Patch Detail

HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 817578,
    "url": "http://patchwork.ozlabs.org/api/patches/817578/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/patch/1506092407-26985-18-git-send-email-peter.maydell@linaro.org/",
    "project": {
        "id": 14,
        "url": "http://patchwork.ozlabs.org/api/projects/14/?format=api",
        "name": "QEMU Development",
        "link_name": "qemu-devel",
        "list_id": "qemu-devel.nongnu.org",
        "list_email": "qemu-devel@nongnu.org",
        "web_url": "",
        "scm_url": "",
        "webscm_url": "",
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<1506092407-26985-18-git-send-email-peter.maydell@linaro.org>",
    "list_archive_url": null,
    "date": "2017-09-22T15:00:04",
    "name": "[17/20] target/arm: Implement SG instruction",
    "commit_ref": null,
    "pull_url": null,
    "state": "new",
    "archived": false,
    "hash": "24a5bcd929e8f10aa1accce684f2b97bd218193e",
    "submitter": {
        "id": 5111,
        "url": "http://patchwork.ozlabs.org/api/people/5111/?format=api",
        "name": "Peter Maydell",
        "email": "peter.maydell@linaro.org"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/qemu-devel/patch/1506092407-26985-18-git-send-email-peter.maydell@linaro.org/mbox/",
    "series": [
        {
            "id": 4650,
            "url": "http://patchwork.ozlabs.org/api/series/4650/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/list/?series=4650",
            "date": "2017-09-22T14:59:47",
            "name": "ARM v8M: exception entry, exit and security",
            "version": 1,
            "mbox": "http://patchwork.ozlabs.org/series/4650/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/817578/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/817578/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>",
        "X-Original-To": "incoming@patchwork.ozlabs.org",
        "Delivered-To": "patchwork-incoming@bilbo.ozlabs.org",
        "Authentication-Results": "ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=nongnu.org\n\t(client-ip=2001:4830:134:3::11; helo=lists.gnu.org;\n\tenvelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n\treceiver=<UNKNOWN>)",
        "Received": [
            "from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])\n\t(using TLSv1 with cipher AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xzHC045dJz9sPm\n\tfor <incoming@patchwork.ozlabs.org>;\n\tSat, 23 Sep 2017 01:16:59 +1000 (AEST)",
            "from localhost ([::1]:59417 helo=lists.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.71) (envelope-from\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)\n\tid 1dvPhG-00069S-Af\n\tfor incoming@patchwork.ozlabs.org; Fri, 22 Sep 2017 11:16:54 -0400",
            "from eggs.gnu.org ([2001:4830:134:3::10]:47283)\n\tby lists.gnu.org with esmtp (Exim 4.71)\n\t(envelope-from <pm215@archaic.org.uk>) id 1dvPQh-00087D-MO\n\tfor qemu-devel@nongnu.org; Fri, 22 Sep 2017 10:59:50 -0400",
            "from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)\n\t(envelope-from <pm215@archaic.org.uk>) id 1dvPQg-0004J0-Bp\n\tfor qemu-devel@nongnu.org; Fri, 22 Sep 2017 10:59:47 -0400",
            "from orth.archaic.org.uk ([2001:8b0:1d0::2]:37584)\n\tby eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)\n\t(Exim 4.71) (envelope-from <pm215@archaic.org.uk>)\n\tid 1dvPQc-0004CN-MR; Fri, 22 Sep 2017 10:59:42 -0400",
            "from pm215 by orth.archaic.org.uk with local (Exim 4.89)\n\t(envelope-from <pm215@archaic.org.uk>)\n\tid 1dvPQb-0007Fb-Hk; Fri, 22 Sep 2017 15:59:41 +0100"
        ],
        "From": "Peter Maydell <peter.maydell@linaro.org>",
        "To": "qemu-arm@nongnu.org,\n\tqemu-devel@nongnu.org",
        "Date": "Fri, 22 Sep 2017 16:00:04 +0100",
        "Message-Id": "<1506092407-26985-18-git-send-email-peter.maydell@linaro.org>",
