From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:51602)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1WsYZJ-0007E5-Dr
	for qemu-devel@nongnu.org; Thu, 05 Jun 2014 10:23:10 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1WsYZA-000063-81
	for qemu-devel@nongnu.org; Thu, 05 Jun 2014 10:23:01 -0400
Received: from mail-wg0-x22e.google.com ([2a00:1450:400c:c00::22e]:56999)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1WsYZ9-00005k-Rz
	for qemu-devel@nongnu.org; Thu, 05 Jun 2014 10:22:52 -0400
Received: by mail-wg0-f46.google.com with SMTP id b13so991334wgh.29
	for <qemu-devel@nongnu.org>; Thu, 05 Jun 2014 07:22:51 -0700 (PDT)
Received: from playground.station (net-37-117-132-7.cust.vodafonedsl.it.
	[37.117.132.7])
	by mx.google.com with ESMTPSA id p9sm14884136eeg.32.2014.06.05.07.22.49
	for <qemu-devel@nongnu.org>
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 05 Jun 2014 07:22:50 -0700 (PDT)
Sender: Paolo Bonzini <paolo.bonzini@gmail.com>
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Thu,  5 Jun 2014 16:22:06 +0200
Message-Id: <1401978143-11896-17-git-send-email-pbonzini@redhat.com>
In-Reply-To: <1401978143-11896-1-git-send-email-pbonzini@redhat.com>
References: <1401978143-11896-1-git-send-email-pbonzini@redhat.com>
Subject: [Qemu-devel] [PULL 16/33] target-i386: fix kernel accesses with
	SMAP and CPL = 3
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

With SMAP, implicit kernel accesses from user mode always behave as
if AC=0.  To do this, kernel mode is not anymore a separate MMU mode.
Instead, KERNEL_IDX is renamed to KSMAP_IDX and the kernel mode accessors
wrap KSMAP_IDX and KNOSMAP_IDX.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 target-i386/cpu.h        | 15 +++++++++++----
 target-i386/helper.c     |  8 ++++----
 target-i386/seg_helper.c | 18 ++++++++++++++++++
 3 files changed, 33 insertions(+), 8 deletions(-)

diff --git a/target-i386/cpu.h b/target-i386/cpu.h
index f88b675..b80df66 100644
--- a/target-i386/cpu.h
+++ b/target-i386/cpu.h
@@ -1153,17 +1153,24 @@ static inline CPUX86State *cpu_init(const char *cpu_model)
 #define cpudef_setup x86_cpudef_setup
 
 /* MMU modes definitions */
-#define MMU_MODE0_SUFFIX _kernel
+#define MMU_MODE0_SUFFIX _ksmap
 #define MMU_MODE1_SUFFIX _user
 #define MMU_MODE2_SUFFIX _knosmap /* SMAP disabled or CPL<3 && AC=1 */
-#define MMU_KERNEL_IDX  0
+#define MMU_KSMAP_IDX   0
 #define MMU_USER_IDX    1
 #define MMU_KNOSMAP_IDX 2
-static inline int cpu_mmu_index (CPUX86State *env)
+static inline int cpu_mmu_index(CPUX86State *env)
 {
     return (env->hflags & HF_CPL_MASK) == 3 ? MMU_USER_IDX :
         ((env->hflags & HF_SMAP_MASK) && (env->eflags & AC_MASK))
-        ? MMU_KNOSMAP_IDX : MMU_KERNEL_IDX;
+        ? MMU_KNOSMAP_IDX : MMU_KSMAP_IDX;
+}
+
+static inline int cpu_mmu_index_kernel(CPUX86State *env)
+{
+    return !(env->hflags & HF_SMAP_MASK) ? MMU_KNOSMAP_IDX :
+        ((env->hflags & HF_CPL_MASK) < 3 && (env->eflags & AC_MASK))
+        ? MMU_KNOSMAP_IDX : MMU_KSMAP_IDX;
 }
 
 #define CC_DST  (env->cc_dst)
diff --git a/target-i386/helper.c b/target-i386/helper.c
index 88bbe65..6d8e350 100644
--- a/target-i386/helper.c
+++ b/target-i386/helper.c
@@ -648,7 +648,7 @@ int x86_cpu_handle_mmu_fault(CPUState *cs, vaddr addr,
                 }
                 break;
 
-            case MMU_KERNEL_IDX:
+            case MMU_KSMAP_IDX:
                 if (is_write1 != 2 && (env->cr[4] & CR4_SMAP_MASK) &&
                     (ptep & PG_USER_MASK)) {
                     goto do_fault_protect;
@@ -710,7 +710,7 @@ int x86_cpu_handle_mmu_fault(CPUState *cs, vaddr addr,
                 }
                 break;
 
-            case MMU_KERNEL_IDX:
+            case MMU_KSMAP_IDX:
                 if (is_write1 != 2 && (env->cr[4] & CR4_SMAP_MASK) &&
                     (ptep & PG_USER_MASK)) {
                     goto do_fault_protect;
@@ -765,7 +765,7 @@ int x86_cpu_handle_mmu_fault(CPUState *cs, vaddr addr,
                 }
                 break;
 
-            case MMU_KERNEL_IDX:
+            case MMU_KSMAP_IDX:
                 if (is_write1 != 2 && (env->cr[4] & CR4_SMAP_MASK) &&
                     (pde & PG_USER_MASK)) {
                     goto do_fault_protect;
@@ -822,7 +822,7 @@ int x86_cpu_handle_mmu_fault(CPUState *cs, vaddr addr,
                 }
                 break;
 
-            case MMU_KERNEL_IDX:
+            case MMU_KSMAP_IDX:
                 if (is_write1 != 2 && (env->cr[4] & CR4_SMAP_MASK) &&
                     (ptep & PG_USER_MASK)) {
                     goto do_fault_protect;
diff --git a/target-i386/seg_helper.c b/target-i386/seg_helper.c
index 31c5508..934cc2b 100644
--- a/target-i386/seg_helper.c
+++ b/target-i386/seg_helper.c
@@ -34,6 +34,24 @@
 # define LOG_PCALL_STATE(cpu) do { } while (0)
 #endif
 
+#ifndef CONFIG_USER_ONLY
+#define CPU_MMU_INDEX (cpu_mmu_index_kernel(env))
+#define MEMSUFFIX _kernel
+#define DATA_SIZE 1
+#include "exec/cpu_ldst_template.h"
+
+#define DATA_SIZE 2
+#include "exec/cpu_ldst_template.h"
+
+#define DATA_SIZE 4
+#include "exec/cpu_ldst_template.h"
+
+#define DATA_SIZE 8
+#include "exec/cpu_ldst_template.h"
+#undef CPU_MMU_INDEX
+#undef MEMSUFFIX
+#endif
+
 /* return non zero if error */
 static inline int load_segment(CPUX86State *env, uint32_t *e1_ptr,
                                uint32_t *e2_ptr, int selector)
-- 
1.8.3.1