{"id":817578,"url":"http://patchwork.ozlabs.org/api/patches/817578/?format=json","web_url":"http://patchwork.ozlabs.org/project/qemu-devel/patch/1506092407-26985-18-git-send-email-peter.maydell@linaro.org/","project":{"id":14,"url":"http://patchwork.ozlabs.org/api/projects/14/?format=json","name":"QEMU Development","link_name":"qemu-devel","list_id":"qemu-devel.nongnu.org","list_email":"qemu-devel@nongnu.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<1506092407-26985-18-git-send-email-peter.maydell@linaro.org>","list_archive_url":null,"date":"2017-09-22T15:00:04","name":"[17/20] target/arm: Implement SG instruction","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"24a5bcd929e8f10aa1accce684f2b97bd218193e","submitter":{"id":5111,"url":"http://patchwork.ozlabs.org/api/people/5111/?format=json","name":"Peter Maydell","email":"peter.maydell@linaro.org"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/qemu-devel/patch/1506092407-26985-18-git-send-email-peter.maydell@linaro.org/mbox/","series":[{"id":4650,"url":"http://patchwork.ozlabs.org/api/series/4650/?format=json","web_url":"http://patchwork.ozlabs.org/project/qemu-devel/list/?series=4650","date":"2017-09-22T14:59:47","name":"ARM v8M: exception entry, exit and security","version":1,"mbox":"http://patchwork.ozlabs.org/series/4650/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/817578/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/817578/checks/","tags":{},"related":[],"headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=nongnu.org\n\t(client-ip=2001:4830:134:3::11; helo=lists.gnu.org;\n\tenvelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n\treceiver=)","Received":["from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])\n\t(using TLSv1 with cipher AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xzHC045dJz9sPm\n\tfor ;\n\tSat, 23 Sep 2017 01:16:59 +1000 (AEST)","from localhost ([::1]:59417 helo=lists.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.71) (envelope-from\n\t)\n\tid 1dvPhG-00069S-Af\n\tfor incoming@patchwork.ozlabs.org; Fri, 22 Sep 2017 11:16:54 -0400","from eggs.gnu.org ([2001:4830:134:3::10]:47283)\n\tby lists.gnu.org with esmtp (Exim 4.71)\n\t(envelope-from ) id 1dvPQh-00087D-MO\n\tfor qemu-devel@nongnu.org; Fri, 22 Sep 2017 10:59:50 -0400","from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)\n\t(envelope-from ) id 1dvPQg-0004J0-Bp\n\tfor qemu-devel@nongnu.org; Fri, 22 Sep 2017 10:59:47 -0400","from orth.archaic.org.uk ([2001:8b0:1d0::2]:37584)\n\tby eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)\n\t(Exim 4.71) (envelope-from )\n\tid 1dvPQc-0004CN-MR; Fri, 22 Sep 2017 10:59:42 -0400","from pm215 by orth.archaic.org.uk with local (Exim 4.89)\n\t(envelope-from )\n\tid 1dvPQb-0007Fb-Hk; Fri, 22 Sep 2017 15:59:41 +0100"],"From":"Peter Maydell ","To":"qemu-arm@nongnu.org,\n\tqemu-devel@nongnu.org","Date":"Fri, 22 Sep 2017 16:00:04 +0100","Message-Id":"<1506092407-26985-18-git-send-email-peter.maydell@linaro.org>","X-Mailer":"git-send-email 2.7.4","In-Reply-To":"<1506092407-26985-1-git-send-email-peter.maydell@linaro.org>","References":"<1506092407-26985-1-git-send-email-peter.maydell@linaro.org>","X-detected-operating-system":"by eggs.gnu.org: Genre and OS details not\n\trecognized.","X-Received-From":"2001:8b0:1d0::2","Subject":"[Qemu-devel] [PATCH 17/20] target/arm: Implement SG instruction","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.21","Precedence":"list","List-Id":"","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","Cc":"patches@linaro.org","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"\"Qemu-devel\"\n\t"},"content":"Implement the SG instruction, which we emulate 'by hand' in the\nexception handling code path.\n\nSigned-off-by: Peter Maydell \n---\n target/arm/helper.c | 129 ++++++++++++++++++++++++++++++++++++++++++++++++++--\n 1 file changed, 124 insertions(+), 5 deletions(-)","diff":"diff --git a/target/arm/helper.c b/target/arm/helper.c\nindex b1ecb66..8df819d 100644\n--- a/target/arm/helper.c\n+++ b/target/arm/helper.c\n@@ -41,6 +41,10 @@ typedef struct V8M_SAttributes {\n bool irvalid;\n } V8M_SAttributes;\n \n+static void v8m_security_lookup(CPUARMState *env, uint32_t address,\n+ MMUAccessType access_type, ARMMMUIdx mmu_idx,\n+ V8M_SAttributes *sattrs);\n+\n /* Definitions for the PMCCNTR and PMCR registers */\n #define PMCRD 0x8\n #define PMCRC 0x4\n@@ -6724,6 +6728,123 @@ static void arm_log_exception(int idx)\n }\n }\n \n+static bool v7m_read_half_insn(ARMCPU *cpu, ARMMMUIdx mmu_idx, uint16_t *insn)\n+{\n+ /* Load a 16-bit portion of a v7M instruction, returning true on success,\n+ * or false on failure (in which case we will have pended the appropriate\n+ * exception).