From: Michael Clark <mjc@sifive.com>
To: qemu-devel@nongnu.org
Cc: Michael Clark <mjc@sifive.com>,
Palmer Dabbelt <palmer@sifive.com>,
Sagar Karandikar <sagark@eecs.berkeley.edu>,
Bastian Koppelmann <kbastian@mail.uni-paderborn.de>,
RISC-V Patches <patches@groups.riscv.org>
Subject: [Qemu-devel] [PATCH v1 11/22] RISC-V: Improve page table walker spec compliance
Date: Wed, 7 Mar 2018 09:43:46 +1300 [thread overview]
Message-ID: <1520369037-37977-12-git-send-email-mjc@sifive.com> (raw)
In-Reply-To: <1520369037-37977-1-git-send-email-mjc@sifive.com>
- Inline PTE_TABLE check for better readability
- Improve readibility of User page U mode and SUM test
- Disallow non U mode from fetching from User pages
- Add reserved PTE flag check: W or W|X
- Add misaligned PPN check
- Change access checks from ternary operator to if statements
- Improves page walker comments
- No measurable performance impact on dd test
Signed-off-by: Michael Clark <mjc@sifive.com>
Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
---
target/riscv/cpu_bits.h | 2 --
target/riscv/helper.c | 57 ++++++++++++++++++++++++++++++++++---------------
2 files changed, 40 insertions(+), 19 deletions(-)
diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
index 64aa097..12b4757 100644
--- a/target/riscv/cpu_bits.h
+++ b/target/riscv/cpu_bits.h
@@ -407,5 +407,3 @@
#define PTE_SOFT 0x300 /* Reserved for Software */
#define PTE_PPN_SHIFT 10
-
-#define PTE_TABLE(PTE) (((PTE) & (PTE_V | PTE_R | PTE_W | PTE_X)) == PTE_V)
diff --git a/target/riscv/helper.c b/target/riscv/helper.c
index 228933c..2165ecb 100644
--- a/target/riscv/helper.c
+++ b/target/riscv/helper.c
@@ -185,16 +185,36 @@ restart:
#endif
target_ulong ppn = pte >> PTE_PPN_SHIFT;
- if (PTE_TABLE(pte)) { /* next level of page table */
+ if (!(pte & PTE_V)) {
+ /* Invalid PTE */
+ return TRANSLATE_FAIL;
+ } else if (!(pte & (PTE_R | PTE_W | PTE_X))) {
+ /* Inner PTE, continue walking */
base = ppn << PGSHIFT;
- } else if ((pte & PTE_U) ? (mode == PRV_S) && !sum : !(mode == PRV_S)) {
- break;
- } else if (!(pte & PTE_V) || (!(pte & PTE_R) && (pte & PTE_W))) {
- break;
- } else if (access_type == MMU_INST_FETCH ? !(pte & PTE_X) :
- access_type == MMU_DATA_LOAD ? !(pte & PTE_R) &&
- !(mxr && (pte & PTE_X)) : !((pte & PTE_R) && (pte & PTE_W))) {
- break;
+ } else if ((pte & (PTE_R | PTE_W | PTE_X)) == PTE_W) {
+ /* Reserved leaf PTE flags: PTE_W */
+ return TRANSLATE_FAIL;
+ } else if ((pte & (PTE_R | PTE_W | PTE_X)) == (PTE_W | PTE_X)) {
+ /* Reserved leaf PTE flags: PTE_W + PTE_X */
+ return TRANSLATE_FAIL;
+ } else if ((pte & PTE_U) && ((mode != PRV_U) &&
+ (!sum || access_type == MMU_INST_FETCH))) {
+ /* User PTE flags when not U mode and mstats.SUM is not set,
+ or the access type is an instruction fetch */
+ return TRANSLATE_FAIL;
+ } else if (ppn & ((1ULL << ptshift) - 1)) {
+ /* Misasligned PPN */
+ return TRANSLATE_FAIL;
+ } else if (access_type == MMU_DATA_LOAD && !((pte & PTE_R) ||
+ ((pte & PTE_X) && mxr))) {
+ /* Read access check failed */
+ return TRANSLATE_FAIL;
+ } else if (access_type == MMU_DATA_STORE && !(pte & PTE_W)) {
+ /* Write access check failed */
+ return TRANSLATE_FAIL;
+ } else if (access_type == MMU_INST_FETCH && !(pte & PTE_X)) {
+ /* Fetch access check failed */
+ return TRANSLATE_FAIL;
} else {
/* if necessary, set accessed and dirty bits. */
target_ulong updated_pte = pte | PTE_A |
@@ -202,11 +222,14 @@ restart:
/* Page table updates need to be atomic with MTTCG enabled */
if (updated_pte != pte) {
- /* if accessed or dirty bits need updating, and the PTE is
- * in RAM, then we do so atomically with a compare and swap.
- * if the PTE is in IO space, then it can't be updated.
- * if the PTE changed, then we must re-walk the page table
- as the PTE is no longer valid */
+ /*
+ * - if accessed or dirty bits need updating, and the PTE is
+ * in RAM, then we do so atomically with a compare and swap.
+ * - if the PTE is in IO space or ROM, then it can't be updated
+ * and we return TRANSLATE_FAIL.
+ * - if the PTE changed by the time we went to update it, then
+ * it is no longer valid and we must re-walk the page table.
