summary refs log tree commit diff stats
path: root/gitlab/issues/target_arm/host_missing/accel_missing/2588.toml
diff options
context:
space:
mode:
Diffstat (limited to 'gitlab/issues/target_arm/host_missing/accel_missing/2588.toml')
-rw-r--r--gitlab/issues/target_arm/host_missing/accel_missing/2588.toml51
1 files changed, 51 insertions, 0 deletions
diff --git a/gitlab/issues/target_arm/host_missing/accel_missing/2588.toml b/gitlab/issues/target_arm/host_missing/accel_missing/2588.toml
new file mode 100644
index 000000000..117f860ca
--- /dev/null
+++ b/gitlab/issues/target_arm/host_missing/accel_missing/2588.toml
@@ -0,0 +1,51 @@
+id = 2588
+title = "qemu-system-arm regression: NonSecure World can change Secure World MMU mapping."
+state = "closed"
+created_at = "2024-09-25T08:33:04.420Z"
+closed_at = "2024-11-06T11:15:14.630Z"
+labels = ["TestCase", "target: arm"]
+url = "https://gitlab.com/qemu-project/qemu/-/issues/2588"
+host-os = "Windows, Linux"
+host-arch = "Guest:x86, Host:ARM"
+qemu-version = "9.1.0"
+guest-os = "ARM Bare Metal (TamaGo)"
+guest-arch = "ARM (ARMv7)"
+description = """A NonSecure execution context is able to override MMU L1 translation table
+flags set by Secure context on Secure World memory.
+
+This is not consistent with the same code running on real hardware and it's a
+regression over past qemu releases as 9.0.0 behaves correctly."""
+reproduce = """This has been tested with
+[GoTEE-example](https://github.com/usbarmory/GoTEE-example) as follows:
+
+```
+# building tamago
+wget https://github.com/usbarmory/tamago-go/archive/refs/tags/latest.zip
+unzip latest.zip
+cd tamago-go-latest/src && ./all.bash
+cd ../bin && export TAMAGO=`pwd`/go
+
+# building and running GoTEE-example
+wget https://github.com/usbarmory/GoTEE-example/archive/refs/heads/master.zip
+unzip master.zip
+cd GoTEE-example
+export TARGET=usbarmory && make clean && make nonsecure_os_go && make trusted_applet_go && make trusted_os && make qemu
+```
+
+#"""
+additional = """The issue relates to the fact that the NonSecure World, at startup, configures
+the MMU with the NX bit for the entire address space not belonging to its
+firmware .text area.
+
+On real hardware this MMU configuration by NonSecure world does not affect the
+Secure World translation tables.
+
+On qemu 9.1.0, however it does and this is inconsistent with real hardware
+behavior. On qemu 9.0.0 the behaviour is correct so the issue has been
+introduced between these two releases.
+
+The switch between Secure and NonSecure is done
+[here](https://github.com/usbarmory/GoTEE/blob/7e62563c0628fed3ee0aebb4702e22be9bb636e3/monitor/exec_arm.s#L73).
+
+The MMU first level address table which sets the NX bit is done
+[here](https://github.com/usbarmory/tamago/blob/273d67cd811dfcb1782c0fe596ac14d43d0ce117/arm/mmu.go#L85)."""