summary refs log tree commit diff stats
path: root/results/classifier/105/device/2588
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/105/device/2588')
-rw-r--r--results/classifier/105/device/258856
1 files changed, 56 insertions, 0 deletions
diff --git a/results/classifier/105/device/2588 b/results/classifier/105/device/2588
new file mode 100644
index 000000000..5d778b42c
--- /dev/null
+++ b/results/classifier/105/device/2588
@@ -0,0 +1,56 @@
+device: 0.408
+instruction: 0.337
+graphic: 0.306
+vnc: 0.234
+socket: 0.227
+semantic: 0.216
+network: 0.178
+other: 0.170
+boot: 0.143
+mistranslation: 0.131
+KVM: 0.103
+assembly: 0.094
+
+qemu-system-arm regression: NonSecure World can change Secure World MMU mapping.
+Description of problem:
+A NonSecure execution context is able to override MMU L1 translation table
+flags set by Secure context on Secure World memory.
+
+This is not consistent with the same code running on real hardware and it's a
+regression over past qemu releases as 9.0.0 behaves correctly.
+Steps to reproduce:
+This has been tested with
+[GoTEE-example](https://github.com/usbarmory/GoTEE-example) as follows:
+
+```
+# building tamago
+wget https://github.com/usbarmory/tamago-go/archive/refs/tags/latest.zip
+unzip latest.zip
+cd tamago-go-latest/src && ./all.bash
+cd ../bin && export TAMAGO=`pwd`/go
+
+# building and running GoTEE-example
+wget https://github.com/usbarmory/GoTEE-example/archive/refs/heads/master.zip
+unzip master.zip
+cd GoTEE-example
+export TARGET=usbarmory && make clean && make nonsecure_os_go && make trusted_applet_go && make trusted_os && make qemu
+```
+
+#
+Additional information:
+The issue relates to the fact that the NonSecure World, at startup, configures
+the MMU with the NX bit for the entire address space not belonging to its
+firmware .text area.
+
+On real hardware this MMU configuration by NonSecure world does not affect the
+Secure World translation tables.
+
+On qemu 9.1.0, however it does and this is inconsistent with real hardware
+behavior. On qemu 9.0.0 the behaviour is correct so the issue has been
+introduced between these two releases.
+
+The switch between Secure and NonSecure is done
+[here](https://github.com/usbarmory/GoTEE/blob/7e62563c0628fed3ee0aebb4702e22be9bb636e3/monitor/exec_arm.s#L73).
+
+The MMU first level address table which sets the NX bit is done
+[here](https://github.com/usbarmory/tamago/blob/273d67cd811dfcb1782c0fe596ac14d43d0ce117/arm/mmu.go#L85).