From nobody Tue Oct 28 12:16:35 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1514941065861313.7284421976292; Tue, 2 Jan 2018 16:57:45 -0800 (PST) Received: from localhost ([::1]:33131 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eWXNI-0006d9-S9 for importer@patchew.org; Tue, 02 Jan 2018 19:57:44 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58784) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eWXCk-0005ju-5r for qemu-devel@nongnu.org; Tue, 02 Jan 2018 19:46:53 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eWXCh-00085O-V9 for qemu-devel@nongnu.org; Tue, 02 Jan 2018 19:46:50 -0500 Received: from mail-pl0-x22f.google.com ([2607:f8b0:400e:c01::22f]:46847) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1eWXCh-00085C-M7 for qemu-devel@nongnu.org; Tue, 02 Jan 2018 19:46:47 -0500 Received: by mail-pl0-x22f.google.com with SMTP id i6so128887plt.13 for ; Tue, 02 Jan 2018 16:46:47 -0800 (PST) Received: from localhost.localdomain (125-237-39-90.jetstream.xtra.co.nz. [125.237.39.90]) by smtp.gmail.com with ESMTPSA id 75sm97691351pfo.103.2018.01.02.16.46.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 02 Jan 2018 16:46:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=t86ARggGHp1sdHpQWaWqYEuiNoqaURmUVFPC7LHcPeI=; b=QIAtHdfZBxJyrCiEhZNTFJDWpnhvGPGyLcBB83AYP8iYN3VxqGO6vAHRSIPqLCXUcd VN7SRfvh1333KRCbSrbK21SeNDragtsL6kfbcrXwpdnqJmWOJl6+4qv4831MTad8KHjz R8CoA1qwwd5BitoCq83GpHXa7yGoloP0ha8oEFYk4MWiRLqK3F6N/5Euy+JawYTFio/e fU/T6uWijRymkOvHQz3E3aRZG9xFRnR1VV/3a6p8B7yKtKhB9dAIojusV98Yv7NvepX/ ANHfsUtgpBOBbl9gtp+T/Incnvkxjzrs8dshXpYpmtFW4oUeAZj7MROThdSpdpdUFQXK Ur5w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=t86ARggGHp1sdHpQWaWqYEuiNoqaURmUVFPC7LHcPeI=; b=IUahqi7fnlRypHeyKEQaYJcR9JczL2ZY4GKDZ/+bfR5oGvIOakhzxIBpvZrZuJW0c9 jL7BmKsI28TBnuHKSSo/R38RFzR9Bs8SYBmyyig4niewao0aJc6xYQIcOJAZKVEXJcjO BVsfgRUDDwBWxMYQwo/aKLtHsApjTv9sxrHcUt0ygy2YABMagUyvmvIg1Msw+Z3v1W80 U5NQFqRImkshm5VK90arhi6cyKUuDZgh8BHHE8VbA1xlENIF+g0v/6/klmGNW653u6ld CokTSwGODgFSkAtBWaw0IfhjI2WhY6Bryl9f6k9dRFI80pbUjiJ3bN+hB/+wKZt47kQM PLAg== X-Gm-Message-State: AKGB3mIUMvkBLvxE4lHDZqqr3/eHgELwP+1oUBo+okfcDM57W+WEBjZi f7jRUDVl7P2SGofRAbwcUjICm2oGZwI= X-Google-Smtp-Source: ACJfBos9Djal1/bOvLaS0KSU3puYT7ohY71X75ktMq2ug1gQ5K03bSG5H2IVhfPmiPHZGaxPJucXEw== X-Received: by 10.84.173.1 with SMTP id o1mr139478plb.135.1514940406407; Tue, 02 Jan 2018 16:46:46 -0800 (PST) From: Michael Clark To: qemu-devel@nongnu.org Date: Wed, 3 Jan 2018 13:44:13 +1300 Message-Id: <1514940265-18093-10-git-send-email-mjc@sifive.com> X-Mailer: git-send-email 2.7.0 In-Reply-To: <1514940265-18093-1-git-send-email-mjc@sifive.com> References: <1514940265-18093-1-git-send-email-mjc@sifive.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:400e:c01::22f Subject: [Qemu-devel] [PATCH v1 09/21] RISC-V Physical Memory Protection X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Bastian Koppelmann , Michael Clark , Sagar Karandikar Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Implements the physical memory protection extension as specified in Privileged ISA Version 1.10. Signed-off-by: Michael Clark --- target/riscv/pmp.c | 381 +++++++++++++++++++++++++++++++++++++++++++++++++= ++++ target/riscv/pmp.h | 70 ++++++++++ 2 files changed, 451 insertions(+) create mode 100644 target/riscv/pmp.c create mode 100644 target/riscv/pmp.h diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c new file mode 100644 index 0000000..04f1df7 --- /dev/null +++ b/target/riscv/pmp.c @@ -0,0 +1,381 @@ +/* + * QEMU RISC-V PMP (Physical Memory Protection) + * + * Author: Daire McNamara, daire.mcnamara@emdalo.com + * Ivan Griffin, ivan.griffin@emdalo.com + * + * This provides a