summaryrefslogtreecommitdiff
path: root/target-ppc
diff options
context:
space:
mode:
authorDavid Gibson <david@gibson.dropbear.id.au>2013-03-12 00:31:41 +0000
committerAlexander Graf <agraf@suse.de>2013-03-22 15:28:52 +0100
commit57d0a39d98b0d0e4712e736084667bcb5aed3474 (patch)
tree9512326aec8d61db8f6acc37f57503b3767384f1 /target-ppc
parente01b444523e2b0c663b42b3e8f44ef48a6153051 (diff)
downloadqemu-57d0a39d98b0d0e4712e736084667bcb5aed3474.tar.gz
qemu-57d0a39d98b0d0e4712e736084667bcb5aed3474.tar.bz2
qemu-57d0a39d98b0d0e4712e736084667bcb5aed3474.zip
mmu-hash64: Factor SLB N bit into permissions bits
BEHAVIOUR CHANGE Currently, for 64-bit hash mmu, the execute protection bit placed into the qemu tlb is based only on the N (No execute) bit from the PTE. However, No Execute can also be set at the segment level. We do check this on execute faults, but this still means we could incorrectly allow execution of code from a No Execute segment, if a prior read or write fault caused the page to be loaded into the qemu tlb with PROT_EXEC set. To correct this, we (re-)check the segment level no execute permission when generating the protection bits for the qemu tlb. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
Diffstat (limited to 'target-ppc')
-rw-r--r--target-ppc/mmu-hash64.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/target-ppc/mmu-hash64.c b/target-ppc/mmu-hash64.c
index 1458f15dd2..5607ce8dec 100644
--- a/target-ppc/mmu-hash64.c
+++ b/target-ppc/mmu-hash64.c
@@ -272,7 +272,8 @@ static int ppc_hash64_pte_prot(CPUPPCState *env,
}
/* No execute if either noexec or guarded bits set */
- if (!(pte.pte1 & HPTE64_R_N) || (pte.pte1 & HPTE64_R_G)) {
+ if (!(pte.pte1 & HPTE64_R_N) || (pte.pte1 & HPTE64_R_G)
+ || (slb->vsid & SLB_VSID_N)) {
prot |= PAGE_EXEC;
}