D4.5.1 "Memory access control:Access permissions for instruction
execution" states
"...
In addition:
* For the EL1&0 translation regime, if the value of the AP[2:1] bits
is 0b01, permitting write access from EL0, then the PXN bit is
treated as if it has the value 1, regardless of its actual value.
..."
Signed-off-by: Andrew Jones <drjo...@redhat.com>
---
target-arm/helper.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 3ef0f1f38eda5..962758888194a 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -4960,6 +4960,8 @@ static int get_phys_addr_lpae(CPUARMState *env,
target_ulong address,
*prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
if ((arm_feature(env, ARM_FEATURE_V8) && is_user && (attrs & (1 << 12))) ||
(!arm_feature(env, ARM_FEATURE_V8) && (attrs & (1 << 12))) ||
+ (arm_feature(env, ARM_FEATURE_V8) && !is_user &&
+ ((attrs & (3 << 4)) == (1 << 4) /* AP[2:1] == 0b01 */)) ||
(!is_user && (attrs & (1 << 11)))) {
/* XN/UXN or PXN. Since we only implement EL0/EL1 we unconditionally
* treat XN/UXN as UXN for v8.
--
1.9.3
