* [PATCH 1/5] target/riscv: Add svukte extension capability variable
2024-09-03 6:17 [PATCH 0/5] Introduce svukte ISA extension Fea.Wang
@ 2024-09-03 6:17 ` Fea.Wang
2024-09-04 0:05 ` Alistair Francis
2024-09-03 6:17 ` [PATCH 2/5] target/riscv: Support senvcfg[UKTE] bit when svukte extension is enabled Fea.Wang
` (4 subsequent siblings)
5 siblings, 1 reply; 10+ messages in thread
From: Fea.Wang @ 2024-09-03 6:17 UTC (permalink / raw)
To: qemu-devel, qemu-riscv
Cc: Palmer Dabbelt, Alistair Francis, Bin Meng, Weiwei Li,
Daniel Henrique Barboza, Liu Zhiwei, Fea.Wang, Frank Chang,
Jim Shu
Refer to the draft of svukte extension from:
https://github.com/riscv/riscv-isa-manual/pull/1564
Svukte provides a means to make user-mode accesses to supervisor memory
raise page faults in constant time, mitigating attacks that attempt to
discover the supervisor software's address-space layout.
Signed-off-by: Fea.Wang <fea.wang@sifive.com>
Reviewed-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Jim Shu <jim.shu@sifive.com>
---
target/riscv/cpu_cfg.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/target/riscv/cpu_cfg.h b/target/riscv/cpu_cfg.h
index 96fe26d4ea..636b12e1c2 100644
--- a/target/riscv/cpu_cfg.h
+++ b/target/riscv/cpu_cfg.h
@@ -81,6 +81,7 @@ struct RISCVCPUConfig {
bool ext_svinval;
bool ext_svnapot;
bool ext_svpbmt;
+ bool ext_svukte;
bool ext_zdinx;
bool ext_zaamo;
bool ext_zacas;
--
2.34.1
^ permalink raw reply related [flat|nested] 10+ messages in thread* Re: [PATCH 1/5] target/riscv: Add svukte extension capability variable
2024-09-03 6:17 ` [PATCH 1/5] target/riscv: Add svukte extension capability variable Fea.Wang
@ 2024-09-04 0:05 ` Alistair Francis
0 siblings, 0 replies; 10+ messages in thread
From: Alistair Francis @ 2024-09-04 0:05 UTC (permalink / raw)
To: Fea.Wang
Cc: qemu-devel, qemu-riscv, Palmer Dabbelt, Alistair Francis,
Bin Meng, Weiwei Li, Daniel Henrique Barboza, Liu Zhiwei,
Frank Chang, Jim Shu
On Tue, Sep 3, 2024 at 4:15 PM Fea.Wang <fea.wang@sifive.com> wrote:
>
> Refer to the draft of svukte extension from:
> https://github.com/riscv/riscv-isa-manual/pull/1564
We won't be able to merge this while the spec is just a pull request.
We need a fixes spec that we can point out with a version
Alistair
>
> Svukte provides a means to make user-mode accesses to supervisor memory
> raise page faults in constant time, mitigating attacks that attempt to
> discover the supervisor software's address-space layout.
