sc_iasq[2]; abi_ulong sc_iaoq[2]; abi_ulong sc_sar; From patchwork Thu Nov 9 13:59:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 742583 Delivered-To: patch@linaro.org Received: by 2002:a05:6000:110f:b0:32d:baff:b0ca with SMTP id z15csp861082wrw; Thu, 9 Nov 2023 06:15:50 -0800 (PST) X-Google-Smtp-Source: AGHT+IF1frdIEEougO4nnukY7z7fO15Lob4jJJhswlju+3IkOvlqaOcySlysd+guYaqpjpoQX7Br X-Received: by 2002:a05:6512:1243:b0:509:fbf:f235 with SMTP id fb3-20020a056512124300b005090fbff235mr1999967lfb.6.1699539350245; Thu, 09 Nov 2023 06:15:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1699539350; cv=none; d=google.com; s=arc-20160816; b=aS4511PqxklTgr15hJNVM7OMRP4ARQSnBdnJ6iJQ9fT6o5dKHQ7B3fq7qmo9MSWWfz o3s1xzvwpSTY+zKzIMvabLrFqSC4p9uDCGHJVVJWrQzroqOKWpdlDy2eYYxSOiuJKsnp WaVC8GcnWc5SQf6eWV70/PqgvFJ+85FZppJ1ZtFrhb635/b2qlt+a1BN2dSaGUOUTRsU AKOPPzYdPeQQO7YRSkJyRpg6mPL77m5kD4kSGRjP0g6EqmOK6Yy3ZdNuG2EQ7SuQTsg8 kBkErtje6oJ64sQ/9gZAI9ROjBxOQt05Ychej0ZcNbJo3WnWmrnE3Qr4iOMD5O38BzxO xfew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=PJPyZ1eaHaaK6NhxbRWVgQUcB2Fhhf63vpdj+ssGaf4=; fh=L196pQKRERZGaJF7hFtC+jRPyzKAn1vHHXd3Z6ZIEH8=; b=AGYtLy5+6yMDKhSZMWLWYo9clsFYUGBjBObm7OPyntL9xJqSj9mbJHIu5IgF2lTzRE I4YkI/j5zNMgVtuyt90c8a8Jo9YAfUWO1N9OOEkxjjq77WR1JWJTVpaI7oATVIkv3o7p IKDZBXk2fDQPDsQxEnlhcQPPtLqvbImNqcGIw8FMlzAn8vuxxXpNyZwtSGc++Rl8i3J4 rJVKFBESpw3OBTKp7ooILeLoTBC6rSIqEAxm3Vn5ZS9X6Z6ttsgY9MSX10pwQ5STdySn vjtPJ4T59YIxGgyj7NM/+26BM0fG3Yxg6aQhCPXw/9IpY7BbPqmxjkAs2H//cv8xcJo/ a+Yw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id cc12-20020a5d5c0c000000b0032daa84148bsi5899903wrb.413.2023.11.09.06.15.50 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 09 Nov 2023 06:15:50 -0800 (PST) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1r15fv-0006Lx-Fl; Thu, 09 Nov 2023 09:06:27 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r15dj-0000Wa-Ap; Thu, 09 Nov 2023 09:04:14 -0500 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r15de-00078w-Qx; Thu, 09 Nov 2023 09:04:10 -0500 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id D68EF31BE8; Thu, 9 Nov 2023 16:59:57 +0300 (MSK) Received: from tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with SMTP id DFB383451F; Thu, 9 Nov 2023 16:59:49 +0300 (MSK) Received: (nullmailer pid 1462924 invoked by uid 1000); Thu, 09 Nov 2023 13:59:47 -0000 From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Peter Maydell , Richard Henderson , =?utf-8?q?Philippe_Mathie?= =?utf-8?q?u-Daud=C3=A9?= , Michael Tokarev Subject: [Stable-7.2.7 48/62] target/arm: Don't allow stage 2 page table walks to downgrade to NS Date: Thu, 9 Nov 2023 16:59:16 +0300 Message-Id: <20231109135933.1462615-48-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Peter Maydell Bit 63 in a Table descriptor is only the NSTable bit for stage 1 translations; in stage 2 it is RES0. We were incorrectly looking at it all the time. This causes problems if: * the stage 2 table descriptor was incorrectly setting the RES0 bit * we are doing a stage 2 translation in Secure address space for a NonSecure stage 1 regime -- in this case we would incorrectly do an immediate downgrade to NonSecure A bug elsewhere in the code currently prevents us from getting to the second situation, but when we fix that it will be possible. Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Reviewed-by: Philippe Mathieu-Daudé Message-id: 20230504135425.2748672-2-peter.maydell@linaro.org (cherry picked from commit 21a4ab8318ba6f049aac244e237cd1557586e216) Signed-off-by: Michael Tokarev diff --git a/target/arm/ptw.c b/target/arm/ptw.c index fa013044c1..e593bc339a 100644 --- a/target/arm/ptw.c +++ b/target/arm/ptw.c @@ -1382,17 +1382,18 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw, descaddrmask &= ~indexmask_grainsize; /* - * Secure accesses start with the page table in secure memory and + * Secure stage 1 accesses start with the page table in secure memory and * can be downgraded to non-secure at any step. Non-secure accesses * remain non-secure. We implement this by just ORing in the NSTable/NS * bits at each step. + * Stage 2 never gets this kind of downgrade. */ tableattrs = is_secure ? 0 : (1 << 4); next_level: descaddr |= (address >> (stride * (4 - level))) & indexmask; descaddr &= ~7ULL; - nstable = extract32(tableattrs, 4, 1); + nstable = !regime_is_stage2(mmu_idx) && extract32(tableattrs, 4, 1); if (nstable) { /* * Stage2_S -> Stage2 or Phys_S -> Phys_NS From patchwork Thu Nov 9 13:59:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 742582 Delivered-To: patch@linaro.org Received: by 2002:a05:6000:110f:b0:32d:baff:b0ca with SMTP id z15csp858960wrw; Thu, 9 Nov 2023 06:12:14 -0800 (PST) X-Google-Smtp-Source: AGHT+IFjyZsiETQRX4nw8rDNYk0iyuolbYZ9hjJXE5SKrZ7fxxG3sjSF2OZ+iUoUVW4x62OkM/wT X-Received: by 2002:a5d:47a8:0:b0:32d:8e54:29fa with SMTP id 8-20020a5d47a8000000b0032d8e5429famr4480815wrb.44.1699539134489; Thu, 09 Nov 2023 06:12:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1699539134; cv=none; d=google.com; s=arc-20160816; b=VY1CWrURQIZkpoq4ZnyxoR5LcPtHiLu1Ca72mn6zbCjIsipqhKydhKmk4KSQWXt0Xv qh1rAv2AHjsosYBZcbctqcroNY2SiLIVGzWk2CmROQgV9VxX96ddzbWi/GKQDqcgddiW NZ01SusE6EjoOYgKGnrLIWodKSg5mRIihYBR+rMQHjj2ZJKvr5MXZPhJDpJM7tXSKAwR bFd/kYiRnz5cD1tvuwNFI0vSXQGgssqSqK143flwRdi5d3ZwUbGaQNckfvBliW4KEsKf SSDgxSPw1m8Nv4O7i+r41rdiNDA076vvEl0WYvqu0gHxZCr7jeS7QZAF13D1OgDfiZBG H//w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=rYxhCUNA/ZR8JxgV/LoGvYU7RUWuFV52mpo//M+IXVk=; fh=xJ1URYKcMN3TM0/XAv5v+aCN+5tIbzAdcfBx5UNgoLw=; b=WFYLyRxNW02vuZviGesGbojo7U+OUlQP3VSUfK9OSVTCEhWRQE9sARZUyUmqxUA7/h 1uzU56QtPg5LguHb0+6ac09lYYIdzyBWH2wETx4ziecpUmm7/lVYH61ZduBqsVEcGw6Y cKpP3+/Yf/Henov7QceWiJESZQ+lZVR0DvxwQSveF4NC0NvqT1t19F2Eo+vbpfyhocV9 M3eAKmKGAwgVestB0rG1eO9Ft27d2i6E3eRP0KD6p89/rKTAQqzZBuAtDQZbRoEom3Yi hQcXTvQA8t7HKf+l4ZPPEIEPeOttdyD9sAdnuJtEulsWGOAlvokhyR8VJsspggZmrUtZ G+lQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id p10-20020a5d68ca000000b00327db904eb6si5509891wrw.372.2023.11.09.06.12.14 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 09 Nov 2023 06:12:14 -0800 (PST) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1r15ga-0007pv-NM; Thu, 09 Nov 2023 09:07:09 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r15dj-0000Zl-V5; Thu, 09 Nov 2023 09:04:17 -0500 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r15de-0007Ck-Vp; Thu, 09 Nov 2023 09:04:11 -0500 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id E817B31BE9; Thu, 9 Nov 2023 16:59:57 +0300 (MSK) Received: from tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with SMTP id F1BB834520; Thu, 9 Nov 2023 16:59:49 +0300 (MSK) Received: (nullmailer pid 1462928 invoked by uid 1000); Thu, 09 Nov 2023 13:59:47 -0000 From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Peter Maydell , Richard Henderson , Michael Tokarev Subject: [Stable-7.2.7 49/62] target/arm: Fix handling of SW and NSW bits for stage 2 walks Date: Thu, 9 Nov 2023 16:59:17 +0300 Message-Id: <20231109135933.1462615-49-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Peter Maydell We currently don't correctly handle the VSTCR_EL2.SW and VTCR_EL2.NSW configuration bits. These allow configuration of whether the stage 2 page table walks for Secure IPA and NonSecure IPA should do their descriptor reads from Secure or NonSecure physical addresses. (This is separate from how the translation table base address and other parameters are set: an NS IPA always uses VTTBR_EL2 and VTCR_EL2 for its base address and walk parameters, regardless of the NSW bit, and similarly for Secure.) Provide a new function ptw_idx_for_stage_2() which returns the MMU index to use for descriptor reads, and use it to set up the .in_ptw_idx wherever we call get_phys_addr_lpae(). For a stage 2 walk, wherever we call get_phys_addr_lpae(): * .in_ptw_idx should be ptw_idx_for_stage_2() of the .in_mmu_idx * .in_secure should be true if .in_mmu_idx is Stage2_S This allows us to correct S1_ptw_translate() so that it consistently always sets its (out_secure, out_phys) to the result it gets from the S2 walk (either by calling get_phys_addr_lpae() or by TLB lookup). This makes better conceptual sense because the S2 walk should return us an (address space, address) tuple, not an address that we then randomly assign to S or NS. Our previous handling of SW and NSW was broken, so guest code trying to use these bits to put the s2 page tables in the "other" address space wouldn't work correctly. Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1600 Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20230504135425.2748672-3-peter.maydell@linaro.org (cherry picked from commit fcc0b0418fff655f20fd0cf86a1bbdc41fd2e7c6) Signed-off-by: Michael Tokarev diff --git a/target/arm/ptw.c b/target/arm/ptw.c index e593bc339a..97c85f3c95 100644 --- a/target/arm/ptw.c +++ b/target/arm/ptw.c @@ -103,6 +103,37 @@ ARMMMUIdx arm_stage1_mmu_idx(CPUARMState *env) return stage_1_mmu_idx(arm_mmu_idx(env)); } +/* + * Return where we should do ptw loads from for a stage 2 walk. + * This depends on whether the address we are looking up is a + * Secure IPA or a NonSecure IPA, which we know from whether this is + * Stage2 or Stage2_S. + * If this is the Secure EL1&0 regime we need to check the NSW and SW bits. + */ +static ARMMMUIdx ptw_idx_for_stage_2(CPUARMState *env, ARMMMUIdx stage2idx) +{ + bool s2walk_secure; + + /* + * We're OK to check the current state of the CPU here because + * (1) we always invalidate all TLBs when the SCR_EL3.NS bit changes + * (2) there's no way to do a lookup that cares about Stage 2 for a + * different security state to the current one for AArch64, and AArch32 + * never has a secure EL2. (AArch32 ATS12NSO[UP][RW] allow EL3 to do + * an NS stage 1+2 lookup while the NS bit is 0.) + */ + if (!arm_is_secure_below_el3(env) || !arm_el_is_aa64(env, 3)) { + return ARMMMUIdx_Phys_NS; + } + if (stage2idx == ARMMMUIdx_Stage2_S) { + s2walk_secure = !