[PATCH 0/5] Introduce svukte ISA extension

[PATCH 0/5] Introduce svukte ISA extension

[Fea.Wang]

Refer to the draft of svukte extension from:
https://github.com/riscv/riscv-isa-manual/pull/1564

Svukte provides a means to make user-mode accesses to supervisor memory
raise page faults in constant time, mitigating attacks that attempt to
discover the supervisor software's address-space layout.

base-commit: 8d0a03f689bff16c93df311fdd724c2736d28556

* Add svukte extension

Fea.Wang (5):
  target/riscv: Add svukte extension capability variable
  target/riscv: Support senvcfg[UKTE] bit when svukte extension is
    enabled
  target/riscv: Support hstatus[HUKTE] bit when svukte extension is
    enabled
  target/riscv: Check memory access to meet svuket rule
  target/riscv: Expose svukte ISA extension

 target/riscv/cpu.c        |  2 ++
 target/riscv/cpu_bits.h   |  2 ++
 target/riscv/cpu_cfg.h    |  1 +
 target/riscv/cpu_helper.c | 55 +++++++++++++++++++++++++++++++++++++++
 target/riscv/csr.c        |  7 +++++
 5 files changed, 67 insertions(+)

-- 
2.34.1

[PATCH 1/5] target/riscv: Add svukte extension capability variable

[Fea.Wang]

Refer to the draft of svukte extension from:
https://github.com/riscv/riscv-isa-manual/pull/1564

Svukte provides a means to make user-mode accesses to supervisor memory
raise page faults in constant time, mitigating attacks that attempt to
discover the supervisor software's address-space layout.

Signed-off-by: Fea.Wang <fea.wang@sifive.com>
Reviewed-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Jim Shu <jim.shu@sifive.com>
---
 target/riscv/cpu_cfg.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/target/riscv/cpu_cfg.h b/target/riscv/cpu_cfg.h
index 96fe26d4ea..636b12e1c2 100644
--- a/target/riscv/cpu_cfg.h
+++ b/target/riscv/cpu_cfg.h
@@ -81,6 +81,7 @@ struct RISCVCPUConfig {
     bool ext_svinval;
     bool ext_svnapot;
     bool ext_svpbmt;
+    bool ext_svukte;
     bool ext_zdinx;
     bool ext_zaamo;
     bool ext_zacas;
-- 
2.34.1

[PATCH 2/5] target/riscv: Support senvcfg[UKTE] bit when svukte extension is enabled

[Fea.Wang]

Svukte extension add UKTE bit, bit[8] in senvcfg CSR. The bit will be
supported when the svukte extension is enabled.

When senvcfg[UKTE] bit is set, the memory access from U-mode should do
the svukte check only except HLV/HLVX/HSV H-mode instructions which
depend on hstatus[HUKTE].

Signed-off-by: Fea.Wang <fea.wang@sifive.com>
Reviewed-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Jim Shu <jim.shu@sifive.com>
---
 target/riscv/cpu_bits.h | 1 +
 target/riscv/csr.c      | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
index 7e3f629356..54c3ae0a4e 100644
--- a/target/riscv/cpu_bits.h
+++ b/target/riscv/cpu_bits.h
@@ -770,6 +770,7 @@ typedef enum RISCVException {
 #define SENVCFG_CBIE                       MENVCFG_CBIE
 #define SENVCFG_CBCFE                      MENVCFG_CBCFE
 #define SENVCFG_CBZE                       MENVCFG_CBZE
+#define SENVCFG_UKTE                       BIT(8)
 
 #define HENVCFG_FIOM                       MENVCFG_FIOM
 #define HENVCFG_CBIE                       MENVCFG_CBIE
diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index ea3560342c..6ee6d1a9cd 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -2396,6 +2396,10 @@ static RISCVException write_senvcfg(CPURISCVState *env, int csrno,
         return ret;
     }
 
+    if (env_archcpu(env)->cfg.ext_svukte) {
+        mask |= SENVCFG_UKTE;
+    }
+
     env->senvcfg = (env->senvcfg & ~mask) | (val & mask);
     return RISCV_EXCP_NONE;
 }
-- 
2.34.1

[PATCH 3/5] target/riscv: Support hstatus[HUKTE] bit when svukte extension is enabled

[Fea.Wang]

Svukte extension add HUKTE bit, bit[24] in hstatus CSR. The written
value will be masked when the svukte extension is not enabled.

