[Qemu-devel] [PATCH 0/3] target-arm: fix mmu access protection emulation

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [Qemu-devel] [PATCH 0/3] target-arm: fix mmu access protection emulation
@ 2010-12-08 11:15 Juha Riihimäki
  2010-12-08 11:15 ` [Qemu-devel] [PATCH 1/3] target-arm: fix vmsav6 access control Juha Riihimäki
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: Juha Riihimäki @ 2010-12-08 11:15 UTC (permalink / raw)
  To: qemu-devel

The ARM VMSAv6 emulation does not correctly ignore access protection
checks for manager domain translation table descriptors. This causes
ARM Linux kernel to hang during initialization for ARMv7 CPUs. However
that has so far been hidden by another emulation bug where the cp15
c1 system control register has an invalid reset value for the emulated
ARMv6 and ARMv7 processors indicating an earlier processor revision
instead and thus making QEMU run the MMU emulation in ARMv5 mode.

This patch series fixes the access protection emulation in the ARM
MMU emulation (1) and introduces correct cp15 c1 system control
register values for the ARM1136, Cortex-A8 and Cortex-A9 cores (2,3).

Juha Riihimäki (2):
  target-arm: fix vmsav6 access control
  target-arm: correct cp15 c1_sys reset value for arm1136 and cortex-a9

Mattias Holm (1):
  target-arm: correct cp15 c1_sys reset value for cortex-a8

 target-arm/helper.c |   37 ++++++++++++++++++++++---------------
 1 files changed, 22 insertions(+), 15 deletions(-)

-- 
1.7.3.1

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Qemu-devel] [PATCH 1/3] target-arm: fix vmsav6 access control
  2010-12-08 11:15 [Qemu-devel] [PATCH 0/3] target-arm: fix mmu access protection emulation Juha Riihimäki
@ 2010-12-08 11:15 ` Juha Riihimäki
  2010-12-08 11:15 ` [Qemu-devel] [PATCH 2/3] target-arm: correct cp15 c1_sys reset value for cortex-a8 Juha Riihimäki
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: Juha Riihimäki @ 2010-12-08 11:15 UTC (permalink / raw)
  To: qemu-devel

Override access control checks (including execute) for mmu translation
table descriptors assigned to manager domains.

Signed-off-by: Juha Riihimäki <juha.riihimaki@nokia.com>
---
 target-arm/helper.c |   34 +++++++++++++++++++---------------
 1 files changed, 19 insertions(+), 15 deletions(-)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index 996d40d..5bcfcf7 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -1078,22 +1078,26 @@ static int get_phys_addr_v6(CPUState *env, uint32_t address, int access_type,
         }
         code = 15;
     }
-    if (xn && access_type == 2)
-        goto do_fault;
+    if (domain == 3) {
+        *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
+    } else {
+        if (xn && access_type == 2)
+            goto do_fault;
 
-    /* The simplified model uses AP[0] as an access control bit.  */
-    if ((env->cp15.c1_sys & (1 << 29)) && (ap & 1) == 0) {
-        /* Access flag fault.  */
-        code = (code == 15) ? 6 : 3;
-        goto do_fault;
-    }
-    *prot = check_ap(env, ap, domain, access_type, is_user);
-    if (!*prot) {
-        /* Access permission fault.  */
-        goto do_fault;
-    }
-    if (!xn) {
-        *prot |= PAGE_EXEC;
+        /* The simplified model uses AP[0] as an access control bit.  */
+        if ((env->cp15.c1_sys & (1 << 29)) && (ap & 1) == 0) {
+            /* Access flag fault.  */
+            code = (code == 15) ? 6 : 3;
+            goto do_fault;
+        }
+        *prot = check_ap(env, ap, domain, access_type, is_user);
+        if (!*prot) {
+            /* Access permission fault.  */
+            goto do_fault;
+        }
+        if (!xn) {
+            *prot |= PAGE_EXEC;
+        }
     }
     *phys_ptr = phys_addr;
     return 0;
-- 
1.7.3.1

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [Qemu-devel] [PATCH 2/3] target-arm: correct cp15 c1_sys reset value for cortex-a8
  2010-12-08 11:15 [Qemu-devel] [PATCH 0/3] target-arm: fix mmu access protection emulation Juha Riihimäki
  2010-12-08 11:15 ` [Qemu-devel] [PATCH 1/3] target-arm: fix vmsav6 access control Juha Riihimäki
@ 2010-12-08 11:15 ` Juha Riihimäki
  2010-12-08 11:15 ` [Qemu-devel] [PATCH 3/3] target-arm: correct cp15 c1_sys reset value for arm1136 and cortex-a9 Juha Riihimäki
  2010-12-27 20:32 ` [Qemu-devel] [PATCH 0/3] target-arm: fix mmu access protection emulation Aurelien Jarno
  3 siblings, 0 replies; 5+ messages in thread
From: Juha Riihimäki @ 2010-12-08 11:15 UTC (permalink / raw)
  To: qemu-devel

From: Mattias Holm <holm@liacs.nl>

Signed-off-by: Juha Riihimäki <juha.riihimaki@nokia.com>
---
 target-arm/helper.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index 5bcfcf7..7cd6a4e 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -109,6 +109,7 @@ static void cpu_reset_model_id(CPUARMState *env, uint32_t id)
         env->cp15.c0_ccsid[0] = 0xe007e01a; /* 16k L1 dcache. */
         env->cp15.c0_ccsid[1] = 0x2007e01a; /* 16k L1 icache. */
         env->cp15.c0_ccsid[2] = 0xf0000000; /* No L2 icache. */
+        env->cp15.c1_sys = 0x00c50078;
         break;
     case ARM_CPUID_CORTEXA9:
         set_feature(env, ARM_FEATURE_V6);
-- 
1.7.3.1

