qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
* [PATCH v2] target/riscv: Fix Guest Physical Address Translation
@ 2023-04-07 15:32 Irina Ryapolova
  2023-04-08 12:30 ` liweiwei
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Irina Ryapolova @ 2023-04-07 15:32 UTC (permalink / raw)
  To: qemu-devel
  Cc: palmer, alistair.francis, bin.meng, liweiwei, dbarboza,
	zhiwei_liu, qemu-riscv, Irina Ryapolova

Before changing the flow check for sv39/48/57.

According to specification (for Supervisor mode):
Sv39 implementations support a 39-bit virtual address space, divided into 4 KiB pages.
Instruction fetch addresses and load and store effective addresses, which are 64 bits,
must have bits 63–39 all equal to bit 38, or else a page-fault exception will occur.
Likewise for Sv48 and Sv57.

So the high bits are equal to bit 38 for sv39.

According to specification (for Hypervisor mode):
For Sv39x4, address bits of the guest physical address 63:41 must all be zeros, or else a
guest-page-fault exception occurs.

Likewise for Sv48x4 and Sv57x4.
For Sv48x4 address bits 63:50 must all be zeros, or else a guest-page-fault exception occurs.
For Sv57x4 address bits 63:59 must all be zeros, or else a guest-page-fault exception occurs.

For example we are trying to access address 0xffff_ffff_ff01_0000 with only G-translation enabled.
So expected behavior is to generate exception. But qemu doesn't generate such exception.

For the old check, we get
va_bits == 41, mask == (1 << 24) - 1, masked_msbs == (0xffff_ffff_ff01_0000 >> 40) & mask == mask.
Accordingly, the condition masked_msbs != 0 && masked_msbs != mask is not fulfilled
and the check passes.

Signed-off-by: Irina Ryapolova <irina.ryapolova@syntacore.com>
---
Changes for v2:
  -Add more detailed commit message
---
 target/riscv/cpu_helper.c | 25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index f88c503cf4..27289f2305 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -863,17 +863,24 @@ static int get_physical_address(CPURISCVState *env, hwaddr *physical,
 
     CPUState *cs = env_cpu(env);
     int va_bits = PGSHIFT + levels * ptidxbits + widened;
-    target_ulong mask, masked_msbs;
 
-    if (TARGET_LONG_BITS > (va_bits - 1)) {
-        mask = (1L << (TARGET_LONG_BITS - (va_bits - 1))) - 1;
-    } else {
-        mask = 0;
-    }
-    masked_msbs = (addr >> (va_bits - 1)) & mask;
+    if (first_stage == true) {
+        target_ulong mask, masked_msbs;
+
+        if (TARGET_LONG_BITS > (va_bits - 1)) {
+            mask = (1L << (TARGET_LONG_BITS - (va_bits - 1))) - 1;
+        } else {
+            mask = 0;
+        }
+        masked_msbs = (addr >> (va_bits - 1)) & mask;
 
-    if (masked_msbs != 0 && masked_msbs != mask) {
-        return TRANSLATE_FAIL;
+        if (masked_msbs != 0 && masked_msbs != mask) {
+            return TRANSLATE_FAIL;
+        }
+    } else {
+        if (vm != VM_1_10_SV32 && addr >> va_bits != 0) {
+            return TRANSLATE_FAIL;
+        }
     }
 
     int ptshift = (levels - 1) * ptidxbits;
-- 
2.25.1



^ permalink raw reply related	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-04-17  4:58 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-04-07 15:32 [PATCH v2] target/riscv: Fix Guest Physical Address Translation Irina Ryapolova
2023-04-08 12:30 ` liweiwei
2023-04-17  3:49 ` Alistair Francis
2023-04-17  4:57 ` Alistair Francis

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).