From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Cc: qemu-arm@nongnu.org, Peter Maydell <peter.maydell@linaro.org>
Subject: [PATCH for-8.0 v4 10/21] target/arm: Pipe ARMSecuritySpace through ptw.c
Date: Mon, 27 Feb 2023 13:01:11 -1000 [thread overview]
Message-ID: <20230227230122.816702-11-richard.henderson@linaro.org> (raw)
In-Reply-To: <20230227230122.816702-1-richard.henderson@linaro.org>
Add input and output space members to S1Translate.
Set and adjust them in S1_ptw_translate, and the
various points at which we drop secure state.
Initialize the space in get_phys_addr; for now
leave get_phys_addr_with_secure considering only
secure vs non-secure spaces.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 98 ++++++++++++++++++++++++++++++++++++++----------
1 file changed, 78 insertions(+), 20 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 1a51add39c..75f276b520 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -19,11 +19,13 @@
typedef struct S1Translate {
ARMMMUIdx in_mmu_idx;
ARMMMUIdx in_ptw_idx;
+ ARMSecuritySpace in_space;
bool in_secure;
bool in_debug;
bool out_secure;
bool out_rw;
bool out_be;
+ ARMSecuritySpace out_space;
hwaddr out_virt;
hwaddr out_phys;
void *out_host;
@@ -216,6 +218,7 @@ static bool S2_attrs_are_device(uint64_t hcr, uint8_t attrs)
static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
hwaddr addr, ARMMMUFaultInfo *fi)
{
+ ARMSecuritySpace space = ptw->in_space;
bool is_secure = ptw->in_secure;
ARMMMUIdx mmu_idx = ptw->in_mmu_idx;
ARMMMUIdx s2_mmu_idx = ptw->in_ptw_idx;
@@ -232,7 +235,8 @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
if (regime_is_stage2(s2_mmu_idx)) {
S1Translate s2ptw = {
.in_mmu_idx = s2_mmu_idx,
- .in_ptw_idx = is_secure ? ARMMMUIdx_Phys_S : ARMMMUIdx_Phys_NS,
+ .in_ptw_idx = arm_space_to_phys(space),
+ .in_space = space,
.in_secure = is_secure,
.in_debug = true,
};
@@ -294,10 +298,17 @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
}
/* Check if page table walk is to secure or non-secure PA space. */
- ptw->out_secure = (is_secure
- && !(pte_secure
+ if (is_secure) {
+ bool out_secure = !(pte_secure
? env->cp15.vstcr_el2 & VSTCR_SW
- : env->cp15.vtcr_el2 & VTCR_NSW));
+ : env->cp15.vtcr_el2 & VTCR_NSW);
+ if (!out_secure) {
+ is_secure = false;
+ space = ARMSS_NonSecure;
+ }
+ }
+ ptw->out_secure = is_secure;
+ ptw->out_space = space;
ptw->out_be = regime_translation_big_endian(env, mmu_idx);
return true;
@@ -328,7 +339,10 @@ static uint32_t arm_ldl_ptw(CPUARMState *env, S1Translate *ptw,
}
} else {
/* Page tables are in MMIO. */
- MemTxAttrs attrs = { .secure = ptw->out_secure };
+ MemTxAttrs attrs = {
+ .secure = ptw->out_secure,
+ .space = ptw->out_space,
+ };
AddressSpace *as = arm_addressspace(cs, attrs);
MemTxResult result = MEMTX_OK;
@@ -371,7 +385,10 @@ static uint64_t arm_ldq_ptw(CPUARMState *env, S1Translate *ptw,
#endif
} else {
/* Page tables are in MMIO. */
- MemTxAttrs attrs = { .secure = ptw->out_secure };
+ MemTxAttrs attrs = {
+ .secure = ptw->out_secure,
+ .space = ptw->out_space,
+ };
AddressSpace *as = arm_addressspace(cs, attrs);
MemTxResult result = MEMTX_OK;
@@ -877,6 +894,7 @@ static bool get_phys_addr_v6(CPUARMState *env, S1Translate *ptw,
* regime, because the attribute will already be non-secure.
*/
result->f.attrs.secure = false;
+ result->f.attrs.space = ARMSS_NonSecure;
}
result->f.phys_addr = phys_addr;
return false;
@@ -1581,6 +1599,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
* regime, because the attribute will already be non-secure.
*/
result->f.attrs.secure = false;
+ result->f.attrs.space = ARMSS_NonSecure;
}
/* When in aarch64 mode, and BTI is enabled, remember GP in the TLB. */
@@ -2365,6 +2384,7 @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
*/
if (sattrs.ns) {
result->f.attrs.secure = false;
+ result->f.attrs.space = ARMSS_NonSecure;
} else if (!secure) {
/*
* NS access to S memory must fault.