RISC-V Physical Memory Protection implementation + * + * Permission is hereby granted, free of charge, to any person obtaining a= copy + * of this software and associated documentation files (the "Software"), t= o deal + * in the Software without restriction, including without limitation the r= ights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or se= ll + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included= in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS= OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OT= HER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING= FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS = IN + * THE SOFTWARE. + */ + +#include "qemu/osdep.h" +#include "qapi/error.h" +#include "cpu.h" +#include "qemu-common.h" + +/* #define DEBUG_PMP 1 */ + +#ifndef CONFIG_USER_ONLY + +#ifdef DEBUG_PMP +#define PMP_PRINTF(fmt, ...) \ +do { fprintf(stderr, "pmp: " fmt, ## __VA_ARGS__); } while (0) +#else +#define PMP_PRINTF(fmt, ...) \ +do {} while (0) +#endif + +static void pmp_write_cfg(CPURISCVState *env, uint32_t addr_index, + uint8_t val); +static uint8_t pmp_read_cfg(CPURISCVState *env, uint32_t addr_index); +static void pmp_update_rule(CPURISCVState *env, uint32_t pmp_index); + +/* + * Accessor method to extract address matching type 'a field' from cfg reg + */ +static inline uint8_t pmp_get_a_field(uint8_t cfg) +{ + uint8_t a =3D cfg >> 3; + return a & 0x3; +} + +/* + * Check whether a PMP is locked or not. + */ +static inline int pmp_is_locked(CPURISCVState *env, uint32_t pmp_index) +{ + + if (env->pmp_state.pmp[pmp_index].cfg_reg & PMP_LOCK) { + return 1; + } + + /* Top PMP has no 'next' to check */ + if ((pmp_index + 1u) >=3D MAX_RISCV_PMPS) { + return 0; + } + + /* In TOR mode, need to check the lock bit of the next pmp + * (if there is a next) + */ + const uint8_t a_field =3D + pmp_get_a_field(env->pmp_state.pmp[pmp_index + 1].cfg_reg); + if ((env->pmp_state.pmp[pmp_index + 1u].cfg_reg & PMP_LOCK) && + (PMP_AMATCH_TOR =3D=3D a_field)) { + return 1; + } + + return 0; +} + +/* + * Count the number of active rules. + */ +static inline uint32_t pmp_get_num_rules(CPURISCVState *env) +{ + return env->pmp_state.num_rules; +} + +/* + * Accessor to get the cfg reg for a specific PMP/HART + */ +static inline uint8_t pmp_read_cfg(CPURISCVState *env, uint32_t pmp_index) +{ + if (pmp_index < MAX_RISCV_PMPS) { + return env->pmp_state.pmp[pmp_index].cfg_reg; + } + + return 0; +} + + +/* + * Accessor to set the cfg reg for a specific PMP/HART + * Bounds checks and relevant lock bit. + */ +static void pmp_write_cfg(CPURISCVState *env, uint32_t pmp_index, uint8_t = val) +{ + if (pmp_index < MAX_RISCV_PMPS) { + if (!pmp_is_locked(env, pmp_index)) { + env->pmp_state.pmp[pmp_index].cfg_reg =3D val; + pmp_update_rule(env, pmp_index); + } else { + PMP_PRINTF("Ignoring pmpcfg write - locked\n"); + } + } else { + PMP_PRINTF("Ignoring pmpcfg write - out of bounds\n"); + } +} + +static target_ulong pmp_get_napot_base_and_range(target_ulong reg, + target_ulong *range) +{ + /* construct a mask of all bits bar the top bit */ + target_ulong mask =3D 0u; + target_ulong base =3D reg; + target_ulong numbits =3D (sizeof(target_ulong) * 8u) + 2u; + mask =3D (mask - 1u) >> 1; + + while (mask) { + if ((reg & mask) =3D=3D mask) { + /* this is the mask to use */ + base =3D reg & ~mask; + break; + } + mask >>=3D 1; + numbits--; + } + + *range =3D (1lu << numbits) - 1u; + return base; +} + + +/* Convert cfg/addr reg values here into simple 'sa' --> start address and= 'ea' + * end address values. + * This function is called relatively infrequently whereas the check that + * an address is within a pmp rule is