| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  | /*
 | 
					
						
							|  |  |  |  * QEMU RISC-V PMP (Physical Memory Protection) | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * Author: Daire McNamara, daire.mcnamara@emdalo.com | 
					
						
							|  |  |  |  *         Ivan Griffin, ivan.griffin@emdalo.com | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * This provides a RISC-V Physical Memory Protection implementation | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * This program is free software; you can redistribute it and/or modify it | 
					
						
							|  |  |  |  * under the terms and conditions of the GNU General Public License, | 
					
						
							|  |  |  |  * version 2 or later, as published by the Free Software Foundation. | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * This program is distributed in the hope it will be useful, but WITHOUT | 
					
						
							|  |  |  |  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or | 
					
						
							|  |  |  |  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for | 
					
						
							|  |  |  |  * more details. | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * You should have received a copy of the GNU General Public License along with | 
					
						
							|  |  |  |  * this program.  If not, see <http://www.gnu.org/licenses/>.
 | 
					
						
							|  |  |  |  */ | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | #include "qemu/osdep.h"
 | 
					
						
							|  |  |  | #include "qemu/log.h"
 | 
					
						
							|  |  |  | #include "qapi/error.h"
 | 
					
						
							|  |  |  | #include "cpu.h"
 | 
					
						
							| 
									
										
										
										
											2019-07-23 14:08:16 +02:00
										 |  |  | #include "trace.h"
 | 
					
						
							| 
									
										
										
										
											2021-02-21 22:01:22 +08:00
										 |  |  | #include "exec/exec-all.h"
 | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-05-17 17:15:17 +08:00
										 |  |  | static bool pmp_write_cfg(CPURISCVState *env, uint32_t addr_index, | 
					
						
							| 
									
										
										
										
											2023-04-05 16:58:11 +08:00
										 |  |  |                           uint8_t val); | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  | static uint8_t pmp_read_cfg(CPURISCVState *env, uint32_t addr_index); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /*
 | 
					
						
							|  |  |  |  * Accessor method to extract address matching type 'a field' from cfg reg | 
					
						
							|  |  |  |  */ | 
					
						
							|  |  |  | static inline uint8_t pmp_get_a_field(uint8_t cfg) | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  |     uint8_t a = cfg >> 3; | 
					
						
							|  |  |  |     return a & 0x3; | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /*
 | 
					
						
							|  |  |  |  * Check whether a PMP is locked or not. | 
					
						
							|  |  |  |  */ | 
					
						
							|  |  |  | static inline int pmp_is_locked(CPURISCVState *env, uint32_t pmp_index) | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     if (env->pmp_state.pmp[pmp_index].cfg_reg & PMP_LOCK) { | 
					
						
							|  |  |  |         return 1; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /* Top PMP has no 'next' to check */ | 
					
						
							|  |  |  |     if ((pmp_index + 1u) >= MAX_RISCV_PMPS) { | 
					
						
							|  |  |  |         return 0; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     return 0; | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /*
 | 
					
						
							|  |  |  |  * Count the number of active rules. | 
					
						
							|  |  |  |  */ | 
					
						
							| 
									
										
										
										
											2020-12-23 11:25:53 -08:00
										 |  |  | uint32_t pmp_get_num_rules(CPURISCVState *env) | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  | { | 
					
						
							|  |  |  |      return env->pmp_state.num_rules; | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /*
 | 
					
						
							|  |  |  |  * Accessor to get the cfg reg for a specific PMP/HART | 
					
						
							|  |  |  |  */ | 
					
						
							|  |  |  | static inline uint8_t pmp_read_cfg(CPURISCVState *env, uint32_t pmp_index) | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  |     if (pmp_index < MAX_RISCV_PMPS) { | 
					
						
							|  |  |  |         return env->pmp_state.pmp[pmp_index].cfg_reg; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     return 0; | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /*
 | 
					
						
							|  |  |  |  * Accessor to set the cfg reg for a specific PMP/HART | 
					
						
							|  |  |  |  * Bounds checks and relevant lock bit. | 
					
						
							|  |  |  |  */ | 
					
						
							| 
									
										
										
										
											2023-05-17 17:15:17 +08:00
										 |  |  | static bool pmp_write_cfg(CPURISCVState *env, uint32_t pmp_index, uint8_t val) | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  | { | 
					
						
							|  |  |  |     if (pmp_index < MAX_RISCV_PMPS) { | 
					
						
							| 
									
										
										
										
											2021-04-19 16:17:11 +10:00
										 |  |  |         bool locked = true; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-02-22 15:52:01 -03:00
										 |  |  |         if (riscv_cpu_cfg(env)->epmp) { | 
					
						
							| 
									
										
										
										
											2021-04-19 16:17:11 +10:00
										 |  |  |             /* mseccfg.RLB is set */ | 
					
						
							|  |  |  |             if (MSECCFG_RLB_ISSET(env)) { | 
					
						
							|  |  |  |                 locked = false; | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             /* mseccfg.MML is not set */ | 
					
						
							|  |  |  |             if (!MSECCFG_MML_ISSET(env) && !pmp_is_locked(env, pmp_index)) { | 
					
						
							|  |  |  |                 locked = false; | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             /* mseccfg.MML is set */ | 
					
						
							|  |  |  |             if (MSECCFG_MML_ISSET(env)) { | 
					
						
							|  |  |  |                 /* not adding execute bit */ | 
					
						
							|  |  |  |                 if ((val & PMP_LOCK) != 0 && (val & PMP_EXEC) != PMP_EXEC) { | 
					
						
							|  |  |  |                     locked = false; | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |                 /* shared region and not adding X bit */ | 
					
						
							|  |  |  |                 if ((val & PMP_LOCK) != PMP_LOCK && | 
					
						
							|  |  |  |                     (val & 0x7) != (PMP_WRITE | PMP_EXEC)) { | 
					
						
							|  |  |  |                     locked = false; | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |             } | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  |         } else { | 
					
						
							| 
									
										
										
										
											2021-04-19 16:17:11 +10:00
										 |  |  |             if (!pmp_is_locked(env, pmp_index)) { | 
					
						
							|  |  |  |                 locked = false; | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if (locked) { | 
					
						
							| 
									
										
										
