From nobody Mon Feb  9 18:19:38 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as
 permitted sender) client-ip=208.118.235.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted
 sender)  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (208.118.235.17 [208.118.235.17]) by
 mx.zohomail.com
	with SMTPS id 1527034736061151.6619769303668;
 Tue, 22 May 2018 17:18:56 -0700 (PDT)
Received: from localhost ([::1]:58493 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1fLHUQ-0000ND-1S
	for importer@patchew.org; Tue, 22 May 2018 20:18:50 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:41961)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mjc@sifive.com>) id 1fLHSY-0007mG-Ph
	for qemu-devel@nongnu.org; Tue, 22 May 2018 20:16:56 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mjc@sifive.com>) id 1fLHSX-0000UR-IO
	for qemu-devel@nongnu.org; Tue, 22 May 2018 20:16:54 -0400
Received: from mail-pl0-x231.google.com ([2607:f8b0:400e:c01::231]:37312)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <mjc@sifive.com>) id 1fLHSX-0000U2-9o
	for qemu-devel@nongnu.org; Tue, 22 May 2018 20:16:53 -0400
Received: by mail-pl0-x231.google.com with SMTP id w19-v6so11865317plq.4
	for <qemu-devel@nongnu.org>; Tue, 22 May 2018 17:16:53 -0700 (PDT)
Received: from localhost.localdomain (122-58-167-22-fibre.bb.spark.co.nz.
	[122.58.167.22]) by smtp.gmail.com with ESMTPSA id
	j1-v6sm28935626pfh.95.2018.05.22.17.16.48
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Tue, 22 May 2018 17:16:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=03dLfiDj8qjkXwW4RDzLNS2EYBz3/ZovS1Jgdy4B6u8=;
	b=HjRGNSePfyh+FATbnOsBXB/d5ctNPqfO3KciaAZI9QsaHwFJlIFQDtEKtveY7p7kLT
	O8aA/MgTQP6vDMOOtkOmGCyDWTbx+oVaaOPnvJX0o+D+ZCRasarHbPf9nH0zQ/+IToDw
	tJ3hWWxyYOMkQymLn2jeu6l1gAE1tQysk1G52Sz+4f2FiQYYkU8OWKnpTqk1UPvf00O9
	44iGCF5CKx1VtASSet6tjbr1B9VOmlpsuB97Uct6oLyd3jnkVNGKIx/kpslp2riwl1lN
	vFJuD1jiamKRkVr0Qty1Wwb2BwV9QcdSgx7oTqymi+RAENOHqONjv4OGim7JR4HRqhXb
	0bhg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=03dLfiDj8qjkXwW4RDzLNS2EYBz3/ZovS1Jgdy4B6u8=;
	b=hOgiSrA0iLRM7ELc6kguM+T4y4II1SEJCF2CphdTFY4AmFxCpVaxkT96yi7x7hKMCz
	En7jZmZ9QaEM43fVBxt7TRbdSxTxCpfVBmDzrIutW3kvFWRuiWo+5dXFFuBXS0O+McEs
	ThvJ1pjc1sMMLBpDDkrnIHhAI4eqmLh1rIi+ZjLLXDFP3pUOx1tLSyxDpEG/F3DCehCl
	KIXHLqbObIvFU8JSqQtw1KhMlrOMvHlA1wUm9q4OmTfcnfBcGsDjFzYEIik4LrnsXOb6
	QvQvHBWPWUwZG4zXMsTfLuE0ncD1qJFJ8jGs1LU85aLcNi9NGKko2M8FqTUamnvv9JFJ
	6nGQ==
X-Gm-Message-State: ALKqPwfVaiK1zs1KYsH/E1qnN7sOa/v73n0+Iyr21iLvSNHUI2KWPwSi
	5FzDBniX0xl723Rh40AAJs0CUxRp5Fw=
X-Google-Smtp-Source: 
 AB8JxZqLZT+IzMkteu3SKzET+aotwHJLsB3/eBirdXZQNbsjF4vguYkXCPf4KMGdg7C83T073AuFyQ==
X-Received: by 2002:a17:902:8685:: with SMTP id
	g5-v6mr598131plo.302.1527034612343;
	Tue, 22 May 2018 17:16:52 -0700 (PDT)
From: Michael Clark <mjc@sifive.com>
To: qemu-devel@nongnu.org
Date: Wed, 23 May 2018 12:14:49 +1200
Message-Id: <1527034517-7851-3-git-send-email-mjc@sifive.com>
X-Mailer: git-send-email 2.7.0
In-Reply-To: <1527034517-7851-1-git-send-email-mjc@sifive.com>
References: <1527034517-7851-1-git-send-email-mjc@sifive.com>
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 2607:f8b0:400e:c01::231
Subject: [Qemu-devel] [PATCH v1 02/30] RISC-V: Improve page table walker
 spec compliance