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [Qemu-devel] [PATCH 3/3] target-arm: correct cp15 c1_sys reset value for arm1136 and cortex-a9
  2010-12-08 11:15 [Qemu-devel] [PATCH 0/3] target-arm: fix mmu access protection emulation Juha Riihimäki
  2010-12-08 11:15 ` [Qemu-devel] [PATCH 1/3] target-arm: fix vmsav6 access control Juha Riihimäki
  2010-12-08 11:15 ` [Qemu-devel] [PATCH 2/3] target-arm: correct cp15 c1_sys reset value for cortex-a8 Juha Riihimäki
@ 2010-12-08 11:15 ` Juha Riihimäki
  2010-12-27 20:32 ` [Qemu-devel] [PATCH 0/3] target-arm: fix mmu access protection emulation Aurelien Jarno
  3 siblings, 0 replies; 5+ messages in thread
From: Juha Riihimäki @ 2010-12-08 11:15 UTC (permalink / raw)
  To: qemu-devel

Signed-off-by: Juha Riihimäki <juha.riihimaki@nokia.com>
---
 target-arm/helper.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index 7cd6a4e..1522022 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -76,6 +76,7 @@ static void cpu_reset_model_id(CPUARMState *env, uint32_t id)
         memcpy(env->cp15.c0_c1, arm1136_cp15_c0_c1, 8 * sizeof(uint32_t));
         memcpy(env->cp15.c0_c2, arm1136_cp15_c0_c2, 8 * sizeof(uint32_t));
         env->cp15.c0_cachetype = 0x1dd20d2;
+        env->cp15.c1_sys = 0x00050078;
         break;
     case ARM_CPUID_ARM11MPCORE:
         set_feature(env, ARM_FEATURE_V6);
@@ -131,6 +132,7 @@ static void cpu_reset_model_id(CPUARMState *env, uint32_t id)
         env->cp15.c0_clid = (1 << 27) | (1 << 24) | 3;
         env->cp15.c0_ccsid[0] = 0xe00fe015; /* 16k L1 dcache. */
         env->cp15.c0_ccsid[1] = 0x200fe015; /* 16k L1 icache. */
+        env->cp15.c1_sys = 0x00c50078;
         break;
     case ARM_CPUID_CORTEXM3:
         set_feature(env, ARM_FEATURE_V6);
-- 
1.7.3.1

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [Qemu-devel] [PATCH 0/3] target-arm: fix mmu access protection emulation
  2010-12-08 11:15 [Qemu-devel] [PATCH 0/3] target-arm: fix mmu access protection emulation Juha Riihimäki
                   ` (2 preceding siblings ...)
  2010-12-08 11:15 ` [Qemu-devel] [PATCH 3/3] target-arm: correct cp15 c1_sys reset value for arm1136 and cortex-a9 Juha Riihimäki
@ 2010-12-27 20:32 ` Aurelien Jarno
  3 siblings, 0 replies; 5+ messages in thread
From: Aurelien Jarno @ 2010-12-27 20:32 UTC (permalink / raw)
  To: Juha Riihimäki; +Cc: qemu-devel

On Wed, Dec 08, 2010 at 01:15:15PM +0200, Juha Riihimäki wrote:
> The ARM VMSAv6 emulation does not correctly ignore access protection
> checks for manager domain translation table descriptors. This causes
> ARM Linux kernel to hang during initialization for ARMv7 CPUs. However
> that has so far been hidden by another emulation bug where the cp15
> c1 system control register has an invalid reset value for the emulated
> ARMv6 and ARMv7 processors indicating an earlier processor revision
> instead and thus making QEMU run the MMU emulation in ARMv5 mode.
> 
> This patch series fixes the access protection emulation in the ARM
> MMU emulation (1) and introduces correct cp15 c1 system control
> register values for the ARM1136, Cortex-A8 and Cortex-A9 cores (2,3).
> 
> 
> Juha Riihimäki (2):
>   target-arm: fix vmsav6 access control
>   target-arm: correct cp15 c1_sys reset value for arm1136 and cortex-a9
> 
> Mattias Holm (1):
>   target-arm: correct cp15 c1_sys reset value for cortex-a8
> 
>  target-arm/helper.c |   37 ++++++++++++++++++++++---------------
>  1 files changed, 22 insertions(+), 15 deletions(-)
> 

Thanks, all applied.


-- 
Aurelien Jarno                          GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2010-12-27 21:29 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-12-08 11:15 [Qemu-devel] [PATCH 0/3] target-arm: fix mmu access protection emulation Juha Riihimäki
2010-12-08 11:15 ` [Qemu-devel] [PATCH 1/3] target-arm: fix vmsav6 access control Juha Riihimäki
2010-12-08 11:15 ` [Qemu-devel] [PATCH 2/3] target-arm: correct cp15 c1_sys reset value for cortex-a8 Juha Riihimäki
2010-12-08 11:15 ` [Qemu-devel] [PATCH 3/3] target-arm: correct cp15 c1_sys reset value for arm1136 and cortex-a9 Juha Riihimäki
2010-12-27 20:32 ` [Qemu-devel] [PATCH 0/3] target-arm: fix mmu access protection emulation Aurelien Jarno

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).