2018-03-02 13:31:11 +01:00
|
|
|
/*
|
|
|
|
* QEMU RISC-V PMP (Physical Memory Protection)
|
|
|
|
*
|
|
|
|
* Author: Daire McNamara, daire.mcnamara@emdalo.com
|
|
|
|
* Ivan Griffin, ivan.griffin@emdalo.com
|
|
|
|
*
|
|
|
|
* This provides a RISC-V Physical Memory Protection implementation
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify it
|
|
|
|
* under the terms and conditions of the GNU General Public License,
|
|
|
|
* version 2 or later, as published by the Free Software Foundation.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope it will be useful, but WITHOUT
|
|
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
|
|
|
|
* more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License along with
|
|
|
|
* this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include "qemu/osdep.h"
|
|
|
|
#include "qemu/log.h"
|
|
|
|
#include "qapi/error.h"
|
|
|
|
#include "cpu.h"
|
2019-07-23 14:08:16 +02:00
|
|
|
#include "trace.h"
|
2021-02-21 15:01:22 +01:00
|
|
|
#include "exec/exec-all.h"
|
2018-03-02 13:31:11 +01:00
|
|
|
|
|
|
|
static void pmp_write_cfg(CPURISCVState *env, uint32_t addr_index,
|
|
|
|
uint8_t val);
|
|
|
|
static uint8_t pmp_read_cfg(CPURISCVState *env, uint32_t addr_index);
|
|
|
|
static void pmp_update_rule(CPURISCVState *env, uint32_t pmp_index);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Accessor method to extract address matching type 'a field' from cfg reg
|
|
|
|
*/
|
|
|
|
static inline uint8_t pmp_get_a_field(uint8_t cfg)
|
|
|
|
{
|
|
|
|
uint8_t a = cfg >> 3;
|
|
|
|
return a & 0x3;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Check whether a PMP is locked or not.
|
|
|
|
*/
|
|
|
|
static inline int pmp_is_locked(CPURISCVState *env, uint32_t pmp_index)
|
|
|
|
{
|
|
|
|
|
|
|
|
if (env->pmp_state.pmp[pmp_index].cfg_reg & PMP_LOCK) {
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Top PMP has no 'next' to check */
|
|
|
|
if ((pmp_index + 1u) >= MAX_RISCV_PMPS) {
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Count the number of active rules.
|
|
|
|
*/
|
2020-12-23 20:25:53 +01:00
|
|
|
uint32_t pmp_get_num_rules(CPURISCVState *env)
|
2018-03-02 13:31:11 +01:00
|
|
|
{
|
|
|
|
return env->pmp_state.num_rules;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Accessor to get the cfg reg for a specific PMP/HART
|
|
|
|
*/
|
|
|
|
static inline uint8_t pmp_read_cfg(CPURISCVState *env, uint32_t pmp_index)
|
|
|
|
{
|
|
|
|
if (pmp_index < MAX_RISCV_PMPS) {
|
|
|
|
return env->pmp_state.pmp[pmp_index].cfg_reg;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Accessor to set the cfg reg for a specific PMP/HART
|
|
|
|
* Bounds checks and relevant lock bit.
|
|
|
|
*/
|
|
|
|
static void pmp_write_cfg(CPURISCVState *env, uint32_t pmp_index, uint8_t val)
|
|
|
|
{
|
|
|
|
if (pmp_index < MAX_RISCV_PMPS) {
|
2021-04-19 08:17:11 +02:00
|
|
|
bool locked = true;
|
|
|
|
|
|
|
|
if (riscv_feature(env, RISCV_FEATURE_EPMP)) {
|
|
|
|
/* mseccfg.RLB is set */
|
|
|
|
if (MSECCFG_RLB_ISSET(env)) {
|
|
|
|
locked = false;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* mseccfg.MML is not set */
|
|
|
|
if (!MSECCFG_MML_ISSET(env) && !pmp_is_locked(env, pmp_index)) {
|
|
|
|
locked = false;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* mseccfg.MML is set */
|
|
|
|
if (MSECCFG_MML_ISSET(env)) {
|
|
|
|
/* not adding execute bit */
|
|
|
|
if ((val & PMP_LOCK) != 0 && (val & PMP_EXEC) != PMP_EXEC) {
|
|
