On 4/14/23 18:04, Peter Maydell wrote:
In get_phys_addr_twostage() when we set up the stage 2 translation, we currently incorrectly set all of in_mmu_idx, in_ptw_idx and in_secure based on s2walk_secure.Here s2walk_secure is true if we should be doing this stage 2 walk to physical memory. ipa_secure is true if the intermediate physical address we got from stage 1 is secure. The VSTCR_EL2.SW and VTCR_EL2.NSW bits allow the guest to configure secure EL2 so that these two things are different, eg: * a stage 2 walk for an NS IPA done to secure physical memory (where the translation table base address and other parameters for the walk come from the NS control registers VTTBR_EL2 and VTCR_EL2) * a stage 2 walk for an S IPA done to non-secure physical memory (where the parameters from the walk come from the S control registers VSTTBR_EL2 and VSTCR_EL2) To tell get_phys_addr_lpae() to do this, we need to pass in an in_mmu_idx based on ipa_secure, and an in_ptw_idx based on s2walk_secure. The in_secure parameter follows in_mmu_idx, as usual. Note that this change relies on fixes in the previous two commits ("Don't allow stage 2 page table walks to downgrade to NS" and "Set ptw->out_secure correctly for stage 2 translations"). Cc:qemu-sta...@nongnu.org Resolves:https://gitlab.com/qemu-project/qemu/-/issues/1600 Signed-off-by: Peter Maydell<peter.mayd...@linaro.org> --- This change also means that v8M, which also uses get_phys_addr_twostage(), is no longer using a ptw->in_mmu_idx calculated based on s2walk_secure, which was always a little strange given that v8M doesn't do any kind of s2 walk, even though it didn't produce incorrect behaviour. --- target/arm/ptw.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
Reviewed-by: Richard Henderson <richard.hender...@linaro.org> r~
