From: Alistair Francis <alistair23@gmail.com>
To: qemu-devel@nongnu.org
Cc: alistair23@gmail.com, Weiwei Li <liweiwei@iscas.ac.cn>,
Junqiang Wang <wangjunqiang@iscas.ac.cn>,
LIU Zhiwei <zhiwei_liu@linux.alibaba.com>,
Alistair Francis <alistair.francis@wdc.com>
Subject: [PULL 14/60] target/riscv: Update pmp_get_tlb_size()
Date: Wed, 14 Jun 2023 11:19:31 +1000 [thread overview]
Message-ID: <20230614012017.3100663-15-alistair.francis@wdc.com> (raw)
In-Reply-To: <20230614012017.3100663-1-alistair.francis@wdc.com>
From: Weiwei Li <liweiwei@iscas.ac.cn>
PMP entries before (including) the matched PMP entry may only cover partial
of the TLB page, and this may split the page into regions with different
permissions. Such as for PMP0 (0x80000008~0x8000000F, R) and PMP1 (0x80000000~
0x80000FFF, RWX), write access to 0x80000000 will match PMP1. However we cannot
cache the translation result in the TLB since this will make the write access
to 0x80000008 bypass the check of PMP0. So we should check all of them instead
of the matched PMP entry in pmp_get_tlb_size() and set the tlb_size to 1 in
this case.
Set tlb_size to TARGET_PAGE_SIZE if PMP is not support or there is no PMP rules.
Signed-off-by: Weiwei Li <liweiwei@iscas.ac.cn>
Signed-off-by: Junqiang Wang <wangjunqiang@iscas.ac.cn>
Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20230517091519.34439-2-liweiwei@iscas.ac.cn>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
---
target/riscv/pmp.h | 3 +-
target/riscv/cpu_helper.c | 7 ++--
target/riscv/pmp.c | 69 ++++++++++++++++++++++++++++++---------
3 files changed, 57 insertions(+), 22 deletions(-)
diff --git a/target/riscv/pmp.h b/target/riscv/pmp.h
index b296ea1fc6..0a7e24750b 100644
--- a/target/riscv/pmp.h
+++ b/target/riscv/pmp.h
@@ -76,8 +76,7 @@ int pmp_hart_has_privs(CPURISCVState *env, target_ulong addr,
target_ulong size, pmp_priv_t privs,
pmp_priv_t *allowed_privs,
target_ulong mode);
-target_ulong pmp_get_tlb_size(CPURISCVState *env, int pmp_index,
- target_ulong tlb_sa, target_ulong tlb_ea);
+target_ulong pmp_get_tlb_size(CPURISCVState *env, target_ulong addr);
void pmp_update_rule_addr(CPURISCVState *env, uint32_t pmp_index);
void pmp_update_rule_nums(CPURISCVState *env);
uint32_t pmp_get_num_rules(CPURISCVState *env);
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index 56381aaf26..065b433b88 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -715,11 +715,8 @@ static int get_physical_address_pmp(CPURISCVState *env, int *prot,
}
*prot = pmp_priv_to_page_prot(pmp_priv);
- if ((tlb_size != NULL) && pmp_index != MAX_RISCV_PMPS) {
- target_ulong tlb_sa = addr & ~(TARGET_PAGE_SIZE - 1);
- target_ulong tlb_ea = tlb_sa + TARGET_PAGE_SIZE - 1;
-
- *tlb_size = pmp_get_tlb_size(env, pmp_index, tlb_sa, tlb_ea);
+ if (tlb_size != NULL) {
+ *tlb_size = pmp_get_tlb_size(env, addr);
}
return TRANSLATE_SUCCESS;
diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c
index 1f5aca42e8..2bc924340a 100644
--- a/target/riscv/pmp.c
+++ b/target/riscv/pmp.c
@@ -601,28 +601,67 @@ target_ulong mseccfg_csr_read(CPURISCVState *env)
}
/*
- * Calculate the TLB size if the start address or the end address of
- * PMP entry is presented in the TLB page.
+ * Calculate the TLB size.
+ * It's possible that PMP regions only cover partial of the TLB page, and
+ * this may split the page into regions with different permissions.
