Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/817576/?format=api
{ "id": 817576, "url": "http://patchwork.ozlabs.org/api/patches/817576/?format=api", "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/patch/1506092407-26985-13-git-send-email-peter.maydell@linaro.org/", "project": { "id": 14, "url": "http://patchwork.ozlabs.org/api/projects/14/?format=api", "name": "QEMU Development", "link_name": "qemu-devel", "list_id": "qemu-devel.nongnu.org", "list_email": "qemu-devel@nongnu.org", "web_url": "", "scm_url": "", "webscm_url": "", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<1506092407-26985-13-git-send-email-peter.maydell@linaro.org>", "list_archive_url": null, "date": "2017-09-22T14:59:59", "name": "[12/20] target/arm: Add v8M support to exception entry code", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "6b182cee0e12a6bd7ae6a951250507b2204074e9", "submitter": { "id": 5111, "url": "http://patchwork.ozlabs.org/api/people/5111/?format=api", "name": "Peter Maydell", "email": "peter.maydell@linaro.org" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/qemu-devel/patch/1506092407-26985-13-git-send-email-peter.maydell@linaro.org/mbox/", "series": [ { "id": 4650, "url": "http://patchwork.ozlabs.org/api/series/4650/?format=api", "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/list/?series=4650", "date": "2017-09-22T14:59:47", "name": "ARM v8M: exception entry, exit and security", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/4650/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/817576/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/817576/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@bilbo.ozlabs.org", "Authentication-Results": "ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=nongnu.org\n\t(client-ip=2001:4830:134:3::11; helo=lists.gnu.org;\n\tenvelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n\treceiver=<UNKNOWN>)", "Received": [ "from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])\n\t(using TLSv1 with cipher AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xzH802zjdz9sNw\n\tfor <incoming@patchwork.ozlabs.org>;\n\tSat, 23 Sep 2017 01:14:24 +1000 (AEST)", "from localhost ([::1]:59400 helo=lists.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.71) (envelope-from\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)\n\tid 1dvPeo-0003hr-Cu\n\tfor incoming@patchwork.ozlabs.org; Fri, 22 Sep 2017 11:14:22 -0400", "from eggs.gnu.org ([2001:4830:134:3::10]:47213)\n\tby lists.gnu.org with esmtp (Exim 4.71)\n\t(envelope-from <pm215@archaic.org.uk>) id 1dvPQf-00085I-Jd\n\tfor qemu-devel@nongnu.org; Fri, 22 Sep 2017 10:59:50 -0400", "from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)\n\t(envelope-from <pm215@archaic.org.uk>) id 1dvPQd-0004Eu-PV\n\tfor qemu-devel@nongnu.org; Fri, 22 Sep 2017 10:59:45 -0400", "from orth.archaic.org.uk ([2001:8b0:1d0::2]:37568)\n\tby eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)\n\t(Exim 4.71) (envelope-from <pm215@archaic.org.uk>)\n\tid 1dvPQZ-00046S-59; Fri, 22 Sep 2017 10:59:39 -0400", "from pm215 by orth.archaic.org.uk with local (Exim 4.89)\n\t(envelope-from <pm215@archaic.org.uk>)\n\tid 1dvPQY-0007Cx-1Y; Fri, 22 Sep 2017 15:59:38 +0100" ], "From": "Peter Maydell <peter.maydell@linaro.org>", "To": "qemu-arm@nongnu.org,\n\tqemu-devel@nongnu.org", "Date": "Fri, 22 Sep 2017 15:59:59 +0100", "Message-Id": "<1506092407-26985-13-git-send-email-peter.maydell@linaro.org>", "X-Mailer": "git-send-email 2.7.4", "In-Reply-To": "<1506092407-26985-1-git-send-email-peter.maydell@linaro.org>", "References": "<1506092407-26985-1-git-send-email-peter.maydell@linaro.org>", "X-detected-operating-system": "by