target/riscv/cpu_helper.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
For RV32, the root page table's PPN has 22 bits hence its address
bits could be larger than the maximum bits that target_ulong is
able to represent. Use hwaddr instead.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
---
target/riscv/cpu_helper.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index e32b612..3150a6a 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -176,7 +176,7 @@ static int get_physical_address(CPURISCVState *env, hwaddr *physical,
*prot = 0;
- target_ulong base;
+ hwaddr base;
int levels, ptidxbits, ptesize, vm, sum;
int mxr = get_field(env->mstatus, MSTATUS_MXR);
@@ -239,7 +239,7 @@ restart:
((1 << ptidxbits) - 1);
/* check that physical address of PTE is legal */
- target_ulong pte_addr = base + idx * ptesize;
+ hwaddr pte_addr = base + idx * ptesize;
if (riscv_feature(env, RISCV_FEATURE_PMP) &&
!pmp_hart_has_privs(env, pte_addr, sizeof(target_ulong),
--
2.7.4
On 7/31/19 5:45 AM, Bin Meng wrote: > - target_ulong base; > + hwaddr base; ... > - target_ulong pte_addr = base + idx * ptesize; > + hwaddr pte_addr = base + idx * ptesize; I believe that you either need base + (hwaddr)idx * ptesize or change the type of idx to hwaddr above. Otherwise the multiply overflows before it gets promoted with the add. r~
Hi Richard, On Thu, Aug 1, 2019 at 1:35 AM Richard Henderson <richard.henderson@linaro.org> wrote: > > On 7/31/19 5:45 AM, Bin Meng wrote: > > - target_ulong base; > > + hwaddr base; > ... > > - target_ulong pte_addr = base + idx * ptesize; > > + hwaddr pte_addr = base + idx * ptesize; > > I believe that you either need > > base + (hwaddr)idx * ptesize > > or change the type of idx to hwaddr above. > > Otherwise the multiply overflows before it gets promoted with the add. > I am not sure how (idx * ptesize) could overflow. It represents the offset by a page table which is [0, 4096). Regards, Bin
On 7/31/19 6:53 PM, Bin Meng wrote: > I am not sure how (idx * ptesize) could overflow. It represents the > offset by a page table which is [0, 4096). You're right, I mis-read what was going on there. However, lower down, "target_ulong ppn" needs to be promoted to hwaddr, so that ppn = pte >> PTE_PPN_SHIFT; ... base = ppn << PGSHIFT; does not overflow. (Which is the part of the page table walk that I thought I had gleaned from the patch without actually reading the entire function.) r~
On Thu, Aug 1, 2019 at 10:16 PM Richard Henderson <richard.henderson@linaro.org> wrote: > > On 7/31/19 6:53 PM, Bin Meng wrote: > > I am not sure how (idx * ptesize) could overflow. It represents the > > offset by a page table which is [0, 4096). > > You're right, I mis-read what was going on there. > > However, lower down, "target_ulong ppn" needs to be promoted to hwaddr, so that > > ppn = pte >> PTE_PPN_SHIFT; > ... > base = ppn << PGSHIFT; > > does not overflow. (Which is the part of the page table walk that I thought I > had gleaned from the patch without actually reading the entire function.) Ah, yes. ppn should be promoted. Thanks for the review! Regards, Bin
On Thu, Aug 1, 2019 at 7:58 AM Bin Meng <bmeng.cn@gmail.com> wrote: > On Thu, Aug 1, 2019 at 10:16 PM Richard Henderson > <richard.henderson@linaro.org> wrote: > > > > On 7/31/19 6:53 PM, Bin Meng wrote: > > > I am not sure how (idx * ptesize) could overflow. It represents the > > > offset by a page table which is [0, 4096). > > > > You're right, I mis-read what was going on there. > > > > However, lower down, "target_ulong ppn" needs to be promoted to hwaddr, > so that > > > > ppn = pte >> PTE_PPN_SHIFT; > > ... > > base = ppn << PGSHIFT; > > > > does not overflow. (Which is the part of the page table walk that I > thought I > > had gleaned from the patch without actually reading the entire function.) > > Ah, yes. ppn should be promoted. Thanks for the review! > Did I miss a v2?