										
											2019-03-16 01:20:02 +00:00
										 |  |  |             qemu_log_mask(LOG_GUEST_ERROR, "ignoring pmpcfg write - locked\n"); | 
					
						
							| 
									
										
										
										
											2023-05-17 17:15:17 +08:00
										 |  |  |         } else if (env->pmp_state.pmp[pmp_index].cfg_reg != val) { | 
					
						
							| 
									
										
										
										
											2021-04-19 16:17:11 +10:00
										 |  |  |             env->pmp_state.pmp[pmp_index].cfg_reg = val; | 
					
						
							| 
									
										
										
										
											2023-05-17 17:15:18 +08:00
										 |  |  |             pmp_update_rule_addr(env, pmp_index); | 
					
						
							| 
									
										
										
										
											2023-05-17 17:15:17 +08:00
										 |  |  |             return true; | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  |         } | 
					
						
							|  |  |  |     } else { | 
					
						
							| 
									
										
										
										
											2019-03-16 01:20:02 +00:00
										 |  |  |         qemu_log_mask(LOG_GUEST_ERROR, | 
					
						
							|  |  |  |                       "ignoring pmpcfg write - out of bounds\n"); | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  |     } | 
					
						
							| 
									
										
										
										
											2023-05-17 17:15:17 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |     return false; | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-04-05 16:58:13 +08:00
										 |  |  | static void pmp_decode_napot(target_ulong a, target_ulong *sa, | 
					
						
							|  |  |  |                              target_ulong *ea) | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  | { | 
					
						
							|  |  |  |     /*
 | 
					
						
							| 
									
										
										
										
											2023-04-05 16:58:12 +08:00
										 |  |  |      * aaaa...aaa0   8-byte NAPOT range | 
					
						
							|  |  |  |      * aaaa...aa01   16-byte NAPOT range | 
					
						
							|  |  |  |      * aaaa...a011   32-byte NAPOT range | 
					
						
							|  |  |  |      * ... | 
					
						
							|  |  |  |      * aa01...1111   2^XLEN-byte NAPOT range | 
					
						
							|  |  |  |      * a011...1111   2^(XLEN+1)-byte NAPOT range | 
					
						
							|  |  |  |      * 0111...1111   2^(XLEN+2)-byte NAPOT range | 
					
						
							|  |  |  |      * 1111...1111   Reserved | 
					
						
							|  |  |  |      */ | 
					
						
							| 
									
										
										
										
											2022-04-08 12:25:07 -04:00
										 |  |  |     a = (a << 2) | 0x3; | 
					
						
							|  |  |  |     *sa = a & (a + 1); | 
					
						
							|  |  |  |     *ea = a | (a + 1); | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-10-26 19:55:27 +08:00
										 |  |  | void pmp_update_rule_addr(CPURISCVState *env, uint32_t pmp_index) | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  | { | 
					
						
							|  |  |  |     uint8_t this_cfg = env->pmp_state.pmp[pmp_index].cfg_reg; | 
					
						
							|  |  |  |     target_ulong this_addr = env->pmp_state.pmp[pmp_index].addr_reg; | 
					
						
							|  |  |  |     target_ulong prev_addr = 0u; | 
					
						
							|  |  |  |     target_ulong sa = 0u; | 
					
						
							|  |  |  |     target_ulong ea = 0u; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     if (pmp_index >= 1u) { | 
					
						
							|  |  |  |         prev_addr = env->pmp_state.pmp[pmp_index - 1].addr_reg; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     switch (pmp_get_a_field(this_cfg)) { | 
					
						
							|  |  |  |     case PMP_AMATCH_OFF: | 
					
						
							|  |  |  |         sa = 0u; | 
					
						
							|  |  |  |         ea = -1; | 
					
						
							|  |  |  |         break; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     case PMP_AMATCH_TOR: | 
					
						
							|  |  |  |         sa = prev_addr << 2; /* shift up from [xx:0] to [xx+2:2] */ | 
					
						
							|  |  |  |         ea = (this_addr << 2) - 1u; | 
					
						
							| 
									
										
											  
											
												target/riscv/pmp: guard against PMP ranges with a negative size
For a TOR entry to match, the stard address must be lower than the end
address. Normally this is always the case, but correct code might still
run into the following scenario:
Initial state:
	pmpaddr3 = 0x2000	pmp3cfg = OFF
	pmpaddr4 = 0x3000	pmp4cfg = TOR
Execution:
	1. write 0x40ff to pmpaddr3
	2. write 0x32ff to pmpaddr4
	3. set pmp3cfg to NAPOT with a read-modify-write on pmpcfg0
	4. set pmp4cfg to NAPOT with a read-modify-write on pmpcfg1
When (2) is emulated, a call to pmp_update_rule() creates a negative
range for pmp4 as pmp4cfg is still set to TOR. And when (3) is emulated,
a call to tlb_flush() is performed, causing pmp_get_tlb_size() to return
a very creatively large TLB size for pmp4. This, in turn, may result in
accesses to non-existent/unitialized memory regions and a fault, so that
(4) ends up never being executed.
This is in m-mode with MPRV unset, meaning that unlocked PMP entries
should have no effect. Therefore such a behavior based on PMP content
is very unexpected.
Make sure no negative PMP range can be created, whether explicitly by
the emulated code or implicitly like the above.
Signed-off-by: Nicolas Pitre <nico@fluxnic.net>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <3oq0sqs1-67o0-145-5n1s-453o118804q@syhkavp.arg>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
											
										 
											2022-06-15 17:11:51 -04:00
										 |  |  |         if (sa > ea) { | 
					
						
							|  |  |  |             sa = ea = 0u; | 
					
						
							|  |  |  |         } | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  |         break; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     case PMP_AMATCH_NA4: | 
					
						
							|  |  |  |         sa = this_addr << 2; /* shift up from [xx:0] to [xx+2:2] */ | 
					
						
							| 
									
										
										