+ * For example if PMP0 is (0x80000008~0x8000000F, R) and PMP1 is (0x80000000
+ * ~0x80000FFF, RWX), then region 0x80000008~0x8000000F has R permission, and
+ * the other regions in this page have RWX permissions.
+ * A write access to 0x80000000 will match PMP1. However we cannot cache the
+ * translation result in the TLB since this will make the write access to
+ * 0x80000008 bypass the check of PMP0.
+ * To avoid this we return a size of 1 (which means no caching) if the PMP
+ * region only covers partial of the TLB page.
*/
-target_ulong pmp_get_tlb_size(CPURISCVState *env, int pmp_index,
- target_ulong tlb_sa, target_ulong tlb_ea)
+target_ulong pmp_get_tlb_size(CPURISCVState *env, target_ulong addr)
{
- target_ulong pmp_sa = env->pmp_state.addr[pmp_index].sa;
- target_ulong pmp_ea = env->pmp_state.addr[pmp_index].ea;
+ target_ulong pmp_sa;
+ target_ulong pmp_ea;
+ target_ulong tlb_sa = addr & ~(TARGET_PAGE_SIZE - 1);
+ target_ulong tlb_ea = tlb_sa + TARGET_PAGE_SIZE - 1;
+ int i;
- if (pmp_sa <= tlb_sa && pmp_ea >= tlb_ea) {
+ /*
+ * If PMP is not supported or there are no PMP rules, the TLB page will not
+ * be split into regions with different permissions by PMP so we set the
+ * size to TARGET_PAGE_SIZE.
+ */
+ if (!riscv_cpu_cfg(env)->pmp || !pmp_get_num_rules(env)) {
return TARGET_PAGE_SIZE;
- } else {
+ }
+
+ for (i = 0; i < MAX_RISCV_PMPS; i++) {
+ if (pmp_get_a_field(env->pmp_state.pmp[i].cfg_reg) == PMP_AMATCH_OFF) {
+ continue;
+ }
+
+ pmp_sa = env->pmp_state.addr[i].sa;
+ pmp_ea = env->pmp_state.addr[i].ea;
+
/*
- * At this point we have a tlb_size that is the smallest possible size
- * That fits within a TARGET_PAGE_SIZE and the PMP region.
- *
- * If the size is less then TARGET_PAGE_SIZE we drop the size to 1.
- * This means the result isn't cached in the TLB and is only used for
- * a single translation.
+ * Only the first PMP entry that covers (whole or partial of) the TLB
+ * page really matters:
+ * If it covers the whole TLB page, set the size to TARGET_PAGE_SIZE,
+ * since the following PMP entries have lower priority and will not
+ * affect the permissions of the page.
+ * If it only covers partial of the TLB page, set the size to 1 since
+ * the allowed permissions of the region may be different from other
+ * region of the page.
*/
- return 1;
+ if (pmp_sa <= tlb_sa && pmp_ea >= tlb_ea) {
+ return TARGET_PAGE_SIZE;
+ } else if ((pmp_sa >= tlb_sa && pmp_sa <= tlb_ea) ||
+ (pmp_ea >= tlb_sa && pmp_ea <= tlb_ea)) {
+ return 1;
+ }
}
+
+ /*
+ * If no PMP entry matches the TLB page, the TLB page will also not be
+ * split into regions with different permissions by PMP so we set the size
+ * to TARGET_PAGE_SIZE.