When hstatus[HUKTE] bit is set, HLV/HLVX/HSV work in the U-mode should
do svukte check.

Signed-off-by: Fea.Wang <fea.wang@sifive.com>
Reviewed-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Jim Shu <jim.shu@sifive.com>
---
 target/riscv/cpu_bits.h | 1 +
 target/riscv/csr.c      | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
index 54c3ae0a4e..8cfc24428e 100644
--- a/target/riscv/cpu_bits.h
+++ b/target/riscv/cpu_bits.h
@@ -598,6 +598,7 @@ typedef enum {
 #define HSTATUS_VTVM         0x00100000
 #define HSTATUS_VTW          0x00200000
 #define HSTATUS_VTSR         0x00400000
+#define HSTATUS_HUKTE        0x01000000
 #define HSTATUS_VSXL         0x300000000
 
 #define HSTATUS32_WPRI       0xFF8FF87E
diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index 6ee6d1a9cd..2b28057e57 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -3459,6 +3459,9 @@ static RISCVException read_hstatus(CPURISCVState *env, int csrno,
 static RISCVException write_hstatus(CPURISCVState *env, int csrno,
                                     target_ulong val)
 {
+    if (!env_archcpu(env)->cfg.ext_svukte) {
+        val = val & (~HSTATUS_HUKTE);
+    }
     env->hstatus = val;
     if (riscv_cpu_mxl(env) != MXL_RV32 && get_field(val, HSTATUS_VSXL) != 2) {
         qemu_log_mask(LOG_UNIMP,
-- 
2.34.1

[PATCH 4/5] target/riscv: Check memory access to meet svuket rule

[Fea.Wang]

Follow the Svukte spec, do the memory access address checking

1. Include instruction fetches or explicit memory accesses
2. System run in effective privilege U or VU
3. Check senvcfg[UKTE] being set, or hstatus[HUKTE] being set if
   instruction is HLV, HLVX, HSV and excute from U mode to VU mode
4. Depend on Sv39 and check virtual addresses bit[SXLEN-1]
5. Raises a page-fault exception corresponding to the original access
   type.

Ref: https://github.com/riscv/riscv-isa-manual/pull/1564/files

Signed-off-by: Frank Chang <frank.chang@sifive.com>
Signed-off-by: Fea.Wang <fea.wang@sifive.com>
Reviewed-by: Jim Shu <jim.shu@sifive.com>
---
 target/riscv/cpu_helper.c | 55 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)

diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index 395a1d9140..db65ed14b9 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -777,6 +777,54 @@ static int get_physical_address_pmp(CPURISCVState *env, int *prot, hwaddr addr,
     return TRANSLATE_SUCCESS;
 }
 
+/*
+ * Return 'true' means no need to do svukte check, or need to do svukte and the
+ * address is valid. Return 'false' means need to do svukte check but address
+ * is invalid.
+ */
+static bool check_svukte_valid(CPURISCVState *env, vaddr addr,
+                               int mode, bool virt)
+{
+    if (VM_1_10_SV39 != get_field(env->satp, SATP64_MODE))  {
+        /* Svukte extension depends on Sv39. */
+        return true;
+    }
+
+    /*
+     * Svukte extension is qualified only in U or VU-mode.
+     *
+     * Effective mode can be switched to U or VU-mode by:
+     *   - M-mode + mstatus.MPRV=1 + mstatus.MPP=U-mode.
+     *   - Execute HLV/HLVX/HSV from HS-mode + hstatus.SPVP=0.
+     *   - U-mode.
+     *   - VU-mode.
+     *   - Execute HLV/HLVX/HSV from U-mode + hstatus.HU=1.
+     */
+    if (mode != PRV_U) {
+        return true;
+    }
+
+    /*
+     * Check hstatus.HUKTE if the effective mode is switched to VU-mode by
+     * executing HLV/HLVX/HSV in U-mode.
+     * For other cases, check senvcfg.UKTE.
+     */
+    bool ukte = (env->priv == PRV_U && !env->virt_enabled && virt) ?
+                                           !!(env->hstatus & HSTATUS_HUKTE) :
+                                           !!(env->senvcfg & SENVCFG_UKTE);
+
+    if (!ukte) {
+        return true;
+    }
+
+    uint32_t sxl = riscv_cpu_sxl(env);
+    sxl = (sxl == 0) ? MXL_RV32 : sxl;
+    uint32_t sxlen = 32 * sxl;
+    uint64_t high_bit = addr & (1UL << (sxlen - 1));
+
+    return !high_bit;
+}
+
 /*
  * get_physical_address - get the physical address for this virtual address
  *
@@ -814,11 +862,18 @@ static int get_physical_address(CPURISCVState *env, hwaddr *physical,
     MemTxResult res;
     MemTxAttrs attrs = MEMTXATTRS_UNSPECIFIED;
     int mode = mmuidx_priv(mmu_idx);
+    bool virt = mmuidx_2stage(mmu_idx);
     bool use_background = false;
     hwaddr ppn;
     int napot_bits = 0;
     target_ulong napot_mask;
 
