From: Hongzheng-Li <ethan.lee.qnl@gmail.com>
To: qemu-riscv@nongnu.org, qemu-devel@nongnu.org
Cc: Hou Weiying <weiying_hou@outlook.com>,
sagark@eecs.berkeley.edu, kbastian@mail.uni-paderborn.de,
Hongzheng-Li <Ethan.Lee.QNL@gmail.com>,
Alistair.Francis@wdc.com, palmer@dabbelt.com,
Myriad-Dreamin <camiyoru@gmail.com>
Subject: [PATCH 2/4] Implementation of enhanced PMP(ePMP) support
Date: Sat, 8 Aug 2020 17:09:48 +0800 [thread overview]
Message-ID: <20200808090950.13-3-Ethan.Lee.QNL@gmail.com> (raw)
In-Reply-To: <20200808090950.13-1-Ethan.Lee.QNL@gmail.com>
From: Hou Weiying <weiying_hou@outlook.com>
The ePMP can be found in:
https://docs.google.com/document/d/1Mh_aiHYxemL0umN3GTTw8vsbmzHZ_nxZXgjgOUzbvc8/edit#heading=h.9wsr1lnxtwe2
Signed-off-by: Hongzheng-Li <Ethan.Lee.QNL@gmail.com>
Signed-off-by: Hou Weiying <weiying_hou@outlook.com>
Signed-off-by: Myriad-Dreamin <camiyoru@gmail.com>
---
target/riscv/pmp.c | 134 ++++++++++++++++++++++++++++++++++----
target/riscv/pmp.h | 12 ++++
target/riscv/trace-events | 4 ++
3 files changed, 138 insertions(+), 12 deletions(-)
diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c
index 0e6b640fbd..8df389cecd 100644
--- a/target/riscv/pmp.c
+++ b/target/riscv/pmp.c
@@ -34,6 +34,26 @@ static void pmp_write_cfg(CPURISCVState *env, uint32_t addr_index,
static uint8_t pmp_read_cfg(CPURISCVState *env, uint32_t addr_index);
static void pmp_update_rule(CPURISCVState *env, uint32_t pmp_index);
+static char mode_to_char(int mode)
+{
+ char ret = 0;
+ switch (mode) {
+ case PRV_U:
+ ret = 'u';
+ break;
+ case PRV_S:
+ ret = 's';
+ break;
+ case PRV_H:
+ ret = 'h';
+ break;
+ case PRV_M:
+ ret = 'm';
+ break;
+ }
+ return ret;
+}
+
/*
* Accessor method to extract address matching type 'a field' from cfg reg
*/
@@ -99,7 +119,28 @@ static inline uint8_t pmp_read_cfg(CPURISCVState *env, uint32_t pmp_index)
static void pmp_write_cfg(CPURISCVState *env, uint32_t pmp_index, uint8_t val)
{
if (pmp_index < MAX_RISCV_PMPS) {
- if (!pmp_is_locked(env, pmp_index)) {
+ /*
+ * mseccfg.RLB is set
+ */
+ if (MSECCFG_RLB_ISSET(env) ||
+ /*
+ * mseccfg.MML is set
+ */
+ (MSECCFG_MML_ISSET(env) &&
+ /*
+ * m model and not adding X bit
+ */
+ (((val & PMP_LOCK) != 0 && (val & PMP_EXEC) != PMP_EXEC) ||
+ /*
+ * shared region and not adding X bit
+ */
+ ((val & PMP_LOCK) != PMP_LOCK &&
+ (val & 0x7) != (PMP_WRITE | PMP_EXEC)))) ||
+ /*
+ * mseccfg.MML is not set
+ */
+ (!MSECCFG_MML_ISSET(env) && !pmp_is_locked(env, pmp_index))
+ ){
env->pmp_state.pmp[pmp_index].cfg_reg = val;
pmp_update_rule(env, pmp_index);
} else {
@@ -230,6 +271,18 @@ bool pmp_hart_has_privs(CPURISCVState *env, target_ulong addr,
/* Short cut if no rules */
if (0 == pmp_get_num_rules(env)) {
+ if (MSECCFG_MMWP_ISSET(env)) {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "pmp violation - %c mode access denied\n",
+ mode_to_char(mode));
+ return false;
+ }
+ if (MSECCFG_MML_ISSET(env) && (mode != PRV_M || (privs & PMP_EXEC))) {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "pmp violation - %c mode access denied\n",
+ mode_to_char(mode));
+ return false;
+ }
return true;
}
