target/arm: Limit LPA2 effective output address when TCR.DS == 0

[PATCH] target/arm: Limit LPA2 effective output address when TCR.DS == 0

Posted by Ard Biesheuvel 1 year, 5 months ago

With LPA2, the effective output address size is at most 48 bits when
TCR.DS == 0. This case is currently unhandled in the page table walker,
where we happily assume LVA/64k granule when outputsize > 48 and
param.ds == 0, resulting in the wrong conversion to be used from a
page table descriptor to a physical address.

    if (outputsize > 48) {
        if (param.ds) {
            descaddr |= extract64(descriptor, 8, 2) << 50;
        } else {
            descaddr |= extract64(descriptor, 12, 4) << 48;
        }

So cap the outputsize to 48 when TCR.DS is cleared, as per the
architecture.

Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Philippe Mathieu-Daudé <f4bug@amsat.org>
Cc: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 target/arm/ptw.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 3745ac9723474332..9a6277d862fac229 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1222,6 +1222,14 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
         ps = MIN(ps, param.ps);
         assert(ps < ARRAY_SIZE(pamax_map));
         outputsize = pamax_map[ps];
+
+        /*
+         * With LPA2, the effective output address (OA) size is at most 48 bits
+         * unless TCR.DS == 1
+         */
+        if (!param.ds && param.gran != Gran64K) {
+            outputsize = MIN(outputsize, 48);
+        }
     } else {
         param = aa32_va_parameters(env, address, mmu_idx);
         level = 1;
-- 
2.35.1

Re: [PATCH] target/arm: Limit LPA2 effective output address when TCR.DS == 0

Posted by Richard Henderson 1 year, 5 months ago

On 11/16/22 09:03, Ard Biesheuvel wrote:
> diff --git a/target/arm/ptw.c b/target/arm/ptw.c
> index 3745ac9723474332..9a6277d862fac229 100644
> --- a/target/arm/ptw.c
> +++ b/target/arm/ptw.c
> @@ -1222,6 +1222,14 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
>           ps = MIN(ps, param.ps);
>           assert(ps < ARRAY_SIZE(pamax_map));
>           outputsize = pamax_map[ps];
> +
> +        /*
> +         * With LPA2, the effective output address (OA) size is at most 48 bits
> +         * unless TCR.DS == 1
> +         */
> +        if (!param.ds && param.gran != Gran64K) {
> +            outputsize = MIN(outputsize, 48);
> +        }

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

I thought about moving this back into aa64_va_parameters, similar to how we bound tsz, but 
since this is the only use of param.ps, this placement is as good as any.


r~

Re: [PATCH] target/arm: Limit LPA2 effective output address when TCR.DS == 0

Posted by Peter Maydell 1 year, 5 months ago

On Thu, 17 Nov 2022 at 03:14, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> On 11/16/22 09:03, Ard Biesheuvel wrote:
> > diff --git a/target/arm/ptw.c b/target/arm/ptw.c
> > index 3745ac9723474332..9a6277d862fac229 100644
> > --- a/target/arm/ptw.c
> > +++ b/target/arm/ptw.c
> > @@ -1222,6 +1222,14 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
> >           ps = MIN(ps, param.ps);
> >           assert(ps < ARRAY_SIZE(pamax_map));
> >           outputsize = pamax_map[ps];
> > +
> > +        /*
> > +         * With LPA2, the effective output address (OA) size is at most 48 bits
> > +         * unless TCR.DS == 1
> > +         */
> > +        if (!param.ds && param.gran != Gran64K) {
> > +            outputsize = MIN(outputsize, 48);
> > +        }
>
> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
>
> I thought about moving this back into aa64_va_parameters, similar to how we bound tsz, but
> since this is the only use of param.ps, this placement is as good as any.

Applied to target-arm.next, thanks.

-- PMM