Message ID | 1a5abeb9acb758a24daddc5ca8ecd56229a73cf1.1565904855.git.alistair.francis@wdc.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | RISC-V: Hypervisor prep work part 2 | expand |
On Fri, Aug 16, 2019 at 5:41 AM Alistair Francis <alistair.francis@wdc.com> wrote: > > Setting write permission on dirty PTEs results in userspace inside a > Hypervisor guest (VU) becoming corrupted. This appears to be because it > ends up with write permission in the second stage translation in cases > where we aren't doing a store. > > Signed-off-by: Alistair Francis <alistair.francis@wdc.com> > --- > target/riscv/cpu_helper.c | 6 ++---- > 1 file changed, 2 insertions(+), 4 deletions(-) > Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c index e32b6126af..f027be7f16 100644 --- a/target/riscv/cpu_helper.c +++ b/target/riscv/cpu_helper.c @@ -340,10 +340,8 @@ restart: if ((pte & PTE_X)) { *prot |= PAGE_EXEC; } - /* add write permission on stores or if the page is already dirty, - so that we TLB miss on later writes to update the dirty bit */ - if ((pte & PTE_W) && - (access_type == MMU_DATA_STORE || (pte & PTE_D))) { + /* add write permission on stores */ + if ((pte & PTE_W) && (access_type == MMU_DATA_STORE)) { *prot |= PAGE_WRITE; } return TRANSLATE_SUCCESS;
Setting write permission on dirty PTEs results in userspace inside a Hypervisor guest (VU) becoming corrupted. This appears to be because it ends up with write permission in the second stage translation in cases where we aren't doing a store. Signed-off-by: Alistair Francis <alistair.francis@wdc.com> --- target/riscv/cpu_helper.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-)