        "X-Mailer": "git-send-email 2.7.4",
        "In-Reply-To": "<1506092407-26985-1-git-send-email-peter.maydell@linaro.org>",
        "References": "<1506092407-26985-1-git-send-email-peter.maydell@linaro.org>",
        "X-detected-operating-system": "by eggs.gnu.org: Genre and OS details not\n\trecognized.",
        "X-Received-From": "2001:8b0:1d0::2",
        "Subject": "[Qemu-devel] [PATCH 17/20] target/arm: Implement SG instruction",
        "X-BeenThere": "qemu-devel@nongnu.org",
        "X-Mailman-Version": "2.1.21",
        "Precedence": "list",
        "List-Id": "<qemu-devel.nongnu.org>",
        "List-Unsubscribe": "<https://lists.nongnu.org/mailman/options/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>",
        "List-Archive": "<http://lists.nongnu.org/archive/html/qemu-devel/>",
        "List-Post": "<mailto:qemu-devel@nongnu.org>",
        "List-Help": "<mailto:qemu-devel-request@nongnu.org?subject=help>",
        "List-Subscribe": "<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=subscribe>",
        "Cc": "patches@linaro.org",
        "Errors-To": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org",
        "Sender": "\"Qemu-devel\"\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>"
    },
    "content": "Implement the SG instruction, which we emulate 'by hand' in the\nexception handling code path.\n\nSigned-off-by: Peter Maydell <peter.maydell@linaro.org>\n---\n target/arm/helper.c | 129 ++++++++++++++++++++++++++++++++++++++++++++++++++--\n 1 file changed, 124 insertions(+), 5 deletions(-)",
    "diff": "diff --git a/target/arm/helper.c b/target/arm/helper.c\nindex b1ecb66..8df819d 100644\n--- a/target/arm/helper.c\n+++ b/target/arm/helper.c\n@@ -41,6 +41,10 @@ typedef struct V8M_SAttributes {\n     bool irvalid;\n } V8M_SAttributes;\n \n+static void v8m_security_lookup(CPUARMState *env, uint32_t address,\n+                                MMUAccessType access_type, ARMMMUIdx mmu_idx,\n+                                V8M_SAttributes *sattrs);\n+\n /* Definitions for the PMCCNTR and PMCR registers */\n #define PMCRD   0x8\n #define PMCRC   0x4\n@@ -6724,6 +6728,123 @@ static void arm_log_exception(int idx)\n     }\n }\n \n+static bool v7m_read_half_insn(ARMCPU *cpu, ARMMMUIdx mmu_idx, uint16_t *insn)\n+{\n+    /* Load a 16-bit portion of a v7M instruction, returning true on success,\n+     * or false on failure (in which case we will have pended the appropriate\n+     * exception).\n+     * We need to do the instruction fetch's MPU and SAU checks\n+     * like this because there is no MMU index that would allow\n+     * doing the load with a single function call. Instead we must\n+     * first check that the security attributes permit the load\n+     * and that they don't mismatch on the two halves of the instruction,\n+     * and then we do the load as a secure load (ie using the security\n+     * attributes of the address, not the CPU, as architecturally required).\n+     */\n+    CPUState *cs = CPU(cpu);\n+    CPUARMState *env = &cpu->env;\n+    V8M_SAttributes sattrs = {};\n+    MemTxAttrs attrs = {};\n+    ARMMMUFaultInfo fi = {};\n+    MemTxResult txres;\n+    target_ulong page_size;\n+    hwaddr physaddr;\n+    int prot;\n+    uint32_t fsr;\n+\n+    v8m_security_lookup(env, env->regs[15], MMU_INST_FETCH, mmu_idx, &sattrs);\n+    if (!sattrs.nsc || sattrs.ns) {\n+        /* This must be the second half of the insn, and it straddles a\n+         * region boundary with the second half not being S&NSC.