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: Sagar Karandikar <sagark@eecs.berkeley.edu>,
	Bastian Koppelmann <kbastian@mail.uni-paderborn.de>,
	Palmer Dabbelt <palmer@sifive.com>, Michael Clark <mjc@sifive.com>,
	Alistair Francis <Alistair.Francis@wdc.com>, patches@groups.riscv.org
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDKM_2  RSF_0  Z_629925259 SPT_0
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"

- Inline PTE_TABLE check for better readability
- Change access checks from ternary operator to if
- Improve readibility of User page U mode and SUM test
- Disallow non U mode from fetching from User pages
- Add reserved PTE flag check: W or W|X
- Add misaligned PPN check
- Set READ protection for PTE X flag and mstatus.mxr
- Use memory_region_is_ram in pte update

Cc: Sagar Karandikar <sagark@eecs.berkeley.edu>
Cc: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Cc: Palmer Dabbelt <palmer@sifive.com>
Cc: Alistair Francis <Alistair.Francis@wdc.com>
Signed-off-by: Michael Clark <mjc@sifive.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
---
 target/riscv/cpu_bits.h |  2 --
 target/riscv/helper.c   | 64 ++++++++++++++++++++++++++++++++++-----------=
----
 2 files changed, 45 insertions(+), 21 deletions(-)

diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
index 64aa097181fa..12b4757088f4 100644
--- a/target/riscv/cpu_bits.h
+++ b/target/riscv/cpu_bits.h
@@ -407,5 +407,3 @@
 #define PTE_SOFT  0x300 /* Reserved for Software */
=20
 #define PTE_PPN_SHIFT 10
-
-#define PTE_TABLE(PTE) (((PTE) & (PTE_V | PTE_R | PTE_W | PTE_X)) =3D=3D P=
TE_V)
diff --git a/target/riscv/helper.c b/target/riscv/helper.c
index 95889f23b94d..3b57e1360549 100644
--- a/target/riscv/helper.c
+++ b/target/riscv/helper.c
@@ -185,16 +185,39 @@ restart:
 #endif
         target_ulong ppn =3D pte >> PTE_PPN_SHIFT;
=20
-        if (PTE_TABLE(pte)) { /* next level of page table */
+        if (!(pte & PTE_V)) {
+            /* Invalid PTE */
+            return TRANSLATE_FAIL;
+        } else if (!(pte & (PTE_R | PTE_W | PTE_X))) {
+            /* Inner PTE, continue walking */
             base =3D ppn << PGSHIFT;
-        } else if ((pte & PTE_U) ? (mode =3D=3D PRV_S) && !sum : !(mode =
=3D=3D PRV_S)) {
-            break;
-        } else if (!(pte & PTE_V) || (!(pte & PTE_R) && (pte & PTE_W))) {
-            break;
-        } else if (access_type =3D=3D MMU_INST_FETCH ? !(pte & PTE_X) :
-                  access_type =3D=3D MMU_DATA_LOAD ?  !(pte & PTE_R) &&
-                  !(mxr && (pte & PTE_X)) : !((pte & PTE_R) && (pte & PTE_=
W))) {
-            break;
+        } else if ((pte & (PTE_R | PTE_W | PTE_X)) =3D=3D PTE_W) {
+            /* Reserved leaf PTE flags: PTE_W */
+            return TRANSLATE_FAIL;
+        } else if ((pte & (PTE_R | PTE_W | PTE_X)) =3D=3D (PTE_W | PTE_X))=
 {
+            /* Reserved leaf PTE flags: PTE_W + PTE_X */
+            return TRANSLATE_FAIL;
+        } else if ((pte & PTE_U) && ((mode !=3D PRV_U) &&
+                   (!sum || access_type =3D=3D MMU_INST_FETCH))) {
+            /* User PTE flags when not U mode and mstatus.SUM is not set,
+               or the access type is an instruction fetch */
+            return TRANSLATE_FAIL;
+        } else if (!(pte & PTE_U) && (mode !=3D PRV_S)) {
