From patchwork Fri Mar 9 04:12:33 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Clark X-Patchwork-Id: 10269651 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 8A5F6602BD for ; Fri, 9 Mar 2018 04:24:55 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7518629C70 for ; Fri, 9 Mar 2018 04:24:55 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6970C29CB5; Fri, 9 Mar 2018 04:24:55 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id CB9DF29C70 for ; Fri, 9 Mar 2018 04:24:54 +0000 (UTC) Received: from localhost ([::1]:43148 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eu9aQ-0004EY-2c for patchwork-qemu-devel@patchwork.kernel.org; Thu, 08 Mar 2018 23:24:54 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:55742) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eu9Qa-0004BN-RE for qemu-devel@nongnu.org; Thu, 08 Mar 2018 23:14:46 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eu9QZ-0006yz-JR for qemu-devel@nongnu.org; Thu, 08 Mar 2018 23:14:44 -0500 Received: from mail-pl0-x242.google.com ([2607:f8b0:400e:c01::242]:46549) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1eu9QZ-0006yj-B7 for qemu-devel@nongnu.org; Thu, 08 Mar 2018 23:14:43 -0500 Received: by mail-pl0-x242.google.com with SMTP id y8-v6so4587761pll.13 for ; Thu, 08 Mar 2018 20:14:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=QkuuEv+D1Gy9OGIERK4NAdR5HD7g3kWvPngTihs5qC8=; b=PExOX2tfhTQ/aXKvFjauQ6p4mLwqIzOHSUo+jSvFhA9j7xPJz2qpjCdDz6Sf3fdVo3 Mnyjlhlm9FpUGDggLNoXkKbJuatsuQ70tAwEIklg1gu7OnvgCLgzfAmpHEpaCYNeRIXd cYo4q7izP0kG9B4Uk6JPD2Q+7yIkckLTAqgSjfTQdPd/saeZHghbgpgGAiYslifPPEQD GUFaatD+aqyq5qMS81Vlr50bSSx6klTlZ0wHgQ3/AhKP0b3+PXCaBgiWmaQS/3pXDNwt oHkmo8/6pM27sejtIZp7bXzg7P78N9XEQkkgxwVV2nI0YsJ4CrWwqUcel/0IPAOyVS8i e6kg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=QkuuEv+D1Gy9OGIERK4NAdR5HD7g3kWvPngTihs5qC8=; b=tXUcz+Zpk6cgFXxQdStoYT/OZ/OOXmtkrKpgKEiPLHncF8cnIncWpbdGswib2U8PW0 Yq+6efmH2C94+hi74QMW81T9r9UpAxI9JEwNwFWs62h8S3sb4M1GZp4DlJv+R/oG4hxD suCWzYmJ4yZpWhOwwglBNgo6ahB7hmh2sGj+8SR+eMr6pUl47e5/Vl99V/XJshyn28Ql 5tmkxYWmaB857sL46OoGqz1yCropFJ5qbB8epSTq+/VMIQirtUEDqIgVnHPoItgVkeVn d6LkwRkDpB/lt5cc6SrZJnLmnoqwkDZK/ONNEpCdc45Z7S+6EyTxGTCyk0o/BKEuz7NL aiCQ== X-Gm-Message-State: APf1xPCK8gVxCcJeeUWHbnt9deJqhWDqmiN9qiaeHe3Y6XDIuuIoT33G yPWR0t9WOLUSsYKHie+o0P8pZul697w= X-Google-Smtp-Source: AG47ELvWnQV5fhibNikpRXFpHvt6wU8JGpWR+MwccXrkUCPw2WrJeMhaPcJgGhi7Md2pLfmq8UXzRg== X-Received: by 2002:a17:902:7686:: with SMTP id m6-v6mr26718892pll.199.1520568882343; Thu, 08 Mar 2018 20:14:42 -0800 (PST) Received: from localhost.localdomain (125-237-39-90-fibre.bb.spark.co.nz. [125.237.39.90]) by smtp.gmail.com with ESMTPSA id h15sm334141pfi.56.2018.03.08.20.14.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 08 Mar 2018 20:14:41 -0800 (PST) From: Michael Clark To: qemu-devel@nongnu.org Date: Fri, 9 Mar 2018 17:12:33 +1300 Message-Id: <1520568765-58189-12-git-send-email-mjc@sifive.com> X-Mailer: git-send-email 2.7.0 In-Reply-To: <1520568765-58189-1-git-send-email-mjc@sifive.com> References: <1520568765-58189-1-git-send-email-mjc@sifive.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:400e:c01::242 Subject: [Qemu-devel] [PATCH v2 11/23] RISC-V: Improve page table walker spec compliance X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Bastian Koppelmann , Michael Clark , Palmer Dabbelt , Sagar Karandikar Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP - Inline PTE_TABLE check for better readability - Improve readibility of User page U mode and SUM test - Disallow non U mode from fetching from User pages - Add reserved PTE flag check: W or W|X - Add misaligned PPN check - Change access checks from ternary operator to if statements - Improves page walker comments - No measurable performance impact on dd test Cc: Sagar Karandikar Cc: Bastian Koppelmann Signed-off-by: Michael Clark Signed-off-by: Palmer Dabbelt --- target/riscv/cpu_bits.h | 2 -- target/riscv/helper.c | 59 ++++++++++++++++++++++++++++++++++--------------- 2 files changed, 41 insertions(+), 20 deletions(-) diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h index 64aa097..12b4757 100644 --- a/target/riscv/cpu_bits.h +++ b/target/riscv/cpu_bits.h @@ -407,5 +407,3 @@ #define PTE_SOFT 0x300 /* Reserved for Software */ #define PTE_PPN_SHIFT 10 - -#define PTE_TABLE(PTE) (((PTE) & (PTE_V | PTE_R | PTE_W | PTE_X)) == PTE_V) diff --git a/target/riscv/helper.c b/target/riscv/helper.c index 228933c..162d5ec 100644 --- a/target/riscv/helper.c +++ b/target/riscv/helper.c @@ -185,16 +185,36 @@ restart: #endif target_ulong ppn = pte >> PTE_PPN_SHIFT; - if (PTE_TABLE(pte)) { /* next level of page table */ + if (!(pte & PTE_V)) { + /* Invalid PTE */ + return TRANSLATE_FAIL; + } else if (!(pte & (PTE_R | PTE_W | PTE_X))) { + /* Inner PTE, continue walking */ base = ppn << PGSHIFT; - } else if ((pte & PTE_U) ? (mode == PRV_S) && !sum : !(mode == PRV_S)) { - break; - } else if (!(pte & PTE_V) || (!(pte & PTE_R) && (pte & PTE_W))) { - break; - } else if (access_type == MMU_INST_FETCH ? !(pte & PTE_X) : - access_type == MMU_DATA_LOAD ? !(pte & PTE_R) && - !(mxr && (pte & PTE_X)) : !((pte & PTE_R) && (pte & PTE_W))) { - break; + } else if ((pte & (PTE_R | PTE_W | PTE_X)) == PTE_W) { + /* Reserved leaf PTE flags: PTE_W */ + return TRANSLATE_FAIL; + } else if ((pte & (PTE_R | PTE_W | PTE_X)) == (PTE_W | PTE_X)) { + /* Reserved leaf PTE flags: PTE_W + PTE_X */ + return TRANSLATE_FAIL; + } else if ((pte & PTE_U) && ((mode != PRV_U) && + (!sum || access_type == MMU_INST_FETCH))) { + /* User PTE flags when not U mode and mstatus.SUM is not set, + or the access type is an instruction fetch */ + return TRANSLATE_FAIL; + } else if (ppn & ((1ULL << ptshift) - 1)) { + /* Misasligned PPN */ + return TRANSLATE_FAIL; + } else if (access_type == MMU_DATA_LOAD && !((pte & PTE_R) || + (mode != PRV_U && (pte & PTE_X) && mxr))) { + /* Read access check failed */ + return TRANSLATE_FAIL; + } else if (access_type == MMU_DATA_STORE && !(pte & PTE_W)) { + /* Write access check failed */ + return TRANSLATE_FAIL; + } else if (access_type == MMU_INST_FETCH && !(pte & PTE_X)) { + /* Fetch access check failed */ + return TRANSLATE_FAIL; } else { /* if necessary, set accessed and dirty bits. */ target_ulong updated_pte = pte | PTE_A | @@ -202,11 +222,14 @@ restart: /* Page table updates need to be atomic with MTTCG enabled */ if (updated_pte != pte) { - /* if accessed or dirty bits need updating, and the PTE is - * in RAM, then we do so atomically with a compare and swap. - * if the PTE is in IO space, then it can't be updated. - * if the PTE changed, then we must re-walk the page table - as the PTE is no longer valid */ + /* + * - if accessed or dirty bits need updating, and the PTE is + * in RAM, then we do so atomically with a compare and swap. + * - if the PTE is in IO space or ROM, then it can't be updated + * and we return TRANSLATE_FAIL. + * - if the PTE changed by the time we went to update it, then + * it is no longer valid and we must re-walk the page table. + */ MemoryRegion *mr; hwaddr l = sizeof(target_ulong), addr1; rcu_read_lock(); @@ -243,15 +266,15 @@ restart: target_ulong vpn = addr >> PGSHIFT; *physical = (ppn | (vpn & ((1L << ptshift) - 1))) << PGSHIFT; - if ((pte & PTE_R)) { + /* set permissions on the TLB entry */ + if ((pte & PTE_R) || (mode != PRV_U && (pte & PTE_X) && mxr)) { *prot |= PAGE_READ; } if ((pte & PTE_X)) { *prot |= PAGE_EXEC; } - /* only add write permission on stores or if the page - is already dirty, so that we don't miss further - page table walks to update the dirty bit */ + /* add write permission on stores or if the page is already dirty, + so that we TLB miss on later writes to update the dirty bit */ if ((pte & PTE_W) && (access_type == MMU_DATA_STORE || (pte & PTE_D))) { *prot |= PAGE_WRITE;