@@ -261,16 +314,65 @@ bool pmp_hart_has_privs(CPURISCVState *env, target_ulong addr,
const uint8_t a_field =
pmp_get_a_field(env->pmp_state.pmp[i].cfg_reg);
- /*
- * If the PMP entry is not off and the address is in range, do the priv
- * check
- */
if (((s + e) == 2) && (PMP_AMATCH_OFF != a_field)) {
- allowed_privs = PMP_READ | PMP_WRITE | PMP_EXEC;
- if ((mode != PRV_M) || pmp_is_locked(env, i)) {
- allowed_privs &= env->pmp_state.pmp[i].cfg_reg;
+ /*
+ * If the PMP entry is not off and the address is in range,
+ * do the priv check
+ */
+ if (!MSECCFG_MML_ISSET(env)) {
+ /*
+ * If mseccfg.MML Bit is not set, do pmp priv check
+ */
+ allowed_privs = PMP_READ | PMP_WRITE | PMP_EXEC;
+ if ((mode != PRV_M) || pmp_is_locked(env, i)) {
+ allowed_privs &= env->pmp_state.pmp[i].cfg_reg;
+ }
+ } else {
+ /*
+ * If mseccfg.MML Bit set, do the enhanced pmp priv check
+ */
+ if (env->pmp_state.pmp[i].cfg_reg & PMP_LOCK) {
+ /*
+ * Shared Region
+ */
+ if ((env->pmp_state.pmp[i].cfg_reg &
+ (PMP_READ | PMP_WRITE)) == PMP_WRITE) {
+ allowed_privs = PMP_EXEC | ((mode == PRV_M &&
+ (env->pmp_state.pmp[i].cfg_reg & PMP_EXEC)) ?
+ PMP_READ : 0);
+ } else {
+ allowed_privs = env->pmp_state.pmp[i].cfg_reg &
+ (PMP_READ | PMP_WRITE | PMP_EXEC);
+
+ if (mode != PRV_M && allowed_privs) {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "pmp violation - %c mode access denied\n",
+ mode_to_char(mode));
+ ret = 0;
+ break;
+ }
+ }
+ } else {
+ /*
+ * Shared Region
+ */
+ if ((env->pmp_state.pmp[i].cfg_reg &
+ (PMP_READ | PMP_WRITE)) == PMP_WRITE) {
+ allowed_privs = PMP_READ | ((mode == PRV_M ||
+ (env->pmp_state.pmp[i].cfg_reg & PMP_EXEC)) ?
+ PMP_WRITE : 0);
+ } else {
+ allowed_privs = env->pmp_state.pmp[i].cfg_reg &
+ (PMP_READ | PMP_WRITE | PMP_EXEC);
+ if (mode == PRV_M && allowed_privs) {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "pmp violation - m mode access denied\n");
+ ret = 0;
+ break;
+ }
+ }
+ }
}
-
if ((privs & allowed_privs) == privs) {
ret = 1;
break;
@@ -284,15 +386,23 @@ bool pmp_hart_has_privs(CPURISCVState *env, target_ulong addr,
/* No rule matched */
if (ret == -1) {
if (mode == PRV_M) {
- ret = 1; /* Privileged spec v1.10 states if no PMP entry matches an
- * M-Mode access, the access succeeds */
+ ret = !MSECCFG_MMWP_ISSET(env); /* PMP Enhancements */
+ if (MSECCFG_MML_ISSET(env) && (privs & PMP_EXEC)) {
+ ret = 0;
+ }
} else {
ret = 0; /* Other modes are not allowed to succeed if they don't
* match a rule, but there are rules. We've checked for
* no rule earlier in this function. */
}
}
-
+ if (ret) {
+ trace_pmp_hart_has_privs_pass_match(
+ env->mhartid, addr, size, privs, mode);
+ } else {
+ trace_pmp_hart_has_privs_violation(
+ env->mhartid, addr, size, privs, mode);
+ }
return ret == 1 ? true : false;
}
diff --git a/target/riscv/pmp.h b/target/riscv/pmp.h
index 8e19793132..7db2069204 100644
--- a/target/riscv/pmp.h
+++ b/target/riscv/pmp.h
@@ -36,6 +36,12 @@ typedef enum {
PMP_AMATCH_NAPOT /* Naturally aligned power-of-two region */
} pmp_am_t;
+typedef enum {
+ MSECCFG_MML = 1 << 0,
+ MSECCFG_MMWP = 1 << 1,
+ MSECCFG_RLB = 1 << 2
+} mseccfg_field_t;
