From nobody Mon Apr 29 15:31:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1491486263992132.82486255688116; Thu, 6 Apr 2017 06:44:23 -0700 (PDT) Received: from localhost ([::1]:45922 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cw7i2-0002hY-U9 for importer@patchew.org; Thu, 06 Apr 2017 09:44:22 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60905) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cw7gU-0001aN-LS for qemu-devel@nongnu.org; Thu, 06 Apr 2017 09:42:48 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cw7gT-0007cH-MS for qemu-devel@nongnu.org; Thu, 06 Apr 2017 09:42:46 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:49074) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1cw7gR-0007Ze-4o; Thu, 06 Apr 2017 09:42:43 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.84_2) (envelope-from ) id 1cw7gH-0001oB-8m; Thu, 06 Apr 2017 14:42:33 +0100 From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Date: Thu, 6 Apr 2017 14:42:32 +0100 Message-Id: <1491486152-24304-1-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PATCH] target/arm: Add assertion about FSC format for syndrome registers X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Edgar E . Iglesias" , patches@linaro.org Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" In tlb_fill() we construct a syndrome register value from a fault status register value which is filled in by arm_tlb_fill(). arm_tlb_fill() returns FSR values which might be in the format used with short-format page descriptors, or the format used with long-format (LPAE) descriptors. The syndrome register always uses LPAE-format FSR status codes. It isn't actually possible to end up delivering a syndrome register value to the guest for a fault which is reported with a short-format FSR (that kind of stage 1 fault will only happen for an AArch32 translation regime which doesn't have a syndrome register, and can never be redirected to an AArch64 or Hyp exception level). Add an assertion which checks this, and adjust the code so that we construct a syndrome with an invalid status code, rather than allowing set bits in the FSR input to randomly corrupt other fields in the syndrome. Signed-off-by: Peter Maydell Reviewed-by: Edgar E. Iglesias --- It took me a little while to convince myself that you'd never take a short-format FSR to a using-syndrome EL :-) --- target/arm/op_helper.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c index d64c867..156b825 100644 --- a/target/arm/op_helper.c +++ b/target/arm/op_helper.c @@ -130,7 +130,7 @@ void tlb_fill(CPUState *cs, target_ulong addr, MMUAcces= sType access_type, if (unlikely(ret)) { ARMCPU *cpu =3D ARM_CPU(cs); CPUARMState *env =3D &cpu->env; - uint32_t syn, exc; + uint32_t syn, exc, fsc; unsigned int target_el; bool same_el; =20 @@ -145,19 +145,32 @@ void tlb_fill(CPUState *cs, target_ulong addr, MMUAcc= essType access_type, env->cp15.hpfar_el2 =3D extract64(fi.s2addr, 12, 47) << 4; } same_el =3D arm_current_el(env) =3D=3D target_el; - /* AArch64 syndrome does not have an LPAE bit */ - syn =3D fsr & ~(1 << 9); + + if (fsr & (1 << 9)) { + /* LPAE format fault status register : bottom 6 bits are + * status code in the same form as needed for syndrome + */ + fsc =3D extract32(fsr, 0, 6); + } else { + /* Short format FSR : this fault will never actually be report= ed + * to an EL that uses a syndrome register. Check that here, + * and use a (currently) reserved FSR code in case the constru= cted + * syndrome does leak into the guest somehow. + */ + assert(target_el !=3D 2 && !arm_el_is_aa64(env, target_el)); + fsc =3D 0x3f; + } =20 /* For insn and data aborts we assume there is no instruction synd= rome * information; this is always true for exceptions reported to EL1. */ if (access_type =3D=3D MMU_INST_FETCH) { - syn =3D syn_insn_abort(same_el, 0, fi.s1ptw, syn); + syn =3D syn_insn_abort(same_el, 0, fi.s1ptw, fsc); exc =3D EXCP_PREFETCH_ABORT; } else { syn =3D merge_syn_data_abort(env->exception.syndrome, target_e= l, same_el, fi.s1ptw, - access_type =3D=3D MMU_DATA_STORE, = syn); + access_type =3D=3D MMU_DATA_STORE, = fsc); if (access_type =3D=3D MMU_DATA_STORE && arm_feature(env, ARM_FEATURE_V6)) { fsr |=3D (1 << 11); --=20 2.7.4