From 6f57520b1d7d55e723a33c2d0b8b8d6207bc047b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20Denis-Courmont?= Date: Thu, 4 Mar 2021 14:23:41 -0500 Subject: [PATCH] target/arm: do S1_ptw_translate() before address space lookup In the secure stage 2 translation regime, the VSTCR.SW and VTCR.NSW bits can invert the secure flag for pagetable walks. This patchset allows S1_ptw_translate() to change the non-secure bit. Backports 3d4bd397433b12b148d150c8bc5655a696389bd1 --- qemu/target/arm/helper.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/qemu/target/arm/helper.c b/qemu/target/arm/helper.c index 2ce0f935..1c8c531d 100644 --- a/qemu/target/arm/helper.c +++ b/qemu/target/arm/helper.c @@ -10117,7 +10117,7 @@ static bool get_level1_table_address(CPUARMState *env, ARMMMUIdx mmu_idx, /* Translate a S1 pagetable walk through S2 if needed. */ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx, - hwaddr addr, MemTxAttrs txattrs, + hwaddr addr, bool *is_secure, ARMMMUFaultInfo *fi) { if (arm_mmu_idx_is_stage1_of_2(mmu_idx) && @@ -10127,6 +10127,9 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx, int s2prot; int ret; ARMCacheAttrs cacheattrs = {}; + MemTxAttrs txattrs = {}; + + assert(!*is_secure); /* TODO: S-EL2 */ ret = get_phys_addr_lpae(env, addr, MMU_DATA_LOAD, ARMMMUIdx_Stage2, false, @@ -10167,9 +10170,9 @@ static uint32_t arm_ldl_ptw(CPUState *cs, hwaddr addr, bool is_secure, AddressSpace *as; uint32_t data; + addr = S1_ptw_translate(env, mmu_idx, addr, &is_secure, fi); attrs.secure = is_secure; as = arm_addressspace(cs, attrs); - addr = S1_ptw_translate(env, mmu_idx, addr, attrs, fi); if (fi->s1ptw) { return 0; } @@ -10196,9 +10199,9 @@ static uint64_t arm_ldq_ptw(CPUState *cs, hwaddr addr, bool is_secure, AddressSpace *as; uint64_t data; + addr = S1_ptw_translate(env, mmu_idx, addr, &is_secure, fi); attrs.secure = is_secure; as = arm_addressspace(cs, attrs); - addr = S1_ptw_translate(env, mmu_idx, addr, attrs, fi); if (fi->s1ptw) { return 0; }