yuzu/unicorn
1
0
Fork 0
mirror of https://github.com/yuzu-emu/unicorn.git synced 2025-03-23 06:25:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

target/arm: Correctly handle overlapping small MPU regions

Browse source 
To correctly handle small (less than TARGET_PAGE_SIZE) MPU regions,
we must correctly handle the case where the address being looked
up hits in an MPU region that is not small but the address is
in the same page as a small region. For instance if MPU region
1 covers an entire page from 0x2000 to 0x2400 and MPU region
2 is small and covers only 0x2200 to 0x2280, then for an access
to 0x2000 we must not return a result covering the full page
even though we hit the page-sized region 1. Otherwise we will
then cache that result in the TLB and accesses that should
hit region 2 will incorrectly find the region 1 information.

Check for the case where we miss an MPU region but it is still
within the same page, and in that case narrow the size we will
pass to tlb_set_page_with_attrs() for whatever the final
outcome is of the MPU lookup.

Backports commit 9d2b5a58f85be2d8e129c4b53d6708ecf8796e54 from qemu
This commit is contained in:
Peter Maydell 2018-07-23 19:53:19 -04:00 committed by Lioncash
parent 11948dd1cc
commit 241c561bc3
No known key found for this signature in database
GPG key ID: 4E3C3CC1031BA9C7
1 changed files with 46 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

46
qemu/target/arm/helper.c
View file

@ -10,6 +10,7 @@
#include "exec/cpu_ldst.h"
#include "arm_ldst.h"
#include "fpu/softfloat.h"
#include "qemu/range.h"
#ifndef CONFIG_USER_ONLY
/* Cacheability and shareability attributes for a memory access */
@ -8885,6 +8886,20 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
}
if (address < base || address > base + rmask) {
/*
* Address not in this region. We must check whether the
* region covers addresses in the same page as our address.
* In that case we must not report a size that covers the
* whole page for a subsequent hit against a different MPU
* region or the background region, because it would result in
* incorrect TLB hits for subsequent accesses to addresses that
* are in this MPU region.
*/
if (ranges_overlap(base, rmask,
address & TARGET_PAGE_MASK,
TARGET_PAGE_SIZE)) {
*page_size = 1;
}
continue;
}
@ -9091,6 +9106,22 @@ static void v8m_security_lookup(CPUARMState *env, uint32_t address,
sattrs->srvalid = true;
sattrs->sregion = r;
}
} else {
/*
* Address not in this region. We must check whether the
* region covers addresses in the same page as our address.
* In that case we must not report a size that covers the
* whole page for a subsequent hit against a different MPU
* region or the background region, because it would result
* in incorrect TLB hits for subsequent accesses to
* addresses that are in this MPU region.
*/
if (limit >= base &&
ranges_overlap(base, limit - base + 1,
addr_page_base,
TARGET_PAGE_SIZE)) {
sattrs->subpage = true;
}
}
}
}
@ -9158,6 +9189,21 @@ static bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
}
if (address < base || address > limit) {
/*
* Address not in this region. We must check whether the
* region covers addresses in the same page as our address.
* In that case we must not report a size that covers the
* whole page for a subsequent hit against a different MPU
* region or the background region, because it would result in
* incorrect TLB hits for subsequent accesses to addresses that
* are in this MPU region.
*/
if (limit >= base &&
ranges_overlap(base, limit - base + 1,
addr_page_base,
TARGET_PAGE_SIZE)) {
*is_subpage = true;
}
continue;
}