From patchwork Thu Jun 27 15:19:46 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Palmer Dabbelt X-Patchwork-Id: 11019975 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8CC3014E5 for ; Thu, 27 Jun 2019 15:52:15 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7C1AD27FC0 for ; Thu, 27 Jun 2019 15:52:15 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6FCB52808F; Thu, 27 Jun 2019 15:52:15 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 1A56F27FC0 for ; Thu, 27 Jun 2019 15:52:15 +0000 (UTC) Received: from localhost ([::1]:51966 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hgWh4-0002IP-Au for patchwork-qemu-devel@patchwork.kernel.org; Thu, 27 Jun 2019 11:52:14 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:32825) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hgWHJ-0002gX-01 for qemu-devel@nongnu.org; Thu, 27 Jun 2019 11:25:43 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hgWHE-0008Hj-Fp for qemu-devel@nongnu.org; Thu, 27 Jun 2019 11:25:35 -0400 Received: from mail-pg1-f193.google.com ([209.85.215.193]:36623) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hgWH9-0006jD-2i for qemu-devel@nongnu.org; Thu, 27 Jun 2019 11:25:32 -0400 Received: by mail-pg1-f193.google.com with SMTP id c13so1180633pgg.3 for ; Thu, 27 Jun 2019 08:23:45 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:cc:from:to; bh=nCqKF3oInYRXPwJWI7RpGGCzJlHRvb4E4bj4yY7JdO8=; b=jrN0RRKRimVoU+wqDpnazVVPiMByEgVKyJSBcL9KjJVL7jGXMv2akmfoSPD/qRNFx1 JuRTS0gmEoj886lwjSxsya9+6RGGtFEr4OQk2vrXTq/ZmNutyj2psDgEqYzsRquHBEej LkNgGlhPnlLOrv7Q//l6Niimrpa8cbqXoEiEFJRVh7ZAh6fd88bAZDWhjPeAdXWmQ6Z8 eZqM79KuEd9rjqP/DLzSo0c1QuwzWQ+mdF3Mu/dzXVPyU9K4CRKpyANE6X8VkRH4Jl6C ncytNPi6CpVM/f6LBYpLhznQmciPznwjKzvpsUh3+MT4fkOxtmtrgAKk0ToEPpckOcyn 3jwg== X-Gm-Message-State: APjAAAWtcrhzEQU/sLQmvz8lhFYN6ppqqbNdZ8vuWgziKbE8qnjR6xrM CVyEixky/BOfIpos5ihCvGHKkA== X-Google-Smtp-Source: APXvYqxQicao0ppWeUilfhR+0a2GeGzhgPiD9dF6hP9iUcRv+KdNY+sceD6OEu6ncermiJcsuH5SEw== X-Received: by 2002:a63:2ad5:: with SMTP id q204mr4370120pgq.140.1561649024131; Thu, 27 Jun 2019 08:23:44 -0700 (PDT) Received: from localhost (220-132-236-182.HINET-IP.hinet.net. [220.132.236.182]) by smtp.gmail.com with ESMTPSA id y23sm5311422pfo.106.2019.06.27.08.23.43 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Thu, 27 Jun 2019 08:23:43 -0700 (PDT) Date: Thu, 27 Jun 2019 08:19:46 -0700 Message-Id: <20190627152011.18686-10-palmer@sifive.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190627152011.18686-1-palmer@sifive.com> References: <20190627152011.18686-1-palmer@sifive.com> MIME-Version: 1.0 From: Palmer Dabbelt To: Peter Maydell X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.85.215.193 Subject: [Qemu-devel] [PULL 09/34] RISC-V: Fix a PMP bug where it succeeds even if PMP entry is off X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Alistair Francis , Palmer Dabbelt , qemu-riscv@nongnu.org, qemu-devel@nongnu.org, Hesham Almatary Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP From: Hesham Almatary The current implementation returns 1 (PMP check success) if the address is in range even if the PMP entry is off. This is a bug. For example, if there is a PMP check in S-Mode which is in range, but its PMP entry is off, this will succeed, which it should not. The patch fixes this bug by only checking the PMP permissions if the address is in range and its corresponding PMP entry it not off. Otherwise, it will keep the ret = -1 which will be checked and handled correctly at the end of the function. Signed-off-by: Hesham Almatary Reviewed-by: Alistair Francis Signed-off-by: Palmer Dabbelt --- target/riscv/pmp.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c index 5944f4cb6607..958c7502a0e0 100644 --- a/target/riscv/pmp.c +++ b/target/riscv/pmp.c @@ -258,11 +258,12 @@ bool pmp_hart_has_privs(CPURISCVState *env, target_ulong addr, /* fully inside */ const uint8_t a_field = pmp_get_a_field(env->pmp_state.pmp[i].cfg_reg); - if ((s + e) == 2) { - if (PMP_AMATCH_OFF == a_field) { - return 1; - } + /* + * If the PMP entry is not off and the address is in range, do the priv + * check + */ + if (((s + e) == 2) && (PMP_AMATCH_OFF != a_field)) { allowed_privs = PMP_READ | PMP_WRITE | PMP_EXEC; if ((mode != PRV_M) || pmp_is_locked(env, i)) { allowed_privs &= env->pmp_state.pmp[i].cfg_reg;