										
											2020-07-06 10:45:50 +02:00
										 |  |  |         ea = (sa + 4u) - 1u; | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  |         break; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     case PMP_AMATCH_NAPOT: | 
					
						
							|  |  |  |         pmp_decode_napot(this_addr, &sa, &ea); | 
					
						
							|  |  |  |         break; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     default: | 
					
						
							|  |  |  |         sa = 0u; | 
					
						
							|  |  |  |         ea = 0u; | 
					
						
							|  |  |  |         break; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     env->pmp_state.addr[pmp_index].sa = sa; | 
					
						
							|  |  |  |     env->pmp_state.addr[pmp_index].ea = ea; | 
					
						
							| 
									
										
										
										
											2020-10-26 19:55:27 +08:00
										 |  |  | } | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-10-26 19:55:27 +08:00
										 |  |  | void pmp_update_rule_nums(CPURISCVState *env) | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  |     int i; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     env->pmp_state.num_rules = 0; | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  |     for (i = 0; i < MAX_RISCV_PMPS; i++) { | 
					
						
							|  |  |  |         const uint8_t a_field = | 
					
						
							|  |  |  |             pmp_get_a_field(env->pmp_state.pmp[i].cfg_reg); | 
					
						
							|  |  |  |         if (PMP_AMATCH_OFF != a_field) { | 
					
						
							|  |  |  |             env->pmp_state.num_rules++; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-04-05 16:58:13 +08:00
										 |  |  | static int pmp_is_in_range(CPURISCVState *env, int pmp_index, | 
					
						
							|  |  |  |                            target_ulong addr) | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  | { | 
					
						
							|  |  |  |     int result = 0; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-04-05 16:58:11 +08:00
										 |  |  |     if ((addr >= env->pmp_state.addr[pmp_index].sa) && | 
					
						
							|  |  |  |         (addr <= env->pmp_state.addr[pmp_index].ea)) { | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  |         result = 1; | 
					
						
							|  |  |  |     } else { | 
					
						
							|  |  |  |         result = 0; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     return result; | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-02-21 22:01:20 +08:00
										 |  |  | /*
 | 
					
						
							|  |  |  |  * Check if the address has required RWX privs when no PMP entry is matched. | 
					
						
							|  |  |  |  */ | 
					
						
							| 
									
										
										
										
											2023-05-17 17:15:13 +08:00
										 |  |  | static bool pmp_hart_has_privs_default(CPURISCVState *env, pmp_priv_t privs, | 
					
						
							| 
									
										
										
										
											2023-04-05 16:58:11 +08:00
										 |  |  |                                        pmp_priv_t *allowed_privs, | 
					
						
							|  |  |  |                                        target_ulong mode) | 
					
						
							| 
									
										
										
										
											2021-02-21 22:01:20 +08:00
										 |  |  | { | 
					
						
							|  |  |  |     bool ret; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-05-17 17:15:12 +08:00
										 |  |  |     if (MSECCFG_MMWP_ISSET(env)) { | 
					
						
							|  |  |  |         /*
 | 
					
						
							|  |  |  |          * The Machine Mode Whitelist Policy (mseccfg.MMWP) is set | 
					
						
							|  |  |  |          * so we default to deny all, even for M-mode. | 
					
						
							|  |  |  |          */ | 
					
						
							|  |  |  |         *allowed_privs = 0; | 
					
						
							|  |  |  |         return false; | 
					
						
							|  |  |  |     } else if (MSECCFG_MML_ISSET(env)) { | 
					
						
							|  |  |  |         /*
 | 
					
						
							|  |  |  |          * The Machine Mode Lockdown (mseccfg.MML) bit is set | 
					
						
							|  |  |  |          * so we can only execute code in M-mode with an applicable | 
					
						
							|  |  |  |          * rule. Other modes are disabled. | 
					
						
							|  |  |  |          */ | 
					
						
							|  |  |  |         if (mode == PRV_M && !(privs & PMP_EXEC)) { | 
					
						
							|  |  |  |             ret = true; | 
					
						
							|  |  |  |             *allowed_privs = PMP_READ | PMP_WRITE; | 
					
						
							|  |  |  |         } else { | 
					
						
							|  |  |  |             ret = false; | 
					
						
							| 
									
										
										
										
											2021-04-19 16:17:11 +10:00
										 |  |  |             *allowed_privs = 0; | 
					
						
							|  |  |  |         } | 
					
						
							| 
									
										
										
										
											2023-05-17 17:15:12 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         return ret; | 
					
						
							| 
									
										
										
										
											2021-04-19 16:17:11 +10:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-02-22 15:52:02 -03:00
										 |  |  |     if (!riscv_cpu_cfg(env)->pmp || (mode == PRV_M)) { | 
					
						
							| 
									
										
										
										
											2021-02-21 22:01:20 +08:00
										 |  |  |         /*
 | 
					
						
							|  |  |  |          * Privileged spec v1.10 states if HW doesn't implement any PMP entry | 
					
						
							|  |  |  |          * or no PMP entry matches an M-Mode access, the access succeeds. | 
					
						
							|  |  |  |          */ | 
					
						
							|  |  |  |         ret = true; | 
					
						
							|  |  |  |         *allowed_privs = PMP_READ | PMP_WRITE | PMP_EXEC; | 
					
						
							|  |  |  |     } else { | 
					
						
							|  |  |  |         /*
 | 
					
						
							|  |  |  |          * Other modes are not allowed to succeed if they don't * match a rule, | 
					
						
							|  |  |  |          * but there are rules. We've checked for no rule earlier in this | 
					
						
							|  |  |  |          * function. | 
					
						
							|  |  |  |          */ | 
					
						
							|  |  |  |         ret = false; | 
					
						
							|  |  |  |         *allowed_privs = 0; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     return ret; | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  | 
 | 
					
						
							|  |  |  | /*
 | 
					
						
							|  |  |  |  * Public Interface | 
					
						
							|  |  |  |  */ | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /*
 | 
					
						
							|  |  |  |  * Check if the address has required RWX privs to complete desired operation | 
					
						
							| 
									
										
										
