summary refs log tree commit diff stats
path: root/results/classifier/118/none/2588
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/118/none/2588')
-rw-r--r--results/classifier/118/none/258873
1 files changed, 73 insertions, 0 deletions
diff --git a/results/classifier/118/none/2588 b/results/classifier/118/none/2588
new file mode 100644
index 000000000..0d5a4ed12
--- /dev/null
+++ b/results/classifier/118/none/2588
@@ -0,0 +1,73 @@
+performance: 0.414
+device: 0.408
+ppc: 0.355
+graphic: 0.306
+hypervisor: 0.251
+vnc: 0.234
+socket: 0.227
+kernel: 0.224
+arm: 0.222
+architecture: 0.220
+semantic: 0.216
+PID: 0.208
+x86: 0.196
+TCG: 0.187
+VMM: 0.181
+i386: 0.180
+risc-v: 0.180
+network: 0.178
+user-level: 0.172
+files: 0.169
+virtual: 0.152
+boot: 0.143
+permissions: 0.133
+mistranslation: 0.131
+peripherals: 0.127
+register: 0.117
+KVM: 0.103
+assembly: 0.094
+debug: 0.087
+
+qemu-system-arm regression: NonSecure World can change Secure World MMU mapping.
+Description of problem:
+A NonSecure execution context is able to override MMU L1 translation table
+flags set by Secure context on Secure World memory.
+
+This is not consistent with the same code running on real hardware and it's a
+regression over past qemu releases as 9.0.0 behaves correctly.
+Steps to reproduce:
+This has been tested with
+[GoTEE-example](https://github.com/usbarmory/GoTEE-example) as follows:
+
+```
+# building tamago
+wget https://github.com/usbarmory/tamago-go/archive/refs/tags/latest.zip
+unzip latest.zip
+cd tamago-go-latest/src && ./all.bash
+cd ../bin && export TAMAGO=`pwd`/go
+
+# building and running GoTEE-example
+wget https://github.com/usbarmory/GoTEE-example/archive/refs/heads/master.zip
+unzip master.zip
+cd GoTEE-example
+export TARGET=usbarmory && make clean && make nonsecure_os_go && make trusted_applet_go && make trusted_os && make qemu
+```
+
+#
+Additional information:
+The issue relates to the fact that the NonSecure World, at startup, configures
+the MMU with the NX bit for the entire address space not belonging to its
+firmware .text area.
+
+On real hardware this MMU configuration by NonSecure world does not affect the
+Secure World translation tables.
+
+On qemu 9.1.0, however it does and this is inconsistent with real hardware
+behavior. On qemu 9.0.0 the behaviour is correct so the issue has been
+introduced between these two releases.
+
+The switch between Secure and NonSecure is done
+[here](https://github.com/usbarmory/GoTEE/blob/7e62563c0628fed3ee0aebb4702e22be9bb636e3/monitor/exec_arm.s#L73).
+
+The MMU first level address table which sets the NX bit is done
+[here](https://github.com/usbarmory/tamago/blob/273d67cd811dfcb1782c0fe596ac14d43d0ce117/arm/mmu.go#L85).