From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-arm@nongnu.org, qemu-devel@nongnu.org
Subject: [PATCH 12/14] target/arm/ptw: Check for block descriptors at invalid levels
Date: Fri, 14 Jul 2023 16:46:46 +0100 [thread overview]
Message-ID: <20230714154648.327466-13-peter.maydell@linaro.org> (raw)
In-Reply-To: <20230714154648.327466-1-peter.maydell@linaro.org>
The architecture doesn't permit block descriptors at any arbitrary
level of the page table walk; it depends on the granule size which
levels are permitted. We implemented only a partial version of this
check which assumes that block descriptors are valid at all levels
except level 3, which meant that we wouldn't deliver the Translation
fault for all cases of this sort of guest page table error.
Implement the logic corresponding to the pseudocode
AArch64.DecodeDescriptorType() and AArch64.BlockDescSupported().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/ptw.c | 25 +++++++++++++++++++++++--
1 file changed, 23 insertions(+), 2 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index e4210abc148..ed46bb82a75 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1549,6 +1549,25 @@ static int check_s2_mmu_setup(ARMCPU *cpu, bool is_aa64, uint64_t tcr,
return INT_MIN;
}
+static bool lpae_block_desc_valid(ARMCPU *cpu, bool ds,
+ ARMGranuleSize gran, int level)
+{
+ /*
+ * See pseudocode AArch46.BlockDescSupported(): block descriptors
+ * are not valid at all levels, depending on the page size.
+ */
+ switch (gran) {
+ case Gran4K:
+ return (level == 0 && ds) || level == 1 || level == 2;
+ case Gran16K:
+ return (level == 1 && ds) || level == 2;
+ case Gran64K:
+ return (level == 1 && arm_pamax(cpu) == 52) || level == 2;
+ default:
+ g_assert_not_reached();
+ }
+}
+
/**
* get_phys_addr_lpae: perform one stage of page table walk, LPAE format
*
@@ -1784,8 +1803,10 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
new_descriptor = descriptor;
restart_atomic_update:
- if (!(descriptor & 1) || (!(descriptor & 2) && (level == 3))) {
- /* Invalid, or the Reserved level 3 encoding */
+ if (!(descriptor & 1) ||
+ (!(descriptor & 2) &&
+ !lpae_block_desc_valid(cpu, param.ds, param.gran, level))) {
+ /* Invalid, or a block descriptor at an invalid level */
goto do_translation_fault;
}
--
2.34.1
next prev parent reply other threads:[~2023-07-14 15:48 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-14 15:46 [PATCH 00/14] target/arm/ptw: Cleanups and a few bugfixes Peter Maydell
2023-07-14 15:46 ` [PATCH 01/14] target/arm/ptw: Don't set fi->s1ptw for UnsuppAtomicUpdate fault Peter Maydell
2023-07-23 9:22 ` Richard Henderson
2023-07-14 15:46 ` [PATCH 02/14] target/arm/ptw: Don't report GPC faults on stage 1 ptw as stage2 faults Peter Maydell
2023-07-23 9:34 ` Richard Henderson
2023-07-14 15:46 ` [PATCH 03/14] target/arm/ptw: Set s1ns bit in fault info more consistently Peter Maydell
2023-07-23 9:54 ` Richard Henderson
2023-07-14 15:46 ` [PATCH 04/14] target/arm/ptw: Pass ptw into get_phys_addr_pmsa*() and get_phys_addr_disabled() Peter Maydell
2023-07-23 10:25 ` Richard Henderson
2023-07-14 15:46 ` [PATCH 05/14] target/arm/ptw: Pass ARMSecurityState to regime_translation_disabled() Peter Maydell
2023-07-23 10:25 ` Richard Henderson
2023-07-14 15:46 ` [PATCH 06/14] target/arm/ptw: Pass an ARMSecuritySpace to arm_hcr_el2_eff_secstate() Peter Maydell
2023-07-23 15:24 ` Richard Henderson
2023-07-24 13:42 ` Peter Maydell
2023-07-24 14:38 ` Peter Maydell
2023-07-25 18:36 ` Richard Henderson
2023-07-14 15:46 ` [PATCH 07/14] target/arm/ptw: Only fold in NSTable bit effects in Secure state Peter Maydell
2023-07-23 15:29 ` Richard Henderson
2023-07-14 15:46 ` [PATCH 08/14] target/arm/ptw: Remove last uses of ptw->in_secure Peter Maydell
2023-07-23 15:35 ` Richard Henderson
2023-07-14 15:46 ` [PATCH 09/14] target/arm/ptw: Remove S1Translate::in_secure Peter Maydell
2023-07-23 15:48 ` Richard Henderson
2023-07-14 15:46 ` [PATCH 10/14] target/arm/ptw: Drop S1Translate::out_secure Peter Maydell
2023-07-23 15:49 ` Richard Henderson
2023-07-14 15:46 ` [PATCH 11/14] target/arm/ptw: Set attributes correctly for MMU disabled data accesses Peter Maydell
2023-07-23 15:50 ` Richard Henderson
2023-07-14 15:46 ` Peter Maydell [this message]
2023-07-23 15:58 ` [PATCH 12/14] target/arm/ptw: Check for block descriptors at invalid levels Richard Henderson
2023-07-14 15:46 ` [PATCH 13/14] target/arm/ptw: Report stage 2 fault level for stage 2 faults on stage 1 ptw Peter Maydell
2023-07-23 16:00 ` Richard Henderson
2023-07-14 15:46 ` [PATCH 14/14] target/arm: Adjust PAR_EL1.SH for Device and Normal-NC memory types Peter Maydell
2023-07-23 16:02 ` Richard Henderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230714154648.327466-13-peter.maydell@linaro.org \
--to=peter.maydell@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).