[PATCH for-8.0? 0/2] target/arm: BTI guarded bit fixes

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [PATCH for-8.0? 0/2] target/arm: BTI guarded bit fixes
@ 2023-04-07 18:51 Richard Henderson
  2023-04-07 18:51 ` [PATCH 1/2] target/arm: PTE bit GP only applies to stage1 Richard Henderson
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Richard Henderson @ 2023-04-07 18:51 UTC (permalink / raw)
  To: qemu-devel; +Cc: qemu-arm

As reported by Coverity and triaged by Peter.


r~

Richard Henderson (2):
  target/arm: PTE bit GP only applies to stage1
  target/arm: Copy guarded bit in combine_cacheattrs

 target/arm/ptw.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

-- 
2.34.1



^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH 1/2] target/arm: PTE bit GP only applies to stage1
  2023-04-07 18:51 [PATCH for-8.0? 0/2] target/arm: BTI guarded bit fixes Richard Henderson
@ 2023-04-07 18:51 ` Richard Henderson
  2023-04-07 18:51 ` [PATCH 2/2] target/arm: Copy guarded bit in combine_cacheattrs Richard Henderson
  2023-04-08 13:52 ` [PATCH for-8.0? 0/2] target/arm: BTI guarded bit fixes Peter Maydell
  2 siblings, 0 replies; 4+ messages in thread
From: Richard Henderson @ 2023-04-07 18:51 UTC (permalink / raw)
  To: qemu-devel; +Cc: qemu-arm, Peter Maydell

Only perform the extract of GP during the stage1 walk.

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/ptw.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index ec3f51782a..58a6de09bc 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1585,11 +1585,6 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
         result->f.attrs.secure = false;
     }
 
-    /* When in aarch64 mode, and BTI is enabled, remember GP in the TLB.  */
-    if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) {
-        result->f.guarded = extract64(attrs, 50, 1); /* GP */
-    }
-
     if (regime_is_stage2(mmu_idx)) {
         result->cacheattrs.is_s2_format = true;
         result->cacheattrs.attrs = extract32(attrs, 2, 4);
@@ -1600,6 +1595,11 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
         assert(attrindx <= 7);
         result->cacheattrs.is_s2_format = false;
         result->cacheattrs.attrs = extract64(mair, attrindx * 8, 8);
+
+        /* When in aarch64 mode, and BTI is enabled, remember GP in the TLB. */
+        if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) {
+            result->f.guarded = extract64(attrs, 50, 1); /* GP */
+        }
     }
 
     /*
-- 
2.34.1



^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [PATCH 2/2] target/arm: Copy guarded bit in combine_cacheattrs
  2023-04-07 18:51 [PATCH for-8.0? 0/2] target/arm: BTI guarded bit fixes Richard Henderson
  2023-04-07 18:51 ` [PATCH 1/2] target/arm: PTE bit GP only applies to stage1 Richard Henderson
@ 2023-04-07 18:51 ` Richard Henderson
  2023-04-08 13:52 ` [PATCH for-8.0? 0/2] target/arm: BTI guarded bit fixes Peter Maydell
  2 siblings, 0 replies; 4+ messages in thread
From: Richard Henderson @ 2023-04-07 18:51 UTC (permalink / raw)
  To: qemu-devel; +Cc: qemu-arm

The guarded bit comes from the stage1 walk.

Fixes: Coverity CID 1507929
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/ptw.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 58a6de09bc..6d72950a79 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -2576,6 +2576,7 @@ static ARMCacheAttrs combine_cacheattrs(uint64_t hcr,
 
     assert(!s1.is_s2_format);
     ret.is_s2_format = false;
+    ret.guarded = s1.guarded;
 
     if (s1.attrs == 0xf0) {
         tagged = true;
-- 
2.34.1



^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH for-8.0? 0/2] target/arm: BTI guarded bit fixes
  2023-04-07 18:51 [PATCH for-8.0? 0/2] target/arm: BTI guarded bit fixes Richard Henderson
  2023-04-07 18:51 ` [PATCH 1/2] target/arm: PTE bit GP only applies to stage1 Richard Henderson
  2023-04-07 18:51 ` [PATCH 2/2] target/arm: Copy guarded bit in combine_cacheattrs Richard Henderson
@ 2023-04-08 13:52 ` Peter Maydell
  2 siblings, 0 replies; 4+ messages in thread
From: Peter Maydell @ 2023-04-08 13:52 UTC (permalink / raw)
  To: Richard Henderson; +Cc: qemu-devel, qemu-arm

On Fri, 7 Apr 2023 at 19:52, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> As reported by Coverity and triaged by Peter.
>
>
> r~
>
> Richard Henderson (2):
>   target/arm: PTE bit GP only applies to stage1
>   target/arm: Copy guarded bit in combine_cacheattrs
>
>  target/arm/ptw.c | 11 ++++++-----
>  1 file changed, 6 insertions(+), 5 deletions(-)

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

It looks like we'll need an rc4, so I guess these are safe enough
to go into it.

thanks
-- PMM


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2023-04-08 13:53 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-04-07 18:51 [PATCH for-8.0? 0/2] target/arm: BTI guarded bit fixes Richard Henderson
2023-04-07 18:51 ` [PATCH 1/2] target/arm: PTE bit GP only applies to stage1 Richard Henderson
2023-04-07 18:51 ` [PATCH 2/2] target/arm: Copy guarded bit in combine_cacheattrs Richard Henderson
2023-04-08 13:52 ` [PATCH for-8.0? 0/2] target/arm: BTI guarded bit fixes Peter Maydell

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).