+    if (first_stage) {
+        if (!check_svukte_valid(env, addr, mode, virt)) {
+            return TRANSLATE_FAIL;
+        }
+    }
+
     /*
      * Check if we should use the background registers for the two
      * stage translation. We don't need to check if we actually need
-- 
2.34.1

[PATCH 5/5] target/riscv: Expose svukte ISA extension

[Fea.Wang]

Add "svukte" in the ISA string when svukte extension is enabled.

Signed-off-by: Fea.Wang <fea.wang@sifive.com>
Reviewed-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Jim Shu <jim.shu@sifive.com>
---
 target/riscv/cpu.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index fc3f75e826..a568194317 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -197,6 +197,7 @@ const RISCVIsaExtData isa_edata_arr[] = {
     ISA_EXT_DATA_ENTRY(svinval, PRIV_VERSION_1_12_0, ext_svinval),
     ISA_EXT_DATA_ENTRY(svnapot, PRIV_VERSION_1_12_0, ext_svnapot),
     ISA_EXT_DATA_ENTRY(svpbmt, PRIV_VERSION_1_12_0, ext_svpbmt),
+    ISA_EXT_DATA_ENTRY(svukte, PRIV_VERSION_1_13_0, ext_svukte),
     ISA_EXT_DATA_ENTRY(xtheadba, PRIV_VERSION_1_11_0, ext_xtheadba),
     ISA_EXT_DATA_ENTRY(xtheadbb, PRIV_VERSION_1_11_0, ext_xtheadbb),
     ISA_EXT_DATA_ENTRY(xtheadbs, PRIV_VERSION_1_11_0, ext_xtheadbs),
@@ -1597,6 +1598,7 @@ const RISCVCPUMultiExtConfig riscv_cpu_vendor_exts[] = {
 
 /* These are experimental so mark with 'x-' */
 const RISCVCPUMultiExtConfig riscv_cpu_experimental_exts[] = {
+    MULTI_EXT_CFG_BOOL("x-svukte", ext_svukte, false),
     DEFINE_PROP_END_OF_LIST(),
 };
 
-- 
2.34.1

Re: [PATCH 4/5] target/riscv: Check memory access to meet svuket rule

[Daniel Henrique Barboza]

