[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 12/26] target/arm: Handle Block and Page bits for security space
|
From: |
Peter Maydell |
|
Subject: |
[PULL 12/26] target/arm: Handle Block and Page bits for security space |
|
Date: |
Fri, 23 Jun 2023 13:31:21 +0100 |
From: Richard Henderson <richard.henderson@linaro.org>
With Realm security state, bit 55 of a block or page descriptor during
the stage2 walk becomes the NS bit; during the stage1 walk the bit 5
NS bit is RES0. With Root security state, bit 11 of the block or page
descriptor during the stage1 walk becomes the NSE bit.
Rather than collecting an NS bit and applying it later, compute the
output pa space from the input pa space and unconditionally assign.
This means that we no longer need to adjust the output space earlier
for the NSTable bit.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-13-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/ptw.c | 89 +++++++++++++++++++++++++++++++++++++++---------
1 file changed, 73 insertions(+), 16 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index ea0ad56f13e..bbae432861f 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -990,12 +990,14 @@ static int get_S2prot(CPUARMState *env, int s2ap, int xn,
bool s1_is_el0)
* @mmu_idx: MMU index indicating required translation regime
* @is_aa64: TRUE if AArch64
* @ap: The 2-bit simple AP (AP[2:1])
- * @ns: NS (non-secure) bit
* @xn: XN (execute-never) bit
* @pxn: PXN (privileged execute-never) bit
+ * @in_pa: The original input pa space
+ * @out_pa: The output pa space, modified by NSTable, NS, and NSE
*/
static int get_S1prot(CPUARMState *env, ARMMMUIdx mmu_idx, bool is_aa64,
- int ap, int ns, int xn, int pxn)
+ int ap, int xn, int pxn,
+ ARMSecuritySpace in_pa, ARMSecuritySpace out_pa)
{
ARMCPU *cpu = env_archcpu(env);
bool is_user = regime_is_user(env, mmu_idx);
@@ -1028,7 +1030,8 @@ static int get_S1prot(CPUARMState *env, ARMMMUIdx
mmu_idx, bool is_aa64,
}
}
- if (ns && arm_is_secure(env) && (env->cp15.scr_el3 & SCR_SIF)) {
+ if (out_pa == ARMSS_NonSecure && in_pa == ARMSS_Secure &&
+ (env->cp15.scr_el3 & SCR_SIF)) {
return prot_rw;
}
@@ -1285,11 +1288,12 @@ static bool get_phys_addr_lpae(CPUARMState *env,
S1Translate *ptw,
int32_t stride;
int addrsize, inputsize, outputsize;
uint64_t tcr = regime_tcr(env, mmu_idx);
- int ap, ns, xn, pxn;
+ int ap, xn, pxn;
uint32_t el = regime_el(env, mmu_idx);
uint64_t descaddrmask;
bool aarch64 = arm_el_is_aa64(env, el);
uint64_t descriptor, new_descriptor;
+ ARMSecuritySpace out_space;
/* TODO: This code does not support shareability levels. */
if (aarch64) {
@@ -1592,15 +1596,75 @@ static bool get_phys_addr_lpae(CPUARMState *env,
S1Translate *ptw,
}
ap = extract32(attrs, 6, 2);
+ out_space = ptw->in_space;
if (regime_is_stage2(mmu_idx)) {
- ns = mmu_idx == ARMMMUIdx_Stage2;
+ /*
+ * R_GYNXY: For stage2 in Realm security state, bit 55 is NS.
+ * The bit remains ignored for other security states.
+ */
+ if (out_space == ARMSS_Realm && extract64(attrs, 55, 1)) {
+ out_space = ARMSS_NonSecure;
+ }
xn = extract64(attrs, 53, 2);
result->f.prot = get_S2prot(env, ap, xn, s1_is_el0);
} else {
- ns = extract32(attrs, 5, 1);
+ int nse, ns = extract32(attrs, 5, 1);
+ switch (out_space) {
+ case ARMSS_Root:
+ /*
+ * R_GVZML: Bit 11 becomes the NSE field in the EL3 regime.
+ * R_XTYPW: NSE and NS together select the output pa space.
