[Qemu-devel] [PATCH] target/arm: v8M MPU should use background region as default, not always

[Qemu-devel] [PATCH] target/arm: v8M MPU should use background region as default, not always

[Peter Maydell]

The "background region" for a v8M MPU is a default which will be used
(if enabled, and if the access is privileged) if the access does
not match any specific MPU region. We were incorrectly using it
always (by putting the condition at the wrong nesting level). This
meant that we would always return the default background permissions
rather than the correct permissions for a specific region, and also
that we would not return the right information in response to a
TT instruction.

Move the check for the background region to the same place in the
logic as the equivalent v8M MPUCheck() pseudocode puts it.
This in turn means we must adjust the condition we use to detect
matches in multiple regions to avoid false-positives.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
I found this because the incorrect TT response eventually resulted
in the Zephyr RTOS writing an invalid region number back to the
NVIC and tripping the guest_errors logging.
---
 target/arm/helper.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 0f5eb3229b7..d3e15585c25 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11291,9 +11291,11 @@ static bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
         hit = true;
     } else if (m_is_ppb_region(env, address)) {
         hit = true;
-    } else if (pmsav7_use_background_region(cpu, mmu_idx, is_user)) {
-        hit = true;
     } else {
+        if (pmsav7_use_background_region(cpu, mmu_idx, is_user)) {
+            hit = true;
+        }
+
         for (n = (int)cpu->pmsav7_dregion - 1; n >= 0; n--) {
             /* region search */
             /* Note that the base address is bits [31:5] from the register
@@ -11331,7 +11333,7 @@ static bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
                 *is_subpage = true;
             }
 
-            if (hit) {
+            if (matchregion != -1) {
                 /* Multiple regions match -- always a failure (unlike
                  * PMSAv7 where highest-numbered-region wins)
                  */
-- 
2.20.1

Re: [Qemu-devel] [PATCH] target/arm: v8M MPU should use background region as default, not always

[Richard Henderson]

On 2/14/19 3:34 AM, Peter Maydell wrote:
> The "background region" for a v8M MPU is a default which will be used
> (if enabled, and if the access is privileged) if the access does
> not match any specific MPU region. We were incorrectly using it
> always (by putting the condition at the wrong nesting level). This
> meant that we would always return the default background permissions
> rather than the correct permissions for a specific region, and also
> that we would not return the right information in response to a
> TT instruction.
> 
> Move the check for the background region to the same place in the
> logic as the equivalent v8M MPUCheck() pseudocode puts it.
> This in turn means we must adjust the condition we use to detect
> matches in multiple regions to avoid false-positives.
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
> I found this because the incorrect TT response eventually resulted
> in the Zephyr RTOS writing an invalid region number back to the
> NVIC and tripping the guest_errors logging.
> ---
>  target/arm/helper.c | 8 +++++---
>  1 file changed, 5 insertions(+), 3 deletions(-)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~