called often, so optimise that one + */ +static void pmp_update_rule(CPURISCVState *env, uint32_t pmp_index) +{ + int i; + + env->pmp_state.num_rules =3D 0; + + uint8_t this_cfg =3D env->pmp_state.pmp[pmp_index].cfg_reg; + target_ulong this_addr =3D env->pmp_state.pmp[pmp_index].addr_reg; + target_ulong prev_addr =3D 0u; + target_ulong sa =3D 0u; + target_ulong ea =3D 0u; + + if (pmp_index >=3D 1u) { + prev_addr =3D env->pmp_state.pmp[pmp_index].addr_reg; + } + + switch (pmp_get_a_field(this_cfg)) { + case PMP_AMATCH_OFF: + sa =3D 0u; + ea =3D -1; + break; + + case PMP_AMATCH_TOR: + sa =3D prev_addr << 2; /* shift up from [xx:0] to [xx+2:2] */ + ea =3D (this_addr << 2) - 1u; + break; + + case PMP_AMATCH_NA4: + sa =3D this_addr << 2; /* shift up from [xx:0] to [xx+2:2] */ + ea =3D (this_addr + 4u) - 1u; + break; + + case PMP_AMATCH_NAPOT: + sa =3D pmp_get_napot_base_and_range(this_addr, &ea); + sa =3D this_addr << 2; /* shift up from [xx:0] to [xx+2:2] */ + ea +=3D sa; + break; + + default: + sa =3D 0u; + ea =3D 0u; + break; + } + + env->pmp_state.addr[pmp_index].sa =3D sa; + env->pmp_state.addr[pmp_index].ea =3D ea; + + for (i =3D 0; i < MAX_RISCV_PMPS; i++) { + const uint8_t a_field =3D + pmp_get_a_field(env->pmp_state.pmp[i].cfg_reg); + if (PMP_AMATCH_OFF !=3D a_field) { + env->pmp_state.num_rules++; + } + } +} + +static int pmp_is_in_range(CPURISCVState *env, int pmp_index, target_ulong= addr) +{ + int result =3D 0; + + if ((addr >=3D env->pmp_state.addr[pmp_index].sa) + && (addr < env->pmp_state.addr[pmp_index].ea)) { + result =3D 1; + } else { + result =3D 0; + } + + return result; +} + + +/* + * Public Interface + */ + +/* + * Check if the address has required RWX privs to complete desired operati= on + */ +bool pmp_hart_has_privs(CPURISCVState *env, target_ulong addr, + target_ulong size, pmp_priv_t privs) +{ + int i =3D 0; + int ret =3D -1; + target_ulong s =3D 0; + target_ulong e =3D 0; + pmp_priv_t allowed_privs =3D 0; + + /* Short cut if no rules */ + if (0 =3D=3D pmp_get_num_rules(env)) { + return true; + } + + /* 1.10 draft priv spec states there is an implicit order + from low to high */ + for (i =3D 0; i < MAX_RISCV_PMPS; i++) { + s =3D pmp_is_in_range(env, i, addr); + e =3D pmp_is_in_range(env, i, addr + size); + + /* partially inside */ + if ((s + e) =3D=3D 1) { + PMP_PRINTF("pmp violation - access is partially in /" + " partially out\n"); + ret =3D 0; + break; + } + + /* fully inside */ + const uint8_t a_field =3D + pmp_get_a_field(env->pmp_state.pmp[i].cfg_reg); + if ((s + e) =3D=3D 2) { + if (PMP_AMATCH_OFF =3D=3D a_field) { + return 1; + } + + allowed_privs =3D PMP_READ | PMP_WRITE | PMP_EXEC; + if ((env->priv !=3D PRV_M) || pmp_is_locked(env, i)) { + allowed_privs &=3D env->pmp_state.pmp[i].cfg_reg; + } + + if ((privs & allowed_privs) =3D=3D privs) { + ret =3D 1; + break; + } else { + ret =3D 0; + break; + } + } + } + + /* No rule matched */ + if (ret =3D=3D -1) { + if (env->priv =3D=3D PRV_M) { + ret =3D 1; /* Privileged spec v1.10 states if no PMP entry mat= ches an + * M-Mode access, the access succeeds */ + } else { + ret =3D 0; /* Other modes are not allowed to succeed if they d= on't + * match a rule, but there are rules. We've checked = for + * no rule earlier in this function. */ + } + } + + return ret =3D=3D 1 ? true : false; +} + + +/* + * Handle a write to a pmpcfg CSP + */ +void pmpcfg_csr_write(CPURISCVState *env, uint32_t reg_index, + target_ulong val) +{ + int i; + uint8_t cfg_val; + + PMP_PRINTF("hart%d pmpcfg_reg%d val: 0x" TARGET_FMT_lx "\n", + env->mhartid, reg_index, val); + + if ((reg_index & 1) && (sizeof(target_ulong) =3D=3D 8)) { + PMP_PRINTF("Ignoring pmpcfg write - incorrect