Quoting Peter Maydell:
" hvf_sysreg_read_cp() and hvf_sysreg_write_cp() do not check the .access
field of the ARMCPRegInfo to ensure that they forbid writes to registers
that are marked with a .access field that says they're read-only (and
ditto reads to write-only registers). "
Before we add more registers in GIC sysreg handlers, let's get it correct
by adding the .access checks to hvf_sysreg_read_cp() and
hvf_sysreg_write_cp(). With that, a sysreg access with invalid permission
will result in an UNDEFINED exception.
Suggested-by: Peter Maydell <peter.mayd...@linaro.org>
Signed-off-by: Zenghui Yu <zenghui...@linux.dev>
---
I hard-code the @current_el parameter of cp_access_ok() to 1 because
* we only support EL0 and EL1 in HVF, and
* a GIC sysreg access from EL0 would result in an UNDEF exception which is
taken to EL1 (without going back to QEMU for emulation).
target/arm/hvf/hvf.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c
index 0c7396ad6f..1db0b77fb6 100644
--- a/target/arm/hvf/hvf.c
+++ b/target/arm/hvf/hvf.c
@@ -1270,6 +1270,9 @@ static bool hvf_sysreg_read_cp(CPUState *cpu, uint32_t
reg, uint64_t *val)
ri = get_arm_cp_reginfo(arm_cpu->cp_regs, hvf_reg2cp_reg(reg));
if (ri) {
+ if (!cp_access_ok(1, ri, true)) {
+ return false;
+ }
if (ri->accessfn) {
if (ri->accessfn(env, ri, true) != CP_ACCESS_OK) {
return false;
@@ -1550,6 +1553,9 @@ static bool hvf_sysreg_write_cp(CPUState *cpu, uint32_t
reg, uint64_t val)
ri = get_arm_cp_reginfo(arm_cpu->cp_regs, hvf_reg2cp_reg(reg));
if (ri) {
+ if (!cp_access_ok(1, ri, false)) {
+ return false;
+ }
if (ri->accessfn) {
if (ri->accessfn(env, ri, false) != CP_ACCESS_OK) {
return false;
--
2.34.1
