[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-arm] [Qemu-devel] [PATCH 14/20] target/arm: Implement security
From: |
Richard Henderson |
Subject: |
Re: [Qemu-arm] [Qemu-devel] [PATCH 14/20] target/arm: Implement security attribute lookups for memory accesses |
Date: |
Thu, 5 Oct 2017 14:39:33 -0400 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 |
On 09/22/2017 11:00 AM, Peter Maydell wrote:
> Implement the security attribute lookups for memory accesses
> in the get_phys_addr() functions, causing these to generate
> various kinds of SecureFault for bad accesses.
>
> The major subtlety in this code relates to handling of the
> case when the security attributes the SAU assigns to the
> address don't match the current security state of the CPU.
>
> In the ARM ARM pseudocode for validating instruction
> accesses, the security attributes of the address determine
> whether the Secure or NonSecure MPU state is used. At face
> value, handling this would require us to encode the relevant
> bits of state into mmu_idx for both S and NS at once, which
> would result in our needing 16 mmu indexes. Fortunately we
> don't actually need to do this because a mismatch between
> address attributes and CPU state means either:
> * some kind of fault (usually a SecureFault, but in theory
> perhaps a UserFault for unaligned access to Device memory)
> * execution of the SG instruction in NS state from a
> Secure & NonSecure code region
>
> The purpose of SG is simply to flip the CPU into Secure
> state, so we can handle it by emulating execution of that
> instruction directly in arm_v7m_cpu_do_interrupt(), which
> means we can treat all the mismatch cases as "throw an
> exception" and we don't need to encode the state of the
> other MPU bank into our mmu_idx values.
>
> This commit doesn't include the actual emulation of SG;
> it also doesn't include implementation of the IDAU, which
> is a per-board way to specify hard-coded memory attributes
> for addresses, which override the CPU-internal SAU if they
> specify a more secure setting than the SAU is programmed to.
>
> Signed-off-by: Peter Maydell <address@hidden>
> ---
> target/arm/internals.h | 15 ++++
> target/arm/helper.c | 182
> ++++++++++++++++++++++++++++++++++++++++++++++++-
> 2 files changed, 195 insertions(+), 2 deletions(-)
Reviewed-by: Richard Henderson <address@hidden>
r~
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [Qemu-arm] [Qemu-devel] [PATCH 14/20] target/arm: Implement security attribute lookups for memory accesses,
Richard Henderson <=