|
|
locked = false;
|
|
|
|
}
|
|
|
|
/* shared region and not adding X bit */
|
|
|
|
if ((val & PMP_LOCK) != PMP_LOCK &&
|
|
|
|
(val & 0x7) != (PMP_WRITE | PMP_EXEC)) {
|
|
|
|
locked = false;
|
|
|
|
}
|
|
|
|
}
|
2018-03-02 13:31:11 +01:00
|
|
|
} else {
|
2021-04-19 08:17:11 +02:00
|
|
|
if (!pmp_is_locked(env, pmp_index)) {
|
|
|
|
locked = false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (locked) {
|
2019-03-16 02:20:02 +01:00
|
|
|
qemu_log_mask(LOG_GUEST_ERROR, "ignoring pmpcfg write - locked\n");
|
2021-04-19 08:17:11 +02:00
|
|
|
} else {
|
|
|
|
env->pmp_state.pmp[pmp_index].cfg_reg = val;
|
|
|
|
pmp_update_rule(env, pmp_index);
|
2018-03-02 13:31:11 +01:00
|
|
|
}
|
|
|
|
} else {
|
2019-03-16 02:20:02 +01:00
|
|
|
qemu_log_mask(LOG_GUEST_ERROR,
|
|
|
|
"ignoring pmpcfg write - out of bounds\n");
|
2018-03-02 13:31:11 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void pmp_decode_napot(target_ulong a, target_ulong *sa, target_ulong *ea)
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
aaaa...aaa0 8-byte NAPOT range
|
|
|
|
aaaa...aa01 16-byte NAPOT range
|
|
|
|
aaaa...a011 32-byte NAPOT range
|
|
|
|
...
|
|
|
|
aa01...1111 2^XLEN-byte NAPOT range
|
|
|
|
a011...1111 2^(XLEN+1)-byte NAPOT range
|
|
|
|
0111...1111 2^(XLEN+2)-byte NAPOT range
|
|
|
|
1111...1111 Reserved
|
|
|
|
*/
|
2022-04-08 18:25:07 +02:00
|
|
|
a = (a << 2) | 0x3;
|
|
|
|
*sa = a & (a + 1);
|
|
|
|
*ea = a | (a + 1);
|
2018-03-02 13:31:11 +01:00
|
|
|
}
|
|
|
|
|
2020-10-26 12:55:27 +01:00
|
|
|
void pmp_update_rule_addr(CPURISCVState *env, uint32_t pmp_index)
|
2018-03-02 13:31:11 +01:00
|
|
|
{
|
|
|
|
uint8_t this_cfg = env->pmp_state.pmp[pmp_index].cfg_reg;
|
|
|
|
target_ulong this_addr = env->pmp_state.pmp[pmp_index].addr_reg;
|
|
|
|
target_ulong prev_addr = 0u;
|
|
|
|
target_ulong sa = 0u;
|
|
|
|
target_ulong ea = 0u;
|
|
|
|
|
|
|
|
if (pmp_index >= 1u) {
|
|
|
|
prev_addr = env->pmp_state.pmp[pmp_index - 1].addr_reg;
|
|
|
|
}
|
|
|
|
|
|
|
|
switch (pmp_get_a_field(this_cfg)) {
|
|
|
|
case PMP_AMATCH_OFF:
|
|
|
|
sa = 0u;
|
|
|
|
ea = -1;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case PMP_AMATCH_TOR:
|
|
|
|
sa = prev_addr << 2; /* shift up from [xx:0] to [xx+2:2] */
|
|
|
|
ea = (this_addr << 2) - 1u;
|
target/riscv/pmp: guard against PMP ranges with a negative size
For a TOR entry to match, the stard address must be lower than the end
address. Normally this is always the case, but correct code might still
run into the following scenario:
Initial state:
pmpaddr3 = 0x2000 pmp3cfg = OFF
pmpaddr4 = 0x3000 pmp4cfg = TOR
Execution:
1. write 0x40ff to pmpaddr3
2. write 0x32ff to pmpaddr4
3. set pmp3cfg to NAPOT with a read-modify-write on pmpcfg0
4. set pmp4cfg to NAPOT with a read-modify-write on pmpcfg1
When (2) is emulated, a call to pmp_update_rule() creates a negative
range for pmp4 as pmp4cfg is still set to TOR. And when (3) is emulated,
a call to tlb_flush() is performed, causing pmp_get_tlb_size() to return
a very creatively large TLB size for pmp4. This, in turn, may result in
accesses to non-existent/unitialized memory regions and a fault, so that
(4) ends up never being executed.
This is in m-mode with MPRV unset, meaning that unlocked PMP entries
should have no effect. Therefore such a behavior based on PMP content
is very unexpected.
Make sure no negative PMP range can be created, whether explicitly by
the emulated code or implicitly like the above.
