From nobody Tue Feb 10 07:41:10 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1506093047465158.71184881631666; Fri, 22 Sep 2017 08:10:47 -0700 (PDT) Received: from localhost ([::1]:59378 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dvPbD-0000Vt-AF for importer@patchew.org; Fri, 22 Sep 2017 11:10:39 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:47087) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dvPQb-00080T-RF for qemu-devel@nongnu.org; Fri, 22 Sep 2017 10:59:43 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dvPQa-0004AA-NB for qemu-devel@nongnu.org; Fri, 22 Sep 2017 10:59:41 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:37562) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dvPQX-00044o-Pj; Fri, 22 Sep 2017 10:59:37 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1dvPQW-0007CA-L7; Fri, 22 Sep 2017 15:59:36 +0100 From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Date: Fri, 22 Sep 2017 15:59:57 +0100 Message-Id: <1506092407-26985-11-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1506092407-26985-1-git-send-email-peter.maydell@linaro.org> References: <1506092407-26985-1-git-send-email-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PATCH 10/20] target/arm: Update excret sanity checks for v8M X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: patches@linaro.org Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" In v8M, more bits are defined in the exception-return magic values; update the code that checks these so we accept the v8M values when the CPU permits them. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson --- target/arm/helper.c | 73 ++++++++++++++++++++++++++++++++++++++++++-------= ---- 1 file changed, 58 insertions(+), 15 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index 59a07d2..da3a36e 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -6275,8 +6275,9 @@ static void do_v7m_exception_exit(ARMCPU *cpu) uint32_t excret; uint32_t xpsr; bool ufault =3D false; - bool return_to_sp_process =3D false; - bool return_to_handler =3D false; + bool sfault =3D false; + bool return_to_sp_process; + bool return_to_handler; bool rettobase =3D false; bool exc_secure =3D false; bool return_to_secure; @@ -6310,6 +6311,19 @@ static void do_v7m_exception_exit(ARMCPU *cpu) excret); } =20 + if (arm_feature(env, ARM_FEATURE_M_SECURITY)) { + /* EXC_RETURN.ES validation check (R_SMFL). We must do this before + * we pick which FAULTMASK to clear. + */ + if (!env->v7m.secure && + ((excret & R_V7M_EXCRET_ES_MASK) || + !(excret & R_V7M_EXCRET_DCRS_MASK))) { + sfault =3D 1; + /* For all other purposes, treat ES as 0 (R_HXSR) */ + excret &=3D ~R_V7M_EXCRET_ES_MASK; + } + } + if (env->v7m.exception !=3D ARMV7M_EXCP_NMI) { /* Auto-clear FAULTMASK on return from other than NMI. * If the security extension is implemented then this only @@ -6347,24 +6361,53 @@ static void do_v7m_exception_exit(ARMCPU *cpu) g_assert_not_reached(); } =20 + return_to_handler =3D !(excret & R_V7M_EXCRET_MODE_MASK); + return_to_sp_process =3D excret & R_V7M_EXCRET_SPSEL_MASK; return_to_secure =3D arm_feature(env, ARM_FEATURE_M_SECURITY) && (excret & R_V7M_EXCRET_S_MASK); =20 - switch (excret & 0xf) { - case 1: /* Return to Handler */ - return_to_handler =3D true; - break; - case 13: /* Return to Thread using Process stack */ - return_to_sp_process =3D true; - /* fall through */ - case 9: /* Return to Thread using Main stack */ - if (!rettobase && - !(env->v7m.ccr[env->v7m.secure] & R_V7M_CCR_NONBASETHRDENA_MAS= K)) { + if (arm_feature(env, ARM_FEATURE_V8)) { + if (!arm_feature(env, ARM_FEATURE_M_SECURITY)) { + /* UNPREDICTABLE if S =3D=3D 1 or DCRS =3D=3D 0 or ES =3D=3D 1= (R_XLCP); + * we choose to take the UsageFault. + */ + if ((excret & R_V7M_EXCRET_S_MASK) || + (excret & R_V7M_EXCRET_ES_MASK) || + !(excret & R_V7M_EXCRET_DCRS_MASK)) { + ufault =3D true; + } + } + if (excret & R_V7M_EXCRET_RES0_MASK) { ufault =3D true; } - break; - default: - ufault =3D true; + } else { + /* For v7M we only recognize certain combinations of the low bits = */ + switch (excret & 0xf) { + case 1: /* Return to Handler */ + break; + case 13: /* Return to Thread using Process stack */ + case 9: /* Return to Thread using Main stack */ + /* We only need to check NONBASETHRDENA for v7M, because in + * v8M this bit does not exist (it is RES1). + */ + if (!rettobase && + !(env->v7m.ccr[env->v7m.secure] & + R_V7M_CCR_NONBASETHRDENA_MASK)) { + ufault =3D true; + } + break; + default: + ufault =3D true; + } + } + + if (sfault) { + env->v7m.sfsr |=3D R_V7M_SFSR_INVER_MASK; + armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false); + v7m_exception_taken(cpu, excret); + qemu_log_mask(CPU_LOG_INT, "...taking SecureFault on existing " + "stackframe: failed EXC_RETURN.ES validity check\n"); + return; } =20 if (ufault) { --=20 2.7.4