From nobody Mon May 20 02:35:13 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=linaro.org
ARC-Seal: i=1; a=rsa-sha256; t=1583631112; cv=none;
	d=zohomail.com; s=zohoarc;
	b=AmL89YfADBLMAWz9zf5MWyOnIsZbT8MCJAZb5gDCiu8OsmLbeCNZa4B3v5nCi+/TyE5i9ttCtC8wwMdrocLb1KbrFAUNjG9aQrMHs+Bj5yKRm5PPK8FFEKmZRCQTfaif1vDsRTdEW8LLLPlhcU1wkkrNq/i0mFoPruzzocw9L0M=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1583631112;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=qOuTtio1oLREm+GMX+5O8B+s/d/VI1jp3YJB+8tDvLQ=;
	b=USWOYi7Fqp87af9wGOfN4vFh4yOV5VadsX4j/ekbtAQeqz5FeVqWrkj2eRneWvAwx24n2DOoUP0ZN2w/Jw8XFQ0tYzs4IYdW1+FIc1Sc3rTCE5R9TkJPhroEbwlObrUU0L5hIgaRXqXvoMdWahvYQ38aIGM1vyKAWWnxF/Jbd9s=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<richard.henderson@linaro.org> (p=none dis=none)
 header.from=<richard.henderson@linaro.org>
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1583631112105689.4513662986764;
 Sat, 7 Mar 2020 17:31:52 -0800 (PST)
Received: from localhost ([::1]:54142 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1jAknH-0000Mp-8h
	for importer@patchew.org; Sat, 07 Mar 2020 20:31:51 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:57971)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <richard.henderson@linaro.org>) id 1jAklO-0006pO-QU
 for qemu-devel@nongnu.org; Sat, 07 Mar 2020 20:29:55 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <richard.henderson@linaro.org>) id 1jAklN-0003tR-Pp
 for qemu-devel@nongnu.org; Sat, 07 Mar 2020 20:29:54 -0500
Received: from mail-pg1-x544.google.com ([2607:f8b0:4864:20::544]:33930)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <richard.henderson@linaro.org>)
 id 1jAklN-0003sb-Kd
 for qemu-devel@nongnu.org; Sat, 07 Mar 2020 20:29:53 -0500
Received: by mail-pg1-x544.google.com with SMTP id t3so3019136pgn.1
 for <qemu-devel@nongnu.org>; Sat, 07 Mar 2020 17:29:53 -0800 (PST)
Received: from cloudburst.hsd1.or.comcast.net
 ([2601:1c0:6100:5580:6886:21be:91dd:78be])
 by smtp.gmail.com with ESMTPSA id w19sm32636891pgm.27.2020.03.07.17.29.50
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 07 Mar 2020 17:29:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=qOuTtio1oLREm+GMX+5O8B+s/d/VI1jp3YJB+8tDvLQ=;
 b=ezfqiMoq1oWBP56mbBUeyMJv4ntiRDAp6qAzRKuNxuiKf9c0H99ONUEE1A/y789m4Y
 27rSM3AqpA0fzqLB4rf7EgvR2Uvsmvk9YEhGCzEzZxUgHjlfrlqyPE3TCc6aw8ri2Wbq
 oiJounwFQ9c5+AmtNnWohRgJWf+/W1waVXlhjB0aR3VHc2vGmJwhymSpBIQLx5pX+4O9
 9C63OdY8gs8NrwZyiGJIF/7eNt+65aUwouxnHIMhnAKWj9Aj+XWcHfli9m2oRbzWpySC
 mhqaci/a2R9LDMoozaTA8jNl99OvgBlfue/2unRBSQQNp5EiCC/e0gm+YwNQYrqQVc0s
 M0cw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=qOuTtio1oLREm+GMX+5O8B+s/d/VI1jp3YJB+8tDvLQ=;
 b=Ph3jJVteYdy0DIf55Z/u4QitqjxNUSfkTrIDBI4lCqvBILtnWTvw46kF80cxRePSuZ
 uE0nXGjRvQ7LRoT3l6pQ63+YjaTACT/H21sUAPeP9cHA+tN9/qrEr+CtcVMSjHlBaZxn
 G00ZbcgBaRBaCNQtvWwKS8w15azKA6tDOiUpSPmM+rPGAAiQmrJz6/7G9ZpF+BHf+B+G
 YmnrxbAGRaA4G5dn5+KUrAtfU9xGwxwkxFLIcMU2A9UvSaUNW0rehey/0tY4w9EsIGeV
 nc00eF92fYiYS3Q0ig37fanq5QJCU101WSq/yH1BjcBMFqitsfYIiJ/Ur5lxxm4gvn8H
 SzTQ==
X-Gm-Message-State: ANhLgQ3JS4GSYRzSw7fNKy4WB4n7sahl6fvvscoW692oNREvqjFYk60z
 ZimygyY+FEw7DmZ7f/7wd6i1AvH+afU=
X-Google-Smtp-Source: 
 ADFU+vsuAYRxNybJ0jV3tmQcGGoWbIM68RJBTcT45ySXlRF7XCVfCNnDu30bg6EN9QT5b8uvNzta2A==
X-Received: by 2002:a63:5f51:: with SMTP id
 t78mr10105814pgb.362.1583630992082;
 Sat, 07 Mar 2020 17:29:52 -0800 (PST)
From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PATCH v3 1/2] target/arm: Check addresses for disabled regimes
Date: Sat,  7 Mar 2020 17:29:45 -0800
Message-Id: <20200308012946.16303-2-richard.henderson@linaro.org>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20200308012946.16303-1-richard.henderson@linaro.org>
References: <20200308012946.16303-1-richard.henderson@linaro.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-Received-From: 2607:f8b0:4864:20::544
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: peter.maydell@linaro.org, qemu-arm@nongnu.org
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail-DKIM: pass (identity @linaro.org)
Content-Type: text/plain; charset="utf-8"

We fail to validate the upper bits of a virtual address on a
translation disabled regime, as per AArch64.TranslateAddressS1Off.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/helper.c | 35 ++++++++++++++++++++++++++++++++++-
 1 file changed, 34 insertions(+), 1 deletion(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index f91e5d5345..8f81ca4f54 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11780,7 +11780,40 @@ bool get_phys_addr(CPUARMState *env, target_ulong =
address,
     /* Definitely a real MMU, not an MPU */
=20
     if (regime_translation_disabled(env, mmu_idx)) {
-        /* MMU disabled. */
+        /*
+         * MMU disabled.  S1 addresses within aa64 translation regimes are
+         * still checked for bounds -- see AArch64.TranslateAddressS1Off.