>
> Signed-off-by: Fea.Wang <fea.wang@sifive.com>
> Reviewed-by: Frank Chang <frank.chang@sifive.com>
> Reviewed-by: Jim Shu <jim.shu@sifive.com>
> ---
> target/riscv/cpu_cfg.h | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/target/riscv/cpu_cfg.h b/target/riscv/cpu_cfg.h
> index 96fe26d4ea..636b12e1c2 100644
> --- a/target/riscv/cpu_cfg.h
> +++ b/target/riscv/cpu_cfg.h
> @@ -81,6 +81,7 @@ struct RISCVCPUConfig {
> bool ext_svinval;
> bool ext_svnapot;
> bool ext_svpbmt;
> + bool ext_svukte;
> bool ext_zdinx;
> bool ext_zaamo;
> bool ext_zacas;
> --
> 2.34.1
>
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH 2/5] target/riscv: Support senvcfg[UKTE] bit when svukte extension is enabled
2024-09-03 6:17 [PATCH 0/5] Introduce svukte ISA extension Fea.Wang
2024-09-03 6:17 ` [PATCH 1/5] target/riscv: Add svukte extension capability variable Fea.Wang
@ 2024-09-03 6:17 ` Fea.Wang
2024-09-03 6:17 ` [PATCH 3/5] target/riscv: Support hstatus[HUKTE] " Fea.Wang
` (3 subsequent siblings)
5 siblings, 0 replies; 10+ messages in thread
From: Fea.Wang @ 2024-09-03 6:17 UTC (permalink / raw)
To: qemu-devel, qemu-riscv
Cc: Palmer Dabbelt, Alistair Francis, Bin Meng, Weiwei Li,
Daniel Henrique Barboza, Liu Zhiwei, Fea.Wang, Frank Chang,
Jim Shu
Svukte extension add UKTE bit, bit[8] in senvcfg CSR. The bit will be
supported when the svukte extension is enabled.
When senvcfg[UKTE] bit is set, the memory access from U-mode should do
the svukte check only except HLV/HLVX/HSV H-mode instructions which
depend on hstatus[HUKTE].
Signed-off-by: Fea.Wang <fea.wang@sifive.com>
Reviewed-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Jim Shu <jim.shu@sifive.com>
---
target/riscv/cpu_bits.h | 1 +
target/riscv/csr.c | 4 ++++
2 files changed, 5 insertions(+)
diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
index 7e3f629356..54c3ae0a4e 100644
--- a/target/riscv/cpu_bits.h
+++ b/target/riscv/cpu_bits.h
@@ -770,6 +770,7 @@ typedef enum RISCVException {
#define SENVCFG_CBIE MENVCFG_CBIE
#define SENVCFG_CBCFE MENVCFG_CBCFE
#define SENVCFG_CBZE MENVCFG_CBZE
+#define SENVCFG_UKTE BIT(8)
#define HENVCFG_FIOM MENVCFG_FIOM
#define HENVCFG_CBIE MENVCFG_CBIE
diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index ea3560342c..6ee6d1a9cd 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -2396,6 +2396,10 @@ static RISCVException write_senvcfg(CPURISCVState *env, int csrno,
return ret;
}
+ if (env_archcpu(env)->cfg.ext_svukte) {
+ mask |= SENVCFG_UKTE;
+ }
+
env->senvcfg = (env->senvcfg & ~mask) | (val & mask);
return RISCV_EXCP_NONE;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 10+ messages in thread* [PATCH 3/5] target/riscv: Support hstatus[HUKTE] bit when svukte extension is enabled
2024-09-03 6:17 [PATCH 0/5] Introduce svukte ISA extension Fea.Wang
2024-09-03 6:17 ` [PATCH 1/5] target/riscv: Add svukte extension capability variable Fea.Wang
2024-09-03 6:17 ` [PATCH 2/5] target/riscv: Support senvcfg[UKTE] bit when svukte extension is enabled Fea.Wang
@ 2024-09-03 6:17 ` Fea.Wang
2024-09-03 6:17 ` [PATCH 4/5] target/riscv: Check memory access to meet svuket rule Fea.Wang
` (2 subsequent siblings)
5 siblings, 0 replies; 10+ messages in thread
From: Fea.Wang @ 2024-09-03 6:17 UTC (permalink / raw)
To: qemu-devel, qemu-riscv
Cc: Palmer Dabbelt, Alistair Francis, Bin Meng, Weiwei Li,
Daniel Henrique Barboza, Liu Zhiwei, Fea.Wang, Frank Chang,
Jim Shu
Svukte extension add HUKTE bit, bit[24] in hstatus CSR. The written
value will be masked when the svukte extension is not enabled.