Signed-off-by: Nicolas Pitre <nico@fluxnic.net>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <3oq0sqs1-67o0-145-5n1s-453o118804q@syhkavp.arg>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-06-15 23:11:51 +02:00
|
|
|
if (sa > ea) {
|
|
|
|
sa = ea = 0u;
|
|
|
|
}
|
2018-03-02 13:31:11 +01:00
|
|
|
break;
|
|
|
|
|
|
|
|
case PMP_AMATCH_NA4:
|
|
|
|
sa = this_addr << 2; /* shift up from [xx:0] to [xx+2:2] */
|
2020-07-06 10:45:50 +02:00
|
|
|
ea = (sa + 4u) - 1u;
|
2018-03-02 13:31:11 +01:00
|
|
|
break;
|
|
|
|
|
|
|
|
case PMP_AMATCH_NAPOT:
|
|
|
|
pmp_decode_napot(this_addr, &sa, &ea);
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
sa = 0u;
|
|
|
|
ea = 0u;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
env->pmp_state.addr[pmp_index].sa = sa;
|
|
|
|
env->pmp_state.addr[pmp_index].ea = ea;
|
2020-10-26 12:55:27 +01:00
|
|
|
}
|
2018-03-02 13:31:11 +01:00
|
|
|
|
2020-10-26 12:55:27 +01:00
|
|
|
void pmp_update_rule_nums(CPURISCVState *env)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
env->pmp_state.num_rules = 0;
|
2018-03-02 13:31:11 +01:00
|
|
|
for (i = 0; i < MAX_RISCV_PMPS; i++) {
|
|
|
|
const uint8_t a_field =
|
|
|
|
pmp_get_a_field(env->pmp_state.pmp[i].cfg_reg);
|
|
|
|
if (PMP_AMATCH_OFF != a_field) {
|
|
|
|
env->pmp_state.num_rules++;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-10-26 12:55:27 +01:00
|
|
|
/* Convert cfg/addr reg values here into simple 'sa' --> start address and 'ea'
|
|
|
|
* end address values.
|
|
|
|
* This function is called relatively infrequently whereas the check that
|
|
|
|
* an address is within a pmp rule is called often, so optimise that one
|
|
|
|
*/
|
|
|
|
static void pmp_update_rule(CPURISCVState *env, uint32_t pmp_index)
|
|
|
|
{
|
|
|
|
pmp_update_rule_addr(env, pmp_index);
|
|
|
|
pmp_update_rule_nums(env);
|
|
|
|
}
|
|
|
|
|
2018-03-02 13:31:11 +01:00
|
|
|
static int pmp_is_in_range(CPURISCVState *env, int pmp_index, target_ulong addr)
|
|
|
|
{
|
|
|
|
int result = 0;
|
|
|
|
|
|
|
|
if ((addr >= env->pmp_state.addr[pmp_index].sa)
|
|
|
|
&& (addr <= env->pmp_state.addr[pmp_index].ea)) {
|
|
|
|
result = 1;
|
|
|
|
} else {
|
|
|
|
result = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
2021-02-21 15:01:20 +01:00
|
|
|
/*
|
|
|
|
* Check if the address has required RWX privs when no PMP entry is matched.
|
|
|
|
*/
|
|
|
|
static bool pmp_hart_has_privs_default(CPURISCVState *env, target_ulong addr,
|
|
|
|
target_ulong size, pmp_priv_t privs, pmp_priv_t *allowed_privs,
|
|
|
|
target_ulong mode)
|
|
|
|
{
|
|
|
|
bool ret;
|
|
|
|
|
2021-04-19 08:17:11 +02:00
|
|
|
if (riscv_feature(env, RISCV_FEATURE_EPMP)) {
|
|
|
|
if (MSECCFG_MMWP_ISSET(env)) {
|
|
|
|
/*
|
|
|
|
* The Machine Mode Whitelist Policy (mseccfg.MMWP) is set
|
|
|
|
* so we default to deny all, even for M-mode.
|
|
|
|
*/
|
|
|
|
*allowed_privs = 0;
|
|
|
|
return false;
|
|
|
|
} else if (MSECCFG_MML_ISSET(env)) {
|
|
|
|
/*
|
|
|
|
* The Machine Mode Lockdown (mseccfg.MML) bit is set
|
|
|
|
* so we can only execute code in M-mode with an applicable
|
|
|
|
* rule. Other modes are disabled.