+         */
+        if (mmu_idx !=3D ARMMMUIdx_Stage2) {
+            int r_el =3D regime_el(env, mmu_idx);
+            if (arm_el_is_aa64(env, r_el)) {
+                int pamax =3D arm_pamax(env_archcpu(env));
+                uint64_t tcr =3D env->cp15.tcr_el[r_el].raw_tcr;
+                int addrtop, tbi;
+
+                tbi =3D aa64_va_parameter_tbi(tcr, mmu_idx);
+                if (access_type =3D=3D MMU_INST_FETCH) {
+                    tbi &=3D ~aa64_va_parameter_tbid(tcr, mmu_idx);
+                }
+                tbi =3D (tbi >> extract64(address, 55, 1)) & 1;
+                addrtop =3D (tbi ? 55 : 63);
+
+                if (extract64(address, pamax, addrtop - pamax + 1) !=3D 0)=
 {
+                    fi->type =3D ARMFault_AddressSize;
+                    fi->level =3D 0;
+                    fi->stage2 =3D false;
+                    return 1;
+                }
+
+                /*
+                 * When TBI is disabled, we've just validated that all of =
the
+                 * bits above PAMax are zero, so logically we only need to
+                 * clear the top byte for TBI.  But it's clearer to follow
+                 * the pseudocode set of addrdesc.paddress.
+                 */
+                address =3D extract64(address, 0, 52);
+            }
+        }
         *phys_ptr =3D address;
         *prot =3D PAGE_READ | PAGE_WRITE | PAGE_EXEC;
         *page_size =3D TARGET_PAGE_SIZE;
--=20
2.20.1


From nobody Mon May 20 02:35:13 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=linaro.org
ARC-Seal: i=1; a=rsa-sha256; t=1583631088; cv=none;
	d=zohomail.com; s=zohoarc;
	b=T/dLkIUltlyRYeeRDUXve25C/bGqsTFCVj5eKgOPp2y4uLacLDnBzVuVkWgWFz3o2iPo/O3+LOmmCfceoDsrxvT/lVV1KBJNZVEd99U+Qd3+DQb66q7FEAYl/P++yxXgxcYvbHNUj7BL7l8JG5q8eSmdoyfDTP933LNqyKUr7BY=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1583631088;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=gv99y10Tw9XL58AqjJTwfCMl/voN1k409rbwq+MWA5w=;
	b=kc7YKg+phZXIJqwt/e1IoLieezbIIhDYPhcj7CS+Cz0faUjm6zx9Ab3vd6XIcUZSQcm+rOKECMFpy3mgJSvoYeYQje2FG+j35IgIR9u8gkQGN3j8n8wQHa5ypg54cwmKtM7696vHoziIjy9+ksiZEh6bNqN5e7BVsqbSSnc+Aus=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<richard.henderson@linaro.org> (p=none dis=none)
 header.from=<richard.henderson@linaro.org>
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1583631088608288.8937037659066;
 Sat, 7 Mar 2020 17:31:28 -0800 (PST)
Received: from localhost ([::1]:54138 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1jAkmt-0008KI-NM
	for importer@patchew.org; Sat, 07 Mar 2020 20:31:27 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:57998)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <richard.henderson@linaro.org>) id 1jAklQ-0006tE-R2
 for qemu-devel@nongnu.org; Sat, 07 Mar 2020 20:29:57 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <richard.henderson@linaro.org>) id 1jAklP-0003wS-Pz
 for qemu-devel@nongnu.org; Sat, 07 Mar 2020 20:29:56 -0500
Received: from mail-pg1-x541.google.com ([2607:f8b0:4864:20::541]:43945)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <richard.henderson@linaro.org>)
 id 1jAklP-0003vY-L7
 for qemu-devel@nongnu.org; Sat, 07 Mar 2020 20:29:55 -0500
Received: by mail-pg1-x541.google.com with SMTP id u12so3002323pgb.10
 for <qemu-devel@nongnu.org>; Sat, 07 Mar 2020 17:29:55 -0800 (PST)
Received: from cloudburst.hsd1.or.comcast.net
 ([2601:1c0:6100:5580:6886:21be:91dd:78be])
