From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Cc: qemu-arm@nongnu.org
Subject: [PATCH v3 17/25] target/arm: Handle no-execute for Realm and Root regimes
Date: Tue, 21 Feb 2023 16:33:28 -1000 [thread overview]
Message-ID: <20230222023336.915045-18-richard.henderson@linaro.org> (raw)
In-Reply-To: <20230222023336.915045-1-richard.henderson@linaro.org>
While Root and Realm may read and write data from other spaces,
neither may execute from other pa spaces.
This happens for Stage1 EL3, EL2, EL2&0, but stage2 EL1&0.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 52 ++++++++++++++++++++++++++++++++++++++++++------
1 file changed, 46 insertions(+), 6 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 61c1227578..fc4c1ccf54 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -907,7 +907,7 @@ do_fault:
* @xn: XN (execute-never) bits
* @s1_is_el0: true if this is S2 of an S1+2 walk for EL0
*/
-static int get_S2prot(CPUARMState *env, int s2ap, int xn, bool s1_is_el0)
+static int get_S2prot_noexecute(int s2ap)
{
int prot = 0;
@@ -917,6 +917,12 @@ static int get_S2prot(CPUARMState *env, int s2ap, int xn, bool s1_is_el0)
if (s2ap & 2) {
prot |= PAGE_WRITE;
}
+ return prot;
+}
+
+static int get_S2prot(CPUARMState *env, int s2ap, int xn, bool s1_is_el0)
+{
+ int prot = get_S2prot_noexecute(s2ap);
if (cpu_isar_feature(any_tts2uxn, env_archcpu(env))) {
switch (xn) {
@@ -982,9 +988,39 @@ static int get_S1prot(CPUARMState *env, ARMMMUIdx mmu_idx, bool is_aa64,
}
}
- if (out_pa == ARMSS_NonSecure && in_pa == ARMSS_Secure &&
- (env->cp15.scr_el3 & SCR_SIF)) {
- return prot_rw;
+ if (in_pa != out_pa) {
+ switch (in_pa) {
+ case ARMSS_Root:
+ /*
+ * R_ZWRVD: permission fault for insn fetched from non-Root,
+ * I_WWBFB: SIF has no effect in EL3.
+ */
+ return prot_rw;
+ case ARMSS_Realm:
+ /*
+ * R_PKTDS: permission fault for insn fetched from non-Realm,
+ * for Realm EL2 or EL2&0. The corresponding fault for EL1&0
+ * happens during any stage2 translation.
+ */
+ switch (mmu_idx) {
+ case ARMMMUIdx_E2:
+ case ARMMMUIdx_E20_0:
+ case ARMMMUIdx_E20_2:
+ case ARMMMUIdx_E20_2_PAN:
+ return prot_rw;
+ default:
+ break;
+ }
+ break;
+ case ARMSS_Secure:
+ if (env->cp15.scr_el3 & SCR_SIF) {
+ return prot_rw;
+ }
+ break;
+ default:
+ /* Input NonSecure must have output NonSecure. */
+ g_assert_not_reached();
+ }
}
/* TODO have_wxn should be replaced with
@@ -1561,12 +1597,16 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
/*
* R_GYNXY: For stage2 in Realm security state, bit 55 is NS.
* The bit remains ignored for other security states.
+ * R_YMCSL: Executing an insn fetched from non-Realm causes
+ * a stage2 permission fault.
