qemu/target/arm
Peter Maydell 4c2c047469 target/arm: Fix usage of MMU indexes when EL3 is AArch32
Our current usage of MMU indexes when EL3 is AArch32 is confused.
Architecturally, when EL3 is AArch32, all Secure code runs under the
Secure PL1&0 translation regime:
 * code at EL3, which might be Mon, or SVC, or any of the
   other privileged modes (PL1)
 * code at EL0 (Secure PL0)

This is different from when EL3 is AArch64, in which case EL3 is its
own translation regime, and EL1 and EL0 (whether AArch32 or AArch64)
have their own regime.

We claimed to be mapping Secure PL1 to our ARMMMUIdx_EL3, but didn't
do anything special about Secure PL0, which meant it used the same
ARMMMUIdx_EL10_0 that NonSecure PL0 does.  This resulted in a bug
where arm_sctlr() incorrectly picked the NonSecure SCTLR as the
controlling register when in Secure PL0, which meant we were
spuriously generating alignment faults because we were looking at the
wrong SCTLR control bits.

The use of ARMMMUIdx_EL3 for Secure PL1 also resulted in the bug that
we wouldn't honour the PAN bit for Secure PL1, because there's no
equivalent _PAN mmu index for it.

We could fix this in one of two ways:
 * The most straightforward is to add new MMU indexes EL30_0,
   EL30_3, EL30_3_PAN to correspond to "Secure PL1&0 at PL0",
   "Secure PL1&0 at PL1", and "Secure PL1&0 at PL1 with PAN".
   This matches how we use indexes for the AArch64 regimes, and
   preserves propirties like being able to determine the privilege
   level from an MMU index without any other information. However
   it would add two MMU indexes (we can share one with ARMMMUIdx_EL3),
   and we are already using 14 of the 16 the core TLB code permits.

 * The more complicated approach is the one we take here. We use
   the same MMU indexes (E10_0, E10_1, E10_1_PAN) for Secure PL1&0
   than we do for NonSecure PL1&0. This saves on MMU indexes, but
   means we need to check in some places whether we're in the
   Secure PL1&0 regime or not before we interpret an MMU index.

The changes in this commit were created by auditing all the places
where we use specific ARMMMUIdx_ values, and checking whether they
needed to be changed to handle the new index value usage.

Note for potential stable backports: taking also the previous
(comment-change-only) commit might make the backport easier.

Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2326
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240809160430.1144805-3-peter.maydell@linaro.org
2024-08-13 11:44:53 +01:00
..
hvf hvf: arm: Fix hvf_sysreg_read_cp() call 2024-08-03 07:24:12 +10:00
tcg target/arm: Fix usage of MMU indexes when EL3 is AArch32 2024-08-13 11:44:53 +01:00
arch_dump.c target/arm: Move feature test functions to their own header 2023-10-27 11:44:32 +01:00
arm-powerctl.c target/arm: Expose arm_cpu_mp_affinity() in 'multiprocessing.h' header 2024-01-26 11:30:48 +00:00
arm-powerctl.h
arm-qmp-cmds.c target: Improve error reporting for CpuModelInfo member @props 2024-03-12 14:03:00 +01:00
common-semi-target.h target/arm/common-semi-target.h: Remove unnecessary boot.h include 2023-10-19 14:32:13 +01:00
cortex-regs.c target/arm: Saturate L2CTLR_EL1 core count field rather than overflowing 2023-05-18 11:39:33 +01:00
cpregs.h target/arm/cpregs: Include missing 'kvm-consts.h' header 2024-01-26 11:30:48 +00:00
cpu64.c target/arm: Replace sprintf() by snprintf() 2024-06-04 10:02:39 +02:00
cpu-features.h target/arm: Implement FEAT WFxT and enable for '-cpu max' 2024-05-30 16:35:17 +01:00
cpu-param.h bsd-user: Hard wire aarch64 to be 4k pages only 2024-07-23 10:50:55 -06:00
cpu-qom.h target/arm: Add support for Non-maskable Interrupt 2024-04-25 10:21:04 +01:00
cpu.c target/arm: Set arm_v7m_tcg_ops cpu_exec_halt to arm_cpu_exec_halt() 2024-07-11 11:41:34 +01:00
cpu.h target/arm: Fix usage of MMU indexes when EL3 is AArch32 2024-08-13 11:44:53 +01:00
debug_helper.c target/arm: Mark up VNCR offsets (offsets 0x100..0x160) 2024-01-09 14:44:45 +00:00
gdbstub64.c bsd-user: Make compile for non-linux user-mode stuff 2024-07-23 10:56:30 -06:00
gdbstub.c gdbstub: Re-factor gdb command extensions 2024-07-22 09:37:44 +01:00
gtimer.h target/arm: Move GTimer definitions to new 'gtimer.h' header 2024-01-26 11:30:49 +00:00
helper.c target/arm: Fix usage of MMU indexes when EL3 is AArch32 2024-08-13 11:44:53 +01:00
helper.h target/arm: Convert SQRDMLAH, SQRDMLSH to decodetree 2024-07-01 15:40:52 +01:00
hvf_arm.h hvf: add guest debugging handlers for Apple Silicon hosts 2023-06-06 10:19:30 +01:00
hyp_gdbstub.c gdbstub: move enums into separate header 2024-06-24 10:14:17 +01:00
idau.h
internals.h target/arm: Fix usage of MMU indexes when EL3 is AArch32 2024-08-13 11:44:53 +01:00
Kconfig kconfig: express dependency of individual boards on libfdt 2024-05-10 15:45:15 +02:00
kvm_arm.h target/arm/kvm: Have kvm_arm_pmu_set_irq take a ARMCPU argument 2023-12-19 17:57:46 +00:00
kvm-consts.h exec: Rename NEED_CPU_H -> COMPILING_PER_TARGET 2024-04-26 09:49:51 +02:00
kvm-stub.c target/arm: Avoid bare abort() or assert(0) 2022-05-05 09:35:51 +01:00
kvm.c target/arm/kvm: Do not silently remove PMU 2024-07-29 16:02:25 +01:00
machine.c target/arm: Rename FPSR_MASK and FPCR_MASK and define them symbolically 2024-07-11 11:41:33 +01:00
meson.build target/arm: Move v7m-related code from cpu32.c into a separate file 2024-03-08 14:45:03 +00:00
multiprocessing.h target/arm: Expose arm_cpu_mp_affinity() in 'multiprocessing.h' header 2024-01-26 11:30:48 +00:00
op_addsub.h
ptw.c target/arm: Fix usage of MMU indexes when EL3 is AArch32 2024-08-13 11:44:53 +01:00
syndrome.h target/arm: fix exception syndrome for AArch32 bkpt insn 2024-02-02 13:51:57 +00:00
tcg-stubs.c target/arm: Move hflags code into the tcg directory 2023-02-27 13:27:04 +00:00
trace-events target/arm: Implement FEAT_ECV CNTPOFF_EL2 handling 2024-03-07 12:19:03 +00:00
trace.h
vfp_helper.c target/arm: Allow FPCR bits that aren't in FPSCR 2024-07-11 11:41:33 +01:00