target/arm: Fix Privileged Access Never (PAN) for aarch32

When we implemented the PAN support we theoretically wanted
to support it for both AArch32 and AArch64, but in practice
several bugs made it essentially unusable with an AArch32
guest. Fix all those problems:

    - Use CPSR.PAN to check for PAN state in aarch32 mode
    - throw permission fault during address translation when PAN is
      enabled and kernel tries to access user acessible page
    - ignore SCTLR_XP bit for armv7 and armv8 (conflicts with SCTLR_SPAN).

Signed-off-by: Timofey Kutergin <tkutergin@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20221027112619.2205229-1-tkutergin@gmail.com
[PMM: tweak commit message]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
Timofey Kutergin 2022-11-03 13:10:41 +00:00 committed by Peter Maydell
parent 4870f38b0b
commit 6f2d9d7441
2 changed files with 41 additions and 7 deletions

View File

@ -11003,6 +11003,15 @@ ARMMMUIdx arm_v7m_mmu_idx_for_secstate(CPUARMState *env, bool secstate)
}
#endif
static bool arm_pan_enabled(CPUARMState *env)
{
if (is_a64(env)) {
return env->pstate & PSTATE_PAN;
} else {
return env->uncached_cpsr & CPSR_PAN;
}
}
ARMMMUIdx arm_mmu_idx_el(CPUARMState *env, int el)
{
ARMMMUIdx idx;
@ -11023,7 +11032,7 @@ ARMMMUIdx arm_mmu_idx_el(CPUARMState *env, int el)
}
break;
case 1:
if (env->pstate & PSTATE_PAN) {
if (arm_pan_enabled(env)) {
idx = ARMMMUIdx_E10_1_PAN;
} else {
idx = ARMMMUIdx_E10_1;
@ -11032,7 +11041,7 @@ ARMMMUIdx arm_mmu_idx_el(CPUARMState *env, int el)
case 2:
/* Note that TGE does not apply at EL2. */
if (arm_hcr_el2_eff(env) & HCR_E2H) {
if (env->pstate & PSTATE_PAN) {
if (arm_pan_enabled(env)) {
idx = ARMMMUIdx_E20_2_PAN;
} else {
idx = ARMMMUIdx_E20_2;

View File

@ -503,12 +503,11 @@ static bool get_level1_table_address(CPUARMState *env, ARMMMUIdx mmu_idx,
* @mmu_idx: MMU index indicating required translation regime
* @ap: The 3-bit access permissions (AP[2:0])
* @domain_prot: The 2-bit domain access permissions
* @is_user: TRUE if accessing from PL0
*/
static int ap_to_rw_prot(CPUARMState *env, ARMMMUIdx mmu_idx,
int ap, int domain_prot)
static int ap_to_rw_prot_is_user(CPUARMState *env, ARMMMUIdx mmu_idx,
int ap, int domain_prot, bool is_user)
{
bool is_user = regime_is_user(env, mmu_idx);
if (domain_prot == 3) {
return PAGE_READ | PAGE_WRITE;
}
@ -552,6 +551,20 @@ static int ap_to_rw_prot(CPUARMState *env, ARMMMUIdx mmu_idx,
}
}
/*
* Translate section/page access permissions to page R/W protection flags
* @env: CPUARMState
* @mmu_idx: MMU index indicating required translation regime
* @ap: The 3-bit access permissions (AP[2:0])
* @domain_prot: The 2-bit domain access permissions
*/
static int ap_to_rw_prot(CPUARMState *env, ARMMMUIdx mmu_idx,
int ap, int domain_prot)
{
return ap_to_rw_prot_is_user(env, mmu_idx, ap, domain_prot,
regime_is_user(env, mmu_idx));
}
/*
* Translate section/page access permissions to page R/W protection flags.
* @ap: The 2-bit simple AP (AP[2:1])
@ -720,6 +733,7 @@ static bool get_phys_addr_v6(CPUARMState *env, S1Translate *ptw,
hwaddr phys_addr;
uint32_t dacr;
bool ns;
int user_prot;
/* Pagetable walk. */
/* Lookup l1 descriptor. */
@ -831,8 +845,10 @@ static bool get_phys_addr_v6(CPUARMState *env, S1Translate *ptw,
goto do_fault;
}
result->f.prot = simple_ap_to_rw_prot(env, mmu_idx, ap >> 1);
user_prot = simple_ap_to_rw_prot_is_user(ap >> 1, 1);
} else {
result->f.prot = ap_to_rw_prot(env, mmu_idx, ap, domain_prot);
user_prot = ap_to_rw_prot_is_user(env, mmu_idx, ap, domain_prot, 1);
}
if (result->f.prot && !xn) {
result->f.prot |= PAGE_EXEC;
@ -842,6 +858,14 @@ static bool get_phys_addr_v6(CPUARMState *env, S1Translate *ptw,
fi->type = ARMFault_Permission;
goto do_fault;
}
if (regime_is_pan(env, mmu_idx) &&
!regime_is_user(env, mmu_idx) &&
user_prot &&
access_type != MMU_INST_FETCH) {
/* Privileged Access Never fault */
fi->type = ARMFault_Permission;
goto do_fault;
}
}
if (ns) {
/* The NS bit will (as required by the architecture) have no effect if
@ -2773,7 +2797,8 @@ static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw,
if (regime_using_lpae_format(env, mmu_idx)) {
return get_phys_addr_lpae(env, ptw, address, access_type, false,
result, fi);
} else if (regime_sctlr(env, mmu_idx) & SCTLR_XP) {
} else if (arm_feature(env, ARM_FEATURE_V7) ||
regime_sctlr(env, mmu_idx) & SCTLR_XP) {
return get_phys_addr_v6(env, ptw, address, access_type, result, fi);
} else {
return get_phys_addr_v5(env, ptw, address, access_type, result, fi);