[{"id":1780899,"web_url":"http://patchwork.ozlabs.org/comment/1780899/","msgid":"<562a5db1-ab3b-1d77-eb8e-69af276bcac3@linaro.org>","list_archive_url":null,"date":"2017-10-05T18:39:33","subject":"Re: [Qemu-devel] [PATCH 14/20] target/arm: Implement security\n\tattribute lookups for memory accesses","submitter":{"id":72104,"url":"http://patchwork.ozlabs.org/api/people/72104/","name":"Richard Henderson","email":"richard.henderson@linaro.org"},"content":"On 09/22/2017 11:00 AM, Peter Maydell wrote:\n> Implement the security attribute lookups for memory accesses\n> in the get_phys_addr() functions, causing these to generate\n> various kinds of SecureFault for bad accesses.\n> \n> The major subtlety in this code relates to handling of the\n> case when the security attributes the SAU assigns to the\n> address don't match the current security state of the CPU.\n> \n> In the ARM ARM pseudocode for validating instruction\n> accesses, the security attributes of the address determine\n> whether the Secure or NonSecure MPU state is used. At face\n> value, handling this would require us to encode the relevant\n> bits of state into mmu_idx for both S and NS at once, which\n> would result in our needing 16 mmu indexes. Fortunately we\n> don't actually need to do this because a mismatch between\n> address attributes and CPU state means either:\n>  * some kind of fault (usually a SecureFault, but in theory\n>    perhaps a UserFault for unaligned access to Device memory)\n>  * execution of the SG instruction in NS state from a\n>    Secure & NonSecure code region\n> \n> The purpose of SG is simply to flip the CPU into Secure\n> state, so we can handle it by emulating execution of that\n> instruction directly in arm_v7m_cpu_do_interrupt(), which\n> means we can treat all the mismatch cases as \"throw an\n> exception\" and we don't need to encode the state of the\n> other MPU bank into our mmu_idx values.\n> \n> This commit doesn't include the actual emulation of SG;\n> it also doesn't include implementation of the IDAU, which\n> is a per-board way to specify hard-coded memory attributes\n> for addresses, which override the CPU-internal SAU if they\n> specify a more secure setting than the SAU is programmed to.\n> \n> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>\n> ---\n>  target/arm/internals.h |  15 ++++\n>  target/arm/helper.c    | 182 ++++++++++++++++++++++++++++++++++++++++++++++++-\n>  2 files changed, 195 insertions(+), 2 deletions(-)\n\nReviewed-by: Richard Henderson <richard.henderson@linaro.org>\n\n\nr~","headers":{"Return-Path":"<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=nongnu.org\n\t(client-ip=2001:4830:134:3::11; helo=lists.gnu.org;\n\tenvelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n\treceiver=<UNKNOWN>)","ozlabs.org; dkim=pass (1024-bit key;\n\tunprotected) header.d=linaro.org header.i=@linaro.org\n\theader.b=\"Om4mpiJE\"; dkim-atps=neutral"],"Received":["from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])\n\t(using TLSv1 with cipher AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3y7M7c5Wymz9t2Z\n\tfor <incoming@patchwork.ozlabs.org>;\n\tFri,  6 Oct 2017 05:42:04 +1100 (AEDT)","from localhost ([::1]:41534 helo=lists.