Jeffrey Lee
authored
When AP1 memory is being emulated (long descriptor page tables are in use), the AbortTrap machinery is used to emulate usermode read access. This provides coverage for all read instructions except those that AbortTrap handles via MemMap requests - LDREX, LDA, LDAEX, LDF & LFM. LDREX & LDAEX request both read & write access, so are fine (the MemMap request will get passed through to the registered AbortTrap handlers). LDF & LFM are irrelevant, since they only exist on ARM7500FE (on other machines FPEmulator will translate them to regular LDR/LDM, which are handled correctly) LDA however, will generate a plain "memmap with usermode read" request. When AbortTrap looks at the permissions of emulated AP1 it doesn't take into account the fact that the usermode read permission is being emulated, so it thinks that everything is fine and claims the memmap was successful, causing the abort handler to retry the instruction without making any changes, resulting in an infinite abort loop. Deal with this by detecting the above situation and also requesting usermode execute access. This will avoid the kernel (and hopefully the registered AbortTrap handlers) from thinking that the emulated AP1 is acceptable, without adversely affecting the behaviour of other instructions or access privileges. If no handler is present or the memmap request is denied, the abort will get passed on to the next stage of the abort handler (i.e. you'll get a standard data abort from trying to LDA from arbitrary emulated AP1 memory) The new test program (Dev/AbortTrap/attest_ap1) will check that this edge case is dealt with correctly. Tested on Pi 4, for both long & short page tables Version 6.59. Tagged as 'Kernel-6_59'