target/arm: Fix calculation of secure mm_idx values

In cpu_mmu_index() we try to do this: if (env->v7m.secure) { mmu_idx += ARMMMUIdx_MSUser; } but it will give the wrong answer, because ARMMMUIdx_MSUser includes the 0x40 ARM_MMU_IDX_M field, and so does the mmu_idx we're adding to, and we'll end up with 0x8n rather than 0x4n. This error is then nullified by the call to arm_to_core_mmu_idx() which masks out the high part, but we're about to factor out the code that calculates the ARMMMUIdx values so it can be used without passing it through arm_to_core_mmu_idx(), so fix this bug first. Backports commit fe768788d29597ee56fc11ba2279d502c2617457 from qemu
2025-01-11 08:15:40 +00:00 · 2018-03-05 01:58:39 -05:00 · 2018-03-05 01:58:39 -05:00 · 6958a4763d
parent 7988aec017
commit 6958a4763d
1 changed files with 10 additions and 9 deletions
--- a/qemu/target/arm/cpu.h
+++ b/qemu/target/arm/cpu.h
@ -2293,19 +2293,20 @@ static inline int cpu_mmu_index(CPUARMState *env, bool ifetch)
    int el = arm_current_el(env);

    if (arm_feature(env, ARM_FEATURE_M)) {
-        ARMMMUIdx mmu_idx = el == 0 ? ARMMMUIdx_MUser : ARMMMUIdx_MPriv;
+        ARMMMUIdx mmu_idx;

-        /* Execution priority is negative if FAULTMASK is set or
-         * we're in a HardFault or NMI handler.
-         */
-        if ((env->v7m.exception > 0 && env->v7m.exception <= 3)
-            || env->v7m.faultmask[env->v7m.secure]) {
-            mmu_idx = ARMMMUIdx_MNegPri;
+        if (el == 0) {
+            mmu_idx = env->v7m.secure ? ARMMMUIdx_MSUser : ARMMMUIdx_MUser;
+        } else {
+            mmu_idx = env->v7m.secure ? ARMMMUIdx_MSPriv : ARMMMUIdx_MPriv;
        }

-        if (env->v7m.secure) {
-            mmu_idx += ARMMMUIdx_MSUser;
+        // Unicorn: if'd out
+        #if 0
+        if (armv7m_nvic_neg_prio_requested(env->nvic, env->v7m.secure)) {
+            mmu_idx = env->v7m.secure ? ARMMMUIdx_MSNegPri : ARMMMUIdx_MNegPri;
        }
+        #endif

        return arm_to_core_mmu_idx(mmu_idx);
    }