(env->cp15.vstcr_el2 & VSTCR_SW); + } else { + s2walk_secure = !(env->cp15.vtcr_el2 & VTCR_NSW); + } + return s2walk_secure ? ARMMMUIdx_Phys_S : ARMMMUIdx_Phys_NS; + +} + static bool regime_translation_big_endian(CPUARMState *env, ARMMMUIdx mmu_idx) { return (regime_sctlr(env, mmu_idx) & SCTLR_EE) != 0; @@ -220,7 +251,6 @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw, ARMMMUIdx mmu_idx = ptw->in_mmu_idx; ARMMMUIdx s2_mmu_idx = ptw->in_ptw_idx; uint8_t pte_attrs; - bool pte_secure; ptw->out_virt = addr; @@ -232,8 +262,8 @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw, if (regime_is_stage2(s2_mmu_idx)) { S1Translate s2ptw = { .in_mmu_idx = s2_mmu_idx, - .in_ptw_idx = is_secure ? ARMMMUIdx_Phys_S : ARMMMUIdx_Phys_NS, - .in_secure = is_secure, + .in_ptw_idx = ptw_idx_for_stage_2(env, s2_mmu_idx), + .in_secure = s2_mmu_idx == ARMMMUIdx_Stage2_S, .in_debug = true, }; GetPhysAddrResult s2 = { }; @@ -244,12 +274,12 @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw, } ptw->out_phys = s2.f.phys_addr; pte_attrs = s2.cacheattrs.attrs; - pte_secure = s2.f.attrs.secure; + ptw->out_secure = s2.f.attrs.secure; } else { /* Regime is physical. */ ptw->out_phys = addr; pte_attrs = 0; - pte_secure = is_secure; + ptw->out_secure = s2_mmu_idx == ARMMMUIdx_Phys_S; } ptw->out_host = NULL; ptw->out_rw = false; @@ -270,7 +300,7 @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw, ptw->out_phys = full->phys_addr | (addr & ~TARGET_PAGE_MASK); ptw->out_rw = full->prot & PAGE_WRITE; pte_attrs = full->pte_attrs; - pte_secure = full->attrs.secure; + ptw->out_secure = full->attrs.secure; #else g_assert_not_reached(); #endif @@ -293,11 +323,6 @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw, } } - /* Check if page table walk is to secure or non-secure PA space. */ - ptw->out_secure = (is_secure - && !(pte_secure - ? env->cp15.vstcr_el2 & VSTCR_SW - : env->cp15.vtcr_el2 & VTCR_NSW)); ptw->out_be = regime_translation_big_endian(env, mmu_idx); return true; @@ -2610,7 +2635,7 @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw, hwaddr ipa; int s1_prot, s1_lgpgsz; bool is_secure = ptw->in_secure; - bool ret, ipa_secure, s2walk_secure; + bool ret, ipa_secure; ARMCacheAttrs cacheattrs1; bool is_el0; uint64_t hcr; @@ -2624,20 +2649,11 @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw, ipa = result->f.phys_addr; ipa_secure = result->f.attrs.secure; - if (is_secure) { - /* Select TCR based on the NS bit from the S1 walk. */ - s2walk_secure = !(ipa_secure - ? env->cp15.vstcr_el2 & VSTCR_SW - : env->cp15.vtcr_el2 & VTCR_NSW); - } else { - assert(!ipa_secure); - s2walk_secure = false; - } is_el0 = ptw->in_mmu_idx == ARMMMUIdx_Stage1_E0; - ptw->in_mmu_idx = s2walk_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2; - ptw->in_ptw_idx = s2walk_secure ? ARMMMUIdx_Phys_S : ARMMMUIdx_Phys_NS; - ptw->in_secure = s2walk_secure; + ptw->in_mmu_idx = ipa_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2; + ptw->in_secure = ipa_secure; + ptw->in_ptw_idx = ptw_idx_for_stage_2(env, ptw->in_mmu_idx); /* * S1 is done, now do S2 translation. @@ -2729,6 +2745,16 @@ static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw, ptw->in_ptw_idx = is_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2; break; + case ARMMMUIdx_Stage2: + case ARMMMUIdx_Stage2_S: + /* + * Second stage lookup uses physical for ptw; whether this is S or + * NS may depend on the SW/NSW bits if this is a stage 2 lookup for + * the Secure EL2&0 regime. + */ + ptw->in_ptw_idx = ptw_idx_for_stage_2(env, mmu_idx); + break; + case ARMMMUIdx_E10_0: s1_mmu_idx = ARMMMUIdx_Stage1_E0; goto do_twostage; @@ -2752,7 +2778,7 @@ static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw, /* fall through */ default: - /* Single stage and second stage uses physical for ptw. */ + /* Single stage uses physical for ptw. */ ptw->in_ptw_idx = is_secure ? ARMMMUIdx_Phys_S : ARMMMUIdx_Phys_NS; break; } From patchwork Thu Nov 9 13:59:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 742581 Delivered-To: patch@linaro.org Received: by 2002:a05:6000:110f:b0:32d:baff:b0ca with SMTP id z15csp858399wrw; Thu, 9 Nov 2023 06:11:21 -0800 (PST) X-Google-Smtp-Source: AGHT+IHQcjXbGk5mlcSrp1zW2uBLqYOc+h77hs2kAi/4pbwZCuvI5lQb8gWittqjOLQIrLX8CHP8 X-Received: by 2002:a5d:64ec:0:b0:32f:84e3:9db5 with SMTP id g12-20020a5d64ec000000b0032f84e39db5mr4723506wri.6.1699539081388; Thu, 09 Nov 2023 06:11:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1699539081; cv=none; d=google.com; s=arc-20160816; b=KcFpmMLmdTcF4i4aMjUb9AUeSwPSwl//V0mvSshL/hpddJ4oHYgl5ZtqfW6+MVoPNQ gMCFGLKvP51GcuCY7TnQPhHKd2sOKp989MNI2EK2St0ekBKURjy4t2Ikw5zvSWtlDp1F /VMGhmC6ZgrN/tNieMH4R2RIO6c4U27W4xB7I6ZELmv+/kXq89/AGFPO1kV3w2SXiXba fy5nCQpK88frHmjHhKUeTzTdCkACe2dnvqhkvQW5bnwYzfWNOOYqiVHxSj7+p1iyFFju EX6Qva7gpUEYV2EBzwrQX4fq/KD+rWlAgxREjy0vLLHG4p9xSNrrn1bVEUwCX57Dh7JF n3+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=vKg+3L1vvq4iJd6C7plk9sAdg3HTkIkAYrxVD0OWf48=; fh=xJ1URYKcMN3TM0/XAv5v+aCN+5tIbzAdcfBx5UNgoLw=; b=gYGDsL+lB1OGtPYjUTRjFnceHnc4YXMMCAIuwWv83zXFw9cdcM42To5Hi91itJ+VyW IctpuiKzz6IYi6GuKlVqznwuM3U+kyoz+764bC9SYgYaejUJsVQDsm00KzaHWEzVMPLd /YVnokZ64P8uVJHuiOGl2WTtfpXV7ENJJG4dM21CqzCFg26YESjqqJQhMe/z/5dvYD58 bX2ooZZVKyetRYlMTaXrLaZRmLNp2gbsgmxsuF0t41hT8Hxce9hMHNUETNmepZNW41he RpBgNLTUn/KRP0wH0NncbAPJBP4FheIGGMmXL5e2Rdip+aLVzfMbpyGWRSfdEWTo2s6B 2xMA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id c15-20020adfef4f000000b0032fb9c5aa33si5551023wrp.530.2023.11.09.06.11.21 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 09 Nov 2023 06:11:21 -0800 (PST) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1r15fy-0006Ry-2v; Thu, 09 Nov 2023 09:06:30 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r15dm-0000fn-KD; Thu, 09 Nov 2023 09:04:19 -0500 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r15dk-0007ES-MX; Thu, 09 Nov 2023 09:04:14 -0500 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 04F7431BEA; Thu, 9 Nov 2023 16:59:58 +0300 (MSK) Received: from tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with SMTP id 0FCFB34521; Thu, 9 Nov 2023 16:59:50 +0300 (MSK) Received: (nullmailer pid 1462931 invoked by uid 1000); Thu, 09 Nov 2023 13:59:47 -0000 From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Peter Maydell , Richard Henderson , Michael Tokarev Subject: [Stable-7.2.7 50/62] target/arm: Correctly propagate stage 1 BTI guarded bit in a two-stage walk Date: Thu, 9 Nov 2023 16:59:18 +0300 Message-Id: <20231109135933.1462615-50-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Peter Maydell In a two-stage translation, the result of the BTI guarded bit should be the guarded bit from the first stage of translation, as there is no BTI guard information in stage two. Our code tried to do this, but got it wrong, because we currently have two fields where the GP bit information might live (ARMCacheAttrs::guarded and CPUTLBEntryFull::extra::arm::guarded), and we were storing the GP bit in the latter during the stage 1 walk but trying to copy the former in combine_cacheattrs(). Remove the duplicated storage, and always use the field in CPUTLBEntryFull; correctly propagate the stage 1 value to the output in get_phys_addr_twostage(). Note for stable backports: in v8.0 and earlier the field is named result->f.guarded, not result->f.extra.arm.guarded. Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1950 Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20231031173723.26582-1-peter.maydell@linaro.org (cherry picked from commit 4c09abeae8704970ff03bf2196973f6bf08ab6f9) Signed-off-by: Michael Tokarev (Mjt: replace f.extra.arm.guarded -> f.guarded due to v8.1.0-1179-ga81fef4b64) diff --git a/target/arm/internals.h b/target/arm/internals.h index 161e42d50f..3c7ff51c99 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -1129,7 +1129,6 @@ typedef struct ARMCacheAttrs { unsigned int attrs:8; unsigned int shareability:2; /* as in the SH field of the VMSAv8-64 PTEs */ bool is_s2_format:1; - bool guarded:1; /* guarded bit of the v8-64 PTE */ } ARMCacheAttrs; /* Fields that are valid upon success. */ diff --git a/target/arm/ptw.c b/target/arm/ptw.c index 97c85f3c95..be0cc3e347 100644 --- a/target/arm/ptw.c +++ b/target/arm/ptw.c @@ -2635,7 +2635,7 @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw, hwaddr ipa; int s1_prot, s1_lgpgsz; bool is_secure = ptw->in_secure; - bool ret, ipa_secure; + bool ret, ipa_secure, s1_guarded; ARMCacheAttrs cacheattrs1; bool is_el0; uint64_t hcr; @@ -2661,6 +2661,7 @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw, */ s1_prot = result->f.prot; s1_lgpgsz = result->f.lg_page_size; + s1_guarded = result->f.guarded; cacheattrs1 = result->cacheattrs; memset(result, 0, sizeof(*result)); @@ -2701,6 +2702,9 @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw, result->cacheattrs = combine_cacheattrs(hcr, cacheattrs1, result->cacheattrs); + /* No BTI GP information in stage 2, we just use the S1 value */ + result->f.guarded = s1_guarded; + /* * Check if IPA translates to secure or non-secure PA space. * Note that VSTCR overrides VTCR and {N}SW overrides {N}SA. From patchwork Thu Nov 9 13:59:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 742580 Delivered-To: patch@linaro.org Received: by 2002:a05:6000:110f:b0:32d:baff:b0ca with SMTP id z15csp856475wrw; Thu, 9 Nov 2023 06:08:24 -0800 (PST) X-Google-Smtp-Source: AGHT+IHJ6wjxQXZRUsHBFcqywFR25f6iJ1uKSjFAQ0pB9jMtkKYu/Jp/7pWQYPuGeh9y+Uzqu4Om X-Received: by 2002:a05:600c:1c95:b0:405:409e:1fcb with SMTP id k21-20020a05600c1c9500b00405409e1fcbmr6625763wms.5.1699538903896; Thu, 09 Nov 2023 06:08:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1699538903; cv=none; d=google.com; s=arc-20160816; b=Ck9ye8USW3pOYgCXvwbxByM+bPKe6XhXUNqJSjDea0/y7W0I/rGN04oIz5308Na4Xz