From 6958a4763ddc8912a0d04638b5012a72a010f012 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Mon, 5 Mar 2018 01:58:39 -0500 Subject: [PATCH] target/arm: Fix calculation of secure mm_idx values In cpu_mmu_index() we try to do this: if (env->v7m.secure) { mmu_idx += ARMMMUIdx_MSUser; } but it will give the wrong answer, because ARMMMUIdx_MSUser includes the 0x40 ARM_MMU_IDX_M field, and so does the mmu_idx we're adding to, and we'll end up with 0x8n rather than 0x4n. This error is then nullified by the call to arm_to_core_mmu_idx() which masks out the high part, but we're about to factor out the code that calculates the ARMMMUIdx values so it can be used without passing it through arm_to_core_mmu_idx(), so fix this bug first. Backports commit fe768788d29597ee56fc11ba2279d502c2617457 from qemu --- qemu/target/arm/cpu.h | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/qemu/target/arm/cpu.h b/qemu/target/arm/cpu.h index 0eebef2c..2f5223df 100644 --- a/qemu/target/arm/cpu.h +++ b/qemu/target/arm/cpu.h @@ -2293,19 +2293,20 @@ static inline int cpu_mmu_index(CPUARMState *env, bool ifetch) int el = arm_current_el(env); if (arm_feature(env, ARM_FEATURE_M)) { - ARMMMUIdx mmu_idx = el == 0 ? ARMMMUIdx_MUser : ARMMMUIdx_MPriv; + ARMMMUIdx mmu_idx; - /* Execution priority is negative if FAULTMASK is set or - * we're in a HardFault or NMI handler. - */ - if ((env->v7m.exception > 0 && env->v7m.exception <= 3) - || env->v7m.faultmask[env->v7m.secure]) { - mmu_idx = ARMMMUIdx_MNegPri; + if (el == 0) { + mmu_idx = env->v7m.secure ? ARMMMUIdx_MSUser : ARMMMUIdx_MUser; + } else { + mmu_idx = env->v7m.secure ? ARMMMUIdx_MSPriv : ARMMMUIdx_MPriv; } - if (env->v7m.secure) { - mmu_idx += ARMMMUIdx_MSUser; + // Unicorn: if'd out + #if 0 + if (armv7m_nvic_neg_prio_requested(env->nvic, env->v7m.secure)) { + mmu_idx = env->v7m.secure ? ARMMMUIdx_MSNegPri : ARMMMUIdx_MNegPri; } + #endif return arm_to_core_mmu_idx(mmu_idx); }