+ */
+ nse = extract32(attrs, 11, 1);
+ out_space = (nse << 1) | ns;
+ if (out_space == ARMSS_Secure &&
+ !cpu_isar_feature(aa64_sel2, cpu)) {
+ out_space = ARMSS_NonSecure;
+ }
+ break;
+ case ARMSS_Secure:
+ if (ns) {
+ out_space = ARMSS_NonSecure;
+ }
+ break;
+ case ARMSS_Realm:
+ switch (mmu_idx) {
+ case ARMMMUIdx_Stage1_E0:
+ case ARMMMUIdx_Stage1_E1:
+ case ARMMMUIdx_Stage1_E1_PAN:
+ /* I_CZPRF: For Realm EL1&0 stage1, NS bit is RES0. */
+ break;
+ case ARMMMUIdx_E2:
+ case ARMMMUIdx_E20_0:
+ case ARMMMUIdx_E20_2:
+ case ARMMMUIdx_E20_2_PAN:
+ /*
+ * R_LYKFZ, R_WGRZN: For Realm EL2 and EL2&1,
+ * NS changes the output to non-secure space.
+ */
+ if (ns) {
+ out_space = ARMSS_NonSecure;
+ }
+ break;
+ default:
+ g_assert_not_reached();
+ }
+ break;
+ case ARMSS_NonSecure:
+ /* R_QRMFF: For NonSecure state, the NS bit is RES0. */
+ break;
+ default:
+ g_assert_not_reached();
+ }
xn = extract64(attrs, 54, 1);
pxn = extract64(attrs, 53, 1);
- result->f.prot = get_S1prot(env, mmu_idx, aarch64, ap, ns, xn, pxn);
+
+ /*
+ * Note that we modified ptw->in_space earlier for NSTable, but
+ * result->f.attrs retains a copy of the original security space.
+ */
+ result->f.prot = get_S1prot(env, mmu_idx, aarch64, ap, xn, pxn,
+ result->f.attrs.space, out_space);
}
if (!(result->f.prot & (1 << access_type))) {
@@ -1627,15 +1691,8 @@ static bool get_phys_addr_lpae(CPUARMState *env,
S1Translate *ptw,
}
}
- if (ns) {
- /*
- * The NS bit will (as required by the architecture) have no effect if
- * the CPU doesn't support TZ or this is a non-secure translation
- * regime, because the attribute will already be non-secure.
- */
- result->f.attrs.secure = false;
- result->f.attrs.space = ARMSS_NonSecure;
- }
+ result->f.attrs.space = out_space;
+ result->f.attrs.secure = arm_space_is_secure(out_space);
if (regime_is_stage2(mmu_idx)) {
result->cacheattrs.is_s2_format = true;
--
2.34.1
- [PULL 00/26] target-arm queue, Peter Maydell, 2023/06/23
- [PULL 01/26] target/arm: Add isar_feature_aa64_rme, Peter Maydell, 2023/06/23
- [PULL 02/26] target/arm: Update SCR and HCR for RME, Peter Maydell, 2023/06/23
- [PULL 06/26] include/exec/memattrs: Add two bits of space to MemTxAttrs, Peter Maydell, 2023/06/23
- [PULL 05/26] target/arm: Introduce ARMSecuritySpace, Peter Maydell, 2023/06/23
- [PULL 07/26] target/arm: Adjust the order of Phys and Stage2 ARMMMUIdx, Peter Maydell, 2023/06/23
- [PULL 08/26] target/arm: Introduce ARMMMUIdx_Phys_{Realm,Root}, Peter Maydell, 2023/06/23
- [PULL 09/26] target/arm: Remove __attribute__((nonnull)) from ptw.c, Peter Maydell, 2023/06/23
- [PULL 13/26] target/arm: Handle no-execute for Realm and Root regimes, Peter Maydell, 2023/06/23
- [PULL 12/26] target/arm: Handle Block and Page bits for security space,
Peter Maydell <=
- [PULL 20/26] target/arm: Add cpu properties for enabling FEAT_RME, Peter Maydell, 2023/06/23
- [PULL 03/26] target/arm: SCR_EL3.NS may be RES1, Peter Maydell, 2023/06/23
- [PULL 19/26] target/arm: Implement the granule protection check, Peter Maydell, 2023/06/23
- [PULL 04/26] target/arm: Add RME cpregs, Peter Maydell, 2023/06/23
- [PULL 11/26] target/arm: NSTable is RES0 for the RME EL3 regime, Peter Maydell, 2023/06/23
- [PULL 10/26] target/arm: Pipe ARMSecuritySpace through ptw.c, Peter Maydell, 2023/06/23
- [PULL 14/26] target/arm: Use get_phys_addr_with_struct in S1_ptw_translate, Peter Maydell, 2023/06/23
- [PULL 16/26] target/arm: Use get_phys_addr_with_struct for stage2, Peter Maydell, 2023/06/23
- [PULL 15/26] target/arm: Move s1_is_el0 into S1Translate, Peter Maydell, 2023/06/23
- [PULL 17/26] target/arm: Add GPC syndrome, Peter Maydell, 2023/06/23