tp1cNV9UJzYxcOq47XM1PZEN/oYud3V/uUHxvFMS3DpaoPsjmmPBR9XLc0nnyNqUghlj X9nQ69LAHaoMXxJwIvfwIbQx208uIFN5IEnBINRCMsFsXDKeXHLKCT3qWxwrttkQcI5P SnxbinDpk0DSWreCdy+V+MmzQZuDQi10GId9TQJORVxKMISpsrOteaGEtmbUEwfPTN8J Pweot6FKWUztluoRvRW6Yfm1932TfULLx17o7Zrl3hb9yDrnzuNfsZYowZPF3/Vb13Us F2lQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=+w//xop9vwl7oT1uRjINapQzVvAujLRM7+s81oK0Yiw=; fh=PiAP/tcXQRrLKJkD8+IkmRB/YLniLgzd6sMPrV2nVKI=; b=woD8Gb46keP7oN+sv2dQwY4XrpxIhdJ6+UY86WUn2joqzKemzG8j6dknfx9spHuOaB O0lzEXsCEMHyrqeP5Ml5tXD4e4xe5k4HN5+dRf8EgCj0+bprbw2U/GOX9rRcgOQwe3cy elJsCwxB5hd2NF/q96ivzAmZRvAKdN3tniMWYwd1ZDvJo9Q2IbKgmXfvUZ6vyyBGaGKY DYqA5nNllkEdIq9c+Vff2+96DE/sjamYwnbHC6RyxNN3Bw4VxCp6iS1FtojuZTgWKD+c wBmpkXFzmVxplYkIs3TJGsI/uqb5vRx5lfs4VVw/8l5y3NEnQM1v5QZMxfS4J5QVLeAQ OJoA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id co25-20020a0560000a1900b0032d9fce25f7si5917379wrb.364.2023.11.09.06.08.23 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 09 Nov 2023 06:08:23 -0800 (PST) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1r15gc-0007td-3V; Thu, 09 Nov 2023 09:07:10 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r15eK-0001FG-DG; Thu, 09 Nov 2023 09:04:52 -0500 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r15eI-0007M3-HG; Thu, 09 Nov 2023 09:04:47 -0500 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 7260331BF0; Thu, 9 Nov 2023 16:59:58 +0300 (MSK) Received: from tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with SMTP id 7BAEF34527; Thu, 9 Nov 2023 16:59:50 +0300 (MSK) Received: (nullmailer pid 1462949 invoked by uid 1000); Thu, 09 Nov 2023 13:59:47 -0000 From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Sergey Evlashev , Richard Henderson , Michael Tokarev Subject: [Stable-7.2.7 56/62] target/mips: Fix MSA BZ/BNZ opcodes displacement Date: Thu, 9 Nov 2023 16:59:24 +0300 Message-Id: <20231109135933.1462615-56-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Philippe Mathieu-Daudé The PC offset is *signed*. Cc: qemu-stable@nongnu.org Reported-by: Sergey Evlashev Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1624 Fixes: c7a9ef7517 ("target/mips: Introduce decode tree bindings for MSA ASE") Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Richard Henderson Message-Id: <20230914085807.12241-1-philmd@linaro.org> (cherry picked from commit 04591b3ddd9a96b9298a1dd437a6464ab55e62ee) Signed-off-by: Michael Tokarev diff --git a/target/mips/tcg/msa.decode b/target/mips/tcg/msa.decode index 9575289195..4410e2a02e 100644 --- a/target/mips/tcg/msa.decode +++ b/target/mips/tcg/msa.decode @@ -31,8 +31,8 @@ @lsa ...... rs:5 rt:5 rd:5 ... sa:2 ...... &r @ldst ...... sa:s10 ws:5 wd:5 .... df:2 &msa_i -@bz_v ...... ... .. wt:5 sa:16 &msa_bz df=3 -@bz ...... ... df:2 wt:5 sa:16 &msa_bz +@bz_v ...... ... .. wt:5 sa:s16 &msa_bz df=3 +@bz ...... ... df:2 wt:5 sa:s16 &msa_bz @elm_df ...... .... ...... ws:5 wd:5 ...... &msa_elm_df df=%elm_df n=%elm_n @elm ...... .......... ws:5 wd:5 ...... &msa_elm @vec ...... ..... wt:5 ws:5 wd:5 ...... &msa_r df=0 From patchwork Thu Nov 9 13:59:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 742584 Delivered-To: patch@linaro.org Received: by 2002:a05:6000:110f:b0:32d:baff:b0ca