When hstatus[HUKTE] bit is set, HLV/HLVX/HSV work in the U-mode should
do svukte check.
Signed-off-by: Fea.Wang <fea.wang@sifive.com>
Reviewed-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Jim Shu <jim.shu@sifive.com>
---
target/riscv/cpu_bits.h | 1 +
target/riscv/csr.c | 3 +++
2 files changed, 4 insertions(+)
diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
index 54c3ae0a4e..8cfc24428e 100644
--- a/target/riscv/cpu_bits.h
+++ b/target/riscv/cpu_bits.h
@@ -598,6 +598,7 @@ typedef enum {
#define HSTATUS_VTVM 0x00100000
#define HSTATUS_VTW 0x00200000
#define HSTATUS_VTSR 0x00400000
+#define HSTATUS_HUKTE 0x01000000
#define HSTATUS_VSXL 0x300000000
#define HSTATUS32_WPRI 0xFF8FF87E
diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index 6ee6d1a9cd..2b28057e57 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -3459,6 +3459,9 @@ static RISCVException read_hstatus(CPURISCVState *env, int csrno,
static RISCVException write_hstatus(CPURISCVState *env, int csrno,
target_ulong val)
{
+ if (!env_archcpu(env)->cfg.ext_svukte) {
+ val = val & (~HSTATUS_HUKTE);
+ }
env->hstatus = val;
if (riscv_cpu_mxl(env) != MXL_RV32 && get_field(val, HSTATUS_VSXL) != 2) {
qemu_log_mask(LOG_UNIMP,
--
2.34.1
^ permalink raw reply related [flat|nested] 10+ messages in thread* [PATCH 4/5] target/riscv: Check memory access to meet svuket rule
2024-09-03 6:17 [PATCH 0/5] Introduce svukte ISA extension Fea.Wang
` (2 preceding siblings ...)
2024-09-03 6:17 ` [PATCH 3/5] target/riscv: Support hstatus[HUKTE] " Fea.Wang
@ 2024-09-03 6:17 ` Fea.Wang
2024-09-03 22:18 ` Daniel Henrique Barboza
2024-09-03 6:17 ` [PATCH 5/5] target/riscv: Expose svukte ISA extension Fea.Wang
2024-09-04 0:07 ` [PATCH 0/5] Introduce " Alistair Francis
5 siblings, 1 reply; 10+ messages in thread
From: Fea.Wang @ 2024-09-03 6:17 UTC (permalink / raw)
To: qemu-devel, qemu-riscv
Cc: Palmer Dabbelt, Alistair Francis, Bin Meng, Weiwei Li,
Daniel Henrique Barboza, Liu Zhiwei, Fea.Wang, Frank Chang,
Jim Shu
Follow the Svukte spec, do the memory access address checking
1. Include instruction fetches or explicit memory accesses
2. System run in effective privilege U or VU
3. Check senvcfg[UKTE] being set, or hstatus[HUKTE] being set if
instruction is HLV, HLVX, HSV and excute from U mode to VU mode
4. Depend on Sv39 and check virtual addresses bit[SXLEN-1]
5. Raises a page-fault exception corresponding to the original access
type.
Ref: https://github.com/riscv/riscv-isa-manual/pull/1564/files
Signed-off-by: Frank Chang <frank.chang@sifive.com>
Signed-off-by: Fea.Wang <fea.wang@sifive.com>
Reviewed-by: Jim Shu <jim.shu@sifive.com>
---
target/riscv/cpu_helper.c | 55 +++++++++++++++++++++++++++++++++++++++
1 file changed, 55 insertions(+)
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index 395a1d9140..db65ed14b9 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -777,6 +777,54 @@ static int get_physical_address_pmp(CPURISCVState *env, int *prot, hwaddr addr,
return TRANSLATE_SUCCESS;
}
+/*
+ * Return 'true' means no need to do svukte check, or need to do svukte and the
+ * address is valid. Return 'false' means need to do svukte check but address
+ * is invalid.