+ */
+ return TARGET_PAGE_SIZE;
}
/*
--
2.40.1
next prev parent reply other threads:[~2023-06-14 1:23 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-14 1:19 [PULL 00/60] riscv-to-apply queue Alistair Francis
2023-06-14 1:19 ` [PULL 01/60] target/riscv/vector_helper.c: skip set tail when vta is zero Alistair Francis
2023-06-14 1:19 ` [PULL 02/60] target/riscv: Move zc* out of the experimental properties Alistair Francis
2023-06-14 1:19 ` [PULL 03/60] target/riscv/cpu.c: add riscv_cpu_validate_v() Alistair Francis
2023-06-14 1:19 ` [PULL 04/60] target/riscv/cpu.c: remove set_vext_version() Alistair Francis
2023-06-14 1:19 ` [PULL 05/60] target/riscv/cpu.c: remove set_priv_version() Alistair Francis
2023-06-14 1:19 ` [PULL 06/60] target/riscv: add PRIV_VERSION_LATEST Alistair Francis
2023-06-14 1:19 ` [PULL 07/60] target/riscv: Mask the implicitly enabled extensions in isa_string based on priv version Alistair Francis
2023-06-14 1:19 ` [PULL 08/60] target/riscv: Update check for Zca/Zcf/Zcd Alistair Francis
2023-06-14 1:19 ` [PULL 09/60] target/riscv/cpu.c: add priv_spec validate/disable_exts helpers Alistair Francis
2023-06-14 1:19 ` [PULL 10/60] target/riscv/cpu.c: add riscv_cpu_validate_misa_mxl() Alistair Francis
2023-06-14 1:19 ` [PULL 11/60] target/riscv/cpu.c: validate extensions before riscv_timer_init() Alistair Francis
2023-06-14 1:19 ` [PULL 12/60] target/riscv/cpu.c: remove cfg setup from riscv_cpu_init() Alistair Francis
2023-06-14 1:19 ` [PULL 13/60] target/riscv: rework write_misa() Alistair Francis
2023-06-14 1:19 ` Alistair Francis [this message]
2023-06-14 1:19 ` [PULL 15/60] target/riscv: Move pmp_get_tlb_size apart from get_physical_address_pmp Alistair Francis
2023-06-14 1:19 ` [PULL 16/60] target/riscv: Make the short cut really work in pmp_hart_has_privs Alistair Francis
2023-06-14 1:19 ` [PULL 17/60] target/riscv: Change the return type of pmp_hart_has_privs() to bool Alistair Francis
2023-06-14 1:19 ` [PULL 18/60] target/riscv: Make RLB/MML/MMWP bits writable only when Smepmp is enabled Alistair Francis
2023-06-14 1:19 ` [PULL 19/60] target/riscv: Remove unused paramters in pmp_hart_has_privs_default() Alistair Francis
2023-06-14 1:19 ` [PULL 20/60] target/riscv: Flush TLB when MMWP or MML bits are changed Alistair Francis
2023-06-14 1:19 ` [PULL 21/60] target/riscv: Update the next rule addr in pmpaddr_csr_write() Alistair Francis
2023-06-14 1:19 ` [PULL 22/60] target/riscv: Flush TLB when pmpaddr is updated Alistair Francis
2023-06-14 1:19 ` [PULL 23/60] target/riscv: Flush TLB only when pmpcfg/pmpaddr really changes Alistair Francis
2023-06-14 1:19 ` [PULL 24/60] target/riscv: Separate pmp_update_rule() in pmpcfg_csr_write Alistair Francis
2023-06-14 1:19 ` [PULL 25/60] target/riscv: Deny access if access is partially inside the PMP entry Alistair Francis
2023-06-14 1:19 ` [PULL 26/60] hw/riscv/opentitan: Rename machine_[class]_init() functions Alistair Francis
2023-06-14 1:19 ` [PULL 27/60] hw/riscv/opentitan: Declare QOM types using DEFINE_TYPES() macro Alistair Francis
2023-06-14 1:19 ` [PULL 28/60] hw/riscv/opentitan: Add TYPE_OPENTITAN_MACHINE definition Alistair Francis
2023-06-14 1:19 ` [PULL 29/60] hw/riscv/opentitan: Explicit machine type definition Alistair Francis
2023-06-14 1:19 ` [PULL 30/60] hw/riscv/opentitan: Correct OpenTitanState parent type/size Alistair Francis
2023-06-14 1:19 ` [PULL 31/60] hw/riscv: qemu crash when NUMA nodes exceed available CPUs Alistair Francis