with SMTP id z15csp861108wrw; Thu, 9 Nov 2023 06:15:53 -0800 (PST) X-Google-Smtp-Source: AGHT+IFSdyqdt3dRH5N7R1eYWViFn7ExQ4iPtFEx/Fu9YSl4oWctMo1qvwu9mjFtEnjhM6RcU8Rs X-Received: by 2002:a2e:aa28:0:b0:2c0:20c4:925a with SMTP id bf40-20020a2eaa28000000b002c020c4925amr4317581ljb.26.1699539353143; Thu, 09 Nov 2023 06:15:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1699539353; cv=none; d=google.com; s=arc-20160816; b=yfdSgYUCqTnS2qg3dncak0MCosYtrKK/B2pUanPy19tGA4NuFLS3gBLV1VlnElhz4u Mbb7/c8jr4KyVcSizYjt3bw8aPvRZ8324sonlp72jQGHN4Cdlrrs+sz5kfoGkti7rmei /HLiZzvgDuTONmL6J+q1Mebmhzg6Z1jyRWcSeoygxURrmvo1fsGNy8iGCQILNh8f6yj1 EAdVOUB7ezvIETBBVhsHBLtKubqYfI3kfg8tr+vx1cRfyhH3bjnB+6yffIvka4gM64ZA WwZwpZVtS6l5j1snZ9WZdM9u9ytOqAdFA6RDbpfIbX24hQQYNOviWxW0DdLPvMgIMZ21 axtA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=dW/+JbcP/FD3T0rjC3e39+Ij2RYo3CiD9vdJR7fZwto=; fh=UbSczJHoK8QyPNwfbKMWepRwzNWZsm+gkdUzUXKForo=; b=nHLelA1gUTfFyDw3nDI007Q2ZpyfxH6Sd2N2X4tYb6U3oOJXd7PE1XRVILoabg8GnQ jETJI43WYA1QoPojwmp2XdIrAkalxiNrnO9WMCbD6ZmisbmbPFoel5NgqhCQQaQN+gtu 09dLuOPAy6IZmoGv5JdEPQmPQ+A3HdT7E9ev957C1rhu66JrOzXVZBARYHJMrsHG3qVh q9lptMrZtRhVC82OafyIpvLyMadPc+PPTdEs7lHwU0ynbo4cgIsW+L7wu35Co99Hd/ct fyEgwzUJwD2pRoyy7TMxstgmAwbJq8mHSaLmQQbT5cNcNMwX3xhSvqqGvH/hLbqaZWzg iknA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id c10-20020a5d4cca000000b0032facc5e53bsi5586073wrt.994.2023.11.09.06.15.52 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 09 Nov 2023 06:15:53 -0800 (PST) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1r15hK-0000mr-4y; Thu, 09 Nov 2023 09:07:55 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r15eg-00039D-P4; Thu, 09 Nov 2023 09:05:11 -0500 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r15ec-0007M5-JW; Thu, 09 Nov 2023 09:05:09 -0500 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 82C5131BF1; Thu, 9 Nov 2023 16:59:58 +0300 (MSK) Received: from tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with SMTP id 8DCEA34528; Thu, 9 Nov 2023 16:59:50 +0300 (MSK) Received: (nullmailer pid 1462952 invoked by uid 1000); Thu, 09 Nov 2023 13:59:47 -0000 From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Richard Henderson , Michael Tokarev Subject: [Stable-7.2.7 57/62] target/mips: Fix TX79 LQ/SQ opcodes Date: Thu, 9 Nov 2023 16:59:25 +0300 Message-Id: <20231109135933.1462615-57-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Philippe Mathieu-Daudé The base register address offset is *signed*. Cc: qemu-stable@nongnu.org Fixes: aaaa82a9f9 ("target/mips/tx79: Introduce LQ opcode (Load Quadword)") Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Richard Henderson Message-Id: <20230914090447.12557-1-philmd@linaro.org> (cherry picked from commit 18f86aecd6a1bea0f78af14587a684ad966d8d3a) Signed-off-by: Michael Tokarev diff --git a/target/mips/tcg/tx79.decode b/target/mips/tcg/tx79.decode index 57d87a2076..578b8c54c0 100644 --- a/target/mips/tcg/tx79.decode +++ b/target/mips/tcg/tx79.decode @@ -24,7 +24,7 @@ @rs ...... rs:5 ..... .......... ...... &r sa=0 rt=0 rd=0 @rd ...... .......... rd:5 ..... ...... &r sa=0 rs=0 rt=0 -@ldst ...... base:5 rt:5 offset:16 &i +@ldst ...... base:5 rt:5 offset:s16 &i ###########################################################################