From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Cc: qemu-arm@nongnu.org, yier.jin@huawei.com,
jonathan.cameron@huawei.com, leonardo.garcia@linaro.org
Subject: [PATCH 14/22] target/arm: Handle no-execute for Realm and Root regimes
Date: Mon, 23 Jan 2023 14:00:19 -1000 [thread overview]
Message-ID: <20230124000027.3565716-15-richard.henderson@linaro.org> (raw)
In-Reply-To: <20230124000027.3565716-1-richard.henderson@linaro.org>
While Root and Realm may read and write data from other spaces,
neither may execute from other pa spaces.
This happens for Stage1 EL3, EL2, EL2&0, but stage2 EL1&0.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 66 ++++++++++++++++++++++++++++++++++++++++++------
1 file changed, 58 insertions(+), 8 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 849f5e89ca..6b6f8195eb 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -909,7 +909,7 @@ do_fault:
* @xn: XN (execute-never) bits
* @s1_is_el0: true if this is S2 of an S1+2 walk for EL0
*/
-static int get_S2prot(CPUARMState *env, int s2ap, int xn, bool s1_is_el0)
+static int get_S2prot_noexecute(int s2ap)
{
int prot = 0;
@@ -919,6 +919,12 @@ static int get_S2prot(CPUARMState *env, int s2ap, int xn, bool s1_is_el0)
if (s2ap & 2) {
prot |= PAGE_WRITE;
}
+ return prot;
+}
+
+static int get_S2prot(CPUARMState *env, int s2ap, int xn, bool s1_is_el0)
+{
+ int prot = get_S2prot_noexecute(s2ap);
if (cpu_isar_feature(any_tts2uxn, env_archcpu(env))) {
switch (xn) {
@@ -956,12 +962,14 @@ static int get_S2prot(CPUARMState *env, int s2ap, int xn, bool s1_is_el0)
* @mmu_idx: MMU index indicating required translation regime
* @is_aa64: TRUE if AArch64
* @ap: The 2-bit simple AP (AP[2:1])
- * @ns: NS (non-secure) bit
* @xn: XN (execute-never) bit
* @pxn: PXN (privileged execute-never) bit
+ * @in_pa: The original input pa space
+ * @out_pa: The output pa space, modified by NSTable, NS, and NSE
*/
static int get_S1prot(CPUARMState *env, ARMMMUIdx mmu_idx, bool is_aa64,
- int ap, int ns, int xn, int pxn)
+ int ap, int xn, int pxn,
+ ARMSecuritySpace in_pa, ARMSecuritySpace out_pa)
{
bool is_user = regime_is_user(env, mmu_idx);
int prot_rw, user_rw;
@@ -982,8 +990,39 @@ static int get_S1prot(CPUARMState *env, ARMMMUIdx mmu_idx, bool is_aa64,
}
}
- if (ns && arm_is_secure(env) && (env->cp15.scr_el3 & SCR_SIF)) {
- return prot_rw;
+ if (in_pa != out_pa) {
+ switch (in_pa) {
+ case ARMSS_Root:
+ /*
+ * R_ZWRVD: permission fault for insn fetched from non-Root,
+ * I_WWBFB: SIF has no effect in EL3.
+ */
+ return prot_rw;
+ case ARMSS_Realm:
+ /*
+ * R_PKTDS: permission fault for insn fetched from non-Realm,
+ * for Realm EL2 or EL2&0. The corresponding fault for EL1&0
+ * happens during any stage2 translation.
+ */
+ switch (mmu_idx) {
+ case ARMMMUIdx_E2:
+ case ARMMMUIdx_E20_0:
+ case ARMMMUIdx_E20_2:
+ case ARMMMUIdx_E20_2_PAN:
+ return prot_rw;
+ default:
+ break;
+ }
+ break;
+ case ARMSS_Secure:
+ if (env->cp15.scr_el3 & SCR_SIF) {
+ return prot_rw;
+ }
+ break;
+ default:
+ /* Input NonSecure must have output NonSecure. */
+ g_assert_not_reached();
+ }
}
/* TODO have_wxn should be replaced with
@@ -1556,12 +1595,16 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
/*
* R_GYNXY: For stage2 in Realm security state, bit 55 is NS.
* The bit remains ignored for other security states.
+ * R_YMCSL: Executing an insn fetched from non-Realm causes
+ * a stage2 permission fault.
*/
if (out_space == ARMSS_Realm && extract64(attrs, 55, 1)) {
out_space = ARMSS_NonSecure;
+ result->f.prot = get_S2prot_noexecute(ap);
+ } else {
+ xn = extract64(attrs, 53, 2);
+ result->f.prot = get_S2prot(env, ap, xn, s1_is_el0);
}
- xn = extract64(attrs, 53, 2);
- result->f.prot = get_S2prot(env, ap, xn, s1_is_el0);
} else {
int ns = extract32(attrs, 5, 1);
switch (out_space) {
@@ -1613,7 +1656,14 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
}
xn = extract64(attrs, 54, 1);
pxn = extract64(attrs, 53, 1);
- result->f.prot = get_S1prot(env, mmu_idx, aarch64, ap, ns, xn, pxn);
+
+ /*
+ * Note that we modified ptw->in_space earlier for NSTable,
+ * and result->f.attrs was initialized by get_phys_addr, so
+ * that retains a copy of the original security space.
