From: Michael Clark <mjc@sifive.com>
To: qemu-devel@nongnu.org
Cc: Michael Clark <mjc@sifive.com>,
Sagar Karandikar <sagark@eecs.berkeley.edu>,
Bastian Koppelmann <kbastian@mail.uni-paderborn.de>,
Palmer Dabbelt <palmer@sifive.com>
Subject: [Qemu-devel] [PATCH v2 11/23] RISC-V: Improve page table walker spec compliance
Date: Fri, 9 Mar 2018 17:12:33 +1300 [thread overview]
Message-ID: <1520568765-58189-12-git-send-email-mjc@sifive.com> (raw)
In-Reply-To: <1520568765-58189-1-git-send-email-mjc@sifive.com>
- Inline PTE_TABLE check for better readability
- Improve readibility of User page U mode and SUM test
- Disallow non U mode from fetching from User pages
- Add reserved PTE flag check: W or W|X
- Add misaligned PPN check
- Change access checks from ternary operator to if statements
- Improves page walker comments
- No measurable performance impact on dd test
Cc: Sagar Karandikar <sagark@eecs.berkeley.edu>
Cc: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Michael Clark <mjc@sifive.com>
Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
---
target/riscv/cpu_bits.h | 2 --
target/riscv/helper.c | 59 ++++++++++++++++++++++++++++++++++---------------
2 files changed, 41 insertions(+), 20 deletions(-)
diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
index 64aa097..12b4757 100644
--- a/target/riscv/cpu_bits.h
+++ b/target/riscv/cpu_bits.h
@@ -407,5 +407,3 @@
#define PTE_SOFT 0x300 /* Reserved for Software */
#define PTE_PPN_SHIFT 10
-
-#define PTE_TABLE(PTE) (((PTE) & (PTE_V | PTE_R | PTE_W | PTE_X)) == PTE_V)
diff --git a/target/riscv/helper.c b/target/riscv/helper.c
index 228933c..162d5ec 100644
--- a/target/riscv/helper.c
+++ b/target/riscv/helper.c
@@ -185,16 +185,36 @@ restart:
#endif
target_ulong ppn = pte >> PTE_PPN_SHIFT;
- if (PTE_TABLE(pte)) { /* next level of page table */
+ if (!(pte & PTE_V)) {
+ /* Invalid PTE */
+ return TRANSLATE_FAIL;
+ } else if (!(pte & (PTE_R | PTE_W | PTE_X))) {
+ /* Inner PTE, continue walking */
base = ppn << PGSHIFT;
- } else if ((pte & PTE_U) ? (mode == PRV_S) && !sum : !(mode == PRV_S)) {
- break;
- } else if (!(pte & PTE_V) || (!(pte & PTE_R) && (pte & PTE_W))) {
- break;
- } else if (access_type == MMU_INST_FETCH ? !(pte & PTE_X) :
- access_type == MMU_DATA_LOAD ? !(pte & PTE_R) &&
- !(mxr && (pte & PTE_X)) : !((pte & PTE_R) && (pte & PTE_W))) {
- break;
+ } else if ((pte & (PTE_R | PTE_W | PTE_X)) == PTE_W) {
+ /* Reserved leaf PTE flags: PTE_W */
+ return TRANSLATE_FAIL;
+ } else if ((pte & (PTE_R | PTE_W | PTE_X)) == (PTE_W | PTE_X)) {
+ /* Reserved leaf PTE flags: PTE_W + PTE_X */
+ return TRANSLATE_FAIL;
+ } else if ((pte & PTE_U) && ((mode != PRV_U) &&
+ (!sum || access_type == MMU_INST_FETCH))) {
+ /* User PTE flags when not U mode and mstatus.SUM is not set,
+ or the access type is an instruction fetch */
+ return TRANSLATE_FAIL;
+ } else if (ppn & ((1ULL << ptshift) - 1)) {
+ /* Misasligned PPN */
+ return TRANSLATE_FAIL;
+ } else if (access_type == MMU_DATA_LOAD && !((pte & PTE_R) ||
+ (mode != PRV_U && (pte & PTE_X) && mxr))) {
+ /* Read access check failed */
+ return TRANSLATE_FAIL;
+ } else if (access_type == MMU_DATA_STORE && !(pte & PTE_W)) {
+ /* Write access check failed */
+ return TRANSLATE_FAIL;
+ } else if (access_type == MMU_INST_FETCH && !(pte & PTE_X)) {
+ /* Fetch access check failed */
+ return TRANSLATE_FAIL;
} else {
/* if necessary, set accessed and dirty bits. */
target_ulong updated_pte = pte | PTE_A |
@@ -202,11 +222,14 @@ restart:
/* Page table updates need to be atomic with MTTCG enabled */
if (updated_pte != pte) {
- /* if accessed or dirty bits need updating, and the PTE is
- * in RAM, then we do so atomically with a compare and swap.
- * if the PTE is in IO space, then it can't be updated.
- * if the PTE changed, then we must re-walk the page table
- as the PTE is no longer valid */
+ /*
+ * - if accessed or dirty bits need updating, and the PTE is
+ * in RAM, then we do so atomically with a compare and swap.
+ * - if the PTE is in IO space or ROM, then it can't be updated
+ * and we return TRANSLATE_FAIL.
+ * - if the PTE changed by the time we went to update it, then
+ * it is no longer valid and we must re-walk the page table.