|
|
|
|
*/
|
|
|
|
if (mode == PRV_M && !(privs & PMP_EXEC)) {
|
|
|
|
ret = true;
|
|
|
|
*allowed_privs = PMP_READ | PMP_WRITE;
|
|
|
|
} else {
|
|
|
|
ret = false;
|
|
|
|
*allowed_privs = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-02-21 15:01:20 +01:00
|
|
|
if ((!riscv_feature(env, RISCV_FEATURE_PMP)) || (mode == PRV_M)) {
|
|
|
|
/*
|
|
|
|
* Privileged spec v1.10 states if HW doesn't implement any PMP entry
|
|
|
|
* or no PMP entry matches an M-Mode access, the access succeeds.
|
|
|
|
*/
|
|
|
|
ret = true;
|
|
|
|
*allowed_privs = PMP_READ | PMP_WRITE | PMP_EXEC;
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* Other modes are not allowed to succeed if they don't * match a rule,
|
|
|
|
* but there are rules. We've checked for no rule earlier in this
|
|
|
|
* function.
|
|
|
|
*/
|
|
|
|
ret = false;
|
|
|
|
*allowed_privs = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2018-03-02 13:31:11 +01:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Public Interface
|
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Check if the address has required RWX privs to complete desired operation
|
|
|
|
*/
|
|
|
|
bool pmp_hart_has_privs(CPURISCVState *env, target_ulong addr,
|
2021-02-21 15:01:20 +01:00
|
|
|
target_ulong size, pmp_priv_t privs, pmp_priv_t *allowed_privs,
|
|
|
|
target_ulong mode)
|
2018-03-02 13:31:11 +01:00
|
|
|
{
|
|
|
|
int i = 0;
|
|
|
|
int ret = -1;
|
2019-10-22 23:21:29 +02:00
|
|
|
int pmp_size = 0;
|
2018-03-02 13:31:11 +01:00
|
|
|
target_ulong s = 0;
|
|
|
|
target_ulong e = 0;
|
|
|
|
|
|
|
|
/* Short cut if no rules */
|
|
|
|
if (0 == pmp_get_num_rules(env)) {
|
2021-02-21 15:01:20 +01:00
|
|
|
return pmp_hart_has_privs_default(env, addr, size, privs,
|
|
|
|
allowed_privs, mode);
|
2018-03-02 13:31:11 +01:00
|
|
|
}
|
|
|
|
|
2019-10-22 23:21:29 +02:00
|
|
|
if (size == 0) {
|
2020-04-24 03:47:38 +02:00
|
|
|
if (riscv_feature(env, RISCV_FEATURE_MMU)) {
|
|
|
|
/*
|
|
|
|
* If size is unknown (0), assume that all bytes
|
|
|
|
* from addr to the end of the page will be accessed.
|
|
|
|
*/
|
|
|
|
pmp_size = -(addr | TARGET_PAGE_MASK);
|
|
|
|
} else {
|
|
|
|
pmp_size = sizeof(target_ulong);
|
|
|
|
}
|
2019-10-22 23:21:29 +02:00
|
|
|
} else {
|
|
|
|
pmp_size = size;
|
|
|
|
}
|
|
|
|
|
2018-03-02 13:31:11 +01:00
|
|
|
/* 1.10 draft priv spec states there is an implicit order
|
|
|
|
from low to high */
|
|
|
|
for (i = 0; i < MAX_RISCV_PMPS; i++) {
|
|
|
|
s = pmp_is_in_range(env, i, addr);
|
2019-10-22 23:21:29 +02:00
|
|
|
e = pmp_is_in_range(env, i, addr + pmp_size - 1);
|
2018-03-02 13:31:11 +01:00
|
|
|
|
|
|
|
/* partially inside */
|
|
|
|
if ((s + e) == 1) {
|
2019-03-16 02:20:02 +01:00
|
|
|
qemu_log_mask(LOG_GUEST_ERROR,
|
|
|
|
"pmp violation - access is partially inside\n");
|
2018-03-02 13:31:11 +01:00
|
|
|
ret = 0;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* fully inside */
|
|
|
|
const uint8_t a_field =
|
|
|
|
pmp_get_a_field(env->pmp_state.pmp[i].cfg_reg);
|
|
|
|
|
2019-05-30 15:51:34 +02:00
|
|
|
/*
|
2021-04-19 08:17:11 +02:00
|
|
|
* Convert the PMP permissions to match the truth table in the
|
|
|
|
* ePMP spec.
