[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 21/26] target/arm: Get correct MMU index for other-security-state
From: |
Peter Maydell |
Subject: |
[PULL 21/26] target/arm: Get correct MMU index for other-security-state |
Date: |
Mon, 2 Nov 2020 17:10:00 +0000 |
In arm_v7m_mmu_idx_for_secstate() we get the 'priv' level to pass to
armv7m_mmu_idx_for_secstate_and_priv() by calling arm_current_el().
This is incorrect when the security state being queried is not the
current one, because arm_current_el() uses the current security state
to determine which of the banked CONTROL.nPRIV bits to look at.
The effect was that if (for instance) Secure state was in privileged
mode but Non-Secure was not then we would return the wrong MMU index.
The only places where we are using this function in a way that could
trigger this bug are for the stack loads during a v8M function-return
and for the instruction fetch of a v8M SG insn.
Fix the bug by expanding out the M-profile version of the
arm_current_el() logic inline so it can use the passed in secstate
rather than env->v7m.secure.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20201022164408.13214-1-peter.maydell@linaro.org
---
target/arm/m_helper.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
index 036454234c7..aad01ea0127 100644
--- a/target/arm/m_helper.c
+++ b/target/arm/m_helper.c
@@ -2719,7 +2719,8 @@ ARMMMUIdx
arm_v7m_mmu_idx_for_secstate_and_priv(CPUARMState *env,
/* Return the MMU index for a v7M CPU in the specified security state */
ARMMMUIdx arm_v7m_mmu_idx_for_secstate(CPUARMState *env, bool secstate)
{
- bool priv = arm_current_el(env) != 0;
+ bool priv = arm_v7m_is_handler_mode(env) ||
+ !(env->v7m.control[secstate] & 1);
return arm_v7m_mmu_idx_for_secstate_and_priv(env, secstate, priv);
}
--
2.20.1
- [PULL 12/26] target/arm: Fix float16 pairwise Neon ops on big-endian hosts, (continued)
- [PULL 12/26] target/arm: Fix float16 pairwise Neon ops on big-endian hosts, Peter Maydell, 2020/11/02
- [PULL 10/26] target/arm: Simplify do_long_3d and do_2scalar_long, Peter Maydell, 2020/11/02
- [PULL 13/26] target/arm: Fix VUDOT/VSDOT (scalar) on big-endian hosts, Peter Maydell, 2020/11/02
- [PULL 17/26] hw/arm/smmuv3: Fix potential integer overflow (CID 1432363), Peter Maydell, 2020/11/02
- [PULL 16/26] disas/capstone: Fix monitor disassembly of >32 bytes, Peter Maydell, 2020/11/02
- [PULL 19/26] hw/display/omap_lcdc: Fix potential NULL pointer dereference, Peter Maydell, 2020/11/02
- [PULL 15/26] target/arm: fix LORID_EL1 access check, Peter Maydell, 2020/11/02
- [PULL 18/26] hw/arm/boot: fix SVE for EL3 direct kernel boot, Peter Maydell, 2020/11/02
- [PULL 14/26] target/arm: fix handling of HCR.FB, Peter Maydell, 2020/11/02
- [PULL 20/26] hw/display/exynos4210_fimd: Fix potential NULL pointer dereference, Peter Maydell, 2020/11/02
- [PULL 21/26] target/arm: Get correct MMU index for other-security-state,
Peter Maydell <=
- [PULL 23/26] hw/intc/arm_gicv3_cpuif: Make GIC maintenance interrupts work, Peter Maydell, 2020/11/02
- [PULL 22/26] configure: Test that gio libs from pkg-config work, Peter Maydell, 2020/11/02
- [PULL 25/26] qemu-option-trace.rst.inc: Don't use option:: markup, Peter Maydell, 2020/11/02
- [PULL 24/26] scripts/kerneldoc: For Sphinx 3 use c:macro for macros with arguments, Peter Maydell, 2020/11/02
- [PULL 26/26] tests/qtest/npcm7xx_rng-test: Disable randomness tests, Peter Maydell, 2020/11/02
- Re: [PULL 00/26] target-arm queue, Peter Maydell, 2020/11/03