@@ -2714,6 +2734,7 @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
bool is_secure = ptw->in_secure;
bool ret, ipa_secure, s2walk_secure;
ARMCacheAttrs cacheattrs1;
+ ARMSecuritySpace ipa_space, s2walk_space;
bool is_el0;
uint64_t hcr;
@@ -2726,20 +2747,24 @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
ipa = result->f.phys_addr;
ipa_secure = result->f.attrs.secure;
+ ipa_space = result->f.attrs.space;
if (is_secure) {
/* Select TCR based on the NS bit from the S1 walk. */
s2walk_secure = !(ipa_secure
? env->cp15.vstcr_el2 & VSTCR_SW
: env->cp15.vtcr_el2 & VTCR_NSW);
+ s2walk_space = arm_secure_to_space(s2walk_secure);
} else {
assert(!ipa_secure);
s2walk_secure = false;
+ s2walk_space = ipa_space;
}
is_el0 = ptw->in_mmu_idx == ARMMMUIdx_Stage1_E0;
ptw->in_mmu_idx = s2walk_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
- ptw->in_ptw_idx = s2walk_secure ? ARMMMUIdx_Phys_S : ARMMMUIdx_Phys_NS;
+ ptw->in_ptw_idx = arm_space_to_phys(s2walk_space);
ptw->in_secure = s2walk_secure;
+ ptw->in_space = s2walk_space;
/*
* S1 is done, now do S2 translation.
@@ -2827,11 +2852,12 @@ static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw,
ARMMMUIdx s1_mmu_idx;
/*
- * The page table entries may downgrade secure to non-secure, but
- * cannot upgrade an non-secure translation regime's attributes
- * to secure.
+ * The page table entries may downgrade Secure to NonSecure, but
+ * cannot upgrade a NonSecure translation regime's attributes
+ * to Secure or Realm.
*/
result->f.attrs.secure = is_secure;
+ result->f.attrs.space = ptw->in_space;
switch (mmu_idx) {
case ARMMMUIdx_Phys_S:
@@ -2873,7 +2899,7 @@ static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw,
default:
/* Single stage and second stage uses physical for ptw. */
- ptw->in_ptw_idx = is_secure ? ARMMMUIdx_Phys_S : ARMMMUIdx_Phys_NS;
+ ptw->in_ptw_idx = arm_space_to_phys(ptw->in_space);
break;
}
@@ -2948,6 +2974,7 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
S1Translate ptw = {
.in_mmu_idx = mmu_idx,
.in_secure = is_secure,
+ .in_space = arm_secure_to_space(is_secure),
};
return get_phys_addr_with_struct(env, &ptw, address, access_type,
result, fi);
@@ -2957,7 +2984,10 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
{
- bool is_secure;
+ S1Translate ptw = {
+ .in_mmu_idx = mmu_idx,
+ };
+ ARMSecuritySpace ss;
switch (mmu_idx) {
case ARMMMUIdx_E10_0:
@@ -2970,30 +3000,55 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
case ARMMMUIdx_Stage1_E1:
case ARMMMUIdx_Stage1_E1_PAN:
case ARMMMUIdx_E2:
- is_secure = arm_is_secure_below_el3(env);
+ ss = arm_security_space_below_el3(env);
break;
case ARMMMUIdx_Stage2:
+ /*
+ * For Secure EL2, we need this index to be NonSecure;
+ * otherwise this will already be NonSecure or Realm.