 by smtp.gmail.com with ESMTPSA id w19sm32636891pgm.27.2020.03.07.17.29.52
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 07 Mar 2020 17:29:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=gv99y10Tw9XL58AqjJTwfCMl/voN1k409rbwq+MWA5w=;
 b=jTDo5djyrC5CDMffAiqEM6L8KRzo65+Pi1blQ5PfCBPHKLWOSyFOm6HQWQEqawqLAn
 bR7eqk3COWKbtWxCjWey+hV2NjqMibb+J+3WSwyXYiamlsBdurbWgQPHRRojTTRQqkOB
 r7SIIYHOP2fAFsQPPyKiW2fFyDPiW64ukmurkzAmlMMEOy/WdFV4OY+6aqBmAcSGRh1Y
 mB823cD9c/6edxSkiViMVdx/1BkxH5WcI/sfVrjbz/L19psV1eVnXTYikHzGiA9hELTg
 +p15rFEeCrC6W7kxq5e7F+Y01wLAlAwsFOGs4oWIACKPsFHgmjyhwdy45mIel6sLXJ7Y
 Hxgg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=gv99y10Tw9XL58AqjJTwfCMl/voN1k409rbwq+MWA5w=;
 b=P1mextZdi1S6VReXqMPGgD0VWLgCqCOQhhBei3NdWf7qThJ3MR0/RzZOr8YTheCjL7
 DsHYGa1MSDsLyzDFl/eP/+09FPLvxCas5gpt9v1oIYbxOATo5wy1IaFHXsJstknQK155
 pOunLs3Yw1pFVdo4icOLzYEtbg/5Ltq9TB+2h1Hkr1R3pRYyQr2cVtXs4fnHE4p7OhVV
 RPechlnCNva0B57v9ZElehidrbUxtQm3EIow6M8l5lXH9wySNpTV0rXISbnOIKzAKp3G
 dKJjidP7y4+4CAOy+kqVO5QaSr8z/3hT/I9TNSzOrMYo9j2hPI53GNO3QL3mi8YSJMWh
 k1jg==
X-Gm-Message-State: ANhLgQ3E+Tb+kKzcvF6jbQlDBDliUVdLDZqEntKzkf59AUAk6rqFI7fs
 5SAvG9AjzGQa/q+LJ3r1dIPl/kdjhvI=
X-Google-Smtp-Source: 
 ADFU+vsWCCdF6tufcI9iZw18JdbcoJImWsz1pmm8DwZDnTmH4FFAcj5YLN+UFyIZ41CuL+1SpQoMVw==
X-Received: by 2002:a63:8f17:: with SMTP id
 n23mr10567818pgd.161.1583630994169;
 Sat, 07 Mar 2020 17:29:54 -0800 (PST)
From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PATCH v3 2/2] target/arm: Disable clean_data_tbi for system mode
Date: Sat,  7 Mar 2020 17:29:46 -0800
Message-Id: <20200308012946.16303-3-richard.henderson@linaro.org>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20200308012946.16303-1-richard.henderson@linaro.org>
References: <20200308012946.16303-1-richard.henderson@linaro.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-Received-From: 2607:f8b0:4864:20::541
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: peter.maydell@linaro.org, qemu-arm@nongnu.org
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail-DKIM: pass (identity @linaro.org)
Content-Type: text/plain; charset="utf-8"

We must include the tag in the FAR_ELx register when raising
an addressing exception.  Which means that we should not clear
out the tag during translation.

We cannot at present comply with this for user mode, so we
retain the clean_data_tbi function for the moment, though it
no longer does what it says on the tin for system mode.  This
function is to be replaced with MTE, so don't worry about the
slight misnaming.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/translate-a64.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index fefe8af7f5..8fffb52203 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -228,7 +228,18 @@ static void gen_a64_set_pc(DisasContext *s, TCGv_i64 s=
rc)
 static TCGv_i64 clean_data_tbi(DisasContext *s, TCGv_i64 addr)
 {
     TCGv_i64 clean =3D new_tmp_a64(s);
+    /*
+     * In order to get the correct value in the FAR_ELx register,
+     * we must present the memory subsystem with the "dirty" address
+     * including the TBI.  In system mode we can make this work via
+     * the TLB, dropping the TBI during translation.  But for user-only
+     * mode we don't have that option, and must remove the top byte now.
+     */
+#ifdef CONFIG_USER_ONLY
     gen_top_byte_ignore(s, clean, addr, s->tbid);
+#else
+    tcg_gen_mov_i64(clean, addr);
+#endif
     return clean;
 }
=20
--=20
2.20.1