From 9861248f637ecf11113b04b0b5c7b13c9aa06f09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20Denis-Courmont?= Date: Tue, 12 Jan 2021 12:45:07 +0200 Subject: [PATCH] target/arm: set HPFAR_EL2.NS on secure stage 2 faults MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: RĂ©mi Denis-Courmont Reviewed-by: Richard Henderson Message-id: 20210112104511.36576-15-remi.denis.courmont@huawei.com Signed-off-by: Peter Maydell --- target/arm/cpu.h | 2 ++ target/arm/helper.c | 6 ++++++ target/arm/internals.h | 2 ++ target/arm/tlb_helper.c | 3 +++ 4 files changed, 13 insertions(+) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 235df64cd7..b115da5935 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -1484,6 +1484,8 @@ static inline void xpsr_write(CPUARMState *env, uint32_t val, uint32_t mask) #define HCR_TWEDEN (1ULL << 59) #define HCR_TWEDEL MAKE_64BIT_MASK(60, 4) +#define HPFAR_NS (1ULL << 63) + #define SCR_NS (1U << 0) #define SCR_IRQ (1U << 1) #define SCR_FIQ (1U << 2) diff --git a/target/arm/helper.c b/target/arm/helper.c index fae5611c60..79164a03e0 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -3445,6 +3445,9 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value, target_el = 3; } else { env->cp15.hpfar_el2 = extract64(fi.s2addr, 12, 47) << 4; + if (arm_is_secure_below_el3(env) && fi.s1ns) { + env->cp15.hpfar_el2 |= HPFAR_NS; + } target_el = 2; } take_exc = true; @@ -10427,6 +10430,7 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx, fi->s2addr = addr; fi->stage2 = true; fi->s1ptw = true; + fi->s1ns = !*is_secure; return ~0; } if ((arm_hcr_el2_eff(env) & HCR_PTW) && @@ -10439,6 +10443,7 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx, fi->s2addr = addr; fi->stage2 = true; fi->s1ptw = true; + fi->s1ns = !*is_secure; return ~0; } @@ -11356,6 +11361,7 @@ do_fault: /* Tag the error as S2 for failed S1 PTW at S2 or ordinary S2. */ fi->stage2 = fi->s1ptw || (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S); + fi->s1ns = mmu_idx == ARMMMUIdx_Stage2; return true; } diff --git a/target/arm/internals.h b/target/arm/internals.h index 3aec10263e..27cc93f15a 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -593,6 +593,7 @@ typedef enum ARMFaultType { * @s2addr: Address that caused a fault at stage 2 * @stage2: True if we faulted at stage 2 * @s1ptw: True if we faulted at stage 2 while doing a stage 1 page-table walk + * @s1ns: True if we faulted on a non-secure IPA while in secure state * @ea: True if we should set the EA (external abort type) bit in syndrome */ typedef struct ARMMMUFaultInfo ARMMMUFaultInfo; @@ -603,6 +604,7 @@ struct ARMMMUFaultInfo { int domain; bool stage2; bool s1ptw; + bool s1ns; bool ea; }; diff --git a/target/arm/tlb_helper.c b/target/arm/tlb_helper.c index b35dc8a011..df85079d9f 100644 --- a/target/arm/tlb_helper.c +++ b/target/arm/tlb_helper.c @@ -63,6 +63,9 @@ static void QEMU_NORETURN arm_deliver_fault(ARMCPU *cpu, vaddr addr, if (fi->stage2) { target_el = 2; env->cp15.hpfar_el2 = extract64(fi->s2addr, 12, 47) << 4; + if (arm_is_secure_below_el3(env) && fi->s1ns) { + env->cp15.hpfar_el2 |= HPFAR_NS; + } } same_el = (arm_current_el(env) == target_el);