address\n"); + return; + } + + for (i =3D 0; i < sizeof(target_ulong); i++) { + cfg_val =3D (val >> 8 * i) & 0xff; + pmp_write_cfg(env, (reg_index * sizeof(target_ulong)) + i, + cfg_val); + } +} + + +/* + * Handle a read from a pmpcfg CSP + */ +target_ulong pmpcfg_csr_read(CPURISCVState *env, uint32_t reg_index) +{ + int i; + target_ulong cfg_val =3D 0; + uint8_t val =3D 0; + + for (i =3D 0; i < sizeof(target_ulong); i++) { + val =3D pmp_read_cfg(env, (reg_index * sizeof(target_ulong)) + i); + cfg_val |=3D (val << (i * 8)); + } + + PMP_PRINTF("hart%d pmpcfg_reg%d, (rval: 0x" TARGET_FMT_lx ")\n", + env->mhartid, reg_index, cfg_val); + + return cfg_val; +} + + +/* + * Handle a write to a pmpaddr CSP + */ +void pmpaddr_csr_write(CPURISCVState *env, uint32_t addr_index, + target_ulong val) +{ + PMP_PRINTF("hart%d addr%d val: 0x" TARGET_FMT_lx "\n", + env->mhartid, addr_index, val); + + /* val &=3D 0x3ffffffffffffful; */ + + if (addr_index < MAX_RISCV_PMPS) { + if (!pmp_is_locked(env, addr_index)) { + env->pmp_state.pmp[addr_index].addr_reg =3D val; + pmp_update_rule(env, addr_index); + } else { + PMP_PRINTF("Ignoring pmpaddr write - locked\n"); + } + } else { + PMP_PRINTF("Ignoring pmpaddr write - out of bounds\n"); + } +} + + +/* + * Handle a read from a pmpaddr CSP + */ +target_ulong pmpaddr_csr_read(CPURISCVState *env, uint32_t addr_index) +{ + PMP_PRINTF("hart%d addr%d (val: 0x" TARGET_FMT_lx ")\n", + env->mhartid, addr_index, + env->pmp_state.pmp[addr_index].addr_reg); + return env->pmp_state.pmp[addr_index].addr_reg; +} + +#endif diff --git a/target/riscv/pmp.h b/target/riscv/pmp.h new file mode 100644 index 0000000..9f2c32d --- /dev/null +++ b/target/riscv/pmp.h @@ -0,0 +1,70 @@ +/* + * QEMU RISC-V PMP (Physical Memory Protection) + * + * Author: Daire McNamara, daire.mcnamara@emdalo.com + * Ivan Griffin, ivan.griffin@emdalo.com + * + * This provides a RISC-V Physical Memory Protection interface + * + * Permission is hereby granted, free of charge, to any person obtaining a= copy + * of this software and associated documentation files (the "Software"), t= o deal + * in the Software without restriction, including without limitation the r= ights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or se= ll + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included= in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS= OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OT= HER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING= FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS = IN + * THE SOFTWARE. + */ + +#ifndef _RISCV_PMP_H_ +#define _RISCV_PMP_H_ + +typedef enum { + PMP_READ =3D 1 << 0, + PMP_WRITE =3D 1 << 1, + PMP_EXEC =3D 1 << 2, + PMP_LOCK =3D 1 << 7 +} pmp_priv_t; + +typedef enum { + PMP_AMATCH_OFF, /* Null (off) */ + PMP_AMATCH_TOR, /* Top of Range */ + PMP_AMATCH_NA4, /* Naturally aligned four-byte region */ + PMP_AMATCH_NAPOT /* Naturally aligned power-of-two region */ +} pmp_am_t; + +typedef struct { + target_ulong addr_reg; + uint8_t cfg_reg; +} pmp_entry_t; + +typedef struct { + target_ulong sa; + target_ulong ea; +} pmp_addr_t; + +typedef struct { + pmp_entry_t pmp[MAX_RISCV_PMPS]; + pmp_addr_t addr[MAX_RISCV_PMPS]; + uint32_t num_rules; +} pmp_table_t; + +void pmpcfg_csr_write(CPURISCVState *env, uint32_t reg_index, + target_ulong val); +target_ulong pmpcfg_csr_read(CPURISCVState *env, uint32_t reg_index); +void pmpaddr_csr_write(CPURISCVState *env, uint32_t addr_index, + target_ulong val); +target_ulong pmpaddr_csr_read(CPURISCVState *env, uint32_t addr_index); +bool pmp_hart_has_privs(CPURISCVState *env, target_ulong addr, + target_ulong size, pmp_priv_t priv); + +#endif --=20 2.7.0