From: Daniel Henrique Barboza <danielhb413@gmail.com>
To: qemu-devel@nongnu.org
Cc: qemu-ppc@nongnu.org, danielhb413@gmail.com,
peter.maydell@linaro.org, richard.henderson@linaro.org,
Leandro Lupori <leandro.lupori@eldorado.org.br>,
Fabiano Rosas <farosas@linux.ibm.com>
Subject: [PULL 29/30] target/ppc: Improve Radix xlate level validation
Date: Mon, 18 Jul 2022 14:22:07 -0300 [thread overview]
Message-ID: <20220718172208.1247624-30-danielhb413@gmail.com> (raw)
In-Reply-To: <20220718172208.1247624-1-danielhb413@gmail.com>
From: Leandro Lupori <leandro.lupori@eldorado.org.br>
Check if the number and size of Radix levels are valid on
POWER9/POWER10 CPUs, according to the supported Radix Tree
Configurations described in their User Manuals.
Signed-off-by: Leandro Lupori <leandro.lupori@eldorado.org.br>
Reviewed-by: Fabiano Rosas <farosas@linux.ibm.com>
Message-Id: <20220628133959.15131-3-leandro.lupori@eldorado.org.br>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
---
target/ppc/mmu-radix64.c | 49 +++++++++++++++++++++++++++++++---------
1 file changed, 38 insertions(+), 11 deletions(-)
diff --git a/target/ppc/mmu-radix64.c b/target/ppc/mmu-radix64.c
index 9a8a2e2875..705bff76be 100644
--- a/target/ppc/mmu-radix64.c
+++ b/target/ppc/mmu-radix64.c
@@ -236,17 +236,37 @@ static void ppc_radix64_set_rc(PowerPCCPU *cpu, MMUAccessType access_type,
}
}
+static bool ppc_radix64_is_valid_level(int level, int psize, uint64_t nls)
+{
+ /*
+ * Check if this is a valid level, according to POWER9 and POWER10
+ * Processor User's Manuals, sections 4.10.4.1 and 5.10.6.1, respectively:
+ * Supported Radix Tree Configurations and Resulting Page Sizes.
+ *
+ * Note: these checks are specific to POWER9 and POWER10 CPUs. Any future
+ * CPUs that supports a different Radix MMU configuration will need their
+ * own implementation.
+ */
+ switch (level) {
+ case 0: /* Root Page Dir */
+ return psize == 52 && nls == 13;
+ case 1:
+ case 2:
+ return nls == 9;
+ case 3:
+ return nls == 9 || nls == 5;
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR, "invalid radix level: %d\n", level);
+ return false;
+ }
+}
+
static int ppc_radix64_next_level(AddressSpace *as, vaddr eaddr,
uint64_t *pte_addr, uint64_t *nls,
int *psize, uint64_t *pte, int *fault_cause)
{
uint64_t index, pde;
- if (*nls < 5) { /* Directory maps less than 2**5 entries */
- *fault_cause |= DSISR_R_BADCONFIG;
- return 1;
- }
-
/* Read page <directory/table> entry from guest address space */
pde = ldq_phys(as, *pte_addr);
if (!(pde & R_PTE_VALID)) { /* Invalid Entry */
@@ -270,12 +290,8 @@ static int ppc_radix64_walk_tree(AddressSpace *as, vaddr eaddr,
hwaddr *raddr, int *psize, uint64_t *pte,
int *fault_cause, hwaddr *pte_addr)
{
- uint64_t index, pde, rpn , mask;
-
- if (nls < 5) { /* Directory maps less than 2**5 entries */
- *fault_cause |= DSISR_R_BADCONFIG;
- return 1;
- }
+ uint64_t index, pde, rpn, mask;
+ int level = 0;
index = eaddr >> (*psize - nls); /* Shift */
index &= ((1UL << nls) - 1); /* Mask */
@@ -283,6 +299,11 @@ static int ppc_radix64_walk_tree(AddressSpace *as, vaddr eaddr,
do {
int ret;
+ if (!ppc_radix64_is_valid_level(level++, *psize, nls)) {
+ *fault_cause |= DSISR_R_BADCONFIG;
+ return 1;
+ }
+
ret = ppc_radix64_next_level(as, eaddr, pte_addr, &nls, psize, &pde,
fault_cause);
if (ret) {
@@ -456,6 +477,7 @@ static int ppc_radix64_process_scoped_xlate(PowerPCCPU *cpu,
}
} else {
uint64_t rpn, mask;
+ int level = 0;
index = (eaddr & R_EADDR_MASK) >> (*g_page_size - nls); /* Shift */
index &= ((1UL << nls) - 1); /* Mask */
@@ -475,6 +497,11 @@ static int ppc_radix64_process_scoped_xlate(PowerPCCPU *cpu,
return ret;
}