Hi Palmer, On Thu, Aug 8, 2019 at 4:55 AM Palmer Dabbelt <palmer@sifive.com> wrote: > > On Thu, Aug 1, 2019 at 7:58 AM Bin Meng <bmeng.cn@gmail.com> wrote: >> >> On Thu, Aug 1, 2019 at 10:16 PM Richard Henderson >> <richard.henderson@linaro.org> wrote: >> > >> > On 7/31/19 6:53 PM, Bin Meng wrote: >> > > I am not sure how (idx * ptesize) could overflow. It represents the >> > > offset by a page table which is [0, 4096). >> > >> > You're right, I mis-read what was going on there. >> > >> > However, lower down, "target_ulong ppn" needs to be promoted to hwaddr, so that >> > >> > ppn = pte >> PTE_PPN_SHIFT; >> > ... >> > base = ppn << PGSHIFT; >> > >> > does not overflow. (Which is the part of the page table walk that I thought I >> > had gleaned from the patch without actually reading the entire function.) >> >> Ah, yes. ppn should be promoted. Thanks for the review! > > > Did I miss a v2? No, I will send a v2 soon. Regards, Bin
For RV32, the root page table's PPN has 22 bits hence its address
bits could be larger than the maximum bits that target_ulong is
able to represent. Use hwaddr instead.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
---
Changes in v2:
- promote ppn, env->satp/env->sptbl to hwaddr otherwise the page
table base will not be correctly calculated
target/riscv/cpu_helper.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index e32b612..b2b4f3a 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -176,12 +176,12 @@ static int get_physical_address(CPURISCVState *env, hwaddr *physical,
*prot = 0;
- target_ulong base;
+ hwaddr base;
int levels, ptidxbits, ptesize, vm, sum;
int mxr = get_field(env->mstatus, MSTATUS_MXR);
if (env->priv_ver >= PRIV_VERSION_1_10_0) {
- base = get_field(env->satp, SATP_PPN) << PGSHIFT;
+ base = (hwaddr)get_field(env->satp, SATP_PPN) << PGSHIFT;
sum = get_field(env->mstatus, MSTATUS_SUM);
vm = get_field(env->satp, SATP_MODE);
switch (vm) {
@@ -201,7 +201,7 @@ static int get_physical_address(CPURISCVState *env, hwaddr *physical,
g_assert_not_reached();
}
} else {
- base = env->sptbr << PGSHIFT;
+ base = (hwaddr)(env->sptbr) << PGSHIFT;
sum = !get_field(env->mstatus, MSTATUS_PUM);
vm = get_field(env->mstatus, MSTATUS_VM);
switch (vm) {
@@ -239,7 +239,7 @@ restart:
((1 << ptidxbits) - 1);
/* check that physical address of PTE is legal */
- target_ulong pte_addr = base + idx * ptesize;
+ hwaddr pte_addr = base + idx * ptesize;
if (riscv_feature(env, RISCV_FEATURE_PMP) &&
!pmp_hart_has_privs(env, pte_addr, sizeof(target_ulong),
@@ -251,7 +251,7 @@ restart:
#elif defined(TARGET_RISCV64)
target_ulong pte = ldq_phys(cs->as, pte_addr);
#endif
- target_ulong ppn = pte >> PTE_PPN_SHIFT;
+ hwaddr ppn = pte >> PTE_PPN_SHIFT;
if (!(pte & PTE_V)) {
/* Invalid PTE */
--
2.7.4
On Wed, Aug 7, 2019 at 7:50 PM Bin Meng <bmeng.cn@gmail.com> wrote: > > For RV32, the root page table's PPN has 22 bits hence its address > bits could be larger than the maximum bits that target_ulong is > able to represent. Use hwaddr instead. > > Signed-off-by: Bin Meng <bmeng.cn@gmail.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Alistair > > --- > > Changes in v2: > - promote ppn, env->satp/env->sptbl to hwaddr otherwise the page > table base will not be correctly calculated > > target/riscv/cpu_helper.c | 10 +++++----- > 1 file changed, 5 insertions(+), 5 deletions(-) > > diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c > index e32b612..b2b4f3a 100644 > --- a/target/riscv/cpu_helper.c > +++ b/target/riscv/cpu_helper.c > @@ -176,12 +176,12 @@ static int get_physical_address(CPURISCVState *env, hwaddr *physical, > > *prot = 0; > > - target_ulong base; > + hwaddr base; > int levels, ptidxbits, ptesize, vm, sum; > int mxr = get_field(env->mstatus, MSTATUS_MXR); > > if (env->priv_ver >= PRIV_VERSION_1_10_0) { > - base = get_field(env->satp, SATP_PