This patchset fixes some bugs in the M profile MPU code:
 * the guest shouldn't be able to make system space executable
 * PPB region accesses should not be subject to MPU lookups
 * we were not resetting the PMSAv7 MPU state for M profile CPUs
 * we weren't migrating the MPU_RNR state

The renaming from cp15.c6_rgnr to pmsav7.rnr is not strictly
necessary for 2.10, but it doesn't affect many places in the code
and it restores the invariant that no mutable M profile CPU
state is stored in env->cp15.something fields.

thanks
-- PMM

Peter Maydell (5):
  target/arm: Don't do MPU lookups for addresses in M profile PPB region
  target/arm: Don't allow guest to make System space executable for M
    profile
  target/arm: Rename cp15.c6_rgnr to pmsav7.rnr
  target/arm: Move PMSAv7 reset into arm_cpu_reset() so M profile MPUs
    get reset
  target/arm: Migrate MPU_RNR register state for M profile cores

 hw/intc/armv7m_nvic.c | 14 +++++------
 target/arm/cpu.c      | 14 +++++++++++
 target/arm/cpu.h      |  3 +--
 target/arm/helper.c   | 67 +++++++++++++++++++++++++++++++++++----------------
 target/arm/machine.c  | 30 ++++++++++++++++++++++-
 5 files changed, 97 insertions(+), 31 deletions(-)

-- 
2.7.4

On 27 July 2017 at 11:59, Peter Maydell <peter.maydell@linaro.org> wrote:
> This patchset fixes some bugs in the M profile MPU code:
>  * the guest shouldn't be able to make system space executable
>  * PPB region accesses should not be subject to MPU lookups
>  * we were not resetting the PMSAv7 MPU state for M profile CPUs
>  * we weren't migrating the MPU_RNR state
>
> The renaming from cp15.c6_rgnr to pmsav7.rnr is not strictly
> necessary for 2.10, but it doesn't affect many places in the code
> and it restores the invariant that no mutable M profile CPU
> state is stored in env->cp15.something fields.

Applied to target-arm queue for 2.10, with the minor function
renames (s/is_/m_is_/) suggested by Philippe.

thanks
-- PMM