+ */
+static bool check_svukte_valid(CPURISCVState *env, vaddr addr,
+ int mode, bool virt)
+{
+ if (VM_1_10_SV39 != get_field(env->satp, SATP64_MODE)) {
+ /* Svukte extension depends on Sv39. */
+ return true;
+ }
+
+ /*
+ * Svukte extension is qualified only in U or VU-mode.
+ *
+ * Effective mode can be switched to U or VU-mode by:
+ * - M-mode + mstatus.MPRV=1 + mstatus.MPP=U-mode.
+ * - Execute HLV/HLVX/HSV from HS-mode + hstatus.SPVP=0.
+ * - U-mode.
+ * - VU-mode.
+ * - Execute HLV/HLVX/HSV from U-mode + hstatus.HU=1.
+ */
+ if (mode != PRV_U) {
+ return true;
+ }
+
+ /*
+ * Check hstatus.HUKTE if the effective mode is switched to VU-mode by
+ * executing HLV/HLVX/HSV in U-mode.
+ * For other cases, check senvcfg.UKTE.
+ */
+ bool ukte = (env->priv == PRV_U && !env->virt_enabled && virt) ?
+ !!(env->hstatus & HSTATUS_HUKTE) :
+ !!(env->senvcfg & SENVCFG_UKTE);
+
+ if (!ukte) {
+ return true;
+ }
+
+ uint32_t sxl = riscv_cpu_sxl(env);
+ sxl = (sxl == 0) ? MXL_RV32 : sxl;
+ uint32_t sxlen = 32 * sxl;
+ uint64_t high_bit = addr & (1UL << (sxlen - 1));
+
+ return !high_bit;
+}
+
/*
* get_physical_address - get the physical address for this virtual address
*
@@ -814,11 +862,18 @@ static int get_physical_address(CPURISCVState *env, hwaddr *physical,
MemTxResult res;
MemTxAttrs attrs = MEMTXATTRS_UNSPECIFIED;
int mode = mmuidx_priv(mmu_idx);
+ bool virt = mmuidx_2stage(mmu_idx);
bool use_background = false;
hwaddr ppn;
int napot_bits = 0;
target_ulong napot_mask;
+ if (first_stage) {
+ if (!check_svukte_valid(env, addr, mode, virt)) {
+ return TRANSLATE_FAIL;
+ }
+ }
+
/*
* Check if we should use the background registers for the two
* stage translation. We don't need to check if we actually need
--
2.34.1
^ permalink raw reply related [flat|nested] 10+ messages in thread* Re: [PATCH 4/5] target/riscv: Check memory access to meet svuket rule
2024-09-03 6:17 ` [PATCH 4/5] target/riscv: Check memory access to meet svuket rule Fea.Wang
@ 2024-09-03 22:18 ` Daniel Henrique Barboza
2024-09-05 4:14 ` Fea Wang
0 siblings, 1 reply; 10+ messages in thread
From: Daniel Henrique Barboza @ 2024-09-03 22:18 UTC (permalink / raw)
To: Fea.Wang, qemu-devel, qemu-riscv
Cc: Palmer Dabbelt, Alistair Francis, Bin Meng, Weiwei Li, Liu Zhiwei,
Frank Chang, Jim Shu
On 9/3/24 3:17 AM, Fea.Wang wrote:
> Follow the Svukte spec, do the memory access address checking
>
> 1. Include instruction fetches or explicit memory accesses
> 2. System run in effective privilege U or VU
> 3. Check senvcfg[UKTE] being set, or hstatus[HUKTE] being set if
> instruction is HLV, HLVX, HSV and excute from U mode to VU mode
> 4. Depend on Sv39 and check virtual addresses bit[SXLEN-1]
> 5. Raises a page-fault exception corresponding to the original access
> type.