eggs.gnu.org: Genre and OS details not\n\trecognized.", "X-Received-From": "2001:8b0:1d0::2", "Subject": "[Qemu-devel] [PATCH 12/20] target/arm: Add v8M support to exception\n\tentry code", "X-BeenThere": "qemu-devel@nongnu.org", "X-Mailman-Version": "2.1.21", "Precedence": "list", "List-Id": "<qemu-devel.nongnu.org>", "List-Unsubscribe": "<https://lists.nongnu.org/mailman/options/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>", "List-Archive": "<http://lists.nongnu.org/archive/html/qemu-devel/>", "List-Post": "<mailto:qemu-devel@nongnu.org>", "List-Help": "<mailto:qemu-devel-request@nongnu.org?subject=help>", "List-Subscribe": "<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=subscribe>", "Cc": "patches@linaro.org", "Errors-To": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org", "Sender": "\"Qemu-devel\"\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>" }, "content": "Add support for v8M and in particular the security extension\nto the exception entry code. This requires changes to:\n * calculation of the exception-return magic LR value\n * push the callee-saves registers in certain cases\n * clear registers when taking non-secure exceptions to avoid\n leaking information from the interrupted secure code\n * switch to the correct security state on entry\n * use the vector table for the security state we're targeting\n\nSigned-off-by: Peter Maydell <peter.maydell@linaro.org>\n---\n target/arm/helper.c | 165 +++++++++++++++++++++++++++++++++++++++++++++-------\n 1 file changed, 145 insertions(+), 20 deletions(-)", "diff": "diff --git a/target/arm/helper.c b/target/arm/helper.c\nindex 25f5675..7511566 100644\n--- a/target/arm/helper.c\n+++ b/target/arm/helper.c\n@@ -6200,12 +6200,12 @@ static uint32_t *get_v7m_sp_ptr(CPUARMState *env, bool secure, bool threadmode,\n }\n }\n \n-static uint32_t arm_v7m_load_vector(ARMCPU *cpu)\n+static uint32_t arm_v7m_load_vector(ARMCPU *cpu, bool targets_secure)\n {\n CPUState *cs = CPU(cpu);\n CPUARMState *env = &cpu->env;\n MemTxResult result;\n- hwaddr vec = env->v7m.vecbase[env->v7m.secure] + env->v7m.exception * 4;\n+ hwaddr vec = env->v7m.vecbase[targets_secure] + env->v7m.exception * 4;\n uint32_t addr;\n \n addr = address_space_ldl(cs->as, vec,\n@@ -6217,13 +6217,48 @@ static uint32_t arm_v7m_load_vector(ARMCPU *cpu)\n * Since we don't model Lockup, we just report this guest error\n * via cpu_abort().\n */\n- cpu_abort(cs, \"Failed to read from exception vector table \"\n- \"entry %08x\\n\", (unsigned)vec);\n+ cpu_abort(cs, \"Failed to read from %s exception vector table \"\n+ \"entry %08x\\n\", targets_secure ? \"secure\" : \"nonsecure\",\n+ (unsigned)vec);\n }\n return addr;\n }\n \n-static void v7m_exception_taken(ARMCPU *cpu, uint32_t lr)\n+static void v7m_push_callee_stack(ARMCPU *cpu, uint32_t lr, bool dotailchain)\n+{\n+ /* For v8M, push the callee-saves register part of the stack frame.\n+ * Compare the v8M pseudocode PushCalleeStack().\n+ * In the tailchaining case this may not be the current stack.\n+ */\n+ CPUARMState *env = &cpu->env;\n+ CPUState *cs = CPU(cpu);\n+ uint32_t *frame_sp_p;\n+ uint32_t frameptr;\n+\n+ if (dotailchain) {\n+ frame_sp_p = get_v7m_sp_ptr(env, true,\n+ lr & R_V7M_EXCRET_MODE_MASK,\n+ lr & R_V7M_EXCRET_SPSEL_MASK);\n+ } else {\n+ frame_sp_p = &env->regs[13];\n+ }\n+\n+ frameptr = *frame_sp_p - 0x28;\n+\n+ stl_phys(cs->as, frameptr, 0xfefa125b);\n+ stl_phys(cs->as, frameptr + 0x8, env->regs[4]);\n+ stl_phys(cs->as, frameptr + 0xc, env->regs[5]);\n+ stl_phys(cs->as, frameptr + 0x10, env->regs[6]);\n+ stl_phys(cs->as, frameptr + 0x14, env->regs[7]);\n+ stl_phys(cs->as, frameptr + 0x18, env->regs[8]);\n+ stl_phys(cs->as, frameptr + 0x1c, env->regs[9]);\n+ stl_phys(cs->as, frameptr + 0x20, env->regs[10]);\n+ stl_phys(cs->as, frameptr + 0x24, env->regs[11]);\n+\n+ *frame_sp_p = frameptr;\n+}\n+\n+static void v7m_exception_taken(ARMCPU *cpu, uint32_t lr, bool dotailchain)\n {\n /* Do the \"take the exception\" parts of exception entry,\n * but not the pushing of state to the stack. This is\n@@ -6231,14 +6266,84 @@ static void v7m_exception_taken(ARMCPU *cpu, uint32_t lr)\n */\n CPUARMState *env = &cpu->env;\n uint32_t addr;\n+ bool targets_secure;\n+\n+ targets_secure = armv7m_nvic_acknowledge_irq(env->nvic);\n \n- armv7m_nvic_acknowledge_irq(env->nvic);\n+ if (arm_feature(env, ARM_FEATURE_V8)) {\n+ if (arm_feature(env, ARM_FEATURE_M_SECURITY) &&\n+ (lr & R_V7M_EXCRET_S_MASK)) {\n+ /* The background code (the owner of the registers in the\n+ * exception frame) is Secure. This means it may either already\n+ * have or now needs to push callee-saves registers.\n+ */\n+ if (targets_secure) {\n+ if (dotailchain && !(lr & R_V7M_EXCRET_ES_MASK)) {\n+ /* We took an exception from Secure to NonSecure\n+ * (which means the callee-saved registers got stacked)\n+ * and are now tailchaining to a Secure exception.\n+ * Clear DCRS so eventual return from this Secure\n+ * exception unstacks the callee-saved registers.\n+ */\n+ lr &= ~R_V7M_EXCRET_DCRS_MASK;\n+ }\n+ } else {\n+ /* We're going to a non-secure exception; push the\n+ * callee-saves registers to the stack now, if they're\n+ * not already saved.\n+ */\n+ if (lr & R_V7M_EXCRET_DCRS_MASK &&\n+ !(dotailchain && (lr & R_V7M_EXCRET_ES_MASK))) {\n+ v7m_push_callee_stack(cpu, lr, dotailchain);\n+ }\n+ lr |= R_V7M_EXCRET_DCRS_MASK;\n+ }\n+ }\n+\n+ lr &= ~R_V7M_EXCRET_ES_MASK;\n+ if (targets_secure || !arm_feature(env, ARM_FEATURE_M_SECURITY)) {\n+ lr |= R_V7M_EXCRET_ES_MASK;\n+ }\n+ lr &= ~R_V7M_EXCRET_SPSEL_MASK;\n+ if (env->v7m.control[targets_secure] & R_V7M_CONTROL_SPSEL_MASK) {\n+ lr |= R_V7M_EXCRET_SPSEL_MASK;\n+ }\n+\n+ /* Clear registers if necessary to prevent non-secure exception\n+ * code being able to see register values from secure code.\n+ * Where register values become architecturally UNKNOWN we leave\n+ * them with their previous values.\n+ */\n+ if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {\n+ if (!targets_secure) {\n+ /* Always clear the caller-saved registers (they have been\n+ * pushed to the stack earlier in v7m_push_stack()).\n+ * Clear callee-saved registers if the background code is\n+ * Secure (in which case these regs were saved in\n+ * v7m_push_callee_stack()).\n+ */\n+ int i;\n+\n+ for (i = 0; i < 13; i++) {\n+ /* r4..r11 are callee-saves, zero only if EXCRET.S == 1 */\n+ if (i < 4 || i > 11 || (lr & R_V7M_EXCRET_S_MASK)) {\n+ env->regs[i] = 0;\n+ }\n+ }\n+ /* Clear EAPSR */\n+ xpsr_write(env, 0, XPSR_NZCV | XPSR_Q | XPSR_GE | XPSR_IT);\n+ }\n+ }\n+ }\n+\n+ /* Switch to target security state -- must do this before writing SPSEL */\n+ switch_v7m_security_state(env, targets_secure);\n write_v7m_control_spsel(env, 0);\n arm_clear_exclusive(env);\n /* Clear IT bits */\n env->condexec_bits = 0;\n env->regs[14] = lr;\n- addr = arm_v7m_load_vector(cpu);\n+ addr = arm_v7m_load_vector(cpu, targets_secure);\n env->regs[15] = addr & 0xfffffffe;\n env->thumb = addr & 1;\n }\n@@ -6404,7 +6509,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu)\n if (sfault) {\n env->v7m.sfsr |= R_V7M_SFSR_INVER_MASK;\n armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false);\n- v7m_exception_taken(cpu, excret);\n+ v7m_exception_taken(cpu, excret, true);\n