										
											2023-05-17 17:15:11 +08:00
										 |  |  |  * Return true if a pmp rule match or default match | 
					
						
							|  |  |  |  * Return false if no match | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  |  */ | 
					
						
							| 
									
										
										
										
											2023-05-17 17:15:11 +08:00
										 |  |  | bool pmp_hart_has_privs(CPURISCVState *env, target_ulong addr, | 
					
						
							|  |  |  |                         target_ulong size, pmp_priv_t privs, | 
					
						
							|  |  |  |                         pmp_priv_t *allowed_privs, target_ulong mode) | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  | { | 
					
						
							|  |  |  |     int i = 0; | 
					
						
							| 
									
										
										
										
											2019-10-22 21:21:29 +00:00
										 |  |  |     int pmp_size = 0; | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  |     target_ulong s = 0; | 
					
						
							|  |  |  |     target_ulong e = 0; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /* Short cut if no rules */ | 
					
						
							|  |  |  |     if (0 == pmp_get_num_rules(env)) { | 
					
						
							| 
									
										
										
										
											2023-05-17 17:15:13 +08:00
										 |  |  |         return pmp_hart_has_privs_default(env, privs, allowed_privs, mode); | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-10-22 21:21:29 +00:00
										 |  |  |     if (size == 0) { | 
					
						
							| 
									
										
										
										
											2023-02-22 15:52:04 -03:00
										 |  |  |         if (riscv_cpu_cfg(env)->mmu) { | 
					
						
							| 
									
										
										
										
											2020-04-23 18:47:38 -07:00
										 |  |  |             /*
 | 
					
						
							|  |  |  |              * If size is unknown (0), assume that all bytes | 
					
						
							|  |  |  |              * from addr to the end of the page will be accessed. | 
					
						
							|  |  |  |              */ | 
					
						
							|  |  |  |             pmp_size = -(addr | TARGET_PAGE_MASK); | 
					
						
							|  |  |  |         } else { | 
					
						
							|  |  |  |             pmp_size = sizeof(target_ulong); | 
					
						
							|  |  |  |         } | 
					
						
							| 
									
										
										
										
											2019-10-22 21:21:29 +00:00
										 |  |  |     } else { | 
					
						
							|  |  |  |         pmp_size = size; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-04-05 16:58:12 +08:00
										 |  |  |     /*
 | 
					
						
							|  |  |  |      * 1.10 draft priv spec states there is an implicit order | 
					
						
							|  |  |  |      * from low to high | 
					
						
							|  |  |  |      */ | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  |     for (i = 0; i < MAX_RISCV_PMPS; i++) { | 
					
						
							|  |  |  |         s = pmp_is_in_range(env, i, addr); | 
					
						
							| 
									
										
										
										
											2019-10-22 21:21:29 +00:00
										 |  |  |         e = pmp_is_in_range(env, i, addr + pmp_size - 1); | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  | 
 | 
					
						
							|  |  |  |         /* partially inside */ | 
					
						
							|  |  |  |         if ((s + e) == 1) { | 
					
						
							| 
									
										
										
										
											2019-03-16 01:20:02 +00:00
										 |  |  |             qemu_log_mask(LOG_GUEST_ERROR, | 
					
						
							|  |  |  |                           "pmp violation - access is partially inside\n"); | 
					
						
							| 
									
										
										
										
											2023-05-17 17:15:19 +08:00
										 |  |  |             *allowed_privs = 0; | 
					
						
							|  |  |  |             return false; | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         /* fully inside */ | 
					
						
							|  |  |  |         const uint8_t a_field = | 
					
						
							|  |  |  |             pmp_get_a_field(env->pmp_state.pmp[i].cfg_reg); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-05-30 14:51:34 +01:00
										 |  |  |         /*
 | 
					
						
							| 
									
										
										
										
											2021-04-19 16:17:11 +10:00
										 |  |  |          * Convert the PMP permissions to match the truth table in the | 
					
						
							|  |  |  |          * ePMP spec. | 
					
						
							| 
									
										
										
										
											2019-05-30 14:51:34 +01:00
										 |  |  |          */ | 
					
						
							| 
									
										
										
										
											2021-04-19 16:17:11 +10:00
										 |  |  |         const uint8_t epmp_operation = | 
					
						
							|  |  |  |             ((env->pmp_state.pmp[i].cfg_reg & PMP_LOCK) >> 4) | | 
					
						
							|  |  |  |             ((env->pmp_state.pmp[i].cfg_reg & PMP_READ) << 2) | | 
					
						
							|  |  |  |             (env->pmp_state.pmp[i].cfg_reg & PMP_WRITE) | | 
					
						
							|  |  |  |             ((env->pmp_state.pmp[i].cfg_reg & PMP_EXEC) >> 2); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-05-30 14:51:34 +01:00
										 |  |  |         if (((s + e) == 2) && (PMP_AMATCH_OFF != a_field)) { | 
					
						
							| 
									
										
										
										
											2021-04-19 16:17:11 +10:00
										 |  |  |             /*
 | 
					
						
							|  |  |  |              * If the PMP entry is not off and the address is in range, | 
					
						
							|  |  |  |              * do the priv check | 
					
						
							|  |  |  |              */ | 
					
						
							|  |  |  |             if (!MSECCFG_MML_ISSET(env)) { | 
					
						
							|  |  |  |                 /*
 | 
					
						
							|  |  |  |                  * If mseccfg.MML Bit is not set, do pmp priv check | 
					
						
							|  |  |  |                  * This will always apply to regular PMP. | 
					
						
							|  |  |  |                  */ | 
					
						
							|  |  |  |                 *allowed_privs = PMP_READ | PMP_WRITE | PMP_EXEC; | 
					
						
							|  |  |  |                 if ((mode != PRV_M) || pmp_is_locked(env, i)) { | 
					
						
							|  |  |  |                     *allowed_privs &= env->pmp_state.pmp[i].cfg_reg; | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |             } else { | 
					
						
							|  |  |  |                 /*
 | 
					
						
							|  |  |  |                  * If mseccfg.MML Bit set, do the enhanced pmp priv check | 
					