+
typedef struct {
target_ulong addr_reg;
uint8_t cfg_reg;
@@ -58,7 +64,13 @@ target_ulong pmpcfg_csr_read(CPURISCVState *env, uint32_t reg_index);
void pmpaddr_csr_write(CPURISCVState *env, uint32_t addr_index,
target_ulong val);
target_ulong pmpaddr_csr_read(CPURISCVState *env, uint32_t addr_index);
+void mseccfg_csr_write(CPURISCVState *env, target_ulong val);
+target_ulong mseccfg_csr_read(CPURISCVState *env);
bool pmp_hart_has_privs(CPURISCVState *env, target_ulong addr,
target_ulong size, pmp_priv_t priv, target_ulong mode);
+#define MSECCFG_MML_ISSET(env) get_field(env->mseccfg, MSECCFG_MML)
+#define MSECCFG_MMWP_ISSET(env) get_field(env->mseccfg, MSECCFG_MMWP)
+#define MSECCFG_RLB_ISSET(env) get_field(env->mseccfg, MSECCFG_RLB)
+
#endif
diff --git a/target/riscv/trace-events b/target/riscv/trace-events
index 4b6c652ae9..4f877f90f7 100644
--- a/target/riscv/trace-events
+++ b/target/riscv/trace-events
@@ -6,3 +6,7 @@ pmpcfg_csr_read(uint64_t mhartid, uint32_t reg_index, uint64_t val) "hart %" PRI
pmpcfg_csr_write(uint64_t mhartid, uint32_t reg_index, uint64_t val) "hart %" PRIu64 ": write reg%" PRIu32", val: 0x%" PRIx64
pmpaddr_csr_read(uint64_t mhartid, uint32_t addr_index, uint64_t val) "hart %" PRIu64 ": read addr%" PRIu32", val: 0x%" PRIx64
pmpaddr_csr_write(uint64_t mhartid, uint32_t addr_index, uint64_t val) "hart %" PRIu64 ": write addr%" PRIu32", val: 0x%" PRIx64
+mseccfg_csr_read(uint64_t mhartid, uint64_t val) "hart %" PRIu64 ": read mseccfg, val: 0x%" PRIx64
+mseccfg_csr_write(uint64_t mhartid, uint64_t val) "hart %" PRIu64 ": write mseccfg, val: 0x%" PRIx64
+pmp_hart_has_privs_pass_match(uint64_t mhartid, uint64_t addr, uint64_t size, uint64_t privs, uint64_t mode) "hart %"PRId64 "pass PMP 0 match addr:%"PRIu64" size:%"PRIu64 "privs: %"PRIu64 "mode: %"PRIu64
+pmp_hart_has_privs_violation(uint64_t mhartid, uint64_t addr, uint64_t size, uint64_t privs, uint64_t mode) "hart %"PRId64 "pass PMP 0 match addr:%"PRIu64" size:%"PRIu64 "privs: %"PRIu64 "mode: %"PRIu64
--
2.20.1
next prev parent reply other threads:[~2020-08-08 13:06 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-08 9:09 [PATCH 0/4] riscv: Add enhanced PMP support Hongzheng-Li
2020-08-08 9:09 ` [PATCH 1/4] Define ePMP mseccfg Hongzheng-Li
2020-08-08 9:09 ` Hongzheng-Li [this message]
2020-08-08 9:09 ` [PATCH 3/4] Add ePMP CSR accesses Hongzheng-Li
2020-08-08 9:09 ` [PATCH 4/4] Add a config option for ePMP Hongzheng-Li
[not found] <20200808085656.28692-1-weiying_hou@outlook.com>
2020-08-08 8:56 ` [PATCH 2/4] Implementation of enhanced PMP(ePMP) support Hou Weiying
[not found] <20200808052031.19523-1-weiying_hou@outlook.com>
2020-08-08 5:20 ` Hou Weiying
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200808090950.13-3-Ethan.Lee.QNL@gmail.com \
--to=ethan.lee.qnl@gmail.com \
--cc=Alistair.Francis@wdc.com \
--cc=camiyoru@gmail.com \
--cc=kbastian@mail.uni-paderborn.de \
--cc=palmer@dabbelt.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-riscv@nongnu.org \
--cc=sagark@eecs.berkeley.edu \
--cc=weiying_hou@outlook.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).