diff mbox series

[for-3.0] target/arm: Use correct mmu_idx for exception-return unstacking

Message ID 20180709124535.1116-1-peter.maydell@linaro.org
State New
Headers show
Series [for-3.0] target/arm: Use correct mmu_idx for exception-return unstacking | expand

Commit Message

Peter Maydell July 9, 2018, 12:45 p.m. UTC
For M-profile exception returns, the mmu index to use for exception
return unstacking is supposed to be that of wherever we are returning to:
 * if returning to handler mode, privileged
 * if returning to thread mode, privileged or unprivileged depending on
   CONTROL.nPRIV for the destination security state

We were passing the wrong thing as the 'priv' argument to
arm_v7m_mmu_idx_for_secstate_and_priv(). The effect was that guests
which programmed the MPU to behave differently for privileged and
unprivileged code could get spurious MemManage Unstack exceptions.

Reported-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Comments

Richard Henderson July 9, 2018, 2:30 p.m. UTC | #1
On 07/09/2018 05:45 AM, Peter Maydell wrote:
> For M-profile exception returns, the mmu index to use for exception
> return unstacking is supposed to be that of wherever we are returning to:
>  * if returning to handler mode, privileged
>  * if returning to thread mode, privileged or unprivileged depending on
>    CONTROL.nPRIV for the destination security state
> 
> We were passing the wrong thing as the 'priv' argument to
> arm_v7m_mmu_idx_for_secstate_and_priv(). The effect was that guests
> which programmed the MPU to behave differently for privileged and
> unprivileged code could get spurious MemManage Unstack exceptions.
> 
> Reported-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>  target/arm/helper.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>


r~
Peter Maydell July 10, 2018, 11:23 a.m. UTC | #2
On 9 July 2018 at 15:30, Richard Henderson <richard.henderson@linaro.org> wrote:
> On 07/09/2018 05:45 AM, Peter Maydell wrote:
>> For M-profile exception returns, the mmu index to use for exception
>> return unstacking is supposed to be that of wherever we are returning to:
>>  * if returning to handler mode, privileged
>>  * if returning to thread mode, privileged or unprivileged depending on
>>    CONTROL.nPRIV for the destination security state
>>
>> We were passing the wrong thing as the 'priv' argument to
>> arm_v7m_mmu_idx_for_secstate_and_priv(). The effect was that guests
>> which programmed the MPU to behave differently for privileged and
>> unprivileged code could get spurious MemManage Unstack exceptions.
>>
>> Reported-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
>> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
>> ---
>>  target/arm/helper.c | 4 +++-
>>  1 file changed, 3 insertions(+), 1 deletion(-)
>
> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

Thanks; applied to master for 3.0-rc0.

-- PMM
diff mbox series

Patch

diff --git a/target/arm/helper.c b/target/arm/helper.c
index a2ac96084e7..0604a0efbe2 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -7171,9 +7171,11 @@  static void do_v7m_exception_exit(ARMCPU *cpu)
         uint32_t frameptr = *frame_sp_p;
         bool pop_ok = true;
         ARMMMUIdx mmu_idx;
+        bool return_to_priv = return_to_handler ||
+            !(env->v7m.control[return_to_secure] & R_V7M_CONTROL_NPRIV_MASK);
 
         mmu_idx = arm_v7m_mmu_idx_for_secstate_and_priv(env, return_to_secure,
-                                                        !return_to_handler);
+                                                        return_to_priv);
 
         if (!QEMU_IS_ALIGNED(frameptr, 8) &&
             arm_feature(env, ARM_FEATURE_V8)) {