On Tue, 3 Dec 2019 at 22:53, Richard Henderson
<richard.hender...@linaro.org> wrote:
>
> If we have a PAN-enforcing mmu_idx, set prot == 0 if user_rw != 0.
>
> Signed-off-by: Richard Henderson <richard.hender...@linaro.org>
> ---
> target/arm/internals.h | 13 +++++++++++++
> target/arm/helper.c | 3 +++
> 2 files changed, 16 insertions(+)
>
> diff --git a/target/arm/internals.h b/target/arm/internals.h
> index 2408953031..ab3b436379 100644
> --- a/target/arm/internals.h
> +++ b/target/arm/internals.h
> @@ -893,6 +893,19 @@ static inline bool regime_is_secure(CPUARMState *env,
> ARMMMUIdx mmu_idx)
> }
> }
>
> +static inline bool regime_is_pan(CPUARMState *env, ARMMMUIdx mmu_idx)
> +{
> + switch (mmu_idx) {
> + case ARMMMUIdx_Stage1_E1_PAN:
> + case ARMMMUIdx_EL10_1_PAN:
> + case ARMMMUIdx_EL20_2_PAN:
> + case ARMMMUIdx_SE1_PAN:
> + return true;
> + default:
> + return false;
> + }
> +}
> +
> /* Return the FSR value for a debug exception (watchpoint, hardware
> * breakpoint or BKPT insn) targeting the specified exception level.
> */
> diff --git a/target/arm/helper.c b/target/arm/helper.c
> index 6c65dd799e..a1dbafb9b2 100644
> --- a/target/arm/helper.c
> +++ b/target/arm/helper.c
> @@ -9444,6 +9444,9 @@ static int get_S1prot(CPUARMState *env, ARMMMUIdx
> mmu_idx, bool is_aa64,
> if (is_user) {
> prot_rw = user_rw;
> } else {
> + if (user_rw && regime_is_pan(env, mmu_idx)) {
> + return 0;
> + }
> prot_rw = simple_ap_to_rw_prot_is_user(ap, false);
> }
>
> --
> 2.17.1
>
Reviewed-by: Peter Maydell <peter.mayd...@linaro.org>
thanks
-- PMM