|
2019-05-30 15:51:34 +02:00
|
|
|
*/
|
2021-04-19 08:17:11 +02:00
|
|
|
const uint8_t epmp_operation =
|
|
|
|
((env->pmp_state.pmp[i].cfg_reg & PMP_LOCK) >> 4) |
|
|
|
|
((env->pmp_state.pmp[i].cfg_reg & PMP_READ) << 2) |
|
|
|
|
(env->pmp_state.pmp[i].cfg_reg & PMP_WRITE) |
|
|
|
|
((env->pmp_state.pmp[i].cfg_reg & PMP_EXEC) >> 2);
|
|
|
|
|
2019-05-30 15:51:34 +02:00
|
|
|
if (((s + e) == 2) && (PMP_AMATCH_OFF != a_field)) {
|
2021-04-19 08:17:11 +02:00
|
|
|
/*
|
|
|
|
* If the PMP entry is not off and the address is in range,
|
|
|
|
* do the priv check
|
|
|
|
*/
|
|
|
|
if (!MSECCFG_MML_ISSET(env)) {
|
|
|
|
/*
|
|
|
|
* If mseccfg.MML Bit is not set, do pmp priv check
|
|
|
|
* This will always apply to regular PMP.
|
|
|
|
*/
|
|
|
|
*allowed_privs = PMP_READ | PMP_WRITE | PMP_EXEC;
|
|
|
|
if ((mode != PRV_M) || pmp_is_locked(env, i)) {
|
|
|
|
*allowed_privs &= env->pmp_state.pmp[i].cfg_reg;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* If mseccfg.MML Bit set, do the enhanced pmp priv check
|
|
|
|
*/
|
|
|
|
if (mode == PRV_M) {
|
|
|
|
switch (epmp_operation) {
|
|
|
|
case 0:
|
|
|
|
case 1:
|
|
|
|
case 4:
|
|
|
|
case 5:
|
|
|
|
case 6:
|
|
|
|
case 7:
|
|
|
|
case 8:
|
|
|
|
*allowed_privs = 0;
|
|
|
|
break;
|
|
|
|
case 2:
|
|
|
|
case 3:
|
|
|
|
case 14:
|
|
|
|
*allowed_privs = PMP_READ | PMP_WRITE;
|
|
|
|
break;
|
|
|
|
case 9:
|
|
|
|
case 10:
|
|
|
|
*allowed_privs = PMP_EXEC;
|
|
|
|
break;
|
|
|
|
case 11:
|
|
|
|
case 13:
|
|
|
|
*allowed_privs = PMP_READ | PMP_EXEC;
|
|
|
|
break;
|
|
|
|
case 12:
|
|
|
|
case 15:
|
|
|
|
*allowed_privs = PMP_READ;
|
|
|
|
break;
|
2021-05-21 00:55:53 +02:00
|
|
|
default:
|
|
|
|
g_assert_not_reached();
|
2021-04-19 08:17:11 +02:00
|
|
|
}
|
|
|
|
} else {
|
|
|
|
switch (epmp_operation) {
|
|
|
|
case 0:
|
|
|
|
case 8:
|
|
|
|
case 9:
|
|
|
|
case 12:
|
|
|
|
case 13:
|
|
|
|
case 14:
|
|
|
|
*allowed_privs = 0;
|
|
|
|
break;
|
|
|
|
case 1:
|
|
|
|
case 10:
|
|
|
|
case 11:
|
|
|
|
*allowed_privs = PMP_EXEC;
|
|
|
|
break;
|
|
|
|
case 2:
|
|
|
|
case 4:
|
|
|
|
case 15:
|
|
|
|
*allowed_privs = PMP_READ;
|
|
|
|
break;
|
|
|
|
case 3:
|
|
|
|
case 6:
|
|
|
|
*allowed_privs = PMP_READ | PMP_WRITE;
|
|
|
|
break;
|
|
|
|
case 5:
|
|
|
|
*allowed_privs = PMP_READ | PMP_EXEC;
|
|
|
|
break;
|
|
|
|
case 7:
|
|
|
|
*allowed_privs = PMP_READ | PMP_WRITE | PMP_EXEC;
|
|
|
|
break;
|
2021-05-21 00:55:53 +02:00
|
|
|
default:
|
|
|
|
g_assert_not_reached();
|
2021-04-19 08:17:11 +02:00
|
|
|
}
|
|
|
|
}
|
2018-03-02 13:31:11 +01:00
|
|
|
}
|
|
|
|
|
2021-02-21 15:01:20 +01:00
|
|
|
ret = ((privs & *allowed_privs) == privs);
|
|
|
|
break;
|
2018-03-02 13:31:11 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* No rule matched */
|
|
|
|
if (ret == -1) {
|
2021-02-21 15:01:20 +01:00
|
|
|
return pmp_hart_has_privs_default(env, addr, size, privs,
|
|
|
|
allowed_privs, mode);
|
2018-03-02 13:31:11 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
return ret == 1 ? true : false;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2021-06-27 13:57:16 +02:00
|
|
|
* Handle a write to a pmpcfg CSR
|
2018-03-02 13:31:11 +01:00
|
|
|
*/
|
|
|
|