						
							|  |  |  |                  */ | 
					
						
							|  |  |  |                 if (mode == PRV_M) { | 
					
						
							|  |  |  |                     switch (epmp_operation) { | 
					
						
							|  |  |  |                     case 0: | 
					
						
							|  |  |  |                     case 1: | 
					
						
							|  |  |  |                     case 4: | 
					
						
							|  |  |  |                     case 5: | 
					
						
							|  |  |  |                     case 6: | 
					
						
							|  |  |  |                     case 7: | 
					
						
							|  |  |  |                     case 8: | 
					
						
							|  |  |  |                         *allowed_privs = 0; | 
					
						
							|  |  |  |                         break; | 
					
						
							|  |  |  |                     case 2: | 
					
						
							|  |  |  |                     case 3: | 
					
						
							|  |  |  |                     case 14: | 
					
						
							|  |  |  |                         *allowed_privs = PMP_READ | PMP_WRITE; | 
					
						
							|  |  |  |                         break; | 
					
						
							|  |  |  |                     case 9: | 
					
						
							|  |  |  |                     case 10: | 
					
						
							|  |  |  |                         *allowed_privs = PMP_EXEC; | 
					
						
							|  |  |  |                         break; | 
					
						
							|  |  |  |                     case 11: | 
					
						
							|  |  |  |                     case 13: | 
					
						
							|  |  |  |                         *allowed_privs = PMP_READ | PMP_EXEC; | 
					
						
							|  |  |  |                         break; | 
					
						
							|  |  |  |                     case 12: | 
					
						
							|  |  |  |                     case 15: | 
					
						
							|  |  |  |                         *allowed_privs = PMP_READ; | 
					
						
							|  |  |  |                         break; | 
					
						
							| 
									
										
										
										
											2021-05-21 06:55:53 +08:00
										 |  |  |                     default: | 
					
						
							|  |  |  |                         g_assert_not_reached(); | 
					
						
							| 
									
										
										
										
											2021-04-19 16:17:11 +10:00
										 |  |  |                     } | 
					
						
							|  |  |  |                 } else { | 
					
						
							|  |  |  |                     switch (epmp_operation) { | 
					
						
							|  |  |  |                     case 0: | 
					
						
							|  |  |  |                     case 8: | 
					
						
							|  |  |  |                     case 9: | 
					
						
							|  |  |  |                     case 12: | 
					
						
							|  |  |  |                     case 13: | 
					
						
							|  |  |  |                     case 14: | 
					
						
							|  |  |  |                         *allowed_privs = 0; | 
					
						
							|  |  |  |                         break; | 
					
						
							|  |  |  |                     case 1: | 
					
						
							|  |  |  |                     case 10: | 
					
						
							|  |  |  |                     case 11: | 
					
						
							|  |  |  |                         *allowed_privs = PMP_EXEC; | 
					
						
							|  |  |  |                         break; | 
					
						
							|  |  |  |                     case 2: | 
					
						
							|  |  |  |                     case 4: | 
					
						
							|  |  |  |                     case 15: | 
					
						
							|  |  |  |                         *allowed_privs = PMP_READ; | 
					
						
							|  |  |  |                         break; | 
					
						
							|  |  |  |                     case 3: | 
					
						
							|  |  |  |                     case 6: | 
					
						
							|  |  |  |                         *allowed_privs = PMP_READ | PMP_WRITE; | 
					
						
							|  |  |  |                         break; | 
					
						
							|  |  |  |                     case 5: | 
					
						
							|  |  |  |                         *allowed_privs = PMP_READ | PMP_EXEC; | 
					
						
							|  |  |  |                         break; | 
					
						
							|  |  |  |                     case 7: | 
					
						
							|  |  |  |                         *allowed_privs = PMP_READ | PMP_WRITE | PMP_EXEC; | 
					
						
							|  |  |  |                         break; | 
					
						
							| 
									
										
										
										
											2021-05-21 06:55:53 +08:00
										 |  |  |                     default: | 
					
						
							|  |  |  |                         g_assert_not_reached(); | 
					
						
							| 
									
										
										
										
											2021-04-19 16:17:11 +10:00
										 |  |  |                     } | 
					
						
							|  |  |  |                 } | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  |             } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-02-09 11:22:06 +05:30
										 |  |  |             /*
 | 
					
						
							|  |  |  |              * If matching address range was found, the protection bits | 
					
						
							|  |  |  |              * defined with PMP must be used. We shouldn't fallback on | 
					
						
							|  |  |  |              * finding default privileges. | 
					
						
							|  |  |  |              */ | 
					
						
							| 
									
										
										
										
											2023-06-05 22:15:48 +05:30
										 |  |  |             return (privs & *allowed_privs) == privs; | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  |         } | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /* No rule matched */ | 
					
						
							| 
									
										
										
										
											2023-06-05 22:15:48 +05:30
										 |  |  |     return pmp_hart_has_privs_default(env, privs, allowed_privs, mode); | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /*
 | 
					
						
							| 
									
										
										
										
											2021-06-27 19:57:16 +08:00
										 |  |  |  * Handle a write to a pmpcfg CSR | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  |  */ | 
					
						
							|  |  |  | void pmpcfg_csr_write(CPURISCVState *env, uint32_t reg_index, | 
					
						
							| 
									
										
										
										
											2023-04-05 16:58:11 +08:00
										 |  |  |                       target_ulong val) | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  | { | 
					
						
							|  |  |  |     int i; | 
					
						
							|  |  |  |     uint8_t cfg_val; | 
					
						
							| 
									
										
										
										
											2022-01-20 20:20:28 +08:00
										 |  |  |     int pmpcfg_nums = 2 << riscv_cpu_mxl(env); | 
					
						
							| 
									
										
										
										
											2023-05-17 17:15:17 +08:00
										 |  |  |     bool modified = false; | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-07-23 14:08:16 +02:00
										 |  |  |     trace_pmpcfg_csr_write(env->mhartid, reg_index, val); | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-01-20 20:20:28 +08:00
										 |  |  |     for (i = 0; i < pmpcfg_nums; i++) { | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  |         cfg_val = (val >> 8 * i)  & 0xff; | 
					
						
							| 
									
										
										
