qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] target/arm: Allow to switch from MON->HYP on AA

From: Alexander Graf
Subject: Re: [Qemu-devel] [PATCH] target/arm: Allow to switch from MON->HYP on AArch32
Date: Wed, 9 Jan 2019 17:19:46 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 
On 01/09/2019 05:10 PM, Alex Bennée wrote:

Alexander Graf <address@hidden> writes:


In U-boot, we switch from S-SVC -> MON -> HYP when we want to enter
HYP mode. This dance seems to work ok (hence it's there in the code
base), but breaks with current QEMU.

What EL is MON in this case? EL3? In which case I'm confused by the
terminology as the ARM ARM states:

   The principles of the ARMv8-A security model are:
   • If the implementation includes EL3, then it has two Security states, 
Secure and Non-secure, and:
     — EL3 exists only in Secure state.
     — A change from Non-secure state to Secure state can only occur on taking 
an exception to EL3.
     — A change from Secure state to Non-secure state can only occur on an 
exception return from EL3.

We don't currently implement ARMv8.4-SecEL2 but that adds secure EL2 but
as you can only switch security state in in/out of EL3 you have to be go
to the secure monitor before you enter it.


Right - and exactly that switch seems to be prohibited here.




The reason seems to be that we try to see whether we are entering
HYP mode from the NS side. However, MON is always considered secure,
so we always fall into an error case when going MON->HYP and never
manage to actually do the switch.

Fix this by not using a different helper function that does not bork
when we're in MON state, as that switch is supposed to work.

Signed-off-by: Alexander Graf <address@hidden>
---
  target/arm/helper.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index f00c141ef9..9bf8fbd8f9 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6297,7 +6297,7 @@ static int bad_mode_switch(CPUARMState *env, int mode, 
CPSRWriteType write_type)
          return 0;
      case ARM_CPU_MODE_HYP:
          return !arm_feature(env, ARM_FEATURE_EL2)
-            || arm_current_el(env) < 2 || arm_is_secure(env);
+            || arm_current_el(env) < 2 ||
arm_is_secure_below_el3(env);

This seems to violate the rule that you can enter a NS state from
anything other than EL3.
How so? This statement basically says "Only return to HYP from NS-HYP or EL3" now. Before it said "Only return to HYP from HYP". 

Alex




      case ARM_CPU_MODE_MON:
          return arm_current_el(env) < 3;
      default:


--
Alex Bennée
reply via email to
[Prev in Thread] Current Thread [Next in Thread]