diff options
author | James Hogan <james.hogan@imgtec.com> | 2017-07-18 12:55:53 +0100 |
---|---|---|
committer | Yongbok Kim <yongbok.kim@imgtec.com> | 2017-07-20 22:42:26 +0100 |
commit | 9fbf4a58c90183b30bb2c8ad971ccce7e6716a16 (patch) | |
tree | 67ca716a8ee58d9ffb47ffcab4a1a882b78732e6 | |
parent | 8fffc64696783b1ff1d17262d098976479895660 (diff) | |
download | qemu-9fbf4a58c90183b30bb2c8ad971ccce7e6716a16.zip qemu-9fbf4a58c90183b30bb2c8ad971ccce7e6716a16.tar.gz qemu-9fbf4a58c90183b30bb2c8ad971ccce7e6716a16.tar.bz2 |
target/mips: Check memory permissions with mem_idx
When performing virtual to physical address translation, check the
required privilege level based on the mem_idx rather than the mode in
the hflags. This will allow EVA loads & stores to operate safely only on
user memory from kernel mode.
For the cases where the mmu_idx doesn't need to be overridden
(mips_cpu_get_phys_page_debug() and cpu_mips_translate_address()), we
calculate the required mmu_idx using cpu_mmu_index(). Note that this
only tests the MIPS_HFLAG_KSU bits rather than MIPS_HFLAG_MODE, so we
don't test the debug mode hflag MIPS_HFLAG_DM any longer. This should be
fine as get_physical_address() only compares against MIPS_HFLAG_UM and
MIPS_HFLAG_SM, neither of which should get set by compute_hflags() when
MIPS_HFLAG_DM is set.
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
-rw-r--r-- | target/mips/helper.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/target/mips/helper.c b/target/mips/helper.c index 5b765cd..7805e5c 100644 --- a/target/mips/helper.c +++ b/target/mips/helper.c @@ -109,11 +109,11 @@ int r4k_map_address (CPUMIPSState *env, hwaddr *physical, int *prot, static int get_physical_address (CPUMIPSState *env, hwaddr *physical, int *prot, target_ulong real_address, - int rw, int access_type) + int rw, int access_type, int mmu_idx) { /* User mode can only access useg/xuseg */ - int user_mode = (env->hflags & MIPS_HFLAG_MODE) == MIPS_HFLAG_UM; - int supervisor_mode = (env->hflags & MIPS_HFLAG_MODE) == MIPS_HFLAG_SM; + int user_mode = mmu_idx == MIPS_HFLAG_UM; + int supervisor_mode = mmu_idx == MIPS_HFLAG_SM; int kernel_mode = !user_mode && !supervisor_mode; #if defined(TARGET_MIPS64) int UX = (env->CP0_Status & (1 << CP0St_UX)) != 0; @@ -413,11 +413,12 @@ static void raise_mmu_exception(CPUMIPSState *env, target_ulong address, hwaddr mips_cpu_get_phys_page_debug(CPUState *cs, vaddr addr) { MIPSCPU *cpu = MIPS_CPU(cs); + CPUMIPSState *env = &cpu->env; hwaddr phys_addr; int prot; - if (get_physical_address(&cpu->env, &phys_addr, &prot, addr, 0, - ACCESS_INT) != 0) { + if (get_physical_address(env, &phys_addr, &prot, addr, 0, ACCESS_INT, + cpu_mmu_index(env, false)) != 0) { return -1; } return phys_addr; @@ -449,7 +450,7 @@ int mips_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int rw, correctly */ access_type = ACCESS_INT; ret = get_physical_address(env, &physical, &prot, - address, rw, access_type); + address, rw, access_type, mmu_idx); switch (ret) { case TLBRET_MATCH: qemu_log_mask(CPU_LOG_MMU, @@ -487,8 +488,8 @@ hwaddr cpu_mips_translate_address(CPUMIPSState *env, target_ulong address, int r /* data access */ access_type = ACCESS_INT; - ret = get_physical_address(env, &physical, &prot, - address, rw, access_type); + ret = get_physical_address(env, &physical, &prot, address, rw, access_type, + cpu_mmu_index(env, false)); if (ret != TLBRET_MATCH) { raise_mmu_exception(env, address, rw, ret); return -1LL; |