From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:58552)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Yongbok.Kim@imgtec.com>) id 1XeNd2-0004GS-Gl
	for qemu-devel@nongnu.org; Wed, 15 Oct 2014 08:24:37 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Yongbok.Kim@imgtec.com>) id 1XeNcu-0003mV-MX
	for qemu-devel@nongnu.org; Wed, 15 Oct 2014 08:24:32 -0400
Received: from mailapp01.imgtec.com ([195.59.15.196]:48764)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Yongbok.Kim@imgtec.com>) id 1XeNcu-0003mO-Gb
	for qemu-devel@nongnu.org; Wed, 15 Oct 2014 08:24:24 -0400
Message-ID: <543E6774.8080304@imgtec.com>
Date: Wed, 15 Oct 2014 13:24:20 +0100
From: Yongbok Kim <yongbok.kim@imgtec.com>
MIME-Version: 1.0
References: <1404806257-28048-1-git-send-email-leon.alrae@imgtec.com>
	<1404806257-28048-5-git-send-email-leon.alrae@imgtec.com>
In-Reply-To: <1404806257-28048-5-git-send-email-leon.alrae@imgtec.com>
Content-Type: text/plain; charset="windows-1252"; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH v2 4/9] target-mips: add RI and XI fields
	to TLB entry
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Leon Alrae <leon.alrae@imgtec.com>, qemu-devel@nongnu.org
Cc: aurelien@aurel32.net


On 08/07/2014 08:57, Leon Alrae wrote:
> In Revision 3 of the architecture, the RI and XI bits were added to the TLB
> to enable more secure access of memory pages. These bits (along with the Dirty
> bit) allow the implementation of read-only, write-only, no-execute access
> policies for mapped pages.
>
> Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
> ---
>   target-mips/cpu.h       |   11 +++++++++++
>   target-mips/helper.c    |   11 ++++++++++-
>   target-mips/op_helper.c |    8 ++++++++
>   3 files changed, 29 insertions(+), 1 deletions(-)
>
> diff --git a/target-mips/cpu.h b/target-mips/cpu.h
> index 4f6aa5b..5afafd7 100644
> --- a/target-mips/cpu.h
> +++ b/target-mips/cpu.h
> @@ -30,6 +30,10 @@ struct r4k_tlb_t {
>       uint_fast16_t V1:1;
>       uint_fast16_t D0:1;
>       uint_fast16_t D1:1;
> +    uint_fast16_t XI0:1;
> +    uint_fast16_t XI1:1;
> +    uint_fast16_t RI0:1;
> +    uint_fast16_t RI1:1;
>       target_ulong PFN[2];
>   };
>   
> @@ -229,6 +233,13 @@ struct CPUMIPSState {
>   #define CP0VPEOpt_DWX0	0
>       target_ulong CP0_EntryLo0;
>       target_ulong CP0_EntryLo1;
> +#if defined(TARGET_MIPS64)
> +# define CP0EnLo_RI 63
> +# define CP0EnLo_XI 62
> +#else
> +# define CP0EnLo_RI 31
> +# define CP0EnLo_XI 30
> +#endif
>       target_ulong CP0_Context;
>       target_ulong CP0_KScratch[MIPS_KSCRATCH_NUM];
>       int32_t CP0_PageMask;
> diff --git a/target-mips/helper.c b/target-mips/helper.c
> index 9871273..6aa8c8a 100644
> --- a/target-mips/helper.c
> +++ b/target-mips/helper.c
> @@ -27,6 +27,8 @@
>   #include "sysemu/kvm.h"
>   
>   enum {
> +    TLBRET_XI = -6,
> +    TLBRET_RI = -5,
>       TLBRET_DIRTY = -4,
>       TLBRET_INVALID = -3,
>       TLBRET_NOMATCH = -2,
> @@ -85,8 +87,15 @@ int r4k_map_address (CPUMIPSState *env, hwaddr *physical, int *prot,
>               /* TLB match */
>               int n = !!(address & mask & ~(mask >> 1));
>               /* Check access rights */
> -            if (!(n ? tlb->V1 : tlb->V0))
> +            if (!(n ? tlb->V1 : tlb->V0)) {
>                   return TLBRET_INVALID;
> +            }
> +            if (rw == MMU_INST_FETCH && (n ? tlb->XI1 : tlb->XI0)) {
> +                return TLBRET_XI;
> +            }
> +            if (rw == MMU_DATA_LOAD && (n ? tlb->RI1 : tlb->RI0)) {
> +                return TLBRET_RI;

PC relative loads are allowed where execute is allowed (even though RI 
is 1).
Rather than just return RI here have to check XI and its OP code.

> +            }
>               if (rw != MMU_DATA_STORE || (n ? tlb->D1 : tlb->D0)) {
>                   *physical = tlb->PFN[n] | (address & (mask >> 1));
>                   *prot = PAGE_READ;
> diff --git a/target-mips/op_helper.c b/target-mips/op_helper.c
> index b8d384a..3f39305 100644
> --- a/target-mips/op_helper.c
> +++ b/target-mips/op_helper.c
> @@ -1849,10 +1849,14 @@ static void r4k_fill_tlb(CPUMIPSState *env, int idx)
>       tlb->V0 = (env->CP0_EntryLo0 & 2) != 0;
>       tlb->D0 = (env->CP0_EntryLo0 & 4) != 0;
>       tlb->C0 = (env->CP0_EntryLo0 >> 3) & 0x7;
> +    tlb->XI0 = (env->CP0_EntryLo0 >> CP0EnLo_XI) & 1;
> +    tlb->RI0 = (env->CP0_EntryLo0 >> CP0EnLo_RI) & 1;
>       tlb->PFN[0] = (env->CP0_EntryLo0 >> 6) << 12;
>       tlb->V1 = (env->CP0_EntryLo1 & 2) != 0;
>       tlb->D1 = (env->CP0_EntryLo1 & 4) != 0;
>       tlb->C1 = (env->CP0_EntryLo1 >> 3) & 0x7;
> +    tlb->XI1 = (env->CP0_EntryLo1 >> CP0EnLo_XI) & 1;
> +    tlb->RI1 = (env->CP0_EntryLo1 >> CP0EnLo_RI) & 1;
>       tlb->PFN[1] = (env->CP0_EntryLo1 >> 6) << 12;
>   }
>   
> @@ -1964,8 +1968,12 @@ void r4k_helper_tlbr(CPUMIPSState *env)
>       env->CP0_EntryHi = tlb->VPN | tlb->ASID;
>       env->CP0_PageMask = tlb->PageMask;
>       env->CP0_EntryLo0 = tlb->G | (tlb->V0 << 1) | (tlb->D0 << 2) |
> +                        ((target_ulong)tlb->RI0 << CP0EnLo_RI) |
> +                        ((target_ulong)tlb->XI0 << CP0EnLo_XI) |
>                           (tlb->C0 << 3) | (tlb->PFN[0] >> 6);
>       env->CP0_EntryLo1 = tlb->G | (tlb->V1 << 1) | (tlb->D1 << 2) |
> +                        ((target_ulong)tlb->RI1 << CP0EnLo_RI) |
> +                        ((target_ulong)tlb->XI1 << CP0EnLo_XI) |
>                           (tlb->C1 << 3) | (tlb->PFN[1] >> 6);
>   }
>   

Regards,
Yongbok