[Qemu-devel] [PATCH] target-arm: disable PAGE

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [Qemu-devel] [PATCH] target-arm: disable PAGE_EXEC for XN pages
@ 2010-03-19 20:58 Rabin Vincent
  2010-03-27 13:15 ` Aurelien Jarno
  0 siblings, 1 reply; 2+ messages in thread
From: Rabin Vincent @ 2010-03-19 20:58 UTC (permalink / raw)
  To: qemu-devel; +Cc: Rabin Vincent

Don't set PAGE_EXEC for XN pages, to avoid a bypass of XN protection
checking if the page is already in the TLB.

Signed-off-by: Rabin Vincent <rabin@rab.in>
---
 target-arm/helper.c |   10 +++++++---
 1 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index 18e22b1..e092b21 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -979,6 +979,7 @@ static int get_phys_addr_v5(CPUState *env, uint32_t address, int access_type,
         /* Access permission fault.  */
         goto do_fault;
     }
+    *prot |= PAGE_EXEC;
     *phys_ptr = phys_addr;
     return 0;
 do_fault:
@@ -1075,6 +1076,9 @@ static int get_phys_addr_v6(CPUState *env, uint32_t address, int access_type,
         /* Access permission fault.  */
         goto do_fault;
     }
+    if (!xn) {
+        *prot |= PAGE_EXEC;
+    }
     *phys_ptr = phys_addr;
     return 0;
 do_fault:
@@ -1137,6 +1141,7 @@ static int get_phys_addr_mpu(CPUState *env, uint32_t address, int access_type,
 	/* Bad permission.  */
 	return 1;
     }
+    *prot |= PAGE_EXEC;
     return 0;
 }
 
@@ -1152,7 +1157,7 @@ static inline int get_phys_addr(CPUState *env, uint32_t address,
     if ((env->cp15.c1_sys & 1) == 0) {
         /* MMU/MPU disabled.  */
         *phys_ptr = address;
-        *prot = PAGE_READ | PAGE_WRITE;
+        *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
         *page_size = TARGET_PAGE_SIZE;
         return 0;
     } else if (arm_feature(env, ARM_FEATURE_MPU)) {
@@ -1183,8 +1188,7 @@ int cpu_arm_handle_mmu_fault (CPUState *env, target_ulong address,
         /* Map a single [sub]page.  */
         phys_addr &= ~(uint32_t)0x3ff;
         address &= ~(uint32_t)0x3ff;
-        tlb_set_page (env, address, phys_addr, prot | PAGE_EXEC, mmu_idx,
-                      page_size);
+        tlb_set_page (env, address, phys_addr, prot, mmu_idx, page_size);
         return 0;
     }
 
-- 
1.7.0

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [Qemu-devel] [PATCH] target-arm: disable PAGE_EXEC for XN pages
  2010-03-19 20:58 [Qemu-devel] [PATCH] target-arm: disable PAGE_EXEC for XN pages Rabin Vincent
@ 2010-03-27 13:15 ` Aurelien Jarno
  0 siblings, 0 replies; 2+ messages in thread
From: Aurelien Jarno @ 2010-03-27 13:15 UTC (permalink / raw)
  To: Rabin Vincent; +Cc: qemu-devel

On Sat, Mar 20, 2010 at 02:28:03AM +0530, Rabin Vincent wrote:
> Don't set PAGE_EXEC for XN pages, to avoid a bypass of XN protection
> checking if the page is already in the TLB.

Thanks, applied.

> Signed-off-by: Rabin Vincent <rabin@rab.in>
> ---
>  target-arm/helper.c |   10 +++++++---
>  1 files changed, 7 insertions(+), 3 deletions(-)
> 
> diff --git a/target-arm/helper.c b/target-arm/helper.c
> index 18e22b1..e092b21 100644
> --- a/target-arm/helper.c
> +++ b/target-arm/helper.c
> @@ -979,6 +979,7 @@ static int get_phys_addr_v5(CPUState *env, uint32_t address, int access_type,
>          /* Access permission fault.  */
>          goto do_fault;
>      }
> +    *prot |= PAGE_EXEC;
>      *phys_ptr = phys_addr;
>      return 0;
>  do_fault:
> @@ -1075,6 +1076,9 @@ static int get_phys_addr_v6(CPUState *env, uint32_t address, int access_type,
>          /* Access permission fault.  */
>          goto do_fault;
>      }
> +    if (!xn) {
> +        *prot |= PAGE_EXEC;
> +    }
>      *phys_ptr = phys_addr;
>      return 0;
>  do_fault:
> @@ -1137,6 +1141,7 @@ static int get_phys_addr_mpu(CPUState *env, uint32_t address, int access_type,
>  	/* Bad permission.  */
>  	return 1;
>      }
> +    *prot |= PAGE_EXEC;
>      return 0;
>  }
>  
> @@ -1152,7 +1157,7 @@ static inline int get_phys_addr(CPUState *env, uint32_t address,
>      if ((env->cp15.c1_sys & 1) == 0) {
>          /* MMU/MPU disabled.  */
>          *phys_ptr = address;
> -        *prot = PAGE_READ | PAGE_WRITE;
> +        *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
>          *page_size = TARGET_PAGE_SIZE;
>          return 0;
>      } else if (arm_feature(env, ARM_FEATURE_MPU)) {
> @@ -1183,8 +1188,7 @@ int cpu_arm_handle_mmu_fault (CPUState *env, target_ulong address,
>          /* Map a single [sub]page.  */
>          phys_addr &= ~(uint32_t)0x3ff;
>          address &= ~(uint32_t)0x3ff;
> -        tlb_set_page (env, address, phys_addr, prot | PAGE_EXEC, mmu_idx,
> -                      page_size);
> +        tlb_set_page (env, address, phys_addr, prot, mmu_idx, page_size);
>          return 0;
>      }
>  
> -- 
> 1.7.0
> 
> 
> 
> 

-- 
Aurelien Jarno                          GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2010-03-27 13:15 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-03-19 20:58 [Qemu-devel] [PATCH] target-arm: disable PAGE_EXEC for XN pages Rabin Vincent
2010-03-27 13:15 ` Aurelien Jarno

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).