+ */
MemoryRegion *mr;
hwaddr l = sizeof(target_ulong), addr1;
rcu_read_lock();
@@ -243,15 +266,15 @@ restart:
target_ulong vpn = addr >> PGSHIFT;
*physical = (ppn | (vpn & ((1L << ptshift) - 1))) << PGSHIFT;
+ /* set permissions on the TLB entry */
if ((pte & PTE_R)) {
*prot |= PAGE_READ;
}
if ((pte & PTE_X)) {
*prot |= PAGE_EXEC;
}
- /* only add write permission on stores or if the page
- is already dirty, so that we don't miss further
- page table walks to update the dirty bit */
+ /* add write permission on stores or if the page is already dirty,
+ so that we TLB miss on later writes to update the dirty bit */
if ((pte & PTE_W) &&
(access_type == MMU_DATA_STORE || (pte & PTE_D))) {
*prot |= PAGE_WRITE;
--
2.7.0
next prev parent reply other threads:[~2018-03-06 20:45 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-06 20:43 [Qemu-devel] [PATCH v1 00/22] Spec conformance bug fixes and cleanups Michael Clark
2018-03-06 20:43 ` [Qemu-devel] [PATCH v1 01/22] RISC-V: Make virt create_fdt interface consistent Michael Clark
2018-03-06 20:43 ` [Qemu-devel] [PATCH v1 02/22] RISC-V: Replace hardcoded constants with enum values Michael Clark
2018-03-06 22:56 ` Philippe Mathieu-Daudé
2018-03-06 20:43 ` [Qemu-devel] [PATCH v1 03/22] RISC-V: Make virt board description match spike Michael Clark
2018-03-06 20:43 ` [Qemu-devel] [PATCH v1 04/22] RISC-V: Use ROM base address and size from memory Michael Clark
2018-03-06 20:43 ` [Qemu-devel] [PATCH v1 05/22] RISC-V: Remove redundant identity_translate from Michael Clark
2018-03-06 23:00 ` Philippe Mathieu-Daudé
2018-03-06 20:43 ` [Qemu-devel] [PATCH v1 06/22] RISC-V: Mark ROM read-only after copying in code and Michael Clark
2018-03-06 20:43 ` [Qemu-devel] [PATCH v1 07/22] RISC-V: Remove unused class definitions from Michael Clark
[not found] ` <8787c302-b90a-df1f-9eb3-3ee16022a92e@amsat.org>
2018-03-07 4:14 ` Michael Clark
2018-03-07 4:30 ` Michael Clark
2018-03-06 20:43 ` [Qemu-devel] [PATCH v1 08/22] RISC-V: Make sure the emulated rom has space for Michael Clark
2018-03-06 20:43 ` [Qemu-devel] [PATCH v1 09/22] RISC-V: Include hexidecimal instruction in Michael Clark
2018-03-06 23:09 ` Philippe Mathieu-Daudé
2018-03-07 4:17 ` Michael Clark
2018-03-06 20:43 ` [Qemu-devel] [PATCH v1 10/22] RISC-V: Hold rcu_read_lock when accessing memory Michael Clark
2018-03-06 20:43 ` Michael Clark [this message]
2018-03-09 3:54 ` [Qemu-devel] [PATCH v1 11/22] RISC-V: Improve page table walker spec compliance Michael Clark
2018-03-06 20:43 ` [Qemu-devel] [PATCH v1 12/22] RISC-V: Update E order and I extension order Michael Clark
2018-03-06 20:43 ` [Qemu-devel] [PATCH v1 13/22] RISC-V: Make spike and virt header guards more Michael Clark
2018-03-06 20:43 ` [Qemu-devel] [PATCH v1 14/22] RISC-V: Make virt header comment title consistent Michael Clark
2018-03-06 20:43 ` [Qemu-devel] [PATCH v1 15/22] RISC-V: Use memory_region_is_ram in atomic pte Michael Clark
2018-03-06 20:43 ` [Qemu-devel] [PATCH v1 16/22] RISC-V: Remove EM_RISCV ELF_MACHINE indirection from Michael Clark
2018-03-06 20:43 ` [Qemu-devel] [PATCH v1 17/22] RISC-V: Ingore satp writes and return 0 for reads Michael Clark
2018-03-06 20:43 ` [Qemu-devel] [PATCH v1 18/22] RISC-V: Remove braces from satp case statement with Michael Clark
2018-03-06 23:09 ` Philippe Mathieu-Daudé
2018-03-06 20:43 ` [Qemu-devel] [PATCH v1 19/22] RISC-V: riscv-qemu port supports sv39 and sv48 Michael Clark
2018-03-06 20:43 ` [Qemu-devel] [PATCH v1 20/22] RISC-V: vectored traps are optional Michael Clark
2018-03-06 23:07 ` [Qemu-devel] [PATCH v1 00/22] Spec conformance bug fixes and cleanups Michael Clark
2018-03-06 23:47 ` Emilio G. Cota
2018-03-07 0:00 ` Michael Clark
2018-03-07 17:40 ` Emilio G. Cota
-- strict thread matches above, loose matches on Subject: below --
2018-03-06 20:56 [Qemu-devel] [PATCH v1 02/22] RISC-V: Replace hardcoded constants with enum values Michael Clark
2018-03-06 20:56 ` [Qemu-devel] [PATCH v1 11/22] RISC-V: Improve page table walker spec compliance Michael Clark
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1520369037-37977-12-git-send-email-mjc@sifive.com \
--to=mjc@sifive.com \
--cc=kbastian@mail.uni-paderborn.de \
--cc=palmer@sifive.com \
--cc=patches@groups.riscv.org \
--cc=qemu-devel@nongnu.org \
--cc=sagark@eecs.berkeley.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).