2023-06-14 1:19 ` [PULL 32/60] target/riscv: Fix pointer mask transformation for vector address Alistair Francis
2023-06-14 1:19 ` [PULL 33/60] target/riscv: Update cur_pmmask/base when xl changes Alistair Francis
2023-06-14 1:19 ` [PULL 34/60] target/riscv: smstateen check for fcsr Alistair Francis
2023-06-14 1:19 ` [PULL 35/60] target/riscv: Reuse tb->flags.FS Alistair Francis
2023-06-14 1:19 ` [PULL 36/60] target/riscv: smstateen knobs Alistair Francis
2023-06-14 1:19 ` [PULL 37/60] disas: Change type of disassemble_info.target_info to pointer Alistair Francis
2023-06-14 1:19 ` [PULL 38/60] target/riscv: Split RISCVCPUConfig declarations from cpu.h into cpu_cfg.h Alistair Francis
2023-06-14 1:19 ` [PULL 39/60] target/riscv: Pass RISCVCPUConfig as target_info to disassemble_info Alistair Francis
2023-06-14 1:19 ` [PULL 40/60] disas/riscv.c: Support disas for Zcm* extensions Alistair Francis
2023-06-14 1:19 ` [PULL 41/60] disas/riscv.c: Support disas for Z*inx extensions Alistair Francis
2023-06-14 1:19 ` [PULL 42/60] disas/riscv.c: Remove unused decomp_rv32/64 value for vector instructions Alistair Francis
2023-06-14 1:20 ` [PULL 43/60] disas/riscv.c: Fix lines with over 80 characters Alistair Francis
2023-06-14 1:20 ` [PULL 44/60] disas/riscv.c: Remove redundant parentheses Alistair Francis
2023-06-14 1:20 ` [PULL 45/60] target/riscv: Fix target address to update badaddr Alistair Francis
2023-06-14 1:20 ` [PULL 46/60] target/riscv: Introduce cur_insn_len into DisasContext Alistair Francis
2023-06-14 1:20 ` [PULL 47/60] target/riscv: Change gen_goto_tb to work on displacements Alistair Francis
2023-06-14 1:20 ` [PULL 48/60] target/riscv: Change gen_set_pc_imm to gen_update_pc Alistair Francis
2023-06-14 1:20 ` [PULL 49/60] target/riscv: Use true diff for gen_pc_plus_diff Alistair Francis
2023-06-14 1:20 ` [PULL 50/60] target/riscv: Enable PC-relative translation Alistair Francis
2023-06-14 1:20 ` [PULL 51/60] target/riscv: Remove pc_succ_insn from DisasContext Alistair Francis
2023-06-14 1:20 ` [PULL 52/60] hw/riscv: virt: Assume M-mode FW in pflash0 only when "-bios none" Alistair Francis
2023-06-14 1:20 ` [PULL 53/60] riscv/virt: Support using pflash via -blockdev option Alistair Francis
2023-06-14 1:20 ` [PULL 54/60] docs/system: riscv: Add pflash usage details Alistair Francis
2023-06-14 1:20 ` [PULL 55/60] util/log: Add vector registers to log Alistair Francis
2023-06-14 1:20 ` [PULL 56/60] target/riscv: Fix initialized value for cur_pmmask Alistair Francis
2023-06-14 1:20 ` [PULL 57/60] target/riscv/vector_helper.c: clean up reference of MTYPE Alistair Francis
2023-06-14 1:20 ` [PULL 58/60] target/riscv/vector_helper.c: Remove the check for extra tail elements Alistair Francis
2023-06-14 1:20 ` [PULL 59/60] target/riscv: Smepmp: Return error when access permission not allowed in PMP Alistair Francis
2023-06-14 1:20 ` [PULL 60/60] hw/intc: If mmsiaddrcfgh.L == 1, smsiaddrcfg and smsiaddrcfgh are read-only Alistair Francis
2023-06-14 4:39 ` [PULL 00/60] riscv-to-apply queue Richard Henderson
2023-06-14 12:17 ` Michael Tokarev
2023-06-15 4:03 ` Alistair Francis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230614012017.3100663-15-alistair.francis@wdc.com \
--to=alistair23@gmail.com \
--cc=alistair.francis@wdc.com \
--cc=liweiwei@iscas.ac.cn \
--cc=qemu-devel@nongnu.org \
--cc=wangjunqiang@iscas.ac.cn \
--cc=zhiwei_liu@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).