From nobody Tue Feb 10 13:01:54 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1500604933225299.5815672826154; Thu, 20 Jul 2017 19:42:13 -0700 (PDT) Received: from localhost ([::1]:40710 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dYNtL-0007ML-Sk for importer@patchew.org; Thu, 20 Jul 2017 22:42:11 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:40087) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dYNoo-0003uV-NB for qemu-devel@nongnu.org; Thu, 20 Jul 2017 22:37:31 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dYNon-0007X9-Gb for qemu-devel@nongnu.org; Thu, 20 Jul 2017 22:37:30 -0400 Received: from mailapp01.imgtec.com ([195.59.15.196]:14892) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dYNon-0007Wy-Ac for qemu-devel@nongnu.org; Thu, 20 Jul 2017 22:37:29 -0400 Received: from HHMAIL01.hh.imgtec.org (unknown [10.100.10.19]) by Forcepoint Email with ESMTPS id 16F3D971E7905; Fri, 21 Jul 2017 03:37:26 +0100 (IST) Received: from hhmipssw204.hh.imgtec.org (10.100.21.121) by HHMAIL01.hh.imgtec.org (10.100.10.21) with Microsoft SMTP Server (TLS) id 14.3.294.0; Fri, 21 Jul 2017 03:37:27 +0100 From: Yongbok Kim To: Date: Fri, 21 Jul 2017 03:37:09 +0100 Message-ID: <1500604635-15027-9-git-send-email-yongbok.kim@imgtec.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1500604635-15027-1-git-send-email-yongbok.kim@imgtec.com> References: <1500604635-15027-1-git-send-email-yongbok.kim@imgtec.com> MIME-Version: 1.0 X-Originating-IP: [10.100.21.121] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [fuzzy] X-Received-From: 195.59.15.196 Subject: [Qemu-devel] [PULL 08/14] target/mips: Check memory permissions with mem_idx X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , James Hogan , Aurelien Jarno Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: James Hogan When performing virtual to physical address translation, check the required privilege level based on the mem_idx rather than the mode in the hflags. This will allow EVA loads & stores to operate safely only on user memory from kernel mode. For the cases where the mmu_idx doesn't need to be overridden (mips_cpu_get_phys_page_debug() and cpu_mips_translate_address()), we calculate the required mmu_idx using cpu_mmu_index(). Note that this only tests the MIPS_HFLAG_KSU bits rather than MIPS_HFLAG_MODE, so we don't test the debug mode hflag MIPS_HFLAG_DM any longer. This should be fine as get_physical_address() only compares against MIPS_HFLAG_UM and MIPS_HFLAG_SM, neither of which should get set by compute_hflags() when MIPS_HFLAG_DM is set. Signed-off-by: James Hogan Reviewed-by: Yongbok Kim Cc: Aurelien Jarno Signed-off-by: Yongbok Kim --- target/mips/helper.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/target/mips/helper.c b/target/mips/helper.c index 5b765cd..7805e5c 100644 --- a/target/mips/helper.c +++ b/target/mips/helper.c @@ -109,11 +109,11 @@ int r4k_map_address (CPUMIPSState *env, hwaddr *physi= cal, int *prot, =20 static int get_physical_address (CPUMIPSState *env, hwaddr *physical, int *prot, target_ulong real_address, - int rw, int access_type) + int rw, int access_type, int mmu_idx) { /* User mode can only access useg/xuseg */ - int user_mode =3D (env->hflags & MIPS_HFLAG_MODE) =3D=3D MIPS_HFLAG_UM; - int supervisor_mode =3D (env->hflags & MIPS_HFLAG_MODE) =3D=3D MIPS_HF= LAG_SM; + int user_mode =3D mmu_idx =3D=3D MIPS_HFLAG_UM; + int supervisor_mode =3D mmu_idx =3D=3D MIPS_HFLAG_SM; int kernel_mode =3D !user_mode && !supervisor_mode; #if defined(TARGET_MIPS64) int UX =3D (env->CP0_Status & (1 << CP0St_UX)) !=3D 0; @@ -413,11 +413,12 @@ static void raise_mmu_exception(CPUMIPSState *env, ta= rget_ulong address, hwaddr mips_cpu_get_phys_page_debug(CPUState *cs, vaddr addr) { MIPSCPU *cpu =3D MIPS_CPU(cs); + CPUMIPSState *env =3D &cpu->env; hwaddr phys_addr; int prot; =20 - if (get_physical_address(&cpu->env, &phys_addr, &prot, addr, 0, - ACCESS_INT) !=3D 0) { + if (get_physical_address(env, &phys_addr, &prot, addr, 0, ACCESS_INT, + cpu_mmu_index(env, false)) !=3D 0) { return -1; } return phys_addr; @@ -449,7 +450,7 @@ int mips_cpu_handle_mmu_fault(CPUState *cs, vaddr addre= ss, int rw, correctly */ access_type =3D ACCESS_INT; ret =3D get_physical_address(env, &physical, &prot, - address, rw, access_type); + address, rw, access_type, mmu_idx); switch (ret) { case TLBRET_MATCH: qemu_log_mask(CPU_LOG_MMU, @@ -487,8 +488,8 @@ hwaddr cpu_mips_translate_address(CPUMIPSState *env, ta= rget_ulong address, int r =20 /* data access */ access_type =3D ACCESS_INT; - ret =3D get_physical_address(env, &physical, &prot, - address, rw, access_type); + ret =3D get_physical_address(env, &physical, &prot, address, rw, acces= s_type, + cpu_mmu_index(env, false)); if (ret !=3D TLBRET_MATCH) { raise_mmu_exception(env, address, rw, ret); return -1LL; --=20 2.7.4