diff options
| author | Christian Krinitsin <mail@krinitsin.com> | 2025-05-21 21:21:26 +0200 |
|---|---|---|
| committer | Christian Krinitsin <mail@krinitsin.com> | 2025-05-21 21:21:26 +0200 |
| commit | 4b927bc37359dec23f67d3427fc982945f24f404 (patch) | |
| tree | 245449ef9146942dc7fffd0235b48b7e70a00bf2 /gitlab/issues/target_arm/host_missing/accel_missing/2588.toml | |
| parent | aa8bd79cec7bf6790ddb01d156c2ef2201abbaab (diff) | |
| download | qemu-analysis-4b927bc37359dec23f67d3427fc982945f24f404.tar.gz qemu-analysis-4b927bc37359dec23f67d3427fc982945f24f404.zip | |
add gitlab issues in toml format
Diffstat (limited to 'gitlab/issues/target_arm/host_missing/accel_missing/2588.toml')
| -rw-r--r-- | gitlab/issues/target_arm/host_missing/accel_missing/2588.toml | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/gitlab/issues/target_arm/host_missing/accel_missing/2588.toml b/gitlab/issues/target_arm/host_missing/accel_missing/2588.toml new file mode 100644 index 000000000..117f860ca --- /dev/null +++ b/gitlab/issues/target_arm/host_missing/accel_missing/2588.toml @@ -0,0 +1,51 @@ +id = 2588 +title = "qemu-system-arm regression: NonSecure World can change Secure World MMU mapping." +state = "closed" +created_at = "2024-09-25T08:33:04.420Z" +closed_at = "2024-11-06T11:15:14.630Z" +labels = ["TestCase", "target: arm"] +url = "https://gitlab.com/qemu-project/qemu/-/issues/2588" +host-os = "Windows, Linux" +host-arch = "Guest:x86, Host:ARM" +qemu-version = "9.1.0" +guest-os = "ARM Bare Metal (TamaGo)" +guest-arch = "ARM (ARMv7)" +description = """A NonSecure execution context is able to override MMU L1 translation table +flags set by Secure context on Secure World memory. + +This is not consistent with the same code running on real hardware and it's a +regression over past qemu releases as 9.0.0 behaves correctly.""" +reproduce = """This has been tested with +[GoTEE-example](https://github.com/usbarmory/GoTEE-example) as follows: + +``` +# building tamago +wget https://github.com/usbarmory/tamago-go/archive/refs/tags/latest.zip +unzip latest.zip +cd tamago-go-latest/src && ./all.bash +cd ../bin && export TAMAGO=`pwd`/go + +# building and running GoTEE-example +wget https://github.com/usbarmory/GoTEE-example/archive/refs/heads/master.zip +unzip master.zip +cd GoTEE-example +export TARGET=usbarmory && make clean && make nonsecure_os_go && make trusted_applet_go && make trusted_os && make qemu +``` + +#""" +additional = """The issue relates to the fact that the NonSecure World, at startup, configures +the MMU with the NX bit for the entire address space not belonging to its +firmware .text area. + +On real hardware this MMU configuration by NonSecure world does not affect the +Secure World translation tables. + +On qemu 9.1.0, however it does and this is inconsistent with real hardware +behavior. On qemu 9.0.0 the behaviour is correct so the issue has been +introduced between these two releases. + +The switch between Secure and NonSecure is done +[here](https://github.com/usbarmory/GoTEE/blob/7e62563c0628fed3ee0aebb4702e22be9bb636e3/monitor/exec_arm.s#L73). + +The MMU first level address table which sets the NX bit is done +[here](https://github.com/usbarmory/tamago/blob/273d67cd811dfcb1782c0fe596ac14d43d0ce117/arm/mmu.go#L85).""" |