Hi Jean,
On 2/10/23 17:37, Jean-Philippe Brucker wrote:
> Addresses targeting the second translation table (TTB1) in the SMMU have
> all upper bits set (except for the top byte when TBI is enabled). Fix
> the TTB1 check.
>
> Reported-by: Ola Hugosson <ola.hugos...@arm.com>
> Signed-off-by: Jean-Philippe Brucker <jean-phili...@linaro.org>
> ---
> hw/arm/smmu-common.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c
> index 2b8c67b9a1..0a5a60ca1e 100644
> --- a/hw/arm/smmu-common.c
> +++ b/hw/arm/smmu-common.c
> @@ -249,7 +249,7 @@ SMMUTransTableInfo *select_tt(SMMUTransCfg *cfg,
> dma_addr_t iova)
> /* there is a ttbr0 region and we are in it (high bits all zero) */
> return &cfg->tt[0];
> } else if (cfg->tt[1].tsz &&
> - !extract64(iova, 64 - cfg->tt[1].tsz, cfg->tt[1].tsz - tbi_byte))
> {
> + sextract64(iova, 64 - cfg->tt[1].tsz, cfg->tt[1].tsz - tbi_byte) ==
> -1) {
> /* there is a ttbr1 region and we are in it (high bits all one) */
> return &cfg->tt[1];
> } else if (!cfg->tt[0].tsz) {
Reviewed-by: Eric Auger <eric.au...@redhat.com>
While reading the spec again, I noticed we do not support VAX. Is it
something that we would need to support?
Thanks!
Eric
