From nobody Sun Apr 27 06:27:36 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as
permitted sender) client-ip=208.118.235.17;
envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
helo=lists.gnu.org;
Authentication-Results: mx.zohomail.com;
spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted
sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
dmarc=fail(p=none dis=none) header.from=linaro.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by
mx.zohomail.com
with SMTPS id 1530033431868231.60562194514932;
Tue, 26 Jun 2018 10:17:11 -0700 (PDT)
Received: from localhost ([::1]:54111 helo=lists.gnu.org)
by lists.gnu.org with esmtp (Exim 4.71)
(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
id 1fXraZ-0000C0-0J
for importer@patchew.org; Tue, 26 Jun 2018 13:17:11 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:52043)
by lists.gnu.org with esmtp (Exim 4.71)
(envelope-from <pm215@archaic.org.uk>) id 1fXrHM-0002Dm-VQ
for qemu-devel@nongnu.org; Tue, 26 Jun 2018 12:57:22 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
(envelope-from <pm215@archaic.org.uk>) id 1fXrHL-0007J0-Gv
for qemu-devel@nongnu.org; Tue, 26 Jun 2018 12:57:21 -0400
Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:43046)
by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
(Exim 4.71) (envelope-from <pm215@archaic.org.uk>)
id 1fXrHL-0007IZ-6B
for qemu-devel@nongnu.org; Tue, 26 Jun 2018 12:57:19 -0400
Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89)
(envelope-from <pm215@archaic.org.uk>) id 1fXrHK-0000CC-5O
for qemu-devel@nongnu.org; Tue, 26 Jun 2018 17:57:18 +0100
From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Date: Tue, 26 Jun 2018 17:56:51 +0100
Message-Id: <20180626165658.31394-26-peter.maydell@linaro.org>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180626165658.31394-1-peter.maydell@linaro.org>
References: <20180626165658.31394-1-peter.maydell@linaro.org>
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
recognized.
X-Received-From: 2001:8b0:1d0::2
Subject: [Qemu-devel] [PULL 25/32] target/arm: Handle small regions in
get_phys_addr_pmsav8()
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail: RSF_0 Z_629925259 SPT_0
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Allow ARMv8M to handle small MPU and SAU region sizes, by making
get_phys_add_pmsav8() set the page size to the 1 if the MPU or
SAU region covers less than a TARGET_PAGE_SIZE.
We choose to use a size of 1 because it makes no difference to
the core code, and avoids having to track both the base and
limit for SAU and MPU and then convert into an artificially
restricted "page size" that the core code will then ignore.
Since the core TCG code can't handle execution from small
MPU regions, we strip the exec permission from them so that
any execution attempts will cause an MPU exception, rather
than allowing it to end up with a cpu_abort() in
get_page_addr_code().
(The previous code's intention was to make any small page be
treated as having no permissions, but unfortunately errors
in the implementation meant that it didn't behave that way.
It's possible that some binaries using small regions were
accidentally working with our old behaviour and won't now.)
We also retain an existing bug, where we ignored the possibility
that the SAU region might not cover the entire page, in the
case of executable regions. This is necessary because some
currently-working guest code images rely on being able to
execute from addresses which are covered by a page-sized
MPU region but a smaller SAU region. We can remove this
workaround if we ever support execution from small regions.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180620130619.11362-4-peter.maydell@linaro.org
---
target/arm/helper.c | 78 ++++++++++++++++++++++++++++++++-------------
1 file changed, 55 insertions(+), 23 deletions(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index a7edeb66633..3c6a4c565b1 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -41,6 +41,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_u=
long address,
=20
/* Security attributes for an address, as returned by v8m_security_lookup.=
*/
typedef struct V8M_SAttributes {
+ bool subpage; /* true if these attrs don't cover the whole TARGET_PAGE=
*/
bool ns;
bool nsc;
uint8_t sregion;
@@ -9804,6 +9805,8 @@ static void v8m_security_lookup(CPUARMState *env, uin=
t32_t address,
int r;
bool idau_exempt =3D false, idau_ns =3D true, idau_nsc =3D true;
int idau_region =3D IREGION_NOTVALID;
+ uint32_t addr_page_base =3D address & TARGET_PAGE_MASK;
+ uint32_t addr_page_limit =3D addr_page_base + (TARGET_PAGE_SIZE - 1);
=20
if (cpu->idau) {
IDAUInterfaceClass *iic =3D IDAU_INTERFACE_GET_CLASS(cpu->idau);
@@ -9841,6 +9844,9 @@ static void v8m_security_lookup(CPUARMState *env, uin=
t32_t address,
uint32_t limit =3D env->sau.rlar[r] | 0x1f;
=20
if (base <=3D address && limit >=3D address) {
+ if (base > addr_page_base || limit < addr_page_limit) {
+ sattrs->subpage =3D true;
+ }
if (sattrs->srvalid) {
/* If we hit in more than one region then we must =
report
* as Secure, not NS-Callable, with no valid region
@@ -9880,13 +9886,16 @@ static void v8m_security_lookup(CPUARMState *env, u=
int32_t address,
static bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
hwaddr *phys_ptr, MemTxAttrs *txattrs,
- int *prot, ARMMMUFaultInfo *fi, uint32_t *mr=
egion)
+ int *prot, bool *is_subpage,
+ ARMMMUFaultInfo *fi, uint32_t *mregion)
{
/* Perform a PMSAv8 MPU lookup (without also doing the SAU check
* that a full phys-to-virt translation does).