\n+         */\n+        env->v7m.sfsr |= R_V7M_SFSR_INVEP_MASK;\n+        armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false);\n+        qemu_log_mask(CPU_LOG_INT,\n+                      \"...really SecureFault with SFSR.INVEP\\n\");\n+        return false;\n+    }\n+    if (get_phys_addr(env, env->regs[15], MMU_INST_FETCH, mmu_idx,\n+                      &physaddr, &attrs, &prot, &page_size, &fsr, &fi)) {\n+        /* the MPU lookup failed */\n+        env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_IACCVIOL_MASK;\n+        armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_MEM, env->v7m.secure);\n+        qemu_log_mask(CPU_LOG_INT, \"...really MemManage with CFSR.IACCVIOL\\n\");\n+        return false;\n+    }\n+    *insn = address_space_lduw_le(arm_addressspace(cs, attrs), physaddr,\n+                                 attrs, &txres);\n+    if (txres != MEMTX_OK) {\n+        env->v7m.cfsr[M_REG_NS] |= R_V7M_CFSR_IBUSERR_MASK;\n+        armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_BUS, false);\n+        qemu_log_mask(CPU_LOG_INT, \"...really BusFault with CFSR.IBUSERR\\n\");\n+        return false;\n+    }\n+    return true;\n+}\n+\n+static bool v7m_handle_execute_nsc(ARMCPU *cpu)\n+{\n+    /* Check whether this attempt to execute code in a Secure & NS-Callable\n+     * memory region is for an SG instruction; if so, then emulate the\n+     * effect of the SG instruction and return true. Otherwise pend\n+     * the correct kind of exception and return false.\n+     */\n+    CPUARMState *env = &cpu->env;\n+    ARMMMUIdx mmu_idx;\n+    uint16_t insn;\n+\n+    /* We should never get here unless get_phys_addr_pmsav8() caused\n+     * an exception for NS executing in S&NSC memory.\n+     */\n+    assert(!env->v7m.secure);\n+    assert(arm_feature(env, ARM_FEATURE_M_SECURITY));\n+\n+    /* We want to do the MPU lookup as secure; work out what mmu_idx that is */\n+    mmu_idx = arm_v7m_mmu_idx_for_secstate(env, true);\n+\n+    if (!v7m_read_half_insn(cpu, mmu_idx, &insn)) {\n+        return false;\n+    }\n+\n+    if (!env->thumb) {\n+        goto gen_invep;\n+    }\n+\n+    if (insn != 0xe97f) {\n+        /* Not an SG instruction first half (we choose the IMPDEF\n+         * early-SG-check option).\n+         */\n+        goto gen_invep;\n+    }\n+\n+    if (!v7m_read_half_insn(cpu, mmu_idx, &insn)) {\n+        return false;\n+    }\n+\n+    if (insn != 0xe97f) {\n+        /* Not an SG instruction second half */\n+        goto gen_invep;\n+    }\n+\n+    /* OK, we have confirmed that we really have an SG instruction.\n+     * We know we're NS in S memory so don't need to repeat those checks.\n+     */\n+    qemu_log_mask(CPU_LOG_INT, \"...really an SG instruction at 0x%08\" PRIx32\n+                  \", executing it\\n\", env->regs[15]);\n+    env->regs[14] &= ~1;\n+    switch_v7m_security_state(env, true);\n+    xpsr_write(env, 0, XPSR_IT);\n+    env->regs[15] += 4;\n+    return true;\n+\n+gen_invep:\n+    env->v7m.sfsr |= R_V7M_SFSR_INVEP_MASK;\n+    armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false);\n+    qemu_log_mask(CPU_LOG_INT,\n+                  \"...really SecureFault with SFSR.INVEP\\n\");\n+    return false;\n+}\n+\n void arm_v7m_cpu_do_interrupt(CPUState *cs)\n {\n     ARMCPU *cpu = ARM_CPU(cs);\n@@ -6766,12 +6887,10 @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)\n              * the SG instruction have the same security attributes.)\n              * Everything else must generate an INVEP SecureFault, so we\n              * emulate the SG instruction here.\n-             * TODO: actually emulate SG.\n              */\n-            env->v7m.sfsr |= R_V7M_SFSR_INVEP_MASK;\n-            armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false);\n-            qemu_log_mask(CPU_LOG_INT,\n-                          \"...really SecureFault with SFSR.INVEP\\n\");\n+            if (v7m_handle_execute_nsc(cpu)) {\n+                return;\n+            }\n             break;\n         case M_FAKE_FSR_SFAULT:\n             /* Various flavours of SecureFault for attempts to execute or\n",
    "prefixes": [
        "17/20"
    ]
}