On 09/22/2017 11:00 AM, Peter Maydell wrote: > Implement the security attribute lookups for memory accesses > in the get_phys_addr() functions, causing these to generate > various kinds of SecureFault for bad accesses. > > The major subtlety in this code relates to handling of the > case when the security attributes the SAU assigns to the > address don't match the current security state of the CPU. > > In the ARM ARM pseudocode for validating instruction > accesses, the security attributes of the address determine > whether the Secure or NonSecure MPU state is used. At face > value, handling this would require us to encode the relevant > bits of state into mmu_idx for both S and NS at once, which > would result in our needing 16 mmu indexes. Fortunately we > don't actually need to do this because a mismatch between > address attributes and CPU state means either: > * some kind of fault (usually a SecureFault, but in theory > perhaps a UserFault for unaligned access to Device memory) > * execution of the SG instruction in NS state from a > Secure & NonSecure code region > > The purpose of SG is simply to flip the CPU into Secure > state, so we can handle it by emulating execution of that > instruction directly in arm_v7m_cpu_do_interrupt(), which > means we can treat all the mismatch cases as "throw an > exception" and we don't need to encode the state of the > other MPU bank into our mmu_idx values. > > This commit doesn't include the actual emulation of SG; > it also doesn't include implementation of the IDAU, which > is a per-board way to specify hard-coded memory attributes > for addresses, which override the CPU-internal SAU if they > specify a more secure setting than the SAU is programmed to. > > Signed-off-by: Peter Maydell <peter.mayd...@linaro.org> > --- > target/arm/internals.h | 15 ++++ > target/arm/helper.c | 182 > ++++++++++++++++++++++++++++++++++++++++++++++++- > 2 files changed, 195 insertions(+), 2 deletions(-)
Reviewed-by: Richard Henderson <richard.hender...@linaro.org> r~