										
											2023-05-17 17:15:17 +08:00
										 |  |  |         modified |= pmp_write_cfg(env, (reg_index * 4) + i, cfg_val); | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  |     } | 
					
						
							| 
									
										
										
										
											2021-02-21 22:01:22 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |     /* If PMP permission of any addr has been changed, flush TLB pages. */ | 
					
						
							| 
									
										
										
										
											2023-05-17 17:15:17 +08:00
										 |  |  |     if (modified) { | 
					
						
							| 
									
										
										
										
											2023-05-17 17:15:18 +08:00
										 |  |  |         pmp_update_rule_nums(env); | 
					
						
							| 
									
										
										
										
											2023-05-17 17:15:17 +08:00
										 |  |  |         tlb_flush(env_cpu(env)); | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /*
 | 
					
						
							| 
									
										
										
										
											2021-06-27 19:57:16 +08:00
										 |  |  |  * Handle a read from a pmpcfg CSR | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  |  */ | 
					
						
							|  |  |  | target_ulong pmpcfg_csr_read(CPURISCVState *env, uint32_t reg_index) | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  |     int i; | 
					
						
							|  |  |  |     target_ulong cfg_val = 0; | 
					
						
							| 
									
										
										
										
											2018-10-26 18:04:27 +00:00
										 |  |  |     target_ulong val = 0; | 
					
						
							| 
									
										
										
										
											2022-01-20 20:20:28 +08:00
										 |  |  |     int pmpcfg_nums = 2 << riscv_cpu_mxl(env); | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-01-20 20:20:28 +08:00
										 |  |  |     for (i = 0; i < pmpcfg_nums; i++) { | 
					
						
							| 
									
										
											  
											
												riscv: Fix bug in setting pmpcfg CSR for RISCV64
First, sizeof(target_ulong) equals to 4 on riscv32, so this change
does not change the function on riscv32. Second, sizeof(target_ulong)
equals to 8 on riscv64, and 'reg_index * 8 + i' is not a legal
pmp_index (we will explain later), which should be 'reg_index * 4 + i'.
If the parameter reg_index equals to 2 (means that we will change the
value of pmpcfg2, or the second pmpcfg on riscv64), then
pmpcfg_csr_write(env, 2, val) will map write tasks to
pmp_write_cfg(env, 2 * 8 + [0...7], val). However, no cfg csr is indexed
by value 16 or 23 on riscv64, so we consider it as a bug.
We are looking for constant (e.g., define a new constant named
RISCV_WORD_SIZE) in QEMU to help others understand code better,
but none was found. A possible good explanation of this literal is it is
the minimum word length on riscv is 4 bytes (32 bit).
Signed-off-by: Hongzheng-Li <Ethan.Lee.QNL@gmail.com>
Signed-off-by: Hou Weiying <weiying_hou@outlook.com>
Signed-off-by: Myriad-Dreamin <camiyoru@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <SG2PR02MB263420036254AC8841F66CE393460@SG2PR02MB2634.apcprd02.prod.outlook.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
											
										 
											2020-08-08 16:56:40 +08:00
										 |  |  |         val = pmp_read_cfg(env, (reg_index * 4) + i); | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  |         cfg_val |= (val << (i * 8)); | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2019-07-23 14:08:16 +02:00
										 |  |  |     trace_pmpcfg_csr_read(env->mhartid, reg_index, cfg_val); | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  | 
 | 
					
						
							|  |  |  |     return cfg_val; | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /*
 | 
					
						
							| 
									
										
										
										
											2021-06-27 19:57:16 +08:00
										 |  |  |  * Handle a write to a pmpaddr CSR | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  |  */ | 
					
						
							|  |  |  | void pmpaddr_csr_write(CPURISCVState *env, uint32_t addr_index, | 
					
						
							| 
									
										
										
										
											2023-04-05 16:58:11 +08:00
										 |  |  |                        target_ulong val) | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  | { | 
					
						
							| 
									
										
										
										
											2019-07-23 14:08:16 +02:00
										 |  |  |     trace_pmpaddr_csr_write(env->mhartid, addr_index, val); | 
					
						
							| 
									
										
										
										
											2023-05-17 17:15:15 +08:00
										 |  |  |     bool is_next_cfg_tor = false; | 
					
						
							| 
									
										
										
										
											2021-04-19 16:16:25 +10:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  |     if (addr_index < MAX_RISCV_PMPS) { | 
					
						
							| 
									
										
										
										
											2021-04-19 16:16:25 +10:00
										 |  |  |         /*
 | 
					
						
							|  |  |  |          * In TOR mode, need to check the lock bit of the next pmp | 
					
						
							|  |  |  |          * (if there is a next). | 
					
						
							|  |  |  |          */ | 
					
						
							|  |  |  |         if (addr_index + 1 < MAX_RISCV_PMPS) { | 
					
						
							|  |  |  |             uint8_t pmp_cfg = env->pmp_state.pmp[addr_index + 1].cfg_reg; | 
					
						
							| 
									
										
										
										
											2023-05-17 17:15:15 +08:00
										 |  |  |             is_next_cfg_tor = PMP_AMATCH_TOR == pmp_get_a_field(pmp_cfg); | 
					
						
							| 
									
										
										
										
											2021-04-19 16:16:25 +10:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-05-17 17:15:15 +08:00
										 |  |  |             if (pmp_cfg & PMP_LOCK && is_next_cfg_tor) { | 
					
						
							| 
									
										
										
										
											2021-04-19 16:16:25 +10:00
										 |  |  |                 qemu_log_mask(LOG_GUEST_ERROR, | 
					
						
							|  |  |  |                               "ignoring pmpaddr write - pmpcfg + 1 locked\n"); | 
					
						
							|  |  |  |                 return; | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  |         if (!pmp_is_locked(env, addr_index)) { | 
					
						
							| 
									
										
										