* mregion is (if not NULL) set to the region number which matched,
* or -1 if no region number is returned (MPU off, address did not
* hit a region, address hit in multiple regions).
+ * We set is_subpage to true if the region hit doesn't cover the
+ * entire TARGET_PAGE the address is within.
*/
ARMCPU *cpu =3D arm_env_get_cpu(env);
bool is_user =3D regime_is_user(env, mmu_idx);
@@ -9894,7 +9903,10 @@ static bool pmsav8_mpu_lookup(CPUARMState *env, uint=
32_t address,
int n;
int matchregion =3D -1;
bool hit =3D false;
+ uint32_t addr_page_base =3D address & TARGET_PAGE_MASK;
+ uint32_t addr_page_limit =3D addr_page_base + (TARGET_PAGE_SIZE - 1);
=20
+ *is_subpage =3D false;
*phys_ptr =3D address;
*prot =3D 0;
if (mregion) {
@@ -9932,6 +9944,10 @@ static bool pmsav8_mpu_lookup(CPUARMState *env, uint=
32_t address,
continue;
}
=20
+ if (base > addr_page_base || limit < addr_page_limit) {
+ *is_subpage =3D true;
+ }
+
if (hit) {
/* Multiple regions match -- always a failure (unlike
* PMSAv7 where highest-numbered-region wins)
@@ -9943,23 +9959,6 @@ static bool pmsav8_mpu_lookup(CPUARMState *env, uint=
32_t address,
=20
matchregion =3D n;
hit =3D true;
-
- if (base & ~TARGET_PAGE_MASK) {
- qemu_log_mask(LOG_UNIMP,
- "MPU_RBAR[%d]: No support for MPU region bas=
e"
- "address of 0x%" PRIx32 ". Minimum alignment=
is "
- "%d\n",
- n, base, TARGET_PAGE_BITS);
- continue;
- }
- if ((limit + 1) & ~TARGET_PAGE_MASK) {
- qemu_log_mask(LOG_UNIMP,
- "MPU_RBAR[%d]: No support for MPU region lim=
it"
- "address of 0x%" PRIx32 ". Minimum alignment=
is "
- "%d\n",
- n, limit, TARGET_PAGE_BITS);
- continue;
- }
}
}
=20
@@ -9995,6 +9994,18 @@ static bool pmsav8_mpu_lookup(CPUARMState *env, uint=
32_t address,
=20
fi->type =3D ARMFault_Permission;
fi->level =3D 1;
+ /*
+ * Core QEMU code can't handle execution from small pages yet, so
+ * don't try it. This means any attempted execution will generate
+ * an MPU exception, rather than eventually causing QEMU to exit in
+ * get_page_addr_code().
