[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Stable-8.2.3 83/87] target/arm: Use correct SecuritySpace for AArch64 A
From: |
Michael Tokarev |
Subject: |
[Stable-8.2.3 83/87] target/arm: Use correct SecuritySpace for AArch64 AT ops at EL3 |
Date: |
Wed, 10 Apr 2024 10:22:56 +0300 |
From: Peter Maydell <peter.maydell@linaro.org>
When we do an AT address translation operation, the page table walk
is supposed to be performed in the context of the EL we're doing the
walk for, so for instance an AT S1E2R walk is done for EL2. In the
pseudocode an EL is passed to AArch64.AT(), which calls
SecurityStateAtEL() to find the security state that we should be
doing the walk with.
In ats_write64() we get this wrong, instead using the current
security space always. This is fine for AT operations performed from
EL1 and EL2, because there the current security state and the
security state for the lower EL are the same. But for AT operations
performed from EL3, the current security state is always either
Secure or Root, whereas we want to use the security state defined by
SCR_EL3.{NS,NSE} for the walk. This affects not just guests using
FEAT_RME but also ones where EL3 is Secure state and the EL3 code
is trying to do an AT for a NonSecure EL2 or EL1.
Use arm_security_space_below_el3() to get the SecuritySpace to
pass to do_ats_write() for all AT operations except the
AT S1E3* operations.
Cc: qemu-stable@nongnu.org
Fixes: e1ee56ec2383 ("target/arm: Pass security space rather than flag for AT
instructions")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2250
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240405180232.3570066-1-peter.maydell@linaro.org
(cherry picked from commit 19b254e86a900dc5ee332e3ac0baf9c521301abf)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/target/arm/helper.c b/target/arm/helper.c
index df1646de3a..ca2c6e9732 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -3703,6 +3703,8 @@ static void ats_write64(CPUARMState *env, const
ARMCPRegInfo *ri,
ARMMMUIdx mmu_idx;
uint64_t hcr_el2 = arm_hcr_el2_eff(env);
bool regime_e20 = (hcr_el2 & (HCR_E2H | HCR_TGE)) == (HCR_E2H | HCR_TGE);
+ bool for_el3 = false;
+ ARMSecuritySpace ss;
switch (ri->opc2 & 6) {
case 0:
@@ -3720,6 +3722,7 @@ static void ats_write64(CPUARMState *env, const
ARMCPRegInfo *ri,
break;
case 6: /* AT S1E3R, AT S1E3W */
mmu_idx = ARMMMUIdx_E3;
+ for_el3 = true;
break;
default:
g_assert_not_reached();
@@ -3738,8 +3741,8 @@ static void ats_write64(CPUARMState *env, const
ARMCPRegInfo *ri,
g_assert_not_reached();
}
- env->cp15.par_el[1] = do_ats_write(env, value, access_type,
- mmu_idx, arm_security_space(env));
+ ss = for_el3 ? arm_security_space(env) : arm_security_space_below_el3(env);
+ env->cp15.par_el[1] = do_ats_write(env, value, access_type, mmu_idx, ss);
#else
/* Handled by hardware accelerator. */
g_assert_not_reached();
--
2.39.2
- [Stable-8.2.3 71/87] target/riscv/kvm: fix timebase-frequency when using KVM acceleration, (continued)
- [Stable-8.2.3 71/87] target/riscv/kvm: fix timebase-frequency when using KVM acceleration, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 77/87] gitlab-ci/cirrus: switch from 'master' to 'latest', Michael Tokarev, 2024/04/10
- [Stable-8.2.3 76/87] migration/postcopy: Ensure postcopy_start() sets errp if it fails, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 75/87] target/hppa: Clear psw_n for BE on use_nullify_skip path, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 78/87] hw/intc/arm_gicv3: ICC_HPPIR* return SPURIOUS if int group is disabled, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 74/87] tcg/optimize: Fix sign_mask for logical right-shift, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 79/87] target/arm: take HSTR traps of cp15 accesses to EL2, not EL1, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 80/87] hw/net/virtio-net: fix qemu set used ring flag even vhost started, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 81/87] block/virtio-blk: Fix memory leak from virtio_blk_zone_report, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 82/87] migration/postcopy: ensure preempt channel is ready before loading states, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 83/87] target/arm: Use correct SecuritySpace for AArch64 AT ops at EL3,
Michael Tokarev <=
- [Stable-8.2.3 84/87] hw/virtio: Fix packed virtqueue flush used_idx, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 85/87] vdpa-dev: Fix the issue of device status not updating when configuration interruption is triggered, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 87/87] virtio-snd: rewrite invalid tx/rx message handling, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 86/87] virtio-snd: Enhance error handling for invalid transfers, Michael Tokarev, 2024/04/10
- Re: [Stable-8.2.3 00/87] Patch Round-up for stable 8.2.3, freeze on 2024-04-20, Cole Robinson, 2024/04/16