From patchwork Wed Jan 3 00:44:13 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Clark X-Patchwork-Id: 10141535 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 1C5336035E for ; Wed, 3 Jan 2018 00:57:15 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0E00928ED3 for ; Wed, 3 Jan 2018 00:57:15 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 02CF228ED5; Wed, 3 Jan 2018 00:57:15 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 06A8D28ED3 for ; Wed, 3 Jan 2018 00:57:14 +0000 (UTC) Received: from localhost ([::1]:33131 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eWXMn-0006d9-4j for patchwork-qemu-devel@patchwork.kernel.org; Tue, 02 Jan 2018 19:57:13 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58784) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eWXCk-0005ju-5r for qemu-devel@nongnu.org; Tue, 02 Jan 2018 19:46:53 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eWXCh-00085O-V9 for qemu-devel@nongnu.org; Tue, 02 Jan 2018 19:46:50 -0500 Received: from mail-pl0-x22f.google.com ([2607:f8b0:400e:c01::22f]:46847) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1eWXCh-00085C-M7 for qemu-devel@nongnu.org; Tue, 02 Jan 2018 19:46:47 -0500 Received: by mail-pl0-x22f.google.com with SMTP id i6so128887plt.13 for ; Tue, 02 Jan 2018 16:46:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=t86ARggGHp1sdHpQWaWqYEuiNoqaURmUVFPC7LHcPeI=; b=QIAtHdfZBxJyrCiEhZNTFJDWpnhvGPGyLcBB83AYP8iYN3VxqGO6vAHRSIPqLCXUcd VN7SRfvh1333KRCbSrbK21SeNDragtsL6kfbcrXwpdnqJmWOJl6+4qv4831MTad8KHjz R8CoA1qwwd5BitoCq83GpHXa7yGoloP0ha8oEFYk4MWiRLqK3F6N/5Euy+JawYTFio/e fU/T6uWijRymkOvHQz3E3aRZG9xFRnR1VV/3a6p8B7yKtKhB9dAIojusV98Yv7NvepX/ ANHfsUtgpBOBbl9gtp+T/Incnvkxjzrs8dshXpYpmtFW4oUeAZj7MROThdSpdpdUFQXK Ur5w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=t86ARggGHp1sdHpQWaWqYEuiNoqaURmUVFPC7LHcPeI=; b=IUahqi7fnlRypHeyKEQaYJcR9JczL2ZY4GKDZ/+bfR5oGvIOakhzxIBpvZrZuJW0c9 jL7BmKsI28TBnuHKSSo/R38RFzR9Bs8SYBmyyig4niewao0aJc6xYQIcOJAZKVEXJcjO BVsfgRUDDwBWxMYQwo/aKLtHsApjTv9sxrHcUt0ygy2YABMagUyvmvIg1Msw+Z3v1W80 U5NQFqRImkshm5VK90arhi6cyKUuDZgh8BHHE8VbA1xlENIF+g0v/6/klmGNW653u6ld CokTSwGODgFSkAtBWaw0IfhjI2WhY6Bryl9f6k9dRFI80pbUjiJ3bN+hB/+wKZt47kQM PLAg== X-Gm-Message-State: AKGB3mIUMvkBLvxE4lHDZqqr3/eHgELwP+1oUBo+okfcDM57W+WEBjZi f7jRUDVl7P2SGofRAbwcUjICm2oGZwI= X-Google-Smtp-Source: ACJfBos9Djal1/bOvLaS0KSU3puYT7ohY71X75ktMq2ug1gQ5K03bSG5H2IVhfPmiPHZGaxPJucXEw== X-Received: by 10.84.173.1 with SMTP id o1mr139478plb.135.1514940406407; Tue, 02 Jan 2018 16:46:46 -0800 (PST) Received: from localhost.localdomain (125-237-39-90.jetstream.xtra.co.nz. [125.237.39.90]) by smtp.gmail.com with ESMTPSA id 75sm97691351pfo.103.2018.01.02.16.46.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 02 Jan 2018 16:46:45 -0800 (PST) From: Michael Clark To: qemu-devel@nongnu.org Date: Wed, 3 Jan 2018 13:44:13 +1300 Message-Id: <1514940265-18093-10-git-send-email-mjc@sifive.com> X-Mailer: git-send-email 2.7.0 In-Reply-To: <1514940265-18093-1-git-send-email-mjc@sifive.com> References: <1514940265-18093-1-git-send-email-mjc@sifive.