void pmpcfg_csr_write(CPURISCVState *env, uint32_t reg_index,
|
|
|
|
target_ulong val)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
uint8_t cfg_val;
|
2022-01-20 13:20:28 +01:00
|
|
|
int pmpcfg_nums = 2 << riscv_cpu_mxl(env);
|
2018-03-02 13:31:11 +01:00
|
|
|
|
2019-07-23 14:08:16 +02:00
|
|
|
trace_pmpcfg_csr_write(env->mhartid, reg_index, val);
|
2018-03-02 13:31:11 +01:00
|
|
|
|
2022-01-20 13:20:28 +01:00
|
|
|
for (i = 0; i < pmpcfg_nums; i++) {
|
2018-03-02 13:31:11 +01:00
|
|
|
cfg_val = (val >> 8 * i) & 0xff;
|
riscv: Fix bug in setting pmpcfg CSR for RISCV64
First, sizeof(target_ulong) equals to 4 on riscv32, so this change
does not change the function on riscv32. Second, sizeof(target_ulong)
equals to 8 on riscv64, and 'reg_index * 8 + i' is not a legal
pmp_index (we will explain later), which should be 'reg_index * 4 + i'.
If the parameter reg_index equals to 2 (means that we will change the
value of pmpcfg2, or the second pmpcfg on riscv64), then
pmpcfg_csr_write(env, 2, val) will map write tasks to
pmp_write_cfg(env, 2 * 8 + [0...7], val). However, no cfg csr is indexed
by value 16 or 23 on riscv64, so we consider it as a bug.
We are looking for constant (e.g., define a new constant named
RISCV_WORD_SIZE) in QEMU to help others understand code better,
but none was found. A possible good explanation of this literal is it is
the minimum word length on riscv is 4 bytes (32 bit).
Signed-off-by: Hongzheng-Li <Ethan.Lee.QNL@gmail.com>
Signed-off-by: Hou Weiying <weiying_hou@outlook.com>
Signed-off-by: Myriad-Dreamin <camiyoru@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <SG2PR02MB263420036254AC8841F66CE393460@SG2PR02MB2634.apcprd02.prod.outlook.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-08-08 10:56:40 +02:00
|
|
|
pmp_write_cfg(env, (reg_index * 4) + i, cfg_val);
|
2018-03-02 13:31:11 +01:00
|
|
|
}
|
2021-02-21 15:01:22 +01:00
|
|
|
|
|
|
|
/* If PMP permission of any addr has been changed, flush TLB pages. */
|
|
|
|
tlb_flush(env_cpu(env));
|
2018-03-02 13:31:11 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
2021-06-27 13:57:16 +02:00
|
|
|
* Handle a read from a pmpcfg CSR
|
2018-03-02 13:31:11 +01:00
|
|
|
*/
|
|
|
|
target_ulong pmpcfg_csr_read(CPURISCVState *env, uint32_t reg_index)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
target_ulong cfg_val = 0;
|
2018-10-26 20:04:27 +02:00
|
|
|
target_ulong val = 0;
|
2022-01-20 13:20:28 +01:00
|
|
|
int pmpcfg_nums = 2 << riscv_cpu_mxl(env);
|
2018-03-02 13:31:11 +01:00
|
|
|
|
2022-01-20 13:20:28 +01:00
|
|
|
for (i = 0; i < pmpcfg_nums; i++) {
|
riscv: Fix bug in setting pmpcfg CSR for RISCV64
First, sizeof(target_ulong) equals to 4 on riscv32, so this change
does not change the function on riscv32. Second, sizeof(target_ulong)
equals to 8 on riscv64, and 'reg_index * 8 + i' is not a legal
pmp_index (we will explain later), which should be 'reg_index * 4 + i'.
If the parameter reg_index equals to 2 (means that we will change the
value of pmpcfg2, or the second pmpcfg on riscv64), then
pmpcfg_csr_write(env, 2, val) will map write tasks to
pmp_write_cfg(env, 2 * 8 + [0...7], val). However, no cfg csr is indexed
by value 16 or 23 on riscv64, so we consider it as a bug.