										
											2023-05-17 17:15:17 +08:00
										 |  |  |             if (env->pmp_state.pmp[addr_index].addr_reg != val) { | 
					
						
							|  |  |  |                 env->pmp_state.pmp[addr_index].addr_reg = val; | 
					
						
							|  |  |  |                 pmp_update_rule_addr(env, addr_index); | 
					
						
							|  |  |  |                 if (is_next_cfg_tor) { | 
					
						
							|  |  |  |                     pmp_update_rule_addr(env, addr_index + 1); | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |                 tlb_flush(env_cpu(env)); | 
					
						
							| 
									
										
										
										
											2023-05-17 17:15:15 +08:00
										 |  |  |             } | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  |         } else { | 
					
						
							| 
									
										
										
										
											2019-03-16 01:20:02 +00:00
										 |  |  |             qemu_log_mask(LOG_GUEST_ERROR, | 
					
						
							|  |  |  |                           "ignoring pmpaddr write - locked\n"); | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  |         } | 
					
						
							|  |  |  |     } else { | 
					
						
							| 
									
										
										
										
											2019-03-16 01:20:02 +00:00
										 |  |  |         qemu_log_mask(LOG_GUEST_ERROR, | 
					
						
							|  |  |  |                       "ignoring pmpaddr write - out of bounds\n"); | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  |     } | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /*
 | 
					
						
							| 
									
										
										
										
											2021-06-27 19:57:16 +08:00
										 |  |  |  * Handle a read from a pmpaddr CSR | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  |  */ | 
					
						
							|  |  |  | target_ulong pmpaddr_csr_read(CPURISCVState *env, uint32_t addr_index) | 
					
						
							|  |  |  | { | 
					
						
							| 
									
										
										
										
											2019-07-23 14:08:16 +02:00
										 |  |  |     target_ulong val = 0; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  |     if (addr_index < MAX_RISCV_PMPS) { | 
					
						
							| 
									
										
										
										
											2019-07-23 14:08:16 +02:00
										 |  |  |         val = env->pmp_state.pmp[addr_index].addr_reg; | 
					
						
							|  |  |  |         trace_pmpaddr_csr_read(env->mhartid, addr_index, val); | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  |     } else { | 
					
						
							| 
									
										
										
										
											2019-03-16 01:20:02 +00:00
										 |  |  |         qemu_log_mask(LOG_GUEST_ERROR, | 
					
						
							|  |  |  |                       "ignoring pmpaddr read - out of bounds\n"); | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  |     } | 
					
						
							| 
									
										
										
										
											2019-07-23 14:08:16 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |     return val; | 
					
						
							| 
									
										
										
										
											2018-03-03 01:31:11 +13:00
										 |  |  | } | 
					
						
							| 
									
										
										
										
											2020-07-28 16:26:17 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-04-19 16:16:53 +10:00
										 |  |  | /*
 | 
					
						
							|  |  |  |  * Handle a write to a mseccfg CSR | 
					
						
							|  |  |  |  */ | 
					
						
							|  |  |  | void mseccfg_csr_write(CPURISCVState *env, target_ulong val) | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  |     int i; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     trace_mseccfg_csr_write(env->mhartid, val); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /* RLB cannot be enabled if it's already 0 and if any regions are locked */ | 
					
						
							|  |  |  |     if (!MSECCFG_RLB_ISSET(env)) { | 
					
						
							|  |  |  |         for (i = 0; i < MAX_RISCV_PMPS; i++) { | 
					
						
							|  |  |  |             if (pmp_is_locked(env, i)) { | 
					
						
							|  |  |  |                 val &= ~MSECCFG_RLB; | 
					
						
							|  |  |  |                 break; | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-05-17 17:15:12 +08:00
										 |  |  |     if (riscv_cpu_cfg(env)->epmp) { | 
					
						
							|  |  |  |         /* Sticky bits */ | 
					
						
							|  |  |  |         val |= (env->mseccfg & (MSECCFG_MMWP | MSECCFG_MML)); | 
					
						
							| 
									
										
										
										
											2023-05-17 17:15:14 +08:00
										 |  |  |         if ((val ^ env->mseccfg) & (MSECCFG_MMWP | MSECCFG_MML)) { | 
					
						
							|  |  |  |             tlb_flush(env_cpu(env)); | 
					
						
							|  |  |  |         } | 
					
						
							| 
									
										
										
										
											2023-05-17 17:15:12 +08:00
										 |  |  |     } else { | 
					
						
							|  |  |  |         val &= ~(MSECCFG_MMWP | MSECCFG_MML | MSECCFG_RLB); | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2021-04-19 16:16:53 +10:00
										 |  |  | 
 | 
					
						
							|  |  |  |     env->mseccfg = val; | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /*
 | 
					
						
							|  |  |  |  * Handle a read from a mseccfg CSR | 
					
						
							|  |  |  |  */ | 
					
						
							|  |  |  | target_ulong mseccfg_csr_read(CPURISCVState *env) | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  |     trace_mseccfg_csr_read(env->mhartid, env->mseccfg); | 
					
						
							|  |  |  |     return env->mseccfg; | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-07-28 16:26:17 +08:00
										 |  |  | /*
 | 
					
						
							| 
									
										
										
										
											2023-05-17 17:15:08 +08:00
										 |  |  |  * Calculate the TLB size. | 
					
						
							|  |  |  |  * It's possible that PMP regions only cover partial of the TLB page, and | 
					
						
							|  |  |  |  * this may split the page into regions with different permissions. | 
					
						
							|  |  |  |  * For example if PMP0 is (0x80000008~0x8000000F, R) and PMP1 is (0x80000000 | 
					
						
							|  |  |  |  * ~0x80000FFF, RWX), then region 0x80000008~0x8000000F has R permission, and | 
					
						
							|  |  |  |  * the other regions in this page have RWX permissions. | 
					
						
							|  |  |  |  * A write access to 0x80000000 will match PMP1. However we cannot cache the | 
					
						
							|  |  |  |  * translation result in the TLB since this will make the write access to | 
					
						
							|  |  |  |  * 0x80000008 bypass the check of PMP0. | 
					
						
							|  |  |  |  * To avoid this we return a size of 1 (which means no caching) if the PMP | 
					
						
							|  |  |  |  * region only covers partial of the TLB page. | 
					
						
							| 
									
										
										