+ if (!ppc_radix64_is_valid_level(level++, *g_page_size, nls)) {
+ fault_cause |= DSISR_R_BADCONFIG;
+ return 1;
+ }
+
ret = ppc_radix64_next_level(cs->as, eaddr & R_EADDR_MASK, &h_raddr,
&nls, g_page_size, &pte, &fault_cause);
if (ret) {
--
2.36.1
next prev parent reply other threads:[~2022-07-18 17:43 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-18 17:21 [PULL 00/30] ppc queue Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 01/30] ppc64: Allocate IRQ lines with qdev_init_gpio_in() Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 02/30] ppc/40x: " Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 03/30] ppc/6xx: " Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 04/30] ppc/e500: " Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 05/30] ppc: Remove unused irq_inputs Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 06/30] hw/ppc: pass random seed to fdt Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 07/30] target/ppc/kvm: Skip current and parent directories in kvmppc_find_cpu_dt Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 08/30] target/ppc: Fix gen_priv_exception error value in mfspr/mtspr Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 09/30] target/ppc: fix exception error value in slbfee Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 10/30] target/ppc: remove mfdcrux and mtdcrux Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 11/30] target/ppc: fix exception error code in helper_{load, store}_dcr Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 12/30] target/ppc: fix PMU Group A register read/write exceptions Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 13/30] target/ppc: fix exception error code in spr_write_excp_vector Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 14/30] target/ppc: Move tlbie[l] to decode tree Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 15/30] target/ppc: Implement ISA 3.00 tlbie[l] Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 16/30] target/ppc: receive DisasContext explicitly in GEN_PRIV Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 17/30] target/ppc: add macros to check privilege level Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 18/30] target/ppc: Move slbie to decodetree Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 19/30] target/ppc: Move slbieg " Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 20/30] target/ppc: Move slbia " Daniel Henrique Barboza
2022-07-18 17:21 ` [PULL 21/30] target/ppc: Move slbmte " Daniel Henrique Barboza
2022-07-18 17:22 ` [PULL 22/30] target/ppc: Move slbmfev " Daniel Henrique Barboza
2022-07-18 17:22 ` [PULL 23/30] target/ppc: Move slbmfee " Daniel Henrique Barboza
2022-07-18 17:22 ` [PULL 24/30] target/ppc: Move slbfee " Daniel Henrique Barboza
2022-07-18 17:22 ` [PULL 25/30] target/ppc: Move slbsync " Daniel Henrique Barboza
2022-07-18 17:22 ` [PULL 26/30] target/ppc: Implement slbiag Daniel Henrique Barboza
2022-07-18 17:22 ` [PULL 27/30] target/ppc: check tb_env != 0 before printing TBU/TBL/DECR Daniel Henrique Barboza
2022-07-18 17:22 ` [PULL 28/30] ppc: Check partition and process table alignment Daniel Henrique Barboza
2022-07-18 17:22 ` Daniel Henrique Barboza [this message]
2022-07-18 17:22 ` [PULL 30/30] target/ppc: Check page dir/table base alignment Daniel Henrique Barboza
2022-07-19 8:56 ` [PULL 00/30] ppc queue Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220718172208.1247624-30-danielhb413@gmail.com \
--to=danielhb413@gmail.com \
--cc=farosas@linux.ibm.com \
--cc=leandro.lupori@eldorado.org.br \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
--cc=richard.henderson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).