On 9/3/24 3:17 AM, Fea.Wang wrote:
> Follow the Svukte spec, do the memory access address checking
> 
> 1. Include instruction fetches or explicit memory accesses
> 2. System run in effective privilege U or VU
> 3. Check senvcfg[UKTE] being set, or hstatus[HUKTE] being set if
>     instruction is HLV, HLVX, HSV and excute from U mode to VU mode
> 4. Depend on Sv39 and check virtual addresses bit[SXLEN-1]
> 5. Raises a page-fault exception corresponding to the original access
>     type.
> 
> Ref: https://github.com/riscv/riscv-isa-manual/pull/1564/files
> 
> Signed-off-by: Frank Chang <frank.chang@sifive.com>
> Signed-off-by: Fea.Wang <fea.wang@sifive.com>
> Reviewed-by: Jim Shu <jim.shu@sifive.com>
> ---
>   target/riscv/cpu_helper.c | 55 +++++++++++++++++++++++++++++++++++++++
>   1 file changed, 55 insertions(+)
> 
> diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
> index 395a1d9140..db65ed14b9 100644
> --- a/target/riscv/cpu_helper.c
> +++ b/target/riscv/cpu_helper.c
> @@ -777,6 +777,54 @@ static int get_physical_address_pmp(CPURISCVState *env, int *prot, hwaddr addr,
>       return TRANSLATE_SUCCESS;
>   }
>   
> +/*
> + * Return 'true' means no need to do svukte check, or need to do svukte and the
> + * address is valid. Return 'false' means need to do svukte check but address
> + * is invalid.
> + */
> +static bool check_svukte_valid(CPURISCVState *env, vaddr addr,
> +                               int mode, bool virt)
> +{
> +    if (VM_1_10_SV39 != get_field(env->satp, SATP64_MODE))  {
> +        /* Svukte extension depends on Sv39. */
> +        return true;
> +    }
> +
> +    /*
> +     * Svukte extension is qualified only in U or VU-mode.
> +     *
> +     * Effective mode can be switched to U or VU-mode by:
> +     *   - M-mode + mstatus.MPRV=1 + mstatus.MPP=U-mode.
> +     *   - Execute HLV/HLVX/HSV from HS-mode + hstatus.SPVP=0.
> +     *   - U-mode.
> +     *   - VU-mode.
> +     *   - Execute HLV/HLVX/HSV from U-mode + hstatus.HU=1.
> +     */
> +    if (mode != PRV_U) {
> +        return true;
> +    }
> +
> +    /*
> +     * Check hstatus.HUKTE if the effective mode is switched to VU-mode by
> +     * executing HLV/HLVX/HSV in U-mode.
> +     * For other cases, check senvcfg.UKTE.
> +     */
> +    bool ukte = (env->priv == PRV_U && !env->virt_enabled && virt) ?
> +                                           !!(env->hstatus & HSTATUS_HUKTE) :
> +                                           !!(env->senvcfg & SENVCFG_UKTE);

I would move the 'bool ukte' to the start of the function, and would avoid the
ternary to make the code a bit more readable:

       if (env->priv == PRV_U && !env->virt_enabled && virt) {
           ukte = !!(env->hstatus & HSTATUS_HUKTE);
       } else {
           ukte = !!(env->senvcfg & SENVCFG_UKTE);
       }


> +
> +    if (!ukte) {
> +        return true;
> +    }
> +
> +    uint32_t sxl = riscv_cpu_sxl(env);
> +    sxl = (sxl == 0) ? MXL_RV32 : sxl;
> +    uint32_t sxlen = 32 * sxl;
> +    uint64_t high_bit = addr & (1UL << (sxlen - 1));
> +
> +    return !high_bit;
> +}
> +
>   /*
>    * get_physical_address - get the physical address for this virtual address
>    *
> @@ -814,11 +862,18 @@ static int get_physical_address(CPURISCVState *env, hwaddr *physical,
>       MemTxResult res;
>       MemTxAttrs attrs = MEMTXATTRS_UNSPECIFIED;
>       int mode = mmuidx_priv(mmu_idx);
> +    bool virt = mmuidx_2stage(mmu_idx);
>       bool use_background = false;
>       hwaddr ppn;
>       int napot_bits = 0;
>       target_ulong napot_mask;
>   
> +    if (first_stage) {
> +        if (!check_svukte_valid(env, addr, mode, virt)) {
> +            return TRANSLATE_FAIL;
> +        }
> +    }
> +

We can avoid the nested 'if':

> +    if (first_stage && !check_svukte_valid(env, addr, mode, virt)) {
> +        return TRANSLATE_FAIL;
> +    }


I would also add a check for ext_svukte before doing any checks. If we don't have
the ext enabled we can skip everything:


> +    if (env_archcpu(env)->cfg.ext_svukte && first_stage &&
> +        !check_svukte_valid(env, addr, mode, virt)) {
> +        return TRANSLATE_FAIL;
> +    }



Thanks,

Daniel


>       /*
>        * Check if we should use the background registers for the two
>        * stage translation. We don't need to check if we actually need

Re: [PATCH 1/5] target/riscv: Add svukte extension capability variable

[Alistair Francis]

On Tue, Sep 3, 2024 at 4:15 PM Fea.Wang <fea.wang@sifive.com> wrote:
>
> Refer to the draft of svukte extension from:
> https://github.com/riscv/riscv-isa-manual/pull/1564

We won't be able to merge this while the spec is just a pull request.
We need a fixes spec that we can point out with a version

