From: David Gibson <david@gibson.dropbear.id.au>
To: agraf@suse.de
Cc: qemu-devel@nongnu.org
Subject: [Qemu-devel] [PATCH 6/6] pseries: More complete WIMG validation in H_ENTER code
Date: Thu, 4 Aug 2011 17:02:19 +1000 [thread overview]
Message-ID: <1312441339-22477-7-git-send-email-david@gibson.dropbear.id.au> (raw)
In-Reply-To: <1312441339-22477-1-git-send-email-david@gibson.dropbear.id.au>
Currently our implementation of the H_ENTER hypercall, which inserts a
mapping in the hash page table assumes that only ordinary memory is ever
mapped, and only permits mapping attribute bits accordingly (WIMG==0010).
However, we intend to start adding emulated IO to the pseries platform
(and real IO with PCI passthrough on kvm) which means this simple test
will no longer suffice.
This patch extends the h_enter validation code to check if the given
address is a RAM address. If it is it enforces WIMG==0010, otherwise
it assumes that it is an IO mapping and instead enforces WIMG=010x.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
hw/spapr.c | 3 ++-
hw/spapr.h | 1 +
hw/spapr_hcall.c | 22 ++++++++++++++++++----
3 files changed, 21 insertions(+), 5 deletions(-)
diff --git a/hw/spapr.c b/hw/spapr.c
index cf9f758..7030c17 100644
--- a/hw/spapr.c
+++ b/hw/spapr.c
@@ -334,7 +334,8 @@ static void ppc_spapr_init(ram_addr_t ram_size,
}
/* allocate RAM */
- ram_offset = qemu_ram_alloc(NULL, "ppc_spapr.ram", ram_size);
+ spapr->ram_limit = ram_size;
+ ram_offset = qemu_ram_alloc(NULL, "ppc_spapr.ram", spapr->ram_limit);
cpu_register_physical_memory(0, ram_size, ram_offset);
/* allocate hash page table. For now we always make this 16mb,
diff --git a/hw/spapr.h b/hw/spapr.h
index 263691b..400001e 100644
--- a/hw/spapr.h
+++ b/hw/spapr.h
@@ -8,6 +8,7 @@ typedef struct sPAPREnvironment {
struct VIOsPAPRBus *vio_bus;
struct icp_state *icp;
+ target_phys_addr_t ram_limit;
void *htab;
long htab_size;
target_phys_addr_t fdt_addr, rtas_addr;
diff --git a/hw/spapr_hcall.c b/hw/spapr_hcall.c
index 89d80d3..822d715 100644
--- a/hw/spapr_hcall.c
+++ b/hw/spapr_hcall.c
@@ -99,6 +99,8 @@ static target_ulong h_enter(CPUState *env, sPAPREnvironment *spapr,
target_ulong pte_index = args[1];
target_ulong pteh = args[2];
target_ulong ptel = args[3];
+ target_ulong page_shift = 12;
+ target_ulong raddr;
target_ulong i;
uint8_t *hpte;
@@ -111,6 +113,7 @@ static target_ulong h_enter(CPUState *env, sPAPREnvironment *spapr,
#endif
if ((ptel & 0xff000) == 0) {
/* 16M page */
+ page_shift = 24;
/* lowest AVA bit must be 0 for 16M pages */
if (pteh & 0x80) {
return H_PARAMETER;
@@ -120,12 +123,23 @@ static target_ulong h_enter(CPUState *env, sPAPREnvironment *spapr,
}
}
- /* FIXME: bounds check the pa? */
+ raddr = (ptel & HPTE_R_RPN) & ~((1ULL << page_shift) - 1);
- /* Check WIMG */
- if ((ptel & HPTE_R_WIMG) != HPTE_R_M) {
- return H_PARAMETER;
+ if (raddr < spapr->ram_limit) {
+ /* Regular RAM - should have WIMG=0010 */
+ if ((ptel & HPTE_R_WIMG) != HPTE_R_M) {
+ return H_PARAMETER;
+ }
+ } else {
+ /* Looks like an IO address */
+ /* FIXME: What WIMG combinations could be sensible for IO?
+ * For now we allow WIMG=010x, but are there others? */
+ /* FIXME: Should we check against registered IO addresses? */
+ if ((ptel & (HPTE_R_W | HPTE_R_I | HPTE_R_M)) != HPTE_R_I) {
+ return H_PARAMETER;
+ }
}
+
pteh &= ~0x60ULL;
if ((pte_index * HASH_PTE_SIZE_64) & ~env->htab_mask) {
--
1.7.5.4
next prev parent reply other threads:[~2011-08-04 7:02 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-08-04 7:02 [Qemu-devel] pseries machine updates David Gibson
2011-08-04 7:02 ` [Qemu-devel] [PATCH 1/6] pseries: Bugfixes for interrupt numbering in XICS code David Gibson
2011-08-04 7:02 ` [Qemu-devel] [PATCH 2/6] Implement POWER7's CFAR in TCG David Gibson
2011-08-10 15:10 ` Alexander Graf
2011-08-11 0:35 ` David Gibson
2011-08-04 7:02 ` [Qemu-devel] [PATCH 3/6] pseries: Add real mode debugging hcalls David Gibson
2011-08-10 15:19 ` Alexander Graf
2011-08-04 7:02 ` [Qemu-devel] [PATCH 4/6] pseries: Add a phandle to the xicp interrupt controller device tree node David Gibson
2011-08-04 7:02 ` [Qemu-devel] [PATCH 5/6] pseries: interrupt controller should not have a 'reg' property David Gibson
2011-08-04 7:02 ` David Gibson [this message]
2011-08-10 15:16 ` [Qemu-devel] pseries machine updates Alexander Graf
2011-08-10 15:24 ` Alexander Graf
2011-08-11 0:44 ` David Gibson
2011-08-31 9:18 ` Alexander Graf
2011-08-11 0:39 ` David Gibson
2011-08-31 9:17 ` Alexander Graf
2011-09-01 1:45 ` David Gibson
2011-09-02 13:20 ` Alexander Graf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1312441339-22477-7-git-send-email-david@gibson.dropbear.id.au \
--to=david@gibson.dropbear.id.au \
--cc=agraf@suse.de \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).