mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

target/arm: Make exception vector loads honour the SAU

Browse Source 
Make the load of the exception vector from the vector table honour
the SAU and any bus error on the load (possibly provoking a derived
exception), rather than simply aborting if the load fails.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1517324542-6607-7-git-send-email-peter.maydell@linaro.org
This commit is contained in:
Peter Maydell 2018-02-09 10:40:28 +00:00
parent 65b4234ff7
commit 600c33f247
1 changed files with 56 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
target/arm/helper.c
View File

@ -6449,28 +6449,63 @@ static uint32_t *get_v7m_sp_ptr(CPUARMState *env, bool secure, bool threadmode,
}
}
static uint32_t arm_v7m_load_vector(ARMCPU *cpu, int exc, bool targets_secure)
static bool arm_v7m_load_vector(ARMCPU *cpu, int exc, bool targets_secure,
uint32_t *pvec)
{
CPUState *cs = CPU(cpu);
CPUARMState *env = &cpu->env;
MemTxResult result;
hwaddr vec = env->v7m.vecbase[targets_secure] + exc * 4;
uint32_t addr;
uint32_t addr = env->v7m.vecbase[targets_secure] + exc * 4;
uint32_t vector_entry;
MemTxAttrs attrs = {};
ARMMMUIdx mmu_idx;
bool exc_secure;
addr = address_space_ldl(cs->as, vec,
MEMTXATTRS_UNSPECIFIED, &result);
if (result != MEMTX_OK) {
/* Architecturally this should cause a HardFault setting HSFR.VECTTBL,
* which would then be immediately followed by our failing to load
* the entry vector for that HardFault, which is a Lockup case.
* Since we don't model Lockup, we just report this guest error
* via cpu_abort().
*/
cpu_abort(cs, "Failed to read from %s exception vector table "
"entry %08x\n", targets_secure ? "secure" : "nonsecure",
(unsigned)vec);
mmu_idx = arm_v7m_mmu_idx_for_secstate_and_priv(env, targets_secure, true);
/* We don't do a get_phys_addr() here because the rules for vector
* loads are special: they always use the default memory map, and
* the default memory map permits reads from all addresses.
* Since there's no easy way to pass through to pmsav8_mpu_lookup()
* that we want this special case which would always say "yes",
* we just do the SAU lookup here followed by a direct physical load.
*/
attrs.secure = targets_secure;
attrs.user = false;
if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {
V8M_SAttributes sattrs = {};
v8m_security_lookup(env, addr, MMU_DATA_LOAD, mmu_idx, &sattrs);
if (sattrs.ns) {
attrs.secure = false;
} else if (!targets_secure) {
/* NS access to S memory */
goto load_fail;
}
}
return addr;
vector_entry = address_space_ldl(arm_addressspace(cs, attrs), addr,
attrs, &result);
if (result != MEMTX_OK) {
goto load_fail;
}
*pvec = vector_entry;
return true;
load_fail:
/* All vector table fetch fails are reported as HardFault, with
* HFSR.VECTTBL and .FORCED set. (FORCED is set because
* technically the underlying exception is a MemManage or BusFault
* that is escalated to HardFault.) This is a terminal exception,
* so we will either take the HardFault immediately or else enter
* lockup (the latter case is handled in armv7m_nvic_set_pending_derived()).
*/
exc_secure = targets_secure ||
!(cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK);
env->v7m.hfsr |= R_V7M_HFSR_VECTTBL_MASK | R_V7M_HFSR_FORCED_MASK;
armv7m_nvic_set_pending_derived(env->nvic, ARMV7M_EXCP_HARD, exc_secure);
return false;
}
static bool v7m_push_callee_stack(ARMCPU *cpu, uint32_t lr, bool dotailchain,
@ -6623,7 +6658,11 @@ static void v7m_exception_taken(ARMCPU *cpu, uint32_t lr, bool dotailchain,
return;
}
addr = arm_v7m_load_vector(cpu, exc, targets_secure);
if (!arm_v7m_load_vector(cpu, exc, targets_secure, &addr)) {
/* Vector load failed: derived exception */
v7m_exception_taken(cpu, lr, true, true);
return;
}
/* Now we've done everything that might cause a derived exception
* we can go ahead and activate whichever exception we're going to