Message ID | 20221116170316.259695-1-ardb@kernel.org |
---|---|
State | New |
Headers | show |
Series | target/arm: Limit LPA2 effective output address when TCR.DS == 0 | expand |
On 11/16/22 09:03, Ard Biesheuvel wrote: > diff --git a/target/arm/ptw.c b/target/arm/ptw.c > index 3745ac9723474332..9a6277d862fac229 100644 > --- a/target/arm/ptw.c > +++ b/target/arm/ptw.c > @@ -1222,6 +1222,14 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw, > ps = MIN(ps, param.ps); > assert(ps < ARRAY_SIZE(pamax_map)); > outputsize = pamax_map[ps]; > + > + /* > + * With LPA2, the effective output address (OA) size is at most 48 bits > + * unless TCR.DS == 1 > + */ > + if (!param.ds && param.gran != Gran64K) { > + outputsize = MIN(outputsize, 48); > + } Reviewed-by: Richard Henderson <richard.henderson@linaro.org> I thought about moving this back into aa64_va_parameters, similar to how we bound tsz, but since this is the only use of param.ps, this placement is as good as any. r~
On Thu, 17 Nov 2022 at 03:14, Richard Henderson <richard.henderson@linaro.org> wrote: > > On 11/16/22 09:03, Ard Biesheuvel wrote: > > diff --git a/target/arm/ptw.c b/target/arm/ptw.c > > index 3745ac9723474332..9a6277d862fac229 100644 > > --- a/target/arm/ptw.c > > +++ b/target/arm/ptw.c > > @@ -1222,6 +1222,14 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw, > > ps = MIN(ps, param.ps); > > assert(ps < ARRAY_SIZE(pamax_map)); > > outputsize = pamax_map[ps]; > > + > > + /* > > + * With LPA2, the effective output address (OA) size is at most 48 bits > > + * unless TCR.DS == 1 > > + */ > > + if (!param.ds && param.gran != Gran64K) { > > + outputsize = MIN(outputsize, 48); > > + } > > Reviewed-by: Richard Henderson <richard.henderson@linaro.org> > > I thought about moving this back into aa64_va_parameters, similar to how we bound tsz, but > since this is the only use of param.ps, this placement is as good as any. Applied to target-arm.next, thanks. -- PMM
diff --git a/target/arm/ptw.c b/target/arm/ptw.c index 3745ac9723474332..9a6277d862fac229 100644 --- a/target/arm/ptw.c +++ b/target/arm/ptw.c @@ -1222,6 +1222,14 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw, ps = MIN(ps, param.ps); assert(ps < ARRAY_SIZE(pamax_map)); outputsize = pamax_map[ps]; + + /* + * With LPA2, the effective output address (OA) size is at most 48 bits + * unless TCR.DS == 1 + */ + if (!param.ds && param.gran != Gran64K) { + outputsize = MIN(outputsize, 48); + } } else { param = aa32_va_parameters(env, address, mmu_idx); level = 1;
With LPA2, the effective output address size is at most 48 bits when TCR.DS == 0. This case is currently unhandled in the page table walker, where we happily assume LVA/64k granule when outputsize > 48 and param.ds == 0, resulting in the wrong conversion to be used from a page table descriptor to a physical address. if (outputsize > 48) { if (param.ds) { descaddr |= extract64(descriptor, 8, 2) << 50; } else { descaddr |= extract64(descriptor, 12, 4) << 48; } So cap the outputsize to 48 when TCR.DS is cleared, as per the architecture. Cc: Peter Maydell <peter.maydell@linaro.org> Cc: Philippe Mathieu-Daudé <f4bug@amsat.org> Cc: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Ard Biesheuvel <ardb@kernel.org> --- target/arm/ptw.c | 8 ++++++++ 1 file changed, 8 insertions(+)