diff options
| author | Christian Krinitsin <mail@krinitsin.com> | 2025-07-03 07:27:52 +0000 |
|---|---|---|
| committer | Christian Krinitsin <mail@krinitsin.com> | 2025-07-03 07:27:52 +0000 |
| commit | d0c85e36e4de67af628d54e9ab577cc3fad7796a (patch) | |
| tree | f8f784b0f04343b90516a338d6df81df3a85dfa2 /results/classifier/deepseek-2/output/hypervisor/2588 | |
| parent | 7f4364274750eb8cb39a3e7493132fca1c01232e (diff) | |
| download | qemu-analysis-d0c85e36e4de67af628d54e9ab577cc3fad7796a.tar.gz qemu-analysis-d0c85e36e4de67af628d54e9ab577cc3fad7796a.zip | |
add deepseek and gemma results
Diffstat (limited to 'results/classifier/deepseek-2/output/hypervisor/2588')
| -rw-r--r-- | results/classifier/deepseek-2/output/hypervisor/2588 | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/results/classifier/deepseek-2/output/hypervisor/2588 b/results/classifier/deepseek-2/output/hypervisor/2588 new file mode 100644 index 000000000..90fe41f02 --- /dev/null +++ b/results/classifier/deepseek-2/output/hypervisor/2588 @@ -0,0 +1,44 @@ + +qemu-system-arm regression: NonSecure World can change Secure World MMU mapping. +Description of problem: +A NonSecure execution context is able to override MMU L1 translation table +flags set by Secure context on Secure World memory. + +This is not consistent with the same code running on real hardware and it's a +regression over past qemu releases as 9.0.0 behaves correctly. +Steps to reproduce: +This has been tested with +[GoTEE-example](https://github.com/usbarmory/GoTEE-example) as follows: + +``` +# building tamago +wget https://github.com/usbarmory/tamago-go/archive/refs/tags/latest.zip +unzip latest.zip +cd tamago-go-latest/src && ./all.bash +cd ../bin && export TAMAGO=`pwd`/go + +# building and running GoTEE-example +wget https://github.com/usbarmory/GoTEE-example/archive/refs/heads/master.zip +unzip master.zip +cd GoTEE-example +export TARGET=usbarmory && make clean && make nonsecure_os_go && make trusted_applet_go && make trusted_os && make qemu +``` + +# +Additional information: +The issue relates to the fact that the NonSecure World, at startup, configures +the MMU with the NX bit for the entire address space not belonging to its +firmware .text area. + +On real hardware this MMU configuration by NonSecure world does not affect the +Secure World translation tables. + +On qemu 9.1.0, however it does and this is inconsistent with real hardware +behavior. On qemu 9.0.0 the behaviour is correct so the issue has been +introduced between these two releases. + +The switch between Secure and NonSecure is done +[here](https://github.com/usbarmory/GoTEE/blob/7e62563c0628fed3ee0aebb4702e22be9bb636e3/monitor/exec_arm.s#L73). + +The MMU first level address table which sets the NX bit is done +[here](https://github.com/usbarmory/tamago/blob/273d67cd811dfcb1782c0fe596ac14d43d0ce117/arm/mmu.go#L85). |