qemu_log_mask(CPU_LOG_INT, \"...taking SecureFault on existing \"\n \"stackframe: failed EXC_RETURN.ES validity check\\n\");\n return;\n@@ -6416,7 +6521,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu)\n */\n env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVPC_MASK;\n armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, env->v7m.secure);\n- v7m_exception_taken(cpu, excret);\n+ v7m_exception_taken(cpu, excret, true);\n qemu_log_mask(CPU_LOG_INT, \"...taking UsageFault on existing \"\n \"stackframe: failed exception return integrity check\\n\");\n return;\n@@ -6464,7 +6569,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu)\n /* Take a SecureFault on the current stack */\n env->v7m.sfsr |= R_V7M_SFSR_INVIS_MASK;\n armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false);\n- v7m_exception_taken(cpu, excret);\n+ v7m_exception_taken(cpu, excret, true);\n qemu_log_mask(CPU_LOG_INT, \"...taking SecureFault on existing \"\n \"stackframe: failed exception return integrity \"\n \"signature check\\n\");\n@@ -6527,7 +6632,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu)\n armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE,\n env->v7m.secure);\n env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVPC_MASK;\n- v7m_exception_taken(cpu, excret);\n+ v7m_exception_taken(cpu, excret, true);\n qemu_log_mask(CPU_LOG_INT, \"...taking UsageFault on existing \"\n \"stackframe: failed exception return integrity \"\n \"check\\n\");\n@@ -6564,7 +6669,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu)\n armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, false);\n env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVPC_MASK;\n v7m_push_stack(cpu);\n- v7m_exception_taken(cpu, excret);\n+ v7m_exception_taken(cpu, excret, false);\n qemu_log_mask(CPU_LOG_INT, \"...taking UsageFault on new stackframe: \"\n \"failed exception return integrity check\\n\");\n return;\n@@ -6708,20 +6813,40 @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)\n return; /* Never happens. Keep compiler happy. */\n }\n \n- lr = R_V7M_EXCRET_RES1_MASK |\n- R_V7M_EXCRET_S_MASK |\n- R_V7M_EXCRET_DCRS_MASK |\n- R_V7M_EXCRET_FTYPE_MASK |\n- R_V7M_EXCRET_ES_MASK;\n- if (env->v7m.control[env->v7m.secure] & R_V7M_CONTROL_SPSEL_MASK) {\n- lr |= R_V7M_EXCRET_SPSEL_MASK;\n+ if (arm_feature(env, ARM_FEATURE_V8)) {\n+ lr = R_V7M_EXCRET_RES1_MASK |\n+ R_V7M_EXCRET_DCRS_MASK |\n+ R_V7M_EXCRET_FTYPE_MASK;\n+ /* The S bit indicates whether we should return to Secure\n+ * or NonSecure (ie our current state).\n+ * The ES bit indicates whether we're taking this exception\n+ * to Secure or NonSecure (ie our target state). We set it\n+ * later, in v7m_exception_taken().\n+ * The SPSEL bit is also set in v7m_exception_taken() for v8M.\n+ * This corresponds to the ARM ARM pseudocode for v8M setting\n+ * some LR bits in PushStack() and some in ExceptionTaken();\n+ * the distinction matters for the tailchain cases where we\n+ * can take an exception without pushing the stack.\n+ */\n+ if (env->v7m.secure) {\n+ lr |= R_V7M_EXCRET_S_MASK;\n+ }\n+ } else {\n+ lr = R_V7M_EXCRET_RES1_MASK |\n+ R_V7M_EXCRET_S_MASK |\n+ R_V7M_EXCRET_DCRS_MASK |\n+ R_V7M_EXCRET_FTYPE_MASK |\n+ R_V7M_EXCRET_ES_MASK;\n+ if (env->v7m.control[M_REG_NS] & R_V7M_CONTROL_SPSEL_MASK) {\n+ lr |= R_V7M_EXCRET_SPSEL_MASK;\n+ }\n }\n if (!arm_v7m_is_handler_mode(env)) {\n lr |= R_V7M_EXCRET_MODE_MASK;\n }\n \n v7m_push_stack(cpu);\n- v7m_exception_taken(cpu, lr);\n+ v7m_exception_taken(cpu, lr, false);\n qemu_log_mask(CPU_LOG_INT, \"... as %d\\n\", env->v7m.exception);\n }\n \n", "prefixes": [ "12/20" ] }