[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 4/7] target/arm: Fix Privileged Access Never (PAN) for aarch32
|
From: |
Peter Maydell |
|
Subject: |
[PULL 4/7] target/arm: Fix Privileged Access Never (PAN) for aarch32 |
|
Date: |
Fri, 4 Nov 2022 11:35:12 +0000 |
From: Timofey Kutergin <tkutergin@gmail.com>
When we implemented the PAN support we theoretically wanted
to support it for both AArch32 and AArch64, but in practice
several bugs made it essentially unusable with an AArch32
guest. Fix all those problems:
- Use CPSR.PAN to check for PAN state in aarch32 mode
- throw permission fault during address translation when PAN is
enabled and kernel tries to access user acessible page
- ignore SCTLR_XP bit for armv7 and armv8 (conflicts with SCTLR_SPAN).
Signed-off-by: Timofey Kutergin <tkutergin@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20221027112619.2205229-1-tkutergin@gmail.com
[PMM: tweak commit message]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/helper.c | 13 +++++++++++--
target/arm/ptw.c | 35 ++++++++++++++++++++++++++++++-----
2 files changed, 41 insertions(+), 7 deletions(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index efbdc657a2d..077581187e7 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11003,6 +11003,15 @@ ARMMMUIdx arm_v7m_mmu_idx_for_secstate(CPUARMState
*env, bool secstate)
}
#endif
+static bool arm_pan_enabled(CPUARMState *env)
+{
+ if (is_a64(env)) {
+ return env->pstate & PSTATE_PAN;
+ } else {
+ return env->uncached_cpsr & CPSR_PAN;
+ }
+}
+
ARMMMUIdx arm_mmu_idx_el(CPUARMState *env, int el)
{
ARMMMUIdx idx;
@@ -11023,7 +11032,7 @@ ARMMMUIdx arm_mmu_idx_el(CPUARMState *env, int el)
}
break;
case 1:
- if (env->pstate & PSTATE_PAN) {
+ if (arm_pan_enabled(env)) {
idx = ARMMMUIdx_E10_1_PAN;
} else {
idx = ARMMMUIdx_E10_1;
@@ -11032,7 +11041,7 @@ ARMMMUIdx arm_mmu_idx_el(CPUARMState *env, int el)
case 2:
/* Note that TGE does not apply at EL2. */
if (arm_hcr_el2_eff(env) & HCR_E2H) {
- if (env->pstate & PSTATE_PAN) {
+ if (arm_pan_enabled(env)) {
idx = ARMMMUIdx_E20_2_PAN;
} else {
idx = ARMMMUIdx_E20_2;
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 58a7bbda505..e04dccff44f 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -503,12 +503,11 @@ static bool get_level1_table_address(CPUARMState *env,
ARMMMUIdx mmu_idx,
* @mmu_idx: MMU index indicating required translation regime
* @ap: The 3-bit access permissions (AP[2:0])
* @domain_prot: The 2-bit domain access permissions
+ * @is_user: TRUE if accessing from PL0
*/
-static int ap_to_rw_prot(CPUARMState *env, ARMMMUIdx mmu_idx,
- int ap, int domain_prot)
+static int ap_to_rw_prot_is_user(CPUARMState *env, ARMMMUIdx mmu_idx,
+ int ap, int domain_prot, bool is_user)
{
- bool is_user = regime_is_user(env, mmu_idx);
-
if (domain_prot == 3) {
return PAGE_READ | PAGE_WRITE;
}
@@ -552,6 +551,20 @@ static int ap_to_rw_prot(CPUARMState *env, ARMMMUIdx
mmu_idx,
}
}
+/*
+ * Translate section/page access permissions to page R/W protection flags
+ * @env: CPUARMState
+ * @mmu_idx: MMU index indicating required translation regime
+ * @ap: The 3-bit access permissions (AP[2:0])
+ * @domain_prot: The 2-bit domain access permissions
+ */
+static int ap_to_rw_prot(CPUARMState *env, ARMMMUIdx mmu_idx,
+ int ap, int domain_prot)
+{
+ return ap_to_rw_prot_is_user(env, mmu_idx, ap, domain_prot,
+ regime_is_user(env, mmu_idx));
+}
+
/*
* Translate section/page access permissions to page R/W protection flags.
* @ap: The 2-bit simple AP (AP[2:1])
@@ -720,6 +733,7 @@ static bool get_phys_addr_v6(CPUARMState *env, S1Translate
*ptw,
hwaddr phys_addr;
uint32_t dacr;
bool ns;
+ int user_prot;
/* Pagetable walk. */
/* Lookup l1 descriptor. */
@@ -831,8 +845,10 @@ static bool get_phys_addr_v6(CPUARMState *env, S1Translate
*ptw,
goto do_fault;
}
result->f.prot = simple_ap_to_rw_prot(env, mmu_idx, ap >> 1);
+ user_prot = simple_ap_to_rw_prot_is_user(ap >> 1, 1);
} else {
result->f.prot = ap_to_rw_prot(env, mmu_idx, ap, domain_prot);
+ user_prot = ap_to_rw_prot_is_user(env, mmu_idx, ap, domain_prot,
1);
}
if (result->f.prot && !xn) {
result->f.prot |= PAGE_EXEC;
@@ -842,6 +858,14 @@ static bool get_phys_addr_v6(CPUARMState *env, S1Translate
*ptw,
fi->type = ARMFault_Permission;
goto do_fault;
}
+ if (regime_is_pan(env, mmu_idx) &&
+ !regime_is_user(env, mmu_idx) &&
+ user_prot &&
+ access_type != MMU_INST_FETCH) {
+ /* Privileged Access Never fault */
+ fi->type = ARMFault_Permission;
+ goto do_fault;
+ }
}
if (ns) {
/* The NS bit will (as required by the architecture) have no effect if
@@ -2773,7 +2797,8 @@ static bool get_phys_addr_with_struct(CPUARMState *env,
S1Translate *ptw,
if (regime_using_lpae_format(env, mmu_idx)) {
return get_phys_addr_lpae(env, ptw, address, access_type, false,
result, fi);
- } else if (regime_sctlr(env, mmu_idx) & SCTLR_XP) {
+ } else if (arm_feature(env, ARM_FEATURE_V7) ||
+ regime_sctlr(env, mmu_idx) & SCTLR_XP) {
return get_phys_addr_v6(env, ptw, address, access_type, result, fi);
} else {
return get_phys_addr_v5(env, ptw, address, access_type, result, fi);
--
2.25.1
- [PULL 0/7] target-arm queue, Peter Maydell, 2022/11/04
- [PULL 1/7] hw/arm/boot: Set SME and SVE EL3 vector lengths when booting kernel, Peter Maydell, 2022/11/04
- [PULL 2/7] hw/arm/boot: Set SCR_EL3.HXEn when booting kernel, Peter Maydell, 2022/11/04
- [PULL 3/7] target/arm: Make TLBIOS and TLBIRANGE ops trap on HCR_EL2.TTLB, Peter Maydell, 2022/11/04
- [PULL 6/7] target/arm: Honor HCR_E2H and HCR_TGE in ats_write64(), Peter Maydell, 2022/11/04
- [PULL 4/7] target/arm: Fix Privileged Access Never (PAN) for aarch32,
Peter Maydell <=
- [PULL 5/7] target/arm: Copy the entire vector in DO_ZIP, Peter Maydell, 2022/11/04
- [PULL 7/7] target/arm: Two fixes for secure ptw, Peter Maydell, 2022/11/04
- Re: [PULL 0/7] target-arm queue, Stefan Hajnoczi, 2022/11/07