From patchwork Tue Nov 24 14:18:50 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 57254 Delivered-To: patch@linaro.org Received: by 10.112.155.196 with SMTP id vy4csp2117331lbb; Tue, 24 Nov 2015 06:19:46 -0800 (PST) X-Received: by 10.13.192.194 with SMTP id b185mr32248538ywd.137.1448374786822; Tue, 24 Nov 2015 06:19:46 -0800 (PST) Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id l185si11029423ywd.229.2015.11.24.06.19.46 for (version=TLS1 cipher=AES128-SHA bits=128/128); Tue, 24 Nov 2015 06:19:46 -0800 (PST) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org Received: from localhost ([::1]:38846 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1a1ERe-0005nl-AT for patch@linaro.org; Tue, 24 Nov 2015 09:19:46 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:42441) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1a1EQq-0004wK-6v for qemu-devel@nongnu.org; Tue, 24 Nov 2015 09:18:57 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1a1EQp-00016C-3D for qemu-devel@nongnu.org; Tue, 24 Nov 2015 09:18:56 -0500 Received: from mnementh.archaic.org.uk ([2001:8b0:1d0::1]:58968) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1a1EQo-000154-SO for qemu-devel@nongnu.org; Tue, 24 Nov 2015 09:18:55 -0500 Received: from pm215 by mnementh.archaic.org.uk with local (Exim 4.80) (envelope-from ) id 1a1EQl-0002j8-Vw for qemu-devel@nongnu.org; Tue, 24 Nov 2015 14:18:52 +0000 From: Peter Maydell To: qemu-devel@nongnu.org Date: Tue, 24 Nov 2015 14:18:50 +0000 Message-Id: <1448374731-10445-4-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 1.7.10.4 In-Reply-To: <1448374731-10445-1-git-send-email-peter.maydell@linaro.org> References: <1448374731-10445-1-git-send-email-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:8b0:1d0::1 Subject: [Qemu-devel] [PULL 3/4] target-arm: Don't mask out bits [47:40] in LPAE descriptors for v8 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org In an LPAE format descriptor in ARMv8 the address field extends up to bit 47, not just bit 39. Correct the masking so we don't give incorrect results if the output address size is greater than 40 bits, as it can be for AArch64. (Note that we don't yet support the new-in-v8 Address Size fault which should be generated if any translation table entry or TTBR contains an address with non-zero bits above the most significant bit of the maximum output address size.) Signed-off-by: Peter Maydell Reviewed-by: Laurent Desnogues Reviewed-by: Edgar E. Iglesias Message-id: 1448029971-9875-1-git-send-email-peter.maydell@linaro.org --- target-arm/helper.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) -- 1.9.1 diff --git a/target-arm/helper.c b/target-arm/helper.c index 4ecae61..afc4163 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -6642,6 +6642,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address, int ap, ns, xn, pxn; uint32_t el = regime_el(env, mmu_idx); bool ttbr1_valid = true; + uint64_t descaddrmask; /* TODO: * This code does not handle the different format TCR for VTCR_EL2. @@ -6831,6 +6832,15 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address, descaddr = extract64(ttbr, 0, 48); descaddr &= ~((1ULL << (inputsize - (stride * (4 - level)))) - 1); + /* The address field in the descriptor goes up to bit 39 for ARMv7 + * but up to bit 47 for ARMv8. + */ + if (arm_feature(env, ARM_FEATURE_V8)) { + descaddrmask = 0xfffffffff000ULL; + } else { + descaddrmask = 0xfffffff000ULL; + } + /* Secure accesses start with the page table in secure memory and * can be downgraded to non-secure at any step. Non-secure accesses * remain non-secure. We implement this by just ORing in the NSTable/NS @@ -6854,7 +6864,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address, /* Invalid, or the Reserved level 3 encoding */ goto do_fault; } - descaddr = descriptor & 0xfffffff000ULL; + descaddr = descriptor & descaddrmask; if ((descriptor & 2) && (level < 3)) { /* Table entry. The top five bits are attributes which may