[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 07/24] target/arm: Add assertion about FSC format for
From: |
Peter Maydell |
Subject: |
[Qemu-devel] [PULL 07/24] target/arm: Add assertion about FSC format for syndrome registers |
Date: |
Thu, 20 Apr 2017 17:40:53 +0100 |
In tlb_fill() we construct a syndrome register value from a
fault status register value which is filled in by arm_tlb_fill().
arm_tlb_fill() returns FSR values which might be in the format
used with short-format page descriptors, or the format used
with long-format (LPAE) descriptors. The syndrome register
always uses LPAE-format FSR status codes.
It isn't actually possible to end up delivering a syndrome
register value to the guest for a fault which is reported
with a short-format FSR (that kind of stage 1 fault will only
happen for an AArch32 translation regime which doesn't have
a syndrome register, and can never be redirected to an AArch64
or Hyp exception level). Add an assertion which checks this,
and adjust the code so that we construct a syndrome with
an invalid status code, rather than allowing set bits in
the FSR input to randomly corrupt other fields in the syndrome.
Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Edgar E. Iglesias <address@hidden>
Message-id: address@hidden
---
target/arm/op_helper.c | 23 ++++++++++++++++++-----
1 file changed, 18 insertions(+), 5 deletions(-)
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
index d64c867..156b825 100644
--- a/target/arm/op_helper.c
+++ b/target/arm/op_helper.c
@@ -130,7 +130,7 @@ void tlb_fill(CPUState *cs, target_ulong addr,
MMUAccessType access_type,
if (unlikely(ret)) {
ARMCPU *cpu = ARM_CPU(cs);
CPUARMState *env = &cpu->env;
- uint32_t syn, exc;
+ uint32_t syn, exc, fsc;
unsigned int target_el;
bool same_el;
@@ -145,19 +145,32 @@ void tlb_fill(CPUState *cs, target_ulong addr,
MMUAccessType access_type,
env->cp15.hpfar_el2 = extract64(fi.s2addr, 12, 47) << 4;
}
same_el = arm_current_el(env) == target_el;
- /* AArch64 syndrome does not have an LPAE bit */
- syn = fsr & ~(1 << 9);
+
+ if (fsr & (1 << 9)) {
+ /* LPAE format fault status register : bottom 6 bits are
+ * status code in the same form as needed for syndrome
+ */
+ fsc = extract32(fsr, 0, 6);
+ } else {
+ /* Short format FSR : this fault will never actually be reported
+ * to an EL that uses a syndrome register. Check that here,
+ * and use a (currently) reserved FSR code in case the constructed
+ * syndrome does leak into the guest somehow.
+ */
+ assert(target_el != 2 && !arm_el_is_aa64(env, target_el));
+ fsc = 0x3f;
+ }
/* For insn and data aborts we assume there is no instruction syndrome
* information; this is always true for exceptions reported to EL1.
*/
if (access_type == MMU_INST_FETCH) {
- syn = syn_insn_abort(same_el, 0, fi.s1ptw, syn);
+ syn = syn_insn_abort(same_el, 0, fi.s1ptw, fsc);
exc = EXCP_PREFETCH_ABORT;
} else {
syn = merge_syn_data_abort(env->exception.syndrome, target_el,
same_el, fi.s1ptw,
- access_type == MMU_DATA_STORE, syn);
+ access_type == MMU_DATA_STORE, fsc);
if (access_type == MMU_DATA_STORE
&& arm_feature(env, ARM_FEATURE_V6)) {
fsr |= (1 << 11);
--
2.7.4
- [Qemu-devel] [PULL 09/24] arm/kvm: Remove trailing newlines from error_report(), (continued)
- [Qemu-devel] [PULL 09/24] arm/kvm: Remove trailing newlines from error_report(), Peter Maydell, 2017/04/20
- [Qemu-devel] [PULL 03/24] hw/char/exynos4210_uart: Constify static array and few arguments, Peter Maydell, 2017/04/20
- [Qemu-devel] [PULL 08/24] stellaris: Don't hw_error() on bad register accesses, Peter Maydell, 2017/04/20
- [Qemu-devel] [PULL 05/24] target/arm: Add missing entries to excnames[] for log strings, Peter Maydell, 2017/04/20
- [Qemu-devel] [PULL 02/24] hw/arm/exynos: Convert fprintf to qemu_log_mask/error_report, Peter Maydell, 2017/04/20
- [Qemu-devel] [PULL 01/24] hw/arm/boot: take Linux/arm64 TEXT_OFFSET header field into account, Peter Maydell, 2017/04/20
- [Qemu-devel] [PULL 13/24] cadence_gem: Correct the interupt logic, Peter Maydell, 2017/04/20
- [Qemu-devel] [PULL 21/24] arm: Abstract out "are we singlestepping" test to utility function, Peter Maydell, 2017/04/20
- [Qemu-devel] [PULL 22/24] arm: Track M profile handler mode state in TB flags, Peter Maydell, 2017/04/20
- [Qemu-devel] [PULL 24/24] arm: Remove workarounds for old M-profile exception return implementation, Peter Maydell, 2017/04/20
- [Qemu-devel] [PULL 07/24] target/arm: Add assertion about FSC format for syndrome registers,
Peter Maydell <=
- [Qemu-devel] [PULL 10/24] hw/arm: Qomify pxa2xx.c, Peter Maydell, 2017/04/20
- [Qemu-devel] [PULL 04/24] hw/misc/exynos4210_pmu: Reorder local variables for readability, Peter Maydell, 2017/04/20
- [Qemu-devel] [PULL 23/24] arm: Implement M profile exception return properly, Peter Maydell, 2017/04/20
- [Qemu-devel] [PULL 06/24] arm: Move excnames[] array into arm_log_exceptions(), Peter Maydell, 2017/04/20
- Re: [Qemu-devel] [PULL 00/24] target-arm queue, Peter Maydell, 2017/04/20