+ */
+ result->f.prot = get_S1prot(env, mmu_idx, aarch64, ap, xn, pxn,
+ result->f.attrs.space, out_space);
}
if (!(result->f.prot & (1 << access_type))) {
--
2.34.1
next prev parent reply other threads:[~2023-01-24 0:02 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-24 0:00 [PATCH 00/22] target/arm: Implement FEAT_RME Richard Henderson
2023-01-24 0:00 ` [PATCH 01/22] target/arm: Fix pmsav8 stage2 secure parameter Richard Henderson
2023-02-07 14:26 ` Peter Maydell
2023-01-24 0:00 ` [PATCH 02/22] target/arm: Rewrite check_s2_mmu_setup Richard Henderson
2023-02-07 16:00 ` Peter Maydell
2023-02-07 19:31 ` Richard Henderson
2023-01-24 0:00 ` [PATCH 03/22] target/arm: Add isar_feature_aa64_rme Richard Henderson
2023-02-07 14:31 ` Peter Maydell
2023-01-24 0:00 ` [PATCH 04/22] target/arm: Update SCR and HCR for RME Richard Henderson
2023-02-07 14:34 ` Peter Maydell
2023-01-24 0:00 ` [PATCH 05/22] target/arm: SCR_EL3.NS may be RES1 Richard Henderson
2023-02-07 14:39 ` Peter Maydell
2023-02-07 19:43 ` Richard Henderson
2023-01-24 0:00 ` [PATCH 06/22] target/arm: Add RME cpregs Richard Henderson
2023-02-07 14:53 ` Peter Maydell
2023-02-08 21:51 ` Richard Henderson
2023-01-24 0:00 ` [PATCH 07/22] target/arm: Introduce ARMSecuritySpace Richard Henderson
2023-02-07 15:00 ` Peter Maydell
2023-02-08 22:00 ` Richard Henderson
2023-01-24 0:00 ` [PATCH 08/22] include/exec/memattrs: Add two bits of space to MemTxAttrs Richard Henderson
2023-02-07 15:05 ` Peter Maydell
2023-02-08 22:12 ` Richard Henderson
2023-01-24 0:00 ` [PATCH 09/22] target/arm: Adjust the order of Phys and Stage2 ARMMMUIdx Richard Henderson
2023-02-07 15:07 ` Peter Maydell
2023-01-24 0:00 ` [PATCH 10/22] target/arm: Introduce ARMMMUIdx_Phys_{Realm,Root} Richard Henderson
2023-02-07 15:09 ` Peter Maydell
2023-01-24 0:00 ` [PATCH 11/22] target/arm: Pipe ARMSecuritySpace through ptw.c Richard Henderson
2023-02-07 16:15 ` Peter Maydell
2023-01-24 0:00 ` [PATCH 12/22] target/arm: NSTable is RES0 for the RME EL3 regime Richard Henderson
2023-02-10 11:36 ` Peter Maydell
2023-02-10 19:49 ` Richard Henderson
2023-01-24 0:00 ` [PATCH 13/22] target/arm: Handle Block and Page bits for security space Richard Henderson
2023-02-10 11:53 ` Peter Maydell
2023-01-24 0:00 ` Richard Henderson [this message]
2023-02-10 11:59 ` [PATCH 14/22] target/arm: Handle no-execute for Realm and Root regimes Peter Maydell
2023-01-24 0:00 ` [PATCH 15/22] target/arm: Use get_phys_addr_with_struct in S1_ptw_translate Richard Henderson
2023-02-10 13:21 ` Peter Maydell
2023-01-24 0:00 ` [PATCH 16/22] target/arm: Move s1_is_El0 into S1Translate Richard Henderson
2023-02-10 13:23 ` Peter Maydell
2023-01-24 0:00 ` [PATCH 17/22] target/arm: Use get_phys_addr_with_struct for stage2 Richard Henderson
2023-02-10 13:28 ` Peter Maydell
2023-02-20 22:15 ` Richard Henderson
2023-02-21 11:11 ` Peter Maydell
2023-01-24 0:00 ` [PATCH 18/22] target/arm: Add GPC syndrome Richard Henderson
2023-02-10 13:32 ` Peter Maydell
2023-01-24 0:00 ` [PATCH 19/22] target/arm: Implement GPC exceptions Richard Henderson
2023-02-10 13:53 ` Peter Maydell
2023-01-24 0:00 ` [PATCH 20/22] target/arm: Implement the granule protection check Richard Henderson
2023-02-10 14:18 ` Peter Maydell
2023-01-24 0:00 ` [PATCH 21/22] target/arm: Enable RME for -cpu max Richard Henderson
2023-02-10 14:20 ` Peter Maydell
2023-02-20 23:31 ` Richard Henderson
2023-01-24 0:00 ` [RFC PATCH 22/22] hw/arm/virt: Add some memory for Realm Management Monitor Richard Henderson
2023-02-10 14:24 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230124000027.3565716-15-richard.henderson@linaro.org \
--to=richard.henderson@linaro.org \
--cc=jonathan.cameron@huawei.com \
--cc=leonardo.garcia@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=yier.jin@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).