>
> Ref: https://github.com/riscv/riscv-isa-manual/pull/1564/files
>
> Signed-off-by: Frank Chang <frank.chang@sifive.com>
> Signed-off-by: Fea.Wang <fea.wang@sifive.com>
> Reviewed-by: Jim Shu <jim.shu@sifive.com>
> ---
> target/riscv/cpu_helper.c | 55 +++++++++++++++++++++++++++++++++++++++
> 1 file changed, 55 insertions(+)
>
> diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
> index 395a1d9140..db65ed14b9 100644
> --- a/target/riscv/cpu_helper.c
> +++ b/target/riscv/cpu_helper.c
> @@ -777,6 +777,54 @@ static int get_physical_address_pmp(CPURISCVState *env, int *prot, hwaddr addr,
> return TRANSLATE_SUCCESS;
> }
>
> +/*
> + * Return 'true' means no need to do svukte check, or need to do svukte and the
> + * address is valid. Return 'false' means need to do svukte check but address
> + * is invalid.
> + */
> +static bool check_svukte_valid(CPURISCVState *env, vaddr addr,
> + int mode, bool virt)
> +{
> + if (VM_1_10_SV39 != get_field(env->satp, SATP64_MODE)) {
> + /* Svukte extension depends on Sv39. */
> + return true;
> + }
> +
> + /*
> + * Svukte extension is qualified only in U or VU-mode.
> + *
> + * Effective mode can be switched to U or VU-mode by:
> + * - M-mode + mstatus.MPRV=1 + mstatus.MPP=U-mode.
> + * - Execute HLV/HLVX/HSV from HS-mode + hstatus.SPVP=0.
> + * - U-mode.
> + * - VU-mode.
> + * - Execute HLV/HLVX/HSV from U-mode + hstatus.HU=1.
> + */
> + if (mode != PRV_U) {
> + return true;
> + }
> +
> + /*
> + * Check hstatus.HUKTE if the effective mode is switched to VU-mode by
> + * executing HLV/HLVX/HSV in U-mode.
> + * For other cases, check senvcfg.UKTE.
> + */
> + bool ukte = (env->priv == PRV_U && !env->virt_enabled && virt) ?
> + !!(env->hstatus & HSTATUS_HUKTE) :
> + !!(env->senvcfg & SENVCFG_UKTE);
I would move the 'bool ukte' to the start of the function, and would avoid the
ternary to make the code a bit more readable:
if (env->priv == PRV_U && !env->virt_enabled && virt) {
ukte = !!(env->hstatus & HSTATUS_HUKTE);
} else {
ukte = !!(env->senvcfg & SENVCFG_UKTE);
}
> +
> + if (!ukte) {
> + return true;
> + }
> +
> + uint32_t sxl = riscv_cpu_sxl(env);
> + sxl = (sxl == 0) ? MXL_RV32 : sxl;
> + uint32_t sxlen = 32 * sxl;
> + uint64_t high_bit = addr & (1UL << (sxlen - 1));
> +
> + return !high_bit;
> +}
> +
> /*
> * get_physical_address - get the physical address for this virtual address
> *
> @@ -814,11 +862,18 @@ static int get_physical_address(CPURISCVState *env, hwaddr *physical,
> MemTxResult res;
> MemTxAttrs attrs = MEMTXATTRS_UNSPECIFIED;
> int mode = mmuidx_priv(mmu_idx);
> + bool virt = mmuidx_2stage(mmu_idx);
> bool use_background = false;
> hwaddr ppn;
> int napot_bits = 0;
> target_ulong napot_mask;
>
> + if (first_stage) {
> + if (!check_svukte_valid(env, addr, mode, virt)) {
> + return TRANSLATE_FAIL;
> + }
> + }
> +
We can avoid the nested 'if':
> + if (first_stage && !check_svukte_valid(env, addr, mode, virt)) {
> + return TRANSLATE_FAIL;
> + }