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.71) (envelope-from\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)\n\tid 1e0B5u-0005uA-RC\n\tfor incoming@patchwork.ozlabs.org; Thu, 05 Oct 2017 14:42:02 -0400","from eggs.gnu.org ([2001:4830:134:3::10]:44177)\n\tby lists.gnu.org with esmtp (Exim 4.71)\n\t(envelope-from <richard.henderson@linaro.org>) id 1e0B3f-0004DK-Jn\n\tfor qemu-devel@nongnu.org; Thu, 05 Oct 2017 14:39:51 -0400","from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)\n\t(envelope-from <richard.henderson@linaro.org>) id 1e0B3Z-00012f-L0\n\tfor qemu-devel@nongnu.org; Thu, 05 Oct 2017 14:39:43 -0400","from mail-qt0-x232.google.com ([2607:f8b0:400d:c0d::232]:47872)\n\tby eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)\n\t(Exim 4.71) (envelope-from <richard.henderson@linaro.org>)\n\tid 1e0B3Z-00011e-Dn\n\tfor qemu-devel@nongnu.org; Thu, 05 Oct 2017 14:39:37 -0400","by mail-qt0-x232.google.com with SMTP id z50so22160881qtj.4\n\tfor <qemu-devel@nongnu.org>; Thu, 05 Oct 2017 11:39:37 -0700 (PDT)","from bigtime.twiddle.net ([2606:a000:7a4a:b100::1b])\n\tby smtp.gmail.com with ESMTPSA id\n\ts187sm8971158yws.55.2017.10.05.11.39.35\n\t(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);\n\tThu, 05 Oct 2017 11:39:35 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;\n\th=subject:to:cc:references:from:message-id:date:user-agent\n\t:mime-version:in-reply-to:content-language:content-transfer-encoding; \n\tbh=NFhX8dyP6P1JiD1gnlTcAV2BLdiD+wxRyQ0FG0dBfzM=;\n\tb=Om4mpiJEwx6+QAT/lyRkQIv7thqJjJJqNCpUWXEukgmLFjgeLcJ0hf/jLpXNz9RfA2\n\tN2P30MPvj7F8D4oOg06IYgfQTUSQ/mJAY7/4XlhmO6LSlm6+wCJO6g0JKU57mZZNq7y/\n\trRus5ZgdeKojDG/9sAFE4F20WewOwKTKXojhg=","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:subject:to:cc:references:from:message-id:date\n\t:user-agent:mime-version:in-reply-to:content-language\n\t:content-transfer-encoding;\n\tbh=NFhX8dyP6P1JiD1gnlTcAV2BLdiD+wxRyQ0FG0dBfzM=;\n\tb=KWpeiVctJVGkmM2hQhzHaxOj66KIJnzZk3SfEdb5Otdyb2cpX2R2Z1IfqJxp2fLGXV\n\tI4EZplgxEJBTGkB4OfRleT5rbU8QgwOiggTfu4OtUiEU/PnwVwTx7Mip89gJc0vspHpT\n\tbK4/UcOBW6tztHUJQ9Izy3/hEoQLv2DxWZWCjyQ8X/z1/8cPmyx75CRPETpF2B+leyxF\n\tTuZQIgwBpPenHzVGHMHQq/bou2mlQWd7eY49PYbVoW+19hdHcxsEjj5IHQvx/5yF40/G\n\tRqojFZLrZImSJq6VXP7HT97vpRme+AtgO4e/+YWve3jRzpN/V2KY0gRq6QINHD4vIOXL\n\t0lsw==","X-Gm-Message-State":"AHPjjUiHGboXQXblq6t9uvW3Kxkcy0870U/UjjLkbAoq+HMtrVT9xpz7\n\tscv4hQSJ6DV2of+lVoat1VLupQ==","X-Google-Smtp-Source":"AOwi7QB43deLVlBhwhOSZj6qE4O8LC8a1/jCDiz/TXhcRMN2LNAT3Nm3aqDZzGdWbkpCiINx5YIqdQ==","X-Received":"by 10.13.198.65 with SMTP id i62mr20863597ywd.59.1507228776501; \n\tThu, 05 Oct 2017 11:39:36 -0700 (PDT)","To":"Peter Maydell <peter.maydell@linaro.org>, qemu-arm@nongnu.org,\n\tqemu-devel@nongnu.org","References":"<1506092407-26985-1-git-send-email-peter.maydell@linaro.org>\n\t<1506092407-26985-15-git-send-email-peter.maydell@linaro.org>","From":"Richard Henderson <richard.henderson@linaro.org>","Message-ID":"<562a5db1-ab3b-1d77-eb8e-69af276bcac3@linaro.org>","Date":"Thu, 5 Oct 2017 14:39:33 -0400","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101\n\tThunderbird/52.3.0","MIME-Version":"1.0","In-Reply-To":"<1506092407-26985-15-git-send-email-peter.maydell@linaro.org>","Content-Type":"text/plain; charset=utf-8","Content-Language":"en-US","Content-Transfer-Encoding":"7bit","X-detected-operating-system":"by eggs.gnu.org: Genre and OS details not\n\trecognized.","X-Received-From":"2607:f8b0:400d:c0d::232","Subject":"Re: [Qemu-devel] [PATCH 14/20] target/arm: Implement security\n\tattribute lookups for memory accesses","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.21","Precedence":"list","List-Id":"<qemu-devel.nongnu.org>","List-Unsubscribe":"<https://lists.nongnu.org/mailman/options/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>","List-Archive":"<http://lists.nongnu.org/archive/html/qemu-devel/>","List-Post":"<mailto:qemu-devel@nongnu.org>","List-Help":"<mailto:qemu-devel-request@nongnu.org?subject=help>","List-Subscribe":"<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=subscribe>","Cc":"patches@linaro.org","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"\"Qemu-devel\"\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>"}}]