From: Richard Henderson <richard.henderson@linaro.org>
To: Alistair Francis <alistair.francis@wdc.com>,
qemu-devel@nongnu.org, qemu-riscv@nongnu.org
Cc: alistair23@gmail.com, palmer@dabbelt.com
Subject: Re: [PATCH for 5.0 v1 1/2] riscv: Don't use stage-2 PTE lookup protection flags
Date: Thu, 26 Mar 2020 16:50:03 -0700 [thread overview]
Message-ID: <a7f32084-2060-1de5-8308-987bcddf1e6d@linaro.org> (raw)
In-Reply-To: <931db85d6890ed4bc2b527fd1011197cd28299aa.1585262586.git.alistair.francis@wdc.com>
On 3/26/20 3:44 PM, Alistair Francis wrote:
> When doing the fist of a two stage lookup (Hypervisor extensions) don't
> set the current protection flags from the second stage lookup of the
> base address PTE.
>
> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
> ---
> target/riscv/cpu_helper.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
> index d3ba9efb02..f36d184b7b 100644
> --- a/target/riscv/cpu_helper.c
> +++ b/target/riscv/cpu_helper.c
> @@ -452,10 +452,11 @@ restart:
> hwaddr pte_addr;
>
> if (two_stage && first_stage) {
> + int vbase_prot;
> hwaddr vbase;
>
> /* Do the second stage translation on the base PTE address. */
> - get_physical_address(env, &vbase, prot, base, access_type,
> + get_physical_address(env, &vbase, &vbase_prot, base, access_type,
> mmu_idx, false, true);
>
> pte_addr = vbase + idx * ptesize;
>
Certainly stage2 pte lookup has nothing to do with the original lookup, so
using a new variable for prot is correct.
So as far as this minimal patch,
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
However, this bit of code doesn't look right:
(1) Similarly, what has the original access_type got to do with the PTE lookup?
Seems like this should be MMU_DATA_LOAD always.
(2) Why is the get_physical_address return value ignored? On failure, surely
this should be some sort of PTE lookup failure.
(3) Do we need to validate vbase_prot for write before updating the PTE for
Access or Dirty? That seems like a loop-hole to allow silent modification of
hypervisor read-only memory.
I do wonder if it might be easier to manage all of this by using additional
TLBs to handle the stage2 and physical address spaces. That's probably too
invasive for this stage of development though.
r~
next prev parent reply other threads:[~2020-03-26 23:51 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-26 22:44 [PATCH for 5.0 v1 0/2] RISC-V: Fix Hypervisor guest user space Alistair Francis
2020-03-26 22:44 ` [PATCH for 5.0 v1 1/2] riscv: Don't use stage-2 PTE lookup protection flags Alistair Francis
2020-03-26 23:50 ` Richard Henderson [this message]
2020-06-25 19:02 ` Alistair Francis
2020-06-27 22:48 ` Richard Henderson
2020-03-26 22:44 ` [PATCH for 5.0 v1 2/2] riscv: AND stage-1 and stage-2 " Alistair Francis
2020-03-26 23:32 ` Richard Henderson
2020-03-26 23:45 ` Alistair Francis
2020-03-27 0:00 ` [PATCH for 5.0 v1 0/2] RISC-V: Fix Hypervisor guest user space Palmer Dabbelt
2020-03-30 4:23 ` Anup Patel
2020-04-20 19:16 ` Alistair Francis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a7f32084-2060-1de5-8308-987bcddf1e6d@linaro.org \
--to=richard.henderson@linaro.org \
--cc=alistair.francis@wdc.com \
--cc=alistair23@gmail.com \
--cc=palmer@dabbelt.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-riscv@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).