Re: [PATCH v2 2/5] [RISCV_PM] Support CSRs required for RISC-V PM extension except for ones in hypervisor mode

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Richard Henderson <richard.henderson@linaro.org>
To: Alexey Baturo <baturo.alexey@gmail.com>
Cc: qemu-riscv@nongnu.org, sagark@eecs.berkeley.edu,
	kbastian@mail.uni-paderborn.de, qemu-devel@nongnu.org,
	space.monkey.delivers@gmail.com, Alistair.Francis@wdc.com,
	kupokupokupopo@gmail.com, palmer@dabbelt.com
Subject: Re: [PATCH v2 2/5] [RISCV_PM] Support CSRs required for RISC-V PM extension except for ones in hypervisor mode
Date: Thu, 15 Oct 2020 09:48:15 -0700	[thread overview]
Message-ID: <d39e0c59-3b04-6401-aaac-8e202fb5036a@linaro.org> (raw)
In-Reply-To: <20201015152139.28903-2-space.monkey.delivers@gmail.com>

On 10/15/20 8:21 AM, Alexey Baturo wrote:
> +/* Functions to access Pointer Masking feature registers 
> + * We have to check if current priv lvl could modify
> + * csr in given mode
> + */
> +static int check_pm_current_disabled(CPURISCVState *env, int csrno)
> +{
> +    /* m-mode is always allowed to modify registers, so allow */
> +    if (env->priv == PRV_M) {
> +        return 0;
> +    }
> +    int csr_priv = get_field(csrno, 0xC00);
> +    /* If priv lvls differ that means we're accessing csr from higher priv lvl, so allow */
> +    if (env->priv != csr_priv) {
> +        return 0;
> +    }
> +    int cur_bit_pos = (env->priv == PRV_U) ? U_PM_CURRENT :
> +                      (env->priv == PRV_S) ? S_PM_CURRENT : -1;
> +    assert(cur_bit_pos != -1);

This is a bit clumsy.  I suggest

    int cur_bit_pos;
    switch (env->priv) {
    case PRV_M:
        return 0;
    case PRV_S:
        cur_bit_pos = S_PM_CURRENT;
        break;
    case PRV_U:
        cur_bit_pos = U_PM_CURRENT;
        break;
    default:
        g_assert_not_reached();
    }

> +static int read_mmte(CPURISCVState *env, int csrno, target_ulong *val)
> +{
> +#if !defined(CONFIG_USER_ONLY)
> +    if (!riscv_has_ext(env, RVJ)) {
> +        *val = 0;
> +        return 0;
> +    }
> +#endif

This ifdef is wrong.  CONFIG_USER_ONLY doesn't have anything to do with what
features the cpu supports.  Nor can it be correct.  If you try to read this on
current hardware, without J, then you get an exception not zero.

I would have expected this check would actually go into the csr predicate function.

> +    *val = env->mmte & MMTE_MASK;

Surely you don't need MMTE_MASK here because you used it when writing.

That said, don't you also need to mask vs the current priv level?  There's
language in your doc that says "XS bits are available in..." and "PM bits are
available in...".

I'll also note that it says "by default only higher priv code can set the value
for PM bits", while surely it's a security bug for lower priv code to read
anything related to a higher priv.

> +    target_ulong wpri_val = val & SMTE_MASK;
> +    assert(val == wpri_val);

Incorrect assert.  This value is under guest control.  Do not crash qemu
because the guest is doing silly things.  Raise an exception if you like, and
perhaps qemu_log_mask with LOG_GUEST_ERROR.

> +    if (check_pm_current_disabled(env, csrno))
> +        return 0;

Missing braces.

r~

next prev parent reply	other threads:[~2020-10-15 16:57 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-10-15 15:21 [PATCH v2 1/5] [RISCV_PM] Add J-extension into RISC-V Alexey Baturo
2020-10-15 15:21 ` [PATCH v2 2/5] [RISCV_PM] Support CSRs required for RISC-V PM extension except for ones in hypervisor mode Alexey Baturo
2020-10-15 16:48   ` Richard Henderson [this message]
2020-10-15 17:28     ` Alexey Baturo
2020-10-15 18:05       ` Alexey Baturo
2020-10-16 17:16         ` Richard Henderson
2020-10-15 15:21 ` [PATCH v2 3/5] [RISCV_PM] Print new PM CSRs in QEMU logs Alexey Baturo
2020-10-15 15:21 ` [PATCH v2 4/5] [RISCV_PM] Support pointer masking for RISC-V for i/c/f/d/a types of instructions Alexey Baturo
2020-10-15 17:00   ` Richard Henderson
2020-10-15 17:30     ` Alexey Baturo
2020-10-15 15:21 ` [PATCH v2 5/5] [RISCV_PM] Implement address masking functions required for RISC-V Pointer Masking extension Alexey Baturo
2020-10-15 17:07   ` Richard Henderson
2020-10-15 17:33     ` Alexey Baturo

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=d39e0c59-3b04-6401-aaac-8e202fb5036a@linaro.org \
    --to=richard.henderson@linaro.org \
    --cc=Alistair.Francis@wdc.com \
    --cc=baturo.alexey@gmail.com \
    --cc=kbastian@mail.uni-paderborn.de \
    --cc=kupokupokupopo@gmail.com \
    --cc=palmer@dabbelt.com \
    --cc=qemu-devel@nongnu.org \
    --cc=qemu-riscv@nongnu.org \
    --cc=sagark@eecs.berkeley.edu \
    --cc=space.monkey.delivers@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).