qemu-arm
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-arm] [Qemu-devel] [PATCH 14/20] target/arm: Implement security


From: Richard Henderson
Subject: Re: [Qemu-arm] [Qemu-devel] [PATCH 14/20] target/arm: Implement security attribute lookups for memory accesses
Date: Thu, 5 Oct 2017 14:39:33 -0400
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0

On 09/22/2017 11:00 AM, Peter Maydell wrote:
> Implement the security attribute lookups for memory accesses
> in the get_phys_addr() functions, causing these to generate
> various kinds of SecureFault for bad accesses.
> 
> The major subtlety in this code relates to handling of the
> case when the security attributes the SAU assigns to the
> address don't match the current security state of the CPU.
> 
> In the ARM ARM pseudocode for validating instruction
> accesses, the security attributes of the address determine
> whether the Secure or NonSecure MPU state is used. At face
> value, handling this would require us to encode the relevant
> bits of state into mmu_idx for both S and NS at once, which
> would result in our needing 16 mmu indexes. Fortunately we
> don't actually need to do this because a mismatch between
> address attributes and CPU state means either:
>  * some kind of fault (usually a SecureFault, but in theory
>    perhaps a UserFault for unaligned access to Device memory)
>  * execution of the SG instruction in NS state from a
>    Secure & NonSecure code region
> 
> The purpose of SG is simply to flip the CPU into Secure
> state, so we can handle it by emulating execution of that
> instruction directly in arm_v7m_cpu_do_interrupt(), which
> means we can treat all the mismatch cases as "throw an
> exception" and we don't need to encode the state of the
> other MPU bank into our mmu_idx values.
> 
> This commit doesn't include the actual emulation of SG;
> it also doesn't include implementation of the IDAU, which
> is a per-board way to specify hard-coded memory attributes
> for addresses, which override the CPU-internal SAU if they
> specify a more secure setting than the SAU is programmed to.
> 
> Signed-off-by: Peter Maydell <address@hidden>
> ---
>  target/arm/internals.h |  15 ++++
>  target/arm/helper.c    | 182 
> ++++++++++++++++++++++++++++++++++++++++++++++++-
>  2 files changed, 195 insertions(+), 2 deletions(-)

Reviewed-by: Richard Henderson <address@hidden>


r~





reply via email to

[Prev in Thread] Current Thread [Next in Thread]