Alistair

>
> Svukte provides a means to make user-mode accesses to supervisor memory
> raise page faults in constant time, mitigating attacks that attempt to
> discover the supervisor software's address-space layout.
>
> Signed-off-by: Fea.Wang <fea.wang@sifive.com>
> Reviewed-by: Frank Chang <frank.chang@sifive.com>
> Reviewed-by: Jim Shu <jim.shu@sifive.com>
> ---
>  target/riscv/cpu_cfg.h | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/target/riscv/cpu_cfg.h b/target/riscv/cpu_cfg.h
> index 96fe26d4ea..636b12e1c2 100644
> --- a/target/riscv/cpu_cfg.h
> +++ b/target/riscv/cpu_cfg.h
> @@ -81,6 +81,7 @@ struct RISCVCPUConfig {
>      bool ext_svinval;
>      bool ext_svnapot;
>      bool ext_svpbmt;
> +    bool ext_svukte;
>      bool ext_zdinx;
>      bool ext_zaamo;
>      bool ext_zacas;
> --
> 2.34.1
>
>

Re: [PATCH 0/5] Introduce svukte ISA extension

[Alistair Francis]

On Tue, Sep 3, 2024 at 4:16 PM Fea.Wang <fea.wang@sifive.com> wrote:
>
> Refer to the draft of svukte extension from:
> https://github.com/riscv/riscv-isa-manual/pull/1564
>
> Svukte provides a means to make user-mode accesses to supervisor memory
> raise page faults in constant time, mitigating attacks that attempt to
> discover the supervisor software's address-space layout.

Overall looks fine, let's just wait for the spec to be a little more finalised

Alistair

>
> base-commit: 8d0a03f689bff16c93df311fdd724c2736d28556
>
> * Add svukte extension
>
> Fea.Wang (5):
>   target/riscv: Add svukte extension capability variable
>   target/riscv: Support senvcfg[UKTE] bit when svukte extension is
>     enabled
>   target/riscv: Support hstatus[HUKTE] bit when svukte extension is
>     enabled
>   target/riscv: Check memory access to meet svuket rule
>   target/riscv: Expose svukte ISA extension
>
>  target/riscv/cpu.c        |  2 ++
>  target/riscv/cpu_bits.h   |  2 ++
>  target/riscv/cpu_cfg.h    |  1 +
>  target/riscv/cpu_helper.c | 55 +++++++++++++++++++++++++++++++++++++++
>  target/riscv/csr.c        |  7 +++++
>  5 files changed, 67 insertions(+)
>
> --
> 2.34.1
>
>

Re: [PATCH 4/5] target/riscv: Check memory access to meet svuket rule

[Fea Wang]

[-- Attachment #1: Type: text/plain, Size: 4938 bytes --]

Thank you for your advice.
I will take them after the spec is more finalized.

Sincerely,
Fea

On Wed, Sep 4, 2024 at 6:18 AM Daniel Henrique Barboza <
dbarboza@ventanamicro.com> wrote:

>
>
> On 9/3/24 3:17 AM, Fea.Wang wrote:
> > Follow the Svukte spec, do the memory access address checking
> >
> > 1. Include instruction fetches or explicit memory accesses
> > 2. System run in effective privilege U or VU
> > 3. Check senvcfg[UKTE] being set, or hstatus[HUKTE] being set if
> >     instruction is HLV, HLVX, HSV and excute from U mode to VU mode
> > 4. Depend on Sv39 and check virtual addresses bit[SXLEN-1]
> > 5. Raises a page-fault exception corresponding to the original access
> >     type.
> >
> > Ref: https://github.com/riscv/riscv-isa-manual/pull/1564/files
> >
> > Signed-off-by: Frank Chang <frank.chang@sifive.com>
> > Signed-off-by: Fea.Wang <fea.wang@sifive.com>
> > Reviewed-by: Jim Shu <jim.shu@sifive.com>
> > ---
> >   target/riscv/cpu_helper.c | 55 +++++++++++++++++++++++++++++++++++++++
> >   1 file changed, 55 insertions(+)
> >
> > diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
> > index 395a1d9140..db65ed14b9 100644
> > --- a/target/riscv/cpu_helper.c
> > +++ b/target/riscv/cpu_helper.c
> > @@ -777,6 +777,54 @@ static int get_physical_address_pmp(CPURISCVState
> *env, int *prot, hwaddr addr,
> >       return TRANSLATE_SUCCESS;
> >   }
> >
> > +/*
> > + * Return 'true' means no need to do svukte check, or need to do svukte
> and the
> > + * address is valid. Return 'false' means need to do svukte check but
> address
> > + * is invalid.
> > + */
> > +static bool check_svukte_valid(CPURISCVState *env, vaddr addr,
> > +                               int mode, bool virt)
> > +{
> > +    if (VM_1_10_SV39 != get_field(env->satp, SATP64_MODE))  {
> > +        /* Svukte extension depends on Sv39. */
> > +        return true;
> > +    }
> > +
> > +    /*
> > +     * Svukte extension is qualified only in U or VU-mode.
> > +     *
> > +     * Effective mode can be switched to U or VU-mode by:
> > +     *   - M-mode + mstatus.MPRV=1 + mstatus.MPP=U-mode.
> > +     *   - Execute HLV/HLVX/HSV from HS-mode + hstatus.SPVP=0.
> > +     *   - U-mode.
> > +     *   - VU-mode.
> > +     *   - Execute HLV/HLVX/HSV from U-mode + hstatus.HU=1.
> > +     */
> > +    if (mode != PRV_U) {
> > +        return true;
> > +    }
> > +
> > +    /*
> > +     * Check hstatus.HUKTE if the effective mode is switched to VU-mode
> by
> > +     * executing HLV/HLVX/HSV in U-mode.
> > +     * For other cases, check senvcfg.UKTE.
> > +     */
> > +    bool ukte = (env->priv == PRV_U && !env->virt_enabled && virt) ?
> > +                                           !!(env->hstatus &
> HSTATUS_HUKTE) :
> > +                                           !!(env->senvcfg &
> SENVCFG_UKTE);
>
> I would move the 'bool ukte' to the start of the function, and would avoid
> the
> ternary to make the code a bit more readable:
>
>        if (env->priv == PRV_U && !env->virt_enabled && virt) {
>            ukte = !!(env->hstatus & HSTATUS_HUKTE);
>        } else {
>            ukte = !!(env->senvcfg & SENVCFG_UKTE);
>        }
>
>
> > +
> > +    if (!ukte) {
> > +        return true;
> > +    }
> > +
> > +    uint32_t sxl = riscv_cpu_sxl(env);
> > +    sxl = (sxl == 0) ? MXL_RV32 : sxl;
> > +    uint32_t sxlen = 32 * sxl;
> > +    uint64_t high_bit = addr & (1UL << (sxlen - 1));
> > +
> > +    return !high_bit;
> > +}
> > +
> >   /*
> >    * get_physical_address - get the physical address for this virtual
> address
> >    *
> > @@ -814,11 +862,18 @@ static int get_physical_address(CPURISCVState
> *env, hwaddr *physical,
> >       MemTxResult res;
> >       MemTxAttrs attrs = MEMTXATTRS_UNSPECIFIED;
> >       int mode = mmuidx_priv(mmu_idx);
> > +    bool virt = mmuidx_2stage(mmu_idx);
> >       bool use_background = false;
> >       hwaddr ppn;
> >       int napot_bits = 0;
> >       target_ulong napot_mask;
> >
> > +    if (first_stage) {
> > +        if (!check_svukte_valid(env, addr, mode, virt)) {
> > +            return TRANSLATE_FAIL;
> > +        }
> > +    }
> > +
>
> We can avoid the nested 'if':
>
> > +    if (first_stage && !check_svukte_valid(env, addr, mode, virt)) {
> > +        return TRANSLATE_FAIL;
> > +    }
>
>
> I would also add a check for ext_svukte before doing any checks. If we
> don't have
> the ext enabled we can skip everything:
>
>
> > +    if (env_archcpu(env)->cfg.ext_svukte && first_stage &&
> > +        !check_svukte_valid(env, addr, mode, virt)) {
> > +        return TRANSLATE_FAIL;
> > +    }
>
>
>
> Thanks,
>
> Daniel
>
>
> >       /*
> >        * Check if we should use the background registers for the two
> >        * stage translation. We don't need to check if we actually need
>

[-- Attachment #2: Type: text/html, Size: 6567 bytes --]