qemu-e2k/target
Peter Maydell 19b254e86a target/arm: Use correct SecuritySpace for AArch64 AT ops at EL3
When we do an AT address translation operation, the page table walk
is supposed to be performed in the context of the EL we're doing the
walk for, so for instance an AT S1E2R walk is done for EL2.  In the
pseudocode an EL is passed to AArch64.AT(), which calls
SecurityStateAtEL() to find the security state that we should be
doing the walk with.

In ats_write64() we get this wrong, instead using the current
security space always.  This is fine for AT operations performed from
EL1 and EL2, because there the current security state and the
security state for the lower EL are the same.  But for AT operations
performed from EL3, the current security state is always either
Secure or Root, whereas we want to use the security state defined by
SCR_EL3.{NS,NSE} for the walk. This affects not just guests using
FEAT_RME but also ones where EL3 is Secure state and the EL3 code
is trying to do an AT for a NonSecure EL2 or EL1.

Use arm_security_space_below_el3() to get the SecuritySpace to
pass to do_ats_write() for all AT operations except the
AT S1E3* operations.

Cc: qemu-stable@nongnu.org
Fixes: e1ee56ec23 ("target/arm: Pass security space rather than flag for AT instructions")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2250
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240405180232.3570066-1-peter.maydell@linaro.org
2024-04-08 15:38:53 +01:00
..
alpha target/alpha: Prefer fast cpu_env() over slower CPU QOM cast macro 2024-03-12 11:46:16 +01:00
arm target/arm: Use correct SecuritySpace for AArch64 AT ops at EL3 2024-04-08 15:38:53 +01:00
avr target/avr: Prefer fast cpu_env() over slower CPU QOM cast macro 2024-03-12 11:46:17 +01:00
cris target/cris: Prefer fast cpu_env() over slower CPU QOM cast macro 2024-03-12 11:46:17 +01:00
hexagon target/hexagon: Prefer fast cpu_env() over slower CPU QOM cast macro 2024-03-12 11:46:17 +01:00
hppa target/hppa: Clear psw_n for BE on use_nullify_skip path 2024-03-29 08:15:01 -10:00
i386 accel/hvf: Un-inline hvf_arch_supports_guest_debug() 2024-04-02 14:55:32 +02:00
loongarch target/loongarch: Fix qemu-system-loongarch64 assert failed with the option '-d int' 2024-03-22 17:57:49 +08:00
m68k target/m68k: Prefer fast cpu_env() over slower CPU QOM cast macro 2024-03-12 12:04:24 +01:00
microblaze target/microblaze: Prefer fast cpu_env() over slower CPU QOM cast macro 2024-03-12 12:04:24 +01:00
mips target/mips: Prefer fast cpu_env() over slower CPU QOM cast macro 2024-03-12 12:04:24 +01:00
nios2 target/nios2: Prefer fast cpu_env() over slower CPU QOM cast macro 2024-03-12 12:04:24 +01:00
openrisc target/openrisc: Prefer fast cpu_env() over slower CPU QOM cast macro 2024-03-12 12:04:24 +01:00
ppc target/ppc: Rename init_excp_4xx_softmmu() -> init_excp_4xx() 2024-04-02 14:55:15 +02:00
riscv target/riscv/kvm: fix timebase-frequency when using KVM acceleration 2024-03-22 15:41:01 +10:00
rx target/rx: Prefer fast cpu_env() over slower CPU QOM cast macro 2024-03-12 12:04:24 +01:00
s390x target/s390x: Use mutable temporary value for op_ts 2024-03-25 15:05:59 +01:00
sh4 target/sh4: Prefer fast cpu_env() over slower CPU QOM cast macro 2024-03-12 12:04:24 +01:00
sparc target/sparc/cpu: Improve the CPU help text 2024-03-18 17:11:19 +01:00
tricore target/tricore/helper: Use correct string format in cpu_tlb_fill() 2024-03-26 14:24:06 +01:00
xtensa target/xtensa: Prefer fast cpu_env() over slower CPU QOM cast macro 2024-03-12 12:04:25 +01:00
Kconfig
meson.build target: Make qemu_target_page_mask() available for *-user 2024-01-29 21:04:10 +10:00
target-common.c target: Make qemu_target_page_mask() available for *-user 2024-01-29 21:04:10 +10:00