\n+ * We need to do the instruction fetch's MPU and SAU checks\n+ * like this because there is no MMU index that would allow\n+ * doing the load with a single function call. Instead we must\n+ * first check that the security attributes permit the load\n+ * and that they don't mismatch on the two halves of the instruction,\n+ * and then we do the load as a secure load (ie using the security\n+ * attributes of the address, not the CPU, as architecturally required).\n+ */\n+ CPUState *cs = CPU(cpu);\n+ CPUARMState *env = &cpu->env;\n+ V8M_SAttributes sattrs = {};\n+ MemTxAttrs attrs = {};\n+ ARMMMUFaultInfo fi = {};\n+ MemTxResult txres;\n+ target_ulong page_size;\n+ hwaddr physaddr;\n+ int prot;\n+ uint32_t fsr;\n+\n+ v8m_security_lookup(env, env->regs[15], MMU_INST_FETCH, mmu_idx, &sattrs);\n+ if (!sattrs.nsc || sattrs.ns) {\n+ /* This must be the second half of the insn, and it straddles a\n+ * region boundary with the second half not being S&NSC.\n+ */\n+ env->v7m.sfsr |= R_V7M_SFSR_INVEP_MASK;\n+ armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false);\n+ qemu_log_mask(CPU_LOG_INT,\n+ \"...really SecureFault with SFSR.INVEP\\n\");\n+ return false;\n+ }\n+ if (get_phys_addr(env, env->regs[15], MMU_INST_FETCH, mmu_idx,\n+ &physaddr, &attrs, &prot, &page_size, &fsr, &fi)) {\n+ /* the MPU lookup failed */\n+ env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_IACCVIOL_MASK;\n+ armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_MEM, env->v7m.secure);\n+ qemu_log_mask(CPU_LOG_INT, \"...really MemManage with CFSR.IACCVIOL\\n\");\n+ return false;\n+ }\n+ *insn = address_space_lduw_le(arm_addressspace(cs, attrs), physaddr,\n+ attrs, &txres);\n+ if (txres != MEMTX_OK) {\n+ env->v7m.cfsr[M_REG_NS] |= R_V7M_CFSR_IBUSERR_MASK;\n+ armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_BUS, false);\n+ qemu_log_mask(CPU_LOG_INT, \"...really BusFault with CFSR.IBUSERR\\n\");\n+ return false;\n+ }\n+ return true;\n+}\n+\n+static bool v7m_handle_execute_nsc(ARMCPU *cpu)\n+{\n+ /* Check whether this attempt to execute code in a Secure & NS-Callable\n+ * memory region is for an SG instruction; if so, then emulate the\n+ * effect of the SG instruction and return true. Otherwise pend\n+ * the correct kind of exception and return false.\n+ */\n+ CPUARMState *env = &cpu->env;\n+ ARMMMUIdx mmu_idx;\n+ uint16_t insn;\n+\n+ /* We should never get here unless get_phys_addr_pmsav8() caused\n+ * an exception for NS executing in S&NSC memory.\n+ */\n+ assert(!env->v7m.secure);\n+ assert(arm_feature(env, ARM_FEATURE_M_SECURITY));\n+\n+ /* We want to do the MPU lookup as secure; work out what mmu_idx that is */\n+ mmu_idx = arm_v7m_mmu_idx_for_secstate(env, true);\n+\n+ if (!v7m_read_half_insn(cpu, mmu_idx, &insn)) {\n+ return false;\n+ }\n+\n+ if (!env->thumb) {\n+ goto gen_invep;\n+ }\n+\n+ if (insn != 0xe97f) {\n+ /* Not an SG instruction first half (we choose the IMPDEF\n+ * early-SG-check option).\n+ */\n+ goto gen_invep;\n+ }\n+\n+ if (!v7m_read_half_insn(cpu, mmu_idx, &insn)) {\n+ return false;\n+ }\n+\n+ if (insn != 0xe97f) {\n+ /* Not an SG instruction second half */\n+ goto gen_invep;\n+ }\n+\n+ /* OK, we have confirmed that we really have an SG instruction.\n+ * We know we're NS in S memory so don't need to repeat those checks.\n+ */\n+ qemu_log_mask(CPU_LOG_INT, \"...really an SG instruction at 0x%08\" PRIx32\n+ \", executing it\\n\", env->regs[15]);\n+ env->regs[14] &= ~1;\n+ switch_v7m_security_state(env, true);\n+ xpsr_write(env, 0, XPSR_IT);\n+ env->regs[15] += 4;\n+ return true;\n+\n+gen_invep:\n+ env->v7m.sfsr |= R_V7M_SFSR_INVEP_MASK;\n+ armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false);\n+ qemu_log_mask(CPU_LOG_INT,\n+ \"...really SecureFault with SFSR.INVEP\\n\");\n+ return false;\n+}\n+\n void arm_v7m_cpu_do_interrupt(CPUState *cs)\n {\n ARMCPU *cpu = ARM_CPU(cs);\n@@ -6766,12 +6887,10 @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)\n * the SG instruction have the same security attributes.)\n * Everything else must generate an INVEP SecureFault, so we\n * emulate the SG instruction here.\n- * TODO: actually emulate SG.\n */\n- env->v7m.sfsr |= R_V7M_SFSR_INVEP_MASK;\n- armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false);\n- qemu_log_mask(CPU_LOG_INT,\n- \"...really SecureFault with SFSR.INVEP\\n\");\n+ if (v7m_handle_execute_nsc(cpu)) {\n+ return;\n+ }\n break;\n case M_FAKE_FSR_SFAULT:\n /* Various flavours of SecureFault for attempts to execute or\n","prefixes":["17/20"]}