[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] hw/intc/arm_gicv3: Fix GICv3 redistributor security checking
|
From: |
Tianrui Wei |
|
Subject: |
[PATCH] hw/intc/arm_gicv3: Fix GICv3 redistributor security checking |
|
Date: |
Thu, 15 Jul 2021 03:46:16 +0800 |
For redistributor to send sgi, we must test NSACR bits in secure mode.
However, current implementation inverts the security check, wrongly
skipping this it when the CPU is in secure state, and only carrying out
the check when the CPU is not secure or security is not implemented.
This patch corrects this problem by correcting the inversion of CPU
secure state checking. It has been tested to work with Linux version 5.11
in both aarch64 and arm version of qemu.
According to “Arm Generic Interrupt Controller Architecture
Specification GIC architecture version 3 and version 4,” p. 930, 2008.
Chapter 12, page 530, when there is only one security state implemented,
GICD.CTLR.DS is always 0, thus checking NSACR in non-secure state. When
cpu is in secure state, ns = 0, thus the NSACR check is never performed.
Signed-off-by: Tianrui Wei <tianrui-wei@outlook.com>
Signed-off-by: Jonathan Balkind <jbalkind@ucsb.edu>
Tested-by: Tianrui Wei <tianrui-wei@outlook.com>
---
hw/intc/arm_gicv3_redist.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/intc/arm_gicv3_redist.c b/hw/intc/arm_gicv3_redist.c
index 53da703ed8..84cfcfd18f 100644
--- a/hw/intc/arm_gicv3_redist.c
+++ b/hw/intc/arm_gicv3_redist.c
@@ -564,7 +564,7 @@ void gicv3_redist_send_sgi(GICv3CPUState *cs, int grp, int
irq, bool ns)
return;
}
- if (ns && !(cs->gic->gicd_ctlr & GICD_CTLR_DS)) {
+ if (!ns && !(cs->gic->gicd_ctlr & GICD_CTLR_DS)) {
/* If security is enabled we must test the NSACR bits */
int nsaccess = gicr_ns_access(cs, irq);
--
2.32.0
- [PATCH] hw/intc/arm_gicv3: Fix GICv3 redistributor security checking,
Tianrui Wei <=