										
											2020-07-28 16:26:17 +08:00
										 |  |  |  */ | 
					
						
							| 
									
										
										
										
											2023-05-17 17:15:08 +08:00
										 |  |  | target_ulong pmp_get_tlb_size(CPURISCVState *env, target_ulong addr) | 
					
						
							| 
									
										
										
										
											2020-07-28 16:26:17 +08:00
										 |  |  | { | 
					
						
							| 
									
										
										
										
											2023-05-17 17:15:08 +08:00
										 |  |  |     target_ulong pmp_sa; | 
					
						
							|  |  |  |     target_ulong pmp_ea; | 
					
						
							|  |  |  |     target_ulong tlb_sa = addr & ~(TARGET_PAGE_SIZE - 1); | 
					
						
							|  |  |  |     target_ulong tlb_ea = tlb_sa + TARGET_PAGE_SIZE - 1; | 
					
						
							|  |  |  |     int i; | 
					
						
							| 
									
										
										
										
											2020-07-28 16:26:17 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-05-17 17:15:08 +08:00
										 |  |  |     /*
 | 
					
						
							|  |  |  |      * If PMP is not supported or there are no PMP rules, the TLB page will not | 
					
						
							|  |  |  |      * be split into regions with different permissions by PMP so we set the | 
					
						
							|  |  |  |      * size to TARGET_PAGE_SIZE. | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     if (!riscv_cpu_cfg(env)->pmp || !pmp_get_num_rules(env)) { | 
					
						
							| 
									
										
											  
											
												target/riscv: Fix PMP propagation for tlb
Only the pmp index that be checked by pmp_hart_has_privs can be used
by pmp_get_tlb_size to avoid an error pmp index.
Before modification, we may use an error pmp index. For example,
we check address 0x4fc, and the size 0x4 in pmp_hart_has_privs. If there
is an pmp rule, valid range is [0x4fc, 0x500), then pmp_hart_has_privs
will return true;
However, this checked pmp index is discarded as pmp_hart_has_privs
return bool value. In pmp_is_range_in_tlb, it will traverse all pmp
rules. The tlb_sa will be 0x0, and tlb_ea will be 0xfff. If there is
a pmp rule [0x10, 0x14), it will be misused as it is legal in
pmp_get_tlb_size.
As we have already known the correct pmp index, just remove the
remove the pmp_is_range_in_tlb and get tlb size directly from
pmp_get_tlb_size.
Signed-off-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20221012060016.30856-1-zhiwei_liu@linux.alibaba.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
											
										 
											2022-10-12 14:00:16 +08:00
										 |  |  |         return TARGET_PAGE_SIZE; | 
					
						
							| 
									
										
										
										
											2023-05-17 17:15:08 +08:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     for (i = 0; i < MAX_RISCV_PMPS; i++) { | 
					
						
							|  |  |  |         if (pmp_get_a_field(env->pmp_state.pmp[i].cfg_reg) == PMP_AMATCH_OFF) { | 
					
						
							|  |  |  |             continue; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         pmp_sa = env->pmp_state.addr[i].sa; | 
					
						
							|  |  |  |         pmp_ea = env->pmp_state.addr[i].ea; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-10-12 11:14:49 +10:00
										 |  |  |         /*
 | 
					
						
							| 
									
										
										
										
											2023-05-17 17:15:08 +08:00
										 |  |  |          * Only the first PMP entry that covers (whole or partial of) the TLB | 
					
						
							|  |  |  |          * page really matters: | 
					
						
							|  |  |  |          * If it covers the whole TLB page, set the size to TARGET_PAGE_SIZE, | 
					
						
							|  |  |  |          * since the following PMP entries have lower priority and will not | 
					
						
							|  |  |  |          * affect the permissions of the page. | 
					
						
							|  |  |  |          * If it only covers partial of the TLB page, set the size to 1 since | 
					
						
							|  |  |  |          * the allowed permissions of the region may be different from other | 
					
						
							|  |  |  |          * region of the page. | 
					
						
							| 
									
										
										
										
											2023-04-05 16:58:12 +08:00
										 |  |  |          */ | 
					
						
							| 
									
										
										
										
											2023-05-17 17:15:08 +08:00
										 |  |  |         if (pmp_sa <= tlb_sa && pmp_ea >= tlb_ea) { | 
					
						
							|  |  |  |             return TARGET_PAGE_SIZE; | 
					
						
							|  |  |  |         } else if ((pmp_sa >= tlb_sa && pmp_sa <= tlb_ea) || | 
					
						
							|  |  |  |                    (pmp_ea >= tlb_sa && pmp_ea <= tlb_ea)) { | 
					
						
							|  |  |  |             return 1; | 
					
						
							|  |  |  |         } | 
					
						
							| 
									
										
										
										
											2020-07-28 16:26:17 +08:00
										 |  |  |     } | 
					
						
							| 
									
										
										
										
											2023-05-17 17:15:08 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |     /*
 | 
					
						
							|  |  |  |      * If no PMP entry matches the TLB page, the TLB page will also not be | 
					
						
							|  |  |  |      * split into regions with different permissions by PMP so we set the size | 
					
						
							|  |  |  |      * to TARGET_PAGE_SIZE. | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     return TARGET_PAGE_SIZE; | 
					
						
							| 
									
										
										
										
											2020-07-28 16:26:17 +08:00
										 |  |  | } | 
					
						
							| 
									
										
										
										
											2021-02-21 22:01:20 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  | /*
 | 
					
						
							|  |  |  |  * Convert PMP privilege to TLB page privilege. | 
					
						
							|  |  |  |  */ | 
					
						
							|  |  |  | int pmp_priv_to_page_prot(pmp_priv_t pmp_priv) | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  |     int prot = 0; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     if (pmp_priv & PMP_READ) { | 
					
						
							|  |  |  |         prot |= PAGE_READ; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |     if (pmp_priv & PMP_WRITE) { | 
					
						
							|  |  |  |         prot |= PAGE_WRITE; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |     if (pmp_priv & PMP_EXEC) { | 
					
						
							|  |  |  |         prot |= PAGE_EXEC; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     return prot; | 
					
						
							|  |  |  | } |