From patchwork Tue Mar 12 10:31:41 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: David Gibson <david@gibson.dropbear.id.au>
X-Patchwork-Id: 226908
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by ozlabs.org (Postfix) with ESMTPS id 8EDF82C0099
	for <incoming@patchwork.ozlabs.org>;
	Tue, 12 Mar 2013 21:49:13 +1100 (EST)
Received: from localhost ([::1]:50256 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)
	id 1UFMlb-0005Yb-NP
	for incoming@patchwork.ozlabs.org; Tue, 12 Mar 2013 06:49:11 -0400
Received: from eggs.gnu.org ([208.118.235.92]:44429)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <dgibson@ozlabs.org>) id 1UFMVb-0000Ki-4u
	for qemu-devel@nongnu.org; Tue, 12 Mar 2013 06:33:17 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <dgibson@ozlabs.org>) id 1UFMV7-0004oO-Bn
	for qemu-devel@nongnu.org; Tue, 12 Mar 2013 06:32:39 -0400
Received: from ozlabs.org ([203.10.76.45]:60349)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <dgibson@ozlabs.org>)
	id 1UFMV6-0004ja-Vc; Tue, 12 Mar 2013 06:32:09 -0400
Received: by ozlabs.org (Postfix, from userid 1007)
	id 3A5FD2C02CD; Tue, 12 Mar 2013 21:32:02 +1100 (EST)
From: David Gibson <david@gibson.dropbear.id.au>
To: agraf@suse.de
Date: Tue, 12 Mar 2013 21:31:41 +1100
Message-Id: <1363084310-4115-40-git-send-email-david@gibson.dropbear.id.au>
X-Mailer: git-send-email 1.7.10.4
In-Reply-To: <1363084310-4115-1-git-send-email-david@gibson.dropbear.id.au>
References: <1363084310-4115-1-git-send-email-david@gibson.dropbear.id.au>
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x
X-Received-From: 203.10.76.45
Cc: David Gibson <david@gibson.dropbear.id.au>, qemu-ppc@nongnu.org,
	afaerber@suse.de, qemu-devel@nongnu.org
Subject: [Qemu-devel] [PATCH 39/48] mmu-hash64: Factor SLB N bit into
	permissions bits
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

BEHAVIOUR CHANGE

Currently, for 64-bit hash mmu, the execute protection bit placed into the
qemu tlb is based only on the N (No execute) bit from the PTE.  However,
No Execute can also be set at the segment level.  We do check this on
execute faults, but this still means we could incorrectly allow execution
of code from a No Execute segment, if a prior read or write fault caused
the page to be loaded into the qemu tlb with PROT_EXEC set.

To correct this, we (re-)check the segment level no execute permission when
generating the protection bits for the qemu tlb.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 target-ppc/mmu-hash64.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/target-ppc/mmu-hash64.c b/target-ppc/mmu-hash64.c
index 1458f15..5607ce8 100644
--- a/target-ppc/mmu-hash64.c
+++ b/target-ppc/mmu-hash64.c
@@ -272,7 +272,8 @@ static int ppc_hash64_pte_prot(CPUPPCState *env,
     }
 
     /* No execute if either noexec or guarded bits set */
-    if (!(pte.pte1 & HPTE64_R_N) || (pte.pte1 & HPTE64_R_G)) {
+    if (!(pte.pte1 & HPTE64_R_N) || (pte.pte1 & HPTE64_R_G)
+        || (slb->vsid & SLB_VSID_N)) {
         prot |= PAGE_EXEC;
     }