diff options
| author | Jean-Philippe Brucker <jean-philippe@linaro.org> | 2023-02-14 17:19:22 +0000 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2023-02-16 16:00:48 +0000 |
| commit | e431b8f608d22b0bca64b75b8738b2a6ab4468bd (patch) | |
| tree | 5af4606e8ffeed28de54e7745be9014f629eea5d /hw/arm | |
| parent | ca3fbed896ec867ea0826b9859c6636ca927e835 (diff) | |
| download | qemu-e431b8f608d22b0bca64b75b8738b2a6ab4468bd.zip qemu-e431b8f608d22b0bca64b75b8738b2a6ab4468bd.tar.gz qemu-e431b8f608d22b0bca64b75b8738b2a6ab4468bd.tar.bz2 | |
hw/arm/smmu-common: Fix TTB1 handling
Addresses targeting the second translation table (TTB1) in the SMMU have
all upper bits set (except for the top byte when TBI is enabled). Fix
the TTB1 check.
Reported-by: Ola Hugosson <ola.hugosson@arm.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Message-id: 20230214171921.1917916-3-jean-philippe@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'hw/arm')
| -rw-r--r-- | hw/arm/smmu-common.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c index 2b8c67b..0a5a60c 100644 --- a/hw/arm/smmu-common.c +++ b/hw/arm/smmu-common.c @@ -249,7 +249,7 @@ SMMUTransTableInfo *select_tt(SMMUTransCfg *cfg, dma_addr_t iova) /* there is a ttbr0 region and we are in it (high bits all zero) */ return &cfg->tt[0]; } else if (cfg->tt[1].tsz && - !extract64(iova, 64 - cfg->tt[1].tsz, cfg->tt[1].tsz - tbi_byte)) { + sextract64(iova, 64 - cfg->tt[1].tsz, cfg->tt[1].tsz - tbi_byte) == -1) { /* there is a ttbr1 region and we are in it (high bits all one) */ return &cfg->tt[1]; } else if (!cfg->tt[0].tsz) { |