I would also add a check for ext_svukte before doing any checks. If we don't have
the ext enabled we can skip everything:
> + if (env_archcpu(env)->cfg.ext_svukte && first_stage &&
> + !check_svukte_valid(env, addr, mode, virt)) {
> + return TRANSLATE_FAIL;
> + }
Thanks,
Daniel
> /*
> * Check if we should use the background registers for the two
> * stage translation. We don't need to check if we actually need
^ permalink raw reply [flat|nested] 10+ messages in thread* Re: [PATCH 4/5] target/riscv: Check memory access to meet svuket rule
2024-09-03 22:18 ` Daniel Henrique Barboza
@ 2024-09-05 4:14 ` Fea Wang
0 siblings, 0 replies; 10+ messages in thread
From: Fea Wang @ 2024-09-05 4:14 UTC (permalink / raw)
To: Daniel Henrique Barboza
Cc: qemu-devel, qemu-riscv, Palmer Dabbelt, Alistair Francis,
Bin Meng, Weiwei Li, Liu Zhiwei, Frank Chang, Jim Shu
[-- Attachment #1: Type: text/plain, Size: 4938 bytes --]
Thank you for your advice.
I will take them after the spec is more finalized.
Sincerely,
Fea
On Wed, Sep 4, 2024 at 6:18 AM Daniel Henrique Barboza <
dbarboza@ventanamicro.com> wrote:
>
>
> On 9/3/24 3:17 AM, Fea.Wang wrote:
> > Follow the Svukte spec, do the memory access address checking
> >
> > 1. Include instruction fetches or explicit memory accesses
> > 2. System run in effective privilege U or VU
> > 3. Check senvcfg[UKTE] being set, or hstatus[HUKTE] being set if
> > instruction is HLV, HLVX, HSV and excute from U mode to VU mode
> > 4. Depend on Sv39 and check virtual addresses bit[SXLEN-1]
> > 5. Raises a page-fault exception corresponding to the original access
> > type.
> >
> > Ref: https://github.com/riscv/riscv-isa-manual/pull/1564/files
> >
> > Signed-off-by: Frank Chang <frank.chang@sifive.com>
> > Signed-off-by: Fea.Wang <fea.wang@sifive.com>
> > Reviewed-by: Jim Shu <jim.shu@sifive.com>
> > ---
> > target/riscv/cpu_helper.c | 55 +++++++++++++++++++++++++++++++++++++++
> > 1 file changed, 55 insertions(+)
> >
> > diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
> > index 395a1d9140..db65ed14b9 100644
> > --- a/target/riscv/cpu_helper.c
> > +++ b/target/riscv/cpu_helper.c
> > @@ -777,6 +777,54 @@ static int get_physical_address_pmp(CPURISCVState
> *env, int *prot, hwaddr addr,
> > return TRANSLATE_SUCCESS;
> > }
> >
> > +/*
> > + * Return 'true' means no need to do svukte check, or need to do svukte
> and the
> > + * address is valid. Return 'false' means need to do svukte check but
> address
> > + * is invalid.
> > + */
> > +static bool check_svukte_valid(CPURISCVState *env, vaddr addr,
> > + int mode, bool virt)
> > +{
> > + if (VM_1_10_SV39 != get_field(env->satp, SATP64_MODE)) {
> > + /* Svukte extension depends on Sv39. */
> > + return true;
> > + }
> > +
> > + /*
> > + * Svukte extension is qualified only in U or VU-mode.
> > + *
> > + * Effective mode can be switched to U or VU-mode by:
> > + * - M-mode + mstatus.MPRV=1 + mstatus.MPP=U-mode.
> > + * - Execute HLV/HLVX/HSV from HS-mode + hstatus.SPVP=0.
> > + * - U-mode.
> > + * - VU-mode.