+            /* Supervisor PTE flags when not S mode */
+            return TRANSLATE_FAIL;
+        } else if (ppn & ((1ULL << ptshift) - 1)) {
+            /* Misasligned PPN */
+            return TRANSLATE_FAIL;
+        } else if (access_type =3D=3D MMU_DATA_LOAD && !((pte & PTE_R) ||
+                   ((pte & PTE_X) && mxr))) {
+            /* Read access check failed */
+            return TRANSLATE_FAIL;
+        } else if (access_type =3D=3D MMU_DATA_STORE && !(pte & PTE_W)) {
+            /* Write access check failed */
+            return TRANSLATE_FAIL;
+        } else if (access_type =3D=3D MMU_INST_FETCH && !(pte & PTE_X)) {
+            /* Fetch access check failed */
+            return TRANSLATE_FAIL;
         } else {
             /* if necessary, set accessed and dirty bits. */
             target_ulong updated_pte =3D pte | PTE_A |
@@ -202,16 +225,19 @@ restart:
=20
             /* Page table updates need to be atomic with MTTCG enabled */
             if (updated_pte !=3D pte) {
-                /* if accessed or dirty bits need updating, and the PTE is
-                 * in RAM, then we do so atomically with a compare and swa=
p.
-                 * if the PTE is in IO space, then it can't be updated.
-                 * if the PTE changed, then we must re-walk the page table
-                   as the PTE is no longer valid */
+                /*
+                 * - if accessed or dirty bits need updating, and the PTE =
is
+                 *   in RAM, then we do so atomically with a compare and s=
wap.
+                 * - if the PTE is in IO space or ROM, then it can't be up=
dated
+                 *   and we return TRANSLATE_FAIL.
+                 * - if the PTE changed by the time we went to update it, =
then
+                 *   it is no longer valid and we must re-walk the page ta=
ble.
+                 */
                 MemoryRegion *mr;
                 hwaddr l =3D sizeof(target_ulong), addr1;
                 mr =3D address_space_translate(cs->as, pte_addr,
                     &addr1, &l, false);
-                if (memory_access_is_direct(mr, true)) {
+                if (memory_region_is_ram(mr)) {
                     target_ulong *pte_pa =3D
                         qemu_map_ram_ptr(mr->ram_block, addr1);
 #if TCG_OVERSIZED_GUEST
@@ -239,15 +265,15 @@ restart:
             target_ulong vpn =3D addr >> PGSHIFT;
             *physical =3D (ppn | (vpn & ((1L << ptshift) - 1))) << PGSHIFT;
=20
-            if ((pte & PTE_R)) {
+            /* set permissions on the TLB entry */
+            if ((pte & PTE_R) || ((pte & PTE_X) && mxr)) {
                 *prot |=3D PAGE_READ;
             }
             if ((pte & PTE_X)) {
                 *prot |=3D PAGE_EXEC;
             }
-           /* only add write permission on stores or if the page
-              is already dirty, so that we don't miss further
-              page table walks to update the dirty bit */
+            /* add write permission on stores or if the page is already di=
rty,
+               so that we TLB miss on later writes to update the dirty bit=
 */
             if ((pte & PTE_W) &&
                     (access_type =3D=3D MMU_DATA_STORE || (pte & PTE_D))) {
                 *prot |=3D PAGE_WRITE;
--=20
2.7.0