+ */
MemoryRegion *mr;
hwaddr l = sizeof(target_ulong), addr1;
rcu_read_lock();
@@ -243,15 +266,15 @@ restart:
target_ulong vpn = addr >> PGSHIFT;
*physical = (ppn | (vpn & ((1L << ptshift) - 1))) << PGSHIFT;
- if ((pte & PTE_R)) {
+ /* set permissions on the TLB entry */
+ if ((pte & PTE_R) || (mode != PRV_U && (pte & PTE_X) && mxr)) {
*prot |= PAGE_READ;
}
if ((pte & PTE_X)) {
*prot |= PAGE_EXEC;
}
- /* only add write permission on stores or if the page
- is already dirty, so that we don't miss further
- page table walks to update the dirty bit */
+ /* add write permission on stores or if the page is already dirty,
+ so that we TLB miss on later writes to update the dirty bit */
if ((pte & PTE_W) &&
(access_type == MMU_DATA_STORE || (pte & PTE_D))) {
*prot |= PAGE_WRITE;
--
2.7.0
next prev parent reply other threads:[~2018-03-09 4:14 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-09 4:12 [Qemu-devel] [PATCH v2 00/23] RISC-V Post-merge spec conformance and cleanup Michael Clark
2018-03-09 4:12 ` [Qemu-devel] [PATCH v2 01/23] RISC-V: Make virt create_fdt interface consistent Michael Clark
2018-03-10 20:33 ` Philippe Mathieu-Daudé
2018-03-09 4:12 ` [Qemu-devel] [PATCH v2 02/23] RISC-V: Replace hardcoded constants with enum values Michael Clark
2018-03-09 4:12 ` [Qemu-devel] [PATCH v2 03/23] RISC-V: Make virt board description match spike Michael Clark
2018-03-10 20:34 ` Philippe Mathieu-Daudé
2018-03-09 4:12 ` [Qemu-devel] [PATCH v2 04/23] RISC-V: Use ROM base address and size from memmap Michael Clark
2018-03-10 20:35 ` Philippe Mathieu-Daudé
2018-03-12 18:24 ` Eric Blake
2018-03-09 4:12 ` [Qemu-devel] [PATCH v2 05/23] RISC-V: Remove identity_translate from load_elf Michael Clark
2018-03-09 4:12 ` [Qemu-devel] [PATCH v2 06/23] RISC-V: Mark ROM read-only after copying in code Michael Clark
2018-03-09 4:12 ` [Qemu-devel] [PATCH v2 07/23] RISC-V: Remove unused class definitions Michael Clark
2018-03-09 4:12 ` [Qemu-devel] [PATCH v2 08/23] RISC-V: Make sure rom has space for fdt Michael Clark
2018-03-09 4:12 ` [Qemu-devel] [PATCH v2 09/23] RISC-V: Include intruction hex in disassembly Michael Clark
2018-03-09 4:12 ` [Qemu-devel] [PATCH v2 10/23] RISC-V: Hold rcu_read_lock when accessing memory Michael Clark
2018-03-10 20:45 ` Philippe Mathieu-Daudé
2018-03-09 4:12 ` Michael Clark [this message]
2018-03-09 4:12 ` [Qemu-devel] [PATCH v2 12/23] RISC-V: Update E order and I extension order Michael Clark
2018-03-09 4:12 ` [Qemu-devel] [PATCH v2 13/23] RISC-V: Make some header guards more specific Michael Clark
2018-03-10 20:30 ` Philippe Mathieu-Daudé
2018-03-09 4:12 ` [Qemu-devel] [PATCH v2 14/23] RISC-V: Make virt header comment title consistent Michael Clark
2018-03-10 20:31 ` Philippe Mathieu-Daudé
2018-03-09 4:12 ` [Qemu-devel] [PATCH v2 15/23] RISC-V: Use memory_region_is_ram in pte update Michael Clark
2018-03-10 20:42 ` Philippe Mathieu-Daudé
2018-03-09 4:12 ` [Qemu-devel] [PATCH v2 16/23] RISC-V: Remove EM_RISCV ELF_MACHINE indirection Michael Clark
2018-03-10 20:32 ` Philippe Mathieu-Daudé
2018-03-09 4:12 ` [Qemu-devel] [PATCH v2 17/23] RISC-V: Hardwire satp to 0 for no-mmu case Michael Clark
2018-03-09 4:12 ` [Qemu-devel] [PATCH v2 18/23] RISC-V: Remove braces from satp case statement Michael Clark
2018-03-09 4:12 ` [Qemu-devel] [PATCH v2 19/23] RISC-V: riscv-qemu port supports sv39 and sv48 Michael Clark
2018-03-09 4:12 ` [Qemu-devel] [PATCH v2 20/23] RISC-V: vectored traps are optional Michael Clark
2018-03-09 4:12 ` [Qemu-devel] [PATCH v2 21/23] RISC-V: No traps on writes to misa, minstret, mcycle Michael Clark
2018-03-09 4:12 ` [Qemu-devel] [PATCH v2 22/23] RISC-V: Remove support for adhoc X_COP interrupt Michael Clark
2018-03-09 4:12 ` [Qemu-devel] [PATCH v2 23/23] RISC-V: Convert cpu definition towards future model Michael Clark
2018-03-10 20:30 ` Philippe Mathieu-Daudé
2018-03-12 17:34 ` [Qemu-devel] [PATCH v2 00/23] RISC-V Post-merge spec conformance and cleanup no-reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1520568765-58189-12-git-send-email-mjc@sifive.com \
--to=mjc@sifive.com \
--cc=kbastian@mail.uni-paderborn.de \
--cc=palmer@sifive.com \
--cc=qemu-devel@nongnu.org \
--cc=sagark@eecs.berkeley.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).