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:400e:c01::22f Subject: [Qemu-devel] [PATCH v1 09/21] RISC-V Physical Memory Protection X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Bastian Koppelmann , Michael Clark , Sagar Karandikar Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Implements the physical memory protection extension as specified in Privileged ISA Version 1.10. Signed-off-by: Michael Clark --- target/riscv/pmp.c | 381 +++++++++++++++++++++++++++++++++++++++++++++++++++++ target/riscv/pmp.h | 70 ++++++++++ 2 files changed, 451 insertions(+) create mode 100644 target/riscv/pmp.c create mode 100644 target/riscv/pmp.h diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c new file mode 100644 index 0000000..04f1df7 --- /dev/null +++ b/target/riscv/pmp.c @@ -0,0 +1,381 @@ +/* + * QEMU RISC-V PMP (Physical Memory Protection) + * + * Author: Daire McNamara, daire.mcnamara@emdalo.com + * Ivan Griffin, ivan.griffin@emdalo.com + * + * This provides a RISC-V Physical Memory Protection implementation + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "qemu/osdep.h" +#include "qapi/error.h" +#include "cpu.h" +#include "qemu-common.h" + +/* #define DEBUG_PMP 1 */ + +#ifndef CONFIG_USER_ONLY + +#ifdef DEBUG_PMP +#define PMP_PRINTF(fmt, ...) \ +do { fprintf(stderr, "pmp: " fmt, ## __VA_ARGS__); } while (0) +#else +#define PMP_PRINTF(fmt, ...) \ +do {} while (0) +#endif + +static void pmp_write_cfg(CPURISCVState *env, uint32_t addr_index, + uint8_t val); +static uint8_t pmp_read_cfg(CPURISCVState *env, uint32_t addr_index); +static void pmp_update_rule(CPURISCVState *env, uint32_t pmp_index); + +/* + * Accessor method to extract address matching type 'a field' from cfg reg + */ +static inline uint8_t pmp_get_a_field(uint8_t cfg) +{ + uint8_t a = cfg >> 3; + return a & 0x3; +} + +/* + * Check whether a PMP is locked or not. + */ +static inline int pmp_is_locked(CPURISCVState *env, uint32_t pmp_index) +{ + + if (env->pmp_state.pmp[pmp_index].cfg_reg & PMP_LOCK) { + return 1; + } + + /* Top PMP has no 'next' to check */ + if ((pmp_index + 1u) >= MAX_RISCV_PMPS) { + return 0; + } + + /* In TOR mode, need to check the lock bit of the next pmp + * (if there is a next) + */ + const uint8_t a_field = + pmp_get_a_field(env->pmp_state.pmp[pmp_index + 1].cfg_reg); + if ((env->pmp_state.pmp[pmp_index + 1u].cfg_reg & PMP_LOCK) && + (PMP_AMATCH_TOR == a_field)) { + return 1; + } + + return 0; +} + +/* + * Count the number of active rules. + */ +static inline uint32_t pmp_get_num_rules(CPURISCVState *env) +{ + return env->pmp_state.num_rules; +} + +/* + * Accessor to get the cfg reg for a specific PMP/HART + */ +static inline uint8_t pmp_read_cfg(CPURISCVState *env, uint32_t pmp_index) +{ + if (pmp_index < MAX_RISCV_PMPS) { + return env->pmp_state.pmp[pmp_index].cfg_reg; + } + + return 0; +} + + +/* + * Accessor to set the cfg reg for a specific PMP/HART + * Bounds checks and relevant lock bit. + */ +static void pmp_write_cfg(CPURISCVState *env, uint32_t pmp_index, uint8_t val) +{ + if (pmp_index < MAX_RISCV_PMPS) { + if (!pmp_is_locked(env, pmp_index)) { + env->pmp_state.pmp[pmp_index].cfg_reg = val; + pmp_update_rule(env, pmp_index); + } else { + PMP_PRINTF("Ignoring pmpcfg write - locked\n"); + } + } else { + PMP_PRINTF("Ignoring pmpcfg write - out of bounds\n"); + } +} + +static target_ulong pmp_get_napot_base_and_range(target_ulong reg, + target_ulong *range) +{ + /* construct a mask of all bits bar the top bit */ + target_ulong mask = 0u; + target_ulong base = reg; + target_ulong numbits = (sizeof(target_ulong) * 8u) + 2u; + mask = (mask - 1u) >> 1; + + while (mask) { + if ((reg & mask) == mask) { + /* this is the mask to use */ + base = reg & ~mask; + break; + } + mask >>= 1; + numbits--; + } + + *range = (1lu << numbits) - 1u; + return base; +} + + +/* Convert cfg/addr reg values here into simple 'sa' --> start address and 'ea' + * end address values. + * This function is called relatively infrequently whereas the check that + * an address is within a pmp rule is called often, so optimise that one + */ +static void pmp_update_rule(CPURISCVState *env, uint32_t pmp_index) +{ + int i; + + env->pmp_state.num_rules = 0; + + uint8_t this_cfg = env->pmp_state.pmp[pmp_index].cfg_reg; + target_ulong this_addr = env->pmp_state.pmp[pmp_index].addr_reg; + target_ulong prev_addr = 0u; + target_ulong sa = 0u; + target_ulong ea = 0u; + + if (pmp_index >= 1u) { + prev_addr = env->pmp_state.pmp[pmp_index].addr_reg; + } + + switch (pmp_get_a_field(this_cfg)) { + case PMP_AMATCH_OFF: + sa = 0u; + ea = -1; + break; + + case PMP_AMATCH_TOR: + sa = prev_addr << 2; /* shift up from [xx:0] to [xx+2:2] */ + ea = (this_addr << 2) - 1u; + break; + + case PMP_AMATCH_NA4: + sa = this_addr << 2; /* shift up from [xx:0] to [xx+2:2] */ + ea = (this_addr + 4u) - 1u; + break; + + case PMP_AMATCH_NAPOT: + sa = pmp_get_napot_base_and_range(this_addr, &ea); + sa = this_addr << 2; /* shift up from [xx:0] to [xx+2:2] */ + ea += sa; + break; + + default: + sa = 0u; + ea = 0u; + break; + } + + env->pmp_state.addr[pmp_index].sa = sa; + env->pmp_state.addr[pmp_index].ea = ea; + + for (i = 0; i < MAX_RISCV_PMPS; i++) { + const uint8_t a_field = + pmp_get_a_field(env->pmp_state.pmp[i].cfg_reg); + if (PMP_AMATCH_OFF != a_field) { + env->pmp_state.num_rules++; + } + } +} + +static int pmp_is_in_range(CPURISCVState *env, int pmp_index, target_ulong addr) +{ + int result = 0; + + if ((addr >= env->pmp_state.addr[pmp_index].sa) + && (addr < env->pmp_state.addr[pmp_index].ea)) { + result = 1; + } else { + result = 0; + } + + return result; +} + + +/* + * Public Interface + */ + +/* + * Check if the address has required RWX privs to complete desired operation + */ +bool pmp_hart_has_privs(CPURISCVState *env, target_ulong addr, + target_ulong size, pmp_priv_t privs) +{ + int i = 0; + int ret = -1; + target_ulong s = 0; + target_ulong e = 0; + pmp_priv_t allowed_privs = 0; + + /* Short cut if no rules */ + if (0 == pmp_get_num_rules(env)) { + return true; + } + + /* 1.10 draft priv spec states there is an implicit order + from low to high */ + for (i = 0; i < MAX_RISCV_PMPS; i++) { + s = pmp_is_in_range(env, i, addr); + e = pmp_is_in_range(env, i, addr + size); + + /* partially inside */ + if ((s + e) == 1) { + PMP_PRINTF("pmp violation - access is partially in /" + " partially out\n"); + ret = 0; + break; + } + + /* fully inside */ + const uint8_t a_field = + pmp_get_a_field(env->pmp_state.pmp[i].cfg_reg); + if ((s + e) == 2) { + if (PMP_AMATCH_OFF == a_field) { + return 1; + } + + allowed_privs = PMP_READ | PMP_WRITE | PMP_EXEC; + if ((env->priv != PRV_M) || pmp_is_locked(env, i)) { + allowed_privs &= env->pmp_state.pmp[i].cfg_reg; + } + + if ((privs & allowed_privs) == privs) { + ret = 1; + break; + } else { + ret = 0; + break; + } + } + } + + /* No rule matched */ + if (ret == -1) { + if (env->priv == PRV_M) { + ret = 1; /* Privileged spec v1.10 states if no PMP entry matches an + * M-Mode access, the access succeeds */ + } else { + ret = 0; /* Other modes are not allowed to succeed if they don't + * match a rule, but there are rules. We've checked for + * no rule earlier in this function. */ + } + } + + return ret == 1 ? true : false; +} + + +/* + * Handle a write to a pmpcfg CSP + */ +void pmpcfg_csr_write(CPURISCVState *env, uint32_t reg_index, + target_ulong val) +{ + int i; + uint8_t cfg_val; + + PMP_PRINTF("hart%d pmpcfg_reg%d val: 0x" TARGET_FMT_lx "\n", + env->mhartid, reg_index, val); + + if ((reg_index & 1) && (sizeof(target_ulong) == 8)) { + PMP_PRINTF("Ignoring pmpcfg write - incorrect address\n"); + return; + } + + for (i = 0; i < sizeof(target_ulong); i++) { + cfg_val = (val >> 8 * i) & 0xff; + pmp_write_cfg(env, (reg_index * sizeof(target_ulong)) + i, + cfg_val); + } +} + + +/* + * Handle a read from a pmpcfg CSP + */ +target_ulong pmpcfg_csr_read(CPURISCVState *env, uint32_t reg_index) +{ + int i; + target_ulong cfg_val = 0; + uint8_t val = 0; + + for (i = 0; i < sizeof(target_ulong); i++) { + val = pmp_read_cfg(env, (reg_index * sizeof(target_ulong)) + i); + cfg_val |= (val << (i * 8)); + } + + PMP_PRINTF("hart%d pmpcfg_reg%d, (rval: 0x" TARGET_FMT_lx ")\n", + env->mhartid, reg_index, cfg_val); + + return cfg_val; +} + + +/* + * Handle a write to a pmpaddr CSP + */ +void pmpaddr_csr_write(CPURISCVState *env, uint32_t addr_index, + target_ulong val) +{ + PMP_PRINTF("hart%d addr%d val: 0x" TARGET_FMT_lx "\n", + env->mhartid, addr_index, val); + + /* val &= 0x3ffffffffffffful; */ + + if (addr_index < MAX_RISCV_PMPS) { + if (!pmp_is_locked(env, addr_index)) { + env->pmp_state.pmp[addr_index].addr_reg = val; + pmp_update_rule(env, addr_index); + } else { + PMP_PRINTF("Ignoring pmpaddr write - locked\n"); + } + } else { + PMP_PRINTF("Ignoring pmpaddr write - out of bounds\n"); + } +} + + +/* + * Handle a read from a pmpaddr CSP + */ +target_ulong pmpaddr_csr_read(CPURISCVState *env, uint32_t addr_index) +{ + PMP_PRINTF("hart%d addr%d (val: 0x" TARGET_FMT_lx ")\n", + env->mhartid, addr_index, + env->pmp_state.pmp[addr_index].addr_reg); + return env->pmp_state.pmp[addr_index].addr_reg; +} + +#endif diff --git a/target/riscv/pmp.h b/target/riscv/pmp.h new file mode 100644 index 0000000..9f2c32d --- /dev/null +++ b/target/riscv/pmp.h @@ -0,0 +1,70 @@ +/* + * QEMU RISC-V PMP (Physical Memory Protection) + * + * Author: Daire McNamara, daire.mcnamara@emdalo.com + * Ivan Griffin, ivan.griffin@emdalo.com + * + * This provides a RISC-V Physical Memory Protection interface + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#ifndef _RISCV_PMP_H_ +#define _RISCV_PMP_H_ + +typedef enum { + PMP_READ = 1 << 0, + PMP_WRITE = 1 << 1, + PMP_EXEC = 1 << 2, + PMP_LOCK = 1 << 7 +} pmp_priv_t; + +typedef enum { + PMP_AMATCH_OFF, /* Null (off) */ + PMP_AMATCH_TOR, /* Top of Range */ + PMP_AMATCH_NA4, /* Naturally aligned four-byte region */ + PMP_AMATCH_NAPOT /* Naturally aligned power-of-two region */ +} pmp_am_t; + +typedef struct { + target_ulong addr_reg; + uint8_t cfg_reg; +} pmp_entry_t; + +typedef struct { + target_ulong sa; + target_ulong ea; +} pmp_addr_t; + +typedef struct { + pmp_entry_t pmp[MAX_RISCV_PMPS]; + pmp_addr_t addr[MAX_RISCV_PMPS]; + uint32_t num_rules; +} pmp_table_t; + +void pmpcfg_csr_write(CPURISCVState *env, uint32_t reg_index, + target_ulong val); +target_ulong pmpcfg_csr_read(CPURISCVState *env, uint32_t reg_index); +void pmpaddr_csr_write(CPURISCVState *env, uint32_t addr_index, + target_ulong val); +target_ulong pmpaddr_csr_read(CPURISCVState *env, uint32_t addr_index); +bool pmp_hart_has_privs(CPURISCVState *env, target_ulong addr, + target_ulong size, pmp_priv_t priv); + +#endif