*/
if (out_space == ARMSS_Realm && extract64(attrs, 55, 1)) {
out_space = ARMSS_NonSecure;
+ result->f.prot = get_S2prot_noexecute(ap);
+ } else {
+ xn = extract64(attrs, 53, 2);
+ result->f.prot = get_S2prot(env, ap, xn, s1_is_el0);
}
- xn = extract64(attrs, 53, 2);
- result->f.prot = get_S2prot(env, ap, xn, s1_is_el0);
} else {
int nse, ns = extract32(attrs, 5, 1);
switch (out_space) {
--
2.34.1
next prev parent reply other threads:[~2023-02-22 2:37 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-22 2:33 [PATCH v3 00/25] target/arm: Implement FEAT_RME Richard Henderson
2023-02-22 2:33 ` [PATCH v3 01/25] target/arm: Handle m-profile in arm_is_secure Richard Henderson
2023-02-24 13:14 ` Peter Maydell
2023-02-22 2:33 ` [PATCH v3 02/25] target/arm: Stub arm_hcr_el2_eff for m-profile Richard Henderson
2023-02-24 13:15 ` Peter Maydell
2023-02-22 2:33 ` [PATCH v3 03/25] target/arm: Diagnose incorrect usage of arm_is_secure subroutines Richard Henderson
2023-02-22 9:39 ` Philippe Mathieu-Daudé
2023-02-24 13:16 ` Peter Maydell
2023-02-22 2:33 ` [PATCH v3 04/25] target/arm: Rewrite check_s2_mmu_setup Richard Henderson
2023-02-24 13:53 ` Peter Maydell
2023-02-22 2:33 ` [PATCH v3 05/25] target/arm: Add isar_feature_aa64_rme Richard Henderson
2023-02-22 9:41 ` Philippe Mathieu-Daudé
2023-02-22 2:33 ` [PATCH v3 06/25] target/arm: Update SCR and HCR for RME Richard Henderson
2023-02-22 2:33 ` [PATCH v3 07/25] target/arm: SCR_EL3.NS may be RES1 Richard Henderson
2023-02-24 14:24 ` Peter Maydell
2023-02-22 2:33 ` [PATCH v3 08/25] target/arm: Add RME cpregs Richard Henderson
2023-02-22 2:33 ` [PATCH v3 09/25] target/arm: Introduce ARMSecuritySpace Richard Henderson
2023-02-22 2:33 ` [PATCH v3 10/25] include/exec/memattrs: Add two bits of space to MemTxAttrs Richard Henderson
2023-02-22 2:33 ` [PATCH v3 11/25] target/arm: Adjust the order of Phys and Stage2 ARMMMUIdx Richard Henderson
2023-02-22 2:33 ` [PATCH v3 12/25] target/arm: Introduce ARMMMUIdx_Phys_{Realm,Root} Richard Henderson
2023-02-22 9:44 ` Philippe Mathieu-Daudé
2023-02-22 2:33 ` [PATCH v3 13/25] target/arm: Remove __attribute__((nonnull)) from ptw.c Richard Henderson
2023-02-22 9:44 ` Philippe Mathieu-Daudé
2023-02-24 13:18 ` Peter Maydell
2023-02-22 2:33 ` [PATCH v3 14/25] target/arm: Pipe ARMSecuritySpace through ptw.c Richard Henderson
2023-02-22 2:33 ` [PATCH v3 15/25] target/arm: NSTable is RES0 for the RME EL3 regime Richard Henderson
2023-02-24 14:28 ` Peter Maydell
2023-02-22 2:33 ` [PATCH v3 16/25] target/arm: Handle Block and Page bits for security space Richard Henderson
2023-02-24 14:51 ` Peter Maydell
2023-02-22 2:33 ` Richard Henderson [this message]
2023-02-24 14:58 ` [PATCH v3 17/25] target/arm: Handle no-execute for Realm and Root regimes Peter Maydell
2023-02-22 2:33 ` [PATCH v3 18/25] target/arm: Use get_phys_addr_with_struct in S1_ptw_translate Richard Henderson
2023-02-22 2:33 ` [PATCH v3 19/25] target/arm: Move s1_is_el0 into S1Translate Richard Henderson
2023-02-22 9:46 ` Philippe Mathieu-Daudé
2023-02-22 2:33 ` [PATCH v3 20/25] target/arm: Use get_phys_addr_with_struct for stage2 Richard Henderson
2023-02-22 9:50 ` Philippe Mathieu-Daudé
2023-02-24 15:06 ` Peter Maydell
2023-02-22 2:33 ` [PATCH v3 21/25] target/arm: Add GPC syndrome Richard Henderson
2023-02-22 2:33 ` [PATCH v3 22/25] target/arm: Implement GPC exceptions Richard Henderson
2023-02-22 2:33 ` [PATCH v3 23/25] target/arm: Implement the granule protection check Richard Henderson
2023-02-22 2:33 ` [PATCH NOTFORMERGE v3 24/25] target/arm: Enable RME for -cpu max Richard Henderson
2023-02-22 2:33 ` [PATCH NOTFORMERGE v3 25/25] hw/arm/virt: Add some memory for Realm Management Monitor Richard Henderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230222023336.915045-18-richard.henderson@linaro.org \
--to=richard.henderson@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).