[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 39/48] mmu-hash64: Factor SLB N bit into permissions
|
From: |
David Gibson |
|
Subject: |
[Qemu-devel] [PATCH 39/48] mmu-hash64: Factor SLB N bit into permissions bits |
|
Date: |
Tue, 12 Mar 2013 21:31:41 +1100 |
BEHAVIOUR CHANGE
Currently, for 64-bit hash mmu, the execute protection bit placed into the
qemu tlb is based only on the N (No execute) bit from the PTE. However,
No Execute can also be set at the segment level. We do check this on
execute faults, but this still means we could incorrectly allow execution
of code from a No Execute segment, if a prior read or write fault caused
the page to be loaded into the qemu tlb with PROT_EXEC set.
To correct this, we (re-)check the segment level no execute permission when
generating the protection bits for the qemu tlb.
Signed-off-by: David Gibson <address@hidden>
---
target-ppc/mmu-hash64.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/target-ppc/mmu-hash64.c b/target-ppc/mmu-hash64.c
index 1458f15..5607ce8 100644
--- a/target-ppc/mmu-hash64.c
+++ b/target-ppc/mmu-hash64.c
@@ -272,7 +272,8 @@ static int ppc_hash64_pte_prot(CPUPPCState *env,
}
/* No execute if either noexec or guarded bits set */
- if (!(pte.pte1 & HPTE64_R_N) || (pte.pte1 & HPTE64_R_G)) {
+ if (!(pte.pte1 & HPTE64_R_N) || (pte.pte1 & HPTE64_R_G)
+ || (slb->vsid & SLB_VSID_N)) {
prot |= PAGE_EXEC;
}
--
1.7.10.4
- [Qemu-devel] [PATCH 22/48] mmu-hash32: Split out handling of direct store segments, (continued)
- [Qemu-devel] [PATCH 22/48] mmu-hash32: Split out handling of direct store segments, David Gibson, 2013/03/12
- [Qemu-devel] [PATCH 16/48] mmu-hash*: Add header file for definitions, David Gibson, 2013/03/12
- [Qemu-devel] [PATCH 17/48] mmu-hash*: Add hash pte load/store helpers, David Gibson, 2013/03/12
- [Qemu-devel] [PATCH 31/48] mmu-hash32: Remove odd pointer usage from BAT code, David Gibson, 2013/03/12
- [Qemu-devel] [PATCH 21/48] mmu-hash*: Combine ppc_hash{32, 64}_get_physical_address and get_segment{32, 64}(), David Gibson, 2013/03/12
- [Qemu-devel] [PATCH 35/48] mmu-hash32: Don't look up page tables on BAT permission error, David Gibson, 2013/03/12
- [Qemu-devel] [PATCH 37/48] mmu-hash32: Remove nx from context structure, David Gibson, 2013/03/12
- [Qemu-devel] [PATCH 26/48] mmu-hash*: Separate PTEG searching from permissions checking, David Gibson, 2013/03/12
- [Qemu-devel] [PATCH 24/48] mmu-hash*: Cleanup segment-level NX check, David Gibson, 2013/03/12
- [Qemu-devel] [PATCH 25/48] mmu-hash*: Don't keep looking for PTEs after we find a match, David Gibson, 2013/03/12
- [Qemu-devel] [PATCH 39/48] mmu-hash64: Factor SLB N bit into permissions bits,
David Gibson <=
- [Qemu-devel] [PATCH 27/48] mmu-hash*: Make find_pte{32, 64} do more of the job of finding ptes, David Gibson, 2013/03/12
- [Qemu-devel] [PATCH 34/48] mmu-hash32: Cleanup BAT lookup, David Gibson, 2013/03/12
- [Qemu-devel] [PATCH 18/48] mmu-hash*: Reduce use of access_type, David Gibson, 2013/03/12
- [Qemu-devel] [PATCH 20/48] mmu-hash*: Remove eaddr field from mmu_ctx_hash{32, 64}, David Gibson, 2013/03/12
- [Qemu-devel] [PATCH 33/48] mmu-hash32: Clean up BAT matching logic, David Gibson, 2013/03/12
- [Qemu-devel] [PATCH 42/48] mmu-hash*: Correctly mask RPN from hash PTE, David Gibson, 2013/03/12
- [Qemu-devel] [PATCH 32/48] mmu-hash32: Split BAT size logic from permissions logic, David Gibson, 2013/03/12
- [Qemu-devel] [PATCH 23/48] mmu-hash32: Split direct store segment handling into a helper, David Gibson, 2013/03/12
- [Qemu-devel] [PATCH 36/48] mmu-hash*: Don't update PTE flags when permission is denied, David Gibson, 2013/03/12
- [Qemu-devel] [PATCH 30/48] mmu-hash*: Fold pte_check*() logic into caller, David Gibson, 2013/03/12