From ce8872709fbfe93a2e7b90f066b7915b2a05a0d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20Denis-Courmont?= Date: Thu, 4 Mar 2021 14:54:30 -0500 Subject: [PATCH] target/arm: set HPFAR_EL2.NS on secure stage 2 faults Backport 9861248f637ecf11113b04b0b5c7b13c9aa06f09 --- qemu/target/arm/cpu.h | 2 ++ qemu/target/arm/helper.c | 6 ++++++ qemu/target/arm/internals.h | 2 ++ qemu/target/arm/tlb_helper.c | 3 +++ 4 files changed, 13 insertions(+) diff --git a/qemu/target/arm/cpu.h b/qemu/target/arm/cpu.h index c689a69a..4935b099 100644 --- a/qemu/target/arm/cpu.h +++ b/qemu/target/arm/cpu.h @@ -1359,6 +1359,8 @@ static inline void xpsr_write(CPUARMState *env, uint32_t val, uint32_t mask) #define HCR_TWEDEN (1ULL << 59) #define HCR_TWEDEL MAKE_64BIT_MASK(60, 4) +#define HPFAR_NS (1ULL << 63) + #define SCR_NS (1U << 0) #define SCR_IRQ (1U << 1) #define SCR_FIQ (1U << 2) diff --git a/qemu/target/arm/helper.c b/qemu/target/arm/helper.c index 41f611bf..eee3f257 100644 --- a/qemu/target/arm/helper.c +++ b/qemu/target/arm/helper.c @@ -3137,6 +3137,9 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value, target_el = 3; } else { env->cp15.hpfar_el2 = extract64(fi.s2addr, 12, 47) << 4; + if (arm_is_secure_below_el3(env) && fi.s1ns) { + env->cp15.hpfar_el2 |= HPFAR_NS; + } target_el = 2; } take_exc = true; @@ -10151,6 +10154,7 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx, fi->s2addr = addr; fi->stage2 = true; fi->s1ptw = true; + fi->s1ns = !*is_secure; return ~0; } if ((arm_hcr_el2_eff(env) & HCR_PTW) && @@ -10163,6 +10167,7 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx, fi->s2addr = addr; fi->stage2 = true; fi->s1ptw = true; + fi->s1ns = !*is_secure; return ~0; } @@ -11096,6 +11101,7 @@ do_fault: /* Tag the error as S2 for failed S1 PTW at S2 or ordinary S2. */ fi->stage2 = fi->s1ptw || (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S); + fi->s1ns = mmu_idx == ARMMMUIdx_Stage2; return true; } diff --git a/qemu/target/arm/internals.h b/qemu/target/arm/internals.h index 10a4f4b8..622c1ae9 100644 --- a/qemu/target/arm/internals.h +++ b/qemu/target/arm/internals.h @@ -595,6 +595,7 @@ typedef enum ARMFaultType { * @s2addr: Address that caused a fault at stage 2 * @stage2: True if we faulted at stage 2 * @s1ptw: True if we faulted at stage 2 while doing a stage 1 page-table walk + * @s1ns: True if we faulted on a non-secure IPA while in secure state * @ea: True if we should set the EA (external abort type) bit in syndrome */ typedef struct ARMMMUFaultInfo ARMMMUFaultInfo; @@ -605,6 +606,7 @@ struct ARMMMUFaultInfo { int domain; bool stage2; bool s1ptw; + bool s1ns; bool ea; }; diff --git a/qemu/target/arm/tlb_helper.c b/qemu/target/arm/tlb_helper.c index 308918b3..e421a17a 100644 --- a/qemu/target/arm/tlb_helper.c +++ b/qemu/target/arm/tlb_helper.c @@ -63,6 +63,9 @@ static void QEMU_NORETURN arm_deliver_fault(ARMCPU *cpu, vaddr addr, if (fi->stage2) { target_el = 2; env->cp15.hpfar_el2 = extract64(fi->s2addr, 12, 47) << 4; + if (arm_is_secure_below_el3(env) && fi->s1ns) { + env->cp15.hpfar_el2 |= HPFAR_NS; + } } same_el = (arm_current_el(env) == target_el);