We are looking for constant (e.g., define a new constant named
RISCV_WORD_SIZE) in QEMU to help others understand code better,
but none was found. A possible good explanation of this literal is it is
the minimum word length on riscv is 4 bytes (32 bit).
Signed-off-by: Hongzheng-Li <Ethan.Lee.QNL@gmail.com>
Signed-off-by: Hou Weiying <weiying_hou@outlook.com>
Signed-off-by: Myriad-Dreamin <camiyoru@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <SG2PR02MB263420036254AC8841F66CE393460@SG2PR02MB2634.apcprd02.prod.outlook.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-08-08 10:56:40 +02:00
|
|
|
val = pmp_read_cfg(env, (reg_index * 4) + i);
|
2018-03-02 13:31:11 +01:00
|
|
|
cfg_val |= (val << (i * 8));
|
|
|
|
}
|
2019-07-23 14:08:16 +02:00
|
|
|
trace_pmpcfg_csr_read(env->mhartid, reg_index, cfg_val);
|
2018-03-02 13:31:11 +01:00
|
|
|
|
|
|
|
return cfg_val;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
2021-06-27 13:57:16 +02:00
|
|
|
* Handle a write to a pmpaddr CSR
|
2018-03-02 13:31:11 +01:00
|
|
|
*/
|
|
|
|
void pmpaddr_csr_write(CPURISCVState *env, uint32_t addr_index,
|
|
|
|
target_ulong val)
|
|
|
|
{
|
2019-07-23 14:08:16 +02:00
|
|
|
trace_pmpaddr_csr_write(env->mhartid, addr_index, val);
|
2021-04-19 08:16:25 +02:00
|
|
|
|
2018-03-02 13:31:11 +01:00
|
|
|
if (addr_index < MAX_RISCV_PMPS) {
|
2021-04-19 08:16:25 +02:00
|
|
|
/*
|
|
|
|
* In TOR mode, need to check the lock bit of the next pmp
|
|
|
|
* (if there is a next).
|
|
|
|
*/
|
|
|
|
if (addr_index + 1 < MAX_RISCV_PMPS) {
|
|
|
|
uint8_t pmp_cfg = env->pmp_state.pmp[addr_index + 1].cfg_reg;
|
|
|
|
|
|
|
|
if (pmp_cfg & PMP_LOCK &&
|
|
|
|
PMP_AMATCH_TOR == pmp_get_a_field(pmp_cfg)) {
|
|
|
|
qemu_log_mask(LOG_GUEST_ERROR,
|
|
|
|
"ignoring pmpaddr write - pmpcfg + 1 locked\n");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-03-02 13:31:11 +01:00
|
|
|
if (!pmp_is_locked(env, addr_index)) {
|
|
|
|
env->pmp_state.pmp[addr_index].addr_reg = val;
|
|
|
|
pmp_update_rule(env, addr_index);
|
|
|
|
} else {
|
2019-03-16 02:20:02 +01:00
|
|
|
qemu_log_mask(LOG_GUEST_ERROR,
|
|
|
|
"ignoring pmpaddr write - locked\n");
|
2018-03-02 13:31:11 +01:00
|
|
|
}
|
|
|
|
} else {
|
2019-03-16 02:20:02 +01:00
|
|
|
qemu_log_mask(LOG_GUEST_ERROR,
|
|
|
|
"ignoring pmpaddr write - out of bounds\n");
|
2018-03-02 13:31:11 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
2021-06-27 13:57:16 +02:00
|
|
|
* Handle a read from a pmpaddr CSR
|
2018-03-02 13:31:11 +01:00
|
|
|
*/
|
|
|
|
target_ulong pmpaddr_csr_read(CPURISCVState *env, uint32_t addr_index)
|
|
|
|
{
|
2019-07-23 14:08:16 +02:00
|
|
|
target_ulong val = 0;
|
|
|
|
|
2018-03-02 13:31:11 +01:00
|
|
|
if (addr_index < MAX_RISCV_PMPS) {
|
2019-07-23 14:08:16 +02:00
|
|
|
val = env->pmp_state.pmp[addr_index].addr_reg;
|
|
|
|
trace_pmpaddr_csr_read(env->mhartid, addr_index, val);
|
2018-03-02 13:31:11 +01:00
|
|
|
} else {
|
2019-03-16 02:20:02 +01:00
|
|
|
qemu_log_mask(LOG_GUEST_ERROR,
|
|
|
|
"ignoring pmpaddr read - out of bounds\n");
|
2018-03-02 13:31:11 +01:00
|
|
|
}
|
2019-07-23 14:08:16 +02:00
|
|
|
|
|
|
|
return val;
|