+ */
+ if (*is_subpage && (*prot & PAGE_EXEC)) {
+ qemu_log_mask(LOG_UNIMP,
+ "MPU: No support for execution from regions "
+ "smaller than 1K\n");
+ *prot &=3D ~PAGE_EXEC;
+ }
return !(*prot & (1 << access_type));
}
=20
@@ -10002,10 +10013,13 @@ static bool pmsav8_mpu_lookup(CPUARMState *env, u=
int32_t address,
static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_=
idx,
hwaddr *phys_ptr, MemTxAttrs *txattrs,
- int *prot, ARMMMUFaultInfo *fi)
+ int *prot, target_ulong *page_size,
+ ARMMMUFaultInfo *fi)
{
uint32_t secure =3D regime_is_secure(env, mmu_idx);
V8M_SAttributes sattrs =3D {};
+ bool ret;
+ bool mpu_is_subpage;
=20
if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {
v8m_security_lookup(env, address, access_type, mmu_idx, &sattrs);
@@ -10033,6 +10047,7 @@ static bool get_phys_addr_pmsav8(CPUARMState *env, =
uint32_t address,
} else {
fi->type =3D ARMFault_QEMU_SFault;
}
+ *page_size =3D sattrs.subpage ? 1 : TARGET_PAGE_SIZE;
*phys_ptr =3D address;
*prot =3D 0;
return true;
@@ -10055,6 +10070,7 @@ static bool get_phys_addr_pmsav8(CPUARMState *env, =
uint32_t address,
* for M_FAKE_FSR_SFAULT in arm_v7m_cpu_do_interrupt().
*/
fi->type =3D ARMFault_QEMU_SFault;
+ *page_size =3D sattrs.subpage ? 1 : TARGET_PAGE_SIZE;
*phys_ptr =3D address;
*prot =3D 0;
return true;
@@ -10062,8 +10078,22 @@ static bool get_phys_addr_pmsav8(CPUARMState *env,=
uint32_t address,
}
}
=20
- return pmsav8_mpu_lookup(env, address, access_type, mmu_idx, phys_ptr,
- txattrs, prot, fi, NULL);
+ ret =3D pmsav8_mpu_lookup(env, address, access_type, mmu_idx, phys_ptr,
+ txattrs, prot, &mpu_is_subpage, fi, NULL);
+ /*
+ * TODO: this is a temporary hack to ignore the fact that the SAU regi=
on
+ * is smaller than a page if this is an executable region. We never
+ * supported small MPU regions, but we did (accidentally) allow small
+ * SAU regions, and if we now made small SAU regions not be executable
+ * then this would break previously working guest code. We can't
+ * remove this until/unless we implement support for execution from
+ * small regions.
+ */
+ if (*prot & PAGE_EXEC) {
+ sattrs.subpage =3D false;
+ }
+ *page_size =3D sattrs.subpage || mpu_is_subpage ? 1 : TARGET_PAGE_SIZE;
+ return ret;
}
=20
static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
@@ -10339,7 +10369,7 @@ static bool get_phys_addr(CPUARMState *env, target_=
ulong address,
if (arm_feature(env, ARM_FEATURE_V8)) {
/* PMSAv8 */
ret =3D get_phys_addr_pmsav8(env, address, access_type, mmu_id=
x,
- phys_ptr, attrs, prot, fi);
+ phys_ptr, attrs, prot, page_size, f=
i);
} else if (arm_feature(env, ARM_FEATURE_V7)) {
/* PMSAv7 */
ret =3D get_phys_addr_pmsav7(env, address, access_type, mmu_id=
x,
@@ -10757,6 +10787,7 @@ uint32_t HELPER(v7m_tt)(CPUARMState *env, uint32_t =
addr, uint32_t op)
uint32_t mregion;
bool targetpriv;
bool targetsec =3D env->v7m.secure;
+ bool is_subpage;
=20
/* Work out what the security state and privilege level we're
* interested in is...
@@ -10786,7 +10817,8 @@ uint32_t HELPER(v7m_tt)(CPUARMState *env, uint32_t =
addr, uint32_t op)
if (arm_current_el(env) !=3D 0 || alt) {
/* We can ignore the return value as prot is always set */
pmsav8_mpu_lookup(env, addr, MMU_DATA_LOAD, mmu_idx,
- &phys_addr, &attrs, &prot, &fi, &mregion);
+ &phys_addr, &attrs, &prot, &is_subpage,
+ &fi, &mregion);
if (mregion =3D=3D -1) {
mrvalid =3D false;
mregion =3D 0;
--=20
2.17.1