In get_phys_addr_twostage() when we set up the stage 2 translation,
we currently incorrectly set all of in_mmu_idx, in_ptw_idx and
in_secure based on s2walk_secure.
Here s2walk_secure is true if we should be doing this stage 2
walk to physical memory. ipa_secure is true if the intermediate
physical address we got from stage 1 is secure. The VSTCR_EL2.SW
and VTCR_EL2.NSW bits allow the guest to configure secure EL2
so that these two things are different, eg:
* a stage 2 walk for an NS IPA done to secure physical memory
(where the translation table base address and other parameters
for the walk come from the NS control registers VTTBR_EL2
and VTCR_EL2)
* a stage 2 walk for an S IPA done to non-secure physical memory
(where the parameters from the walk come from the S control
registers VSTTBR_EL2 and VSTCR_EL2)
To tell get_phys_addr_lpae() to do this, we need to pass in an
in_mmu_idx based on ipa_secure, and an in_ptw_idx based on
s2walk_secure. The in_secure parameter follows in_mmu_idx, as usual.
Note that this change relies on fixes in the previous two commits
("Don't allow stage 2 page table walks to downgrade to NS" and
"Set ptw->out_secure correctly for stage 2 translations").
Cc:qemu-stable@nongnu.org
Resolves:https://gitlab.com/qemu-project/qemu/-/issues/1600
Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
---
This change also means that v8M, which also uses
get_phys_addr_twostage(), is no longer using a ptw->in_mmu_idx
calculated based on s2walk_secure, which was always a little
strange given that v8M doesn't do any kind of s2 walk, even
though it didn't produce incorrect behaviour.
---
target/arm/ptw.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)