2018-03-02 13:31:11 +01:00
|
|
|
}
|
2020-07-28 10:26:17 +02:00
|
|
|
|
2021-04-19 08:16:53 +02:00
|
|
|
/*
|
|
|
|
* Handle a write to a mseccfg CSR
|
|
|
|
*/
|
|
|
|
void mseccfg_csr_write(CPURISCVState *env, target_ulong val)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
trace_mseccfg_csr_write(env->mhartid, val);
|
|
|
|
|
|
|
|
/* RLB cannot be enabled if it's already 0 and if any regions are locked */
|
|
|
|
if (!MSECCFG_RLB_ISSET(env)) {
|
|
|
|
for (i = 0; i < MAX_RISCV_PMPS; i++) {
|
|
|
|
if (pmp_is_locked(env, i)) {
|
|
|
|
val &= ~MSECCFG_RLB;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Sticky bits */
|
|
|
|
val |= (env->mseccfg & (MSECCFG_MMWP | MSECCFG_MML));
|
|
|
|
|
|
|
|
env->mseccfg = val;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Handle a read from a mseccfg CSR
|
|
|
|
*/
|
|
|
|
target_ulong mseccfg_csr_read(CPURISCVState *env)
|
|
|
|
{
|
|
|
|
trace_mseccfg_csr_read(env->mhartid, env->mseccfg);
|
|
|
|
return env->mseccfg;
|
|
|
|
}
|
|
|
|
|
2020-07-28 10:26:17 +02:00
|
|
|
/*
|
|
|
|
* Calculate the TLB size if the start address or the end address of
|
2021-06-27 13:57:16 +02:00
|
|
|
* PMP entry is presented in the TLB page.
|
2020-07-28 10:26:17 +02:00
|
|
|
*/
|
|
|
|
static target_ulong pmp_get_tlb_size(CPURISCVState *env, int pmp_index,
|
|
|
|
target_ulong tlb_sa, target_ulong tlb_ea)
|
|
|
|
{
|
|
|
|
target_ulong pmp_sa = env->pmp_state.addr[pmp_index].sa;
|
|
|
|
target_ulong pmp_ea = env->pmp_state.addr[pmp_index].ea;
|
|
|
|
|
|
|
|
if (pmp_sa >= tlb_sa && pmp_ea <= tlb_ea) {
|
|
|
|
return pmp_ea - pmp_sa + 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (pmp_sa >= tlb_sa && pmp_sa <= tlb_ea && pmp_ea >= tlb_ea) {
|
|
|
|
return tlb_ea - pmp_sa + 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (pmp_ea <= tlb_ea && pmp_ea >= tlb_sa && pmp_sa <= tlb_sa) {
|
|
|
|
return pmp_ea - tlb_sa + 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Check is there a PMP entry which range covers this page. If so,
|
|
|
|
* try to find the minimum granularity for the TLB size.
|
|
|
|
*/
|
|
|
|
bool pmp_is_range_in_tlb(CPURISCVState *env, hwaddr tlb_sa,
|
|
|
|
target_ulong *tlb_size)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
target_ulong val;
|
|
|
|
target_ulong tlb_ea = (tlb_sa + TARGET_PAGE_SIZE - 1);
|
|
|
|
|
|
|
|
for (i = 0; i < MAX_RISCV_PMPS; i++) {
|
|
|
|
val = pmp_get_tlb_size(env, i, tlb_sa, tlb_ea);
|
|
|
|
if (val) {
|
|
|
|
if (*tlb_size == 0 || *tlb_size > val) {
|
|
|
|
*tlb_size = val;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (*tlb_size != 0) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
2021-02-21 15:01:20 +01:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Convert PMP privilege to TLB page privilege.
|
|
|
|
*/
|
|
|
|
int pmp_priv_to_page_prot(pmp_priv_t pmp_priv)
|
|
|
|
{
|
|
|
|
int prot = 0;
|
|
|
|
|
|
|
|
if (pmp_priv & PMP_READ) {
|
|
|
|
prot |= PAGE_READ;
|
|
|
|
}
|
|
|
|
if (pmp_priv & PMP_WRITE) {
|
|
|
|
prot |= PAGE_WRITE;
|
|
|
|
}
|
|
|
|
if (pmp_priv & PMP_EXEC) {
|
|
|
|
prot |= PAGE_EXEC;
|
|
|
|
}
|
|
|
|
|
|
|
|
return prot;
|
|
|
|
}
|