From: Idan Horowitz <idan.horowitz@gmail.com>
As per the AArch64.S2Walk() pseudo-code in the ARMv8 ARM, the final
decision as to the output address's PA space based on the SA/SW/NSA/NSW
bits needs to take the input IPA's PA space into account, and not the
PA space of the result of the stage 2 walk itself.
Signed-off-by: Idan Horowitz <idan.horowitz@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220327093427.1548629-4-idan.horowitz@gmail.com
[PMM: fixed commit message typo]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm/helper.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 6fd5c27340e..7d14650615c 100644
@@ -12644,6 +12644,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
hwaddr ipa;
int s2_prot;
int ret;
+ bool ipa_secure;
ARMCacheAttrs cacheattrs2 = {};
ARMMMUIdx s2_mmu_idx;
bool is_el0;
@@ -12657,14 +12658,15 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
return ret;
}
+ ipa_secure = attrs->secure;
if (arm_is_secure_below_el3(env)) {
- if (attrs->secure) {
+ if (ipa_secure) {
attrs->secure = !(env->cp15.vstcr_el2.raw_tcr & VSTCR_SW);
} else {
attrs->secure = !(env->cp15.vtcr_el2.raw_tcr & VTCR_NSW);
}
} else {
- assert(!attrs->secure);
+ assert(!ipa_secure);
}
s2_mmu_idx = attrs->secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
@@ -12701,7 +12703,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
/* Check if IPA translates to secure or non-secure PA space. */
if (arm_is_secure_below_el3(env)) {
- if (attrs->secure) {
+ if (ipa_secure) {
attrs->secure =
!(env->cp15.vstcr_el2.raw_tcr & (VSTCR_SA | VSTCR_SW));
} else {
--
2.25.1