target/arm/helper.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)
MSR handling is the only place where CONTROL.nPRIV is modified.
Signed-off-by: Julia Suvorova <jusual@mail.ru>
---
target/arm/helper.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 5ee229eb35..83cca554ad 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -10781,8 +10781,10 @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val)
!arm_v7m_is_handler_mode(env)) {
write_v7m_control_spsel(env, (val & R_V7M_CONTROL_SPSEL_MASK) != 0);
}
- env->v7m.control[env->v7m.secure] &= ~R_V7M_CONTROL_NPRIV_MASK;
- env->v7m.control[env->v7m.secure] |= val & R_V7M_CONTROL_NPRIV_MASK;
+ if (arm_feature(env, ARM_FEATURE_M_MAIN)) {
+ env->v7m.control[env->v7m.secure] &= ~R_V7M_CONTROL_NPRIV_MASK;
+ env->v7m.control[env->v7m.secure] |= val & R_V7M_CONTROL_NPRIV_MASK;
+ }
break;
default:
bad_reg:
--
2.17.1
On 4 July 2018 at 21:36, Julia Suvorova <jusual@mail.ru> wrote:
> MSR handling is the only place where CONTROL.nPRIV is modified.
>
> Signed-off-by: Julia Suvorova <jusual@mail.ru>
> ---
> target/arm/helper.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/target/arm/helper.c b/target/arm/helper.c
> index 5ee229eb35..83cca554ad 100644
> --- a/target/arm/helper.c
> +++ b/target/arm/helper.c
> @@ -10781,8 +10781,10 @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val)
> !arm_v7m_is_handler_mode(env)) {
> write_v7m_control_spsel(env, (val & R_V7M_CONTROL_SPSEL_MASK) != 0);
> }
> - env->v7m.control[env->v7m.secure] &= ~R_V7M_CONTROL_NPRIV_MASK;
> - env->v7m.control[env->v7m.secure] |= val & R_V7M_CONTROL_NPRIV_MASK;
> + if (arm_feature(env, ARM_FEATURE_M_MAIN)) {
> + env->v7m.control[env->v7m.secure] &= ~R_V7M_CONTROL_NPRIV_MASK;
> + env->v7m.control[env->v7m.secure] |= val & R_V7M_CONTROL_NPRIV_MASK;
> + }
> break;
> default:
> bad_reg:
> --
Could you also guard the similar code in the CONTROL_NS case a
little earlier, in the function, please?
env->v7m.control[M_REG_NS] &= ~R_V7M_CONTROL_NPRIV_MASK;
env->v7m.control[M_REG_NS] |= val & R_V7M_CONTROL_NPRIV_MASK;
That won't be executed for v6M but for v8M it matters.
Otherwise I agree this is all we need to do to avoid the guest
incorrectly getting into nonpriviliged mode.
thanks
-- PMM
On 05.07.2018 13:33, Peter Maydell wrote:
> On 4 July 2018 at 21:36, Julia Suvorova <jusual@mail.ru> wrote:
>> MSR handling is the only place where CONTROL.nPRIV is modified.
>>
>> Signed-off-by: Julia Suvorova <jusual@mail.ru>
>> ---
>> target/arm/helper.c | 6 ++++--
>> 1 file changed, 4 insertions(+), 2 deletions(-)
>>
>> diff --git a/target/arm/helper.c b/target/arm/helper.c
>> index 5ee229eb35..83cca554ad 100644
>> --- a/target/arm/helper.c
>> +++ b/target/arm/helper.c
>> @@ -10781,8 +10781,10 @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val)
>> !arm_v7m_is_handler_mode(env)) {
>> write_v7m_control_spsel(env, (val & R_V7M_CONTROL_SPSEL_MASK) != 0);
>> }
>> - env->v7m.control[env->v7m.secure] &= ~R_V7M_CONTROL_NPRIV_MASK;
>> - env->v7m.control[env->v7m.secure] |= val & R_V7M_CONTROL_NPRIV_MASK;
>> + if (arm_feature(env, ARM_FEATURE_M_MAIN)) {
>> + env->v7m.control[env->v7m.secure] &= ~R_V7M_CONTROL_NPRIV_MASK;
>> + env->v7m.control[env->v7m.secure] |= val & R_V7M_CONTROL_NPRIV_MASK;
>> + }
>> break;
>> default:
>> bad_reg:
>> --
>
> Could you also guard the similar code in the CONTROL_NS case a
> little earlier, in the function, please?
>
> env->v7m.control[M_REG_NS] &= ~R_V7M_CONTROL_NPRIV_MASK;
> env->v7m.control[M_REG_NS] |= val & R_V7M_CONTROL_NPRIV_MASK;
>
> That won't be executed for v6M but for v8M it matters.
Sure, I'll send v2.
Best regards, Julia Suvorova.
© 2016 - 2026 Red Hat, Inc.