+ */
+ ss = arm_security_space_below_el3(env);
+ if (ss == ARMSS_Secure) {
+ ss = ARMSS_NonSecure;
+ }
+ break;
case ARMMMUIdx_Phys_NS:
case ARMMMUIdx_MPrivNegPri:
case ARMMMUIdx_MUserNegPri:
case ARMMMUIdx_MPriv:
case ARMMMUIdx_MUser:
- is_secure = false;
+ ss = ARMSS_NonSecure;
break;
- case ARMMMUIdx_E3:
case ARMMMUIdx_Stage2_S:
case ARMMMUIdx_Phys_S:
case ARMMMUIdx_MSPrivNegPri:
case ARMMMUIdx_MSUserNegPri:
case ARMMMUIdx_MSPriv:
case ARMMMUIdx_MSUser:
- is_secure = true;
+ ss = ARMSS_Secure;
+ break;
+ case ARMMMUIdx_E3:
+ if (arm_feature(env, ARM_FEATURE_AARCH64) &&
+ cpu_isar_feature(aa64_rme, env_archcpu(env))) {
+ ss = ARMSS_Root;
+ } else {
+ ss = ARMSS_Secure;
+ }
+ break;
+ case ARMMMUIdx_Phys_Root:
+ ss = ARMSS_Root;
+ break;
+ case ARMMMUIdx_Phys_Realm:
+ ss = ARMSS_Realm;
break;
default:
g_assert_not_reached();
}
- return get_phys_addr_with_secure(env, address, access_type, mmu_idx,
- is_secure, result, fi);
+
+ ptw.in_space = ss;
+ ptw.in_secure = arm_space_is_secure(ss);
+ return get_phys_addr_with_struct(env, &ptw, address, access_type,
+ result, fi);
}
hwaddr arm_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
@@ -3001,9 +3056,12 @@ hwaddr arm_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
{
ARMCPU *cpu = ARM_CPU(cs);
CPUARMState *env = &cpu->env;
+ ARMMMUIdx mmu_idx = arm_mmu_idx(env);
+ ARMSecuritySpace ss = arm_security_space(env);
S1Translate ptw = {
- .in_mmu_idx = arm_mmu_idx(env),
- .in_secure = arm_is_secure(env),
+ .in_mmu_idx = mmu_idx,
+ .in_space = ss,
+ .in_secure = arm_space_is_secure(ss),
.in_debug = true,
};
GetPhysAddrResult res = {};
--
2.34.1
next prev parent reply other threads:[~2023-02-27 23:04 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-27 23:01 [PATCH for-8.0 v4 00/21] target/arm: Implement FEAT_RME Richard Henderson
2023-02-27 23:01 ` [PATCH for-8.0 v4 01/21] target/arm: Add isar_feature_aa64_rme Richard Henderson
2023-02-27 23:01 ` [PATCH for-8.0 v4 02/21] target/arm: Update SCR and HCR for RME Richard Henderson
2023-02-27 23:01 ` [PATCH for-8.0 v4 03/21] target/arm: SCR_EL3.NS may be RES1 Richard Henderson
2023-02-27 23:01 ` [PATCH for-8.0 v4 04/21] target/arm: Add RME cpregs Richard Henderson
2023-02-27 23:01 ` [PATCH for-8.0 v4 05/21] target/arm: Introduce ARMSecuritySpace Richard Henderson
2023-02-27 23:01 ` [PATCH for-8.0 v4 06/21] include/exec/memattrs: Add two bits of space to MemTxAttrs Richard Henderson
2023-02-27 23:01 ` [PATCH for-8.0 v4 07/21] target/arm: Adjust the order of Phys and Stage2 ARMMMUIdx Richard Henderson
2023-02-27 23:01 ` [PATCH for-8.0 v4 08/21] target/arm: Introduce ARMMMUIdx_Phys_{Realm, Root} Richard Henderson
2023-02-27 23:01 ` [PATCH for-8.0 v4 09/21] target/arm: Remove __attribute__((nonnull)) from ptw.c Richard Henderson
2023-02-27 23:01 ` Richard Henderson [this message]
2023-02-27 23:01 ` [PATCH for-8.0 v4 11/21] target/arm: NSTable is RES0 for the RME EL3 regime Richard Henderson
2023-02-27 23:01 ` [PATCH for-8.0 v4 12/21] target/arm: Handle Block and Page bits for security space Richard Henderson
2023-02-27 23:01 ` [PATCH for-8.0 v4 13/21] target/arm: Handle no-execute for Realm and Root regimes Richard Henderson
2023-02-27 23:01 ` [PATCH for-8.0 v4 14/21] target/arm: Use get_phys_addr_with_struct in S1_ptw_translate Richard Henderson
2023-02-27 23:01 ` [PATCH for-8.0 v4 15/21] target/arm: Move s1_is_el0 into S1Translate Richard Henderson
2023-02-27 23:01 ` [PATCH for-8.0 v4 16/21] target/arm: Use get_phys_addr_with_struct for stage2 Richard Henderson
2023-02-27 23:01 ` [PATCH for-8.0 v4 17/21] target/arm: Add GPC syndrome Richard Henderson
2023-02-27 23:01 ` [PATCH for-8.0 v4 18/21] target/arm: Implement GPC exceptions Richard Henderson
2023-02-27 23:01 ` [PATCH for-8.0 v4 19/21] target/arm: Implement the granule protection check Richard Henderson
2023-02-27 23:01 ` [PATCH for-8.0 v4 20/21] NOTFORMERGE target/arm: Enable RME for -cpu max Richard Henderson
2023-02-27 23:01 ` [PATCH for-8.0 v4 21/21] NOTFORMERGE hw/arm/virt: Add some memory for Realm Management Monitor Richard Henderson
2023-02-27 23:09 ` [PATCH for-8.0 v4 00/21] target/arm: Implement FEAT_RME Richard Henderson
2023-03-03 14:29 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230227230122.816702-11-richard.henderson@linaro.org \
--to=richard.henderson@linaro.org \
--cc=peter.maydell@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.