> > + * - Execute HLV/HLVX/HSV from U-mode + hstatus.HU=1.
> > + */
> > + if (mode != PRV_U) {
> > + return true;
> > + }
> > +
> > + /*
> > + * Check hstatus.HUKTE if the effective mode is switched to VU-mode
> by
> > + * executing HLV/HLVX/HSV in U-mode.
> > + * For other cases, check senvcfg.UKTE.
> > + */
> > + bool ukte = (env->priv == PRV_U && !env->virt_enabled && virt) ?
> > + !!(env->hstatus &
> HSTATUS_HUKTE) :
> > + !!(env->senvcfg &
> SENVCFG_UKTE);
>
> I would move the 'bool ukte' to the start of the function, and would avoid
> the
> ternary to make the code a bit more readable:
>
> if (env->priv == PRV_U && !env->virt_enabled && virt) {
> ukte = !!(env->hstatus & HSTATUS_HUKTE);
> } else {
> ukte = !!(env->senvcfg & SENVCFG_UKTE);
> }
>
>
> > +
> > + if (!ukte) {
> > + return true;
> > + }
> > +
> > + uint32_t sxl = riscv_cpu_sxl(env);
> > + sxl = (sxl == 0) ? MXL_RV32 : sxl;
> > + uint32_t sxlen = 32 * sxl;
> > + uint64_t high_bit = addr & (1UL << (sxlen - 1));
> > +
> > + return !high_bit;
> > +}
> > +
> > /*
> > * get_physical_address - get the physical address for this virtual
> address
> > *
> > @@ -814,11 +862,18 @@ static int get_physical_address(CPURISCVState
> *env, hwaddr *physical,
> > MemTxResult res;
> > MemTxAttrs attrs = MEMTXATTRS_UNSPECIFIED;
> > int mode = mmuidx_priv(mmu_idx);
> > + bool virt = mmuidx_2stage(mmu_idx);
> > bool use_background = false;
> > hwaddr ppn;
> > int napot_bits = 0;
> > target_ulong napot_mask;
> >
> > + if (first_stage) {
> > + if (!check_svukte_valid(env, addr, mode, virt)) {
> > + return TRANSLATE_FAIL;
> > + }
> > + }
> > +
>
> We can avoid the nested 'if':
>
> > + if (first_stage && !check_svukte_valid(env, addr, mode, virt)) {
> > + return TRANSLATE_FAIL;
> > + }
>
>
> I would also add a check for ext_svukte before doing any checks. If we
> don't have
> the ext enabled we can skip everything:
>
>
> > + if (env_archcpu(env)->cfg.ext_svukte && first_stage &&
> > + !check_svukte_valid(env, addr, mode, virt)) {
> > + return TRANSLATE_FAIL;
> > + }
>
>
>
> Thanks,
>
> Daniel
>
>
> > /*
> > * Check if we should use the background registers for the two
> > * stage translation. We don't need to check if we actually need
>
[-- Attachment #2: Type: text/html, Size: 6567 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH 5/5] target/riscv: Expose svukte ISA extension
2024-09-03 6:17 [PATCH 0/5] Introduce svukte ISA extension Fea.Wang
` (3 preceding siblings ...)
2024-09-03 6:17 ` [PATCH 4/5] target/riscv: Check memory access to meet svuket rule Fea.Wang
@ 2024-09-03 6:17 ` Fea.Wang
2024-09-04 0:07 ` [PATCH 0/5] Introduce " Alistair Francis
5 siblings, 0 replies; 10+ messages in thread
From: Fea.Wang @ 2024-09-03 6:17 UTC (permalink / raw)
To: qemu-devel, qemu-riscv
Cc: Palmer Dabbelt, Alistair Francis, Bin Meng, Weiwei Li,
Daniel Henrique Barboza, Liu Zhiwei, Fea.Wang, Frank Chang,
Jim Shu
Add "svukte" in the ISA string when svukte extension is enabled.
Signed-off-by: Fea.Wang <fea.wang@sifive.com>
Reviewed-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Jim Shu <jim.shu@sifive.com>
---
target/riscv/cpu.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index fc3f75e826..a568194317 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -197,6 +197,7 @@ const RISCVIsaExtData isa_edata_arr[] = {
ISA_EXT_DATA_ENTRY(svinval, PRIV_VERSION_1_12_0, ext_svinval),
ISA_EXT_DATA_ENTRY(svnapot, PRIV_VERSION_1_12_0, ext_svnapot),
ISA_EXT_DATA_ENTRY(svpbmt, PRIV_VERSION_1_12_0, ext_svpbmt),
+ ISA_EXT_DATA_ENTRY(svukte, PRIV_VERSION_1_13_0, ext_svukte),
ISA_EXT_DATA_ENTRY(xtheadba, PRIV_VERSION_1_11_0, ext_xtheadba),
ISA_EXT_DATA_ENTRY(xtheadbb, PRIV_VERSION_1_11_0, ext_xtheadbb),
ISA_EXT_DATA_ENTRY(xtheadbs, PRIV_VERSION_1_11_0, ext_xtheadbs),
@@ -1597,6 +1598,7 @@ const RISCVCPUMultiExtConfig riscv_cpu_vendor_exts[] = {
/* These are experimental so mark with 'x-' */
const RISCVCPUMultiExtConfig riscv_cpu_experimental_exts[] = {
+ MULTI_EXT_CFG_BOOL("x-svukte", ext_svukte, false),
DEFINE_PROP_END_OF_LIST(),
};
--
2.34.1
^ permalink raw reply related [flat|nested] 10+ messages in thread* Re: [PATCH 0/5] Introduce svukte ISA extension
2024-09-03 6:17 [PATCH 0/5] Introduce svukte ISA extension Fea.Wang
` (4 preceding siblings ...)
2024-09-03 6:17 ` [PATCH 5/5] target/riscv: Expose svukte ISA extension Fea.Wang
@ 2024-09-04 0:07 ` Alistair Francis
5 siblings, 0 replies; 10+ messages in thread
From: Alistair Francis @ 2024-09-04 0:07 UTC (permalink / raw)
To: Fea.Wang
Cc: qemu-devel, qemu-riscv, Palmer Dabbelt, Alistair Francis,
Bin Meng, Weiwei Li, Daniel Henrique Barboza, Liu Zhiwei
On Tue, Sep 3, 2024 at 4:16 PM Fea.Wang <fea.wang@sifive.com> wrote:
>
> Refer to the draft of svukte extension from:
> https://github.com/riscv/riscv-isa-manual/pull/1564
>
> Svukte provides a means to make user-mode accesses to supervisor memory
> raise page faults in constant time, mitigating attacks that attempt to
> discover the supervisor software's address-space layout.
Overall looks fine, let's just wait for the spec to be a little more finalised
Alistair
>
> base-commit: 8d0a03f689bff16c93df311fdd724c2736d28556
>
> * Add svukte extension
>
> Fea.Wang (5):
> target/riscv: Add svukte extension capability variable
> target/riscv: Support senvcfg[UKTE] bit when svukte extension is
> enabled
> target/riscv: Support hstatus[HUKTE] bit when svukte extension is
> enabled
> target/riscv: Check memory access to meet svuket rule
> target/riscv: Expose svukte ISA extension
>
> target/riscv/cpu.c | 2 ++
> target/riscv/cpu_bits.h | 2 ++
> target/riscv/cpu_cfg.h | 1 +
> target/riscv/cpu_helper.c | 55 +++++++++++++++++++++++++++++++++++++++
> target/riscv/csr.c | 7 +++++
> 5 files changed, 67 insertions(+)
>
> --
> 2.34.1
>
>
^ permalink raw reply [flat|nested] 10+ messages in thread