From: Richard Henderson <richard.henderson@linaro.org>
To: Peter Maydell <peter.maydell@linaro.org>,
qemu-arm@nongnu.org, qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Jean-Philippe Brucker <jean-philippe@linaro.org>
Subject: Re: [PATCH for-9.0] target/arm: Use correct SecuritySpace for AArch64 AT ops at EL3
Date: Fri, 5 Apr 2024 08:16:59 -1000 [thread overview]
Message-ID: <fbaa97be-c355-4a76-af10-fa64a7b1d31d@linaro.org> (raw)
In-Reply-To: <20240405180232.3570066-1-peter.maydell@linaro.org>
On 4/5/24 08:02, Peter Maydell wrote:
> When we do an AT address translation operation, the page table walk
> is supposed to be performed in the context of the EL we're doing the
> walk for, so for instance an AT S1E2R walk is done for EL2. In the
> pseudocode an EL is passed to AArch64.AT(), which calls
> SecurityStateAtEL() to find the security state that we should be
> doing the walk with.
>
> In ats_write64() we get this wrong, instead using the current
> security space always. This is fine for AT operations performed from
> EL1 and EL2, because there the current security state and the
> security state for the lower EL are the same. But for AT operations
> performed from EL3, the current security state is always either
> Secure or Root, whereas we want to use the security state defined by
> SCR_EL3.{NS,NSE} for the walk. This affects not just guests using
> FEAT_RME but also ones where EL3 is Secure state and the EL3 code
> is trying to do an AT for a NonSecure EL2 or EL1.
>
> Use arm_security_space_below_el3() to get the SecuritySpace to
> pass to do_ats_write() for all AT operations except the
> AT S1E3* operations.
>
> Cc:qemu-stable@nongnu.org
> Fixes: e1ee56ec2383 ("target/arm: Pass security space rather than flag for AT instructions")
> Resolves:https://gitlab.com/qemu-project/qemu/-/issues/2250
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> ---
> I guess most people don't run guest code at EL3 that does AT ops...
>
> target/arm/helper.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
r~
prev parent reply other threads:[~2024-04-05 18:18 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-05 18:02 [PATCH for-9.0] target/arm: Use correct SecuritySpace for AArch64 AT ops at EL3 Peter Maydell
2024-04-05 18:16 ` Richard Henderson [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fbaa97be-c355-4a76-af10-fa64a7b1d31d@linaro.org \
--to=richard.henderson@linaro.org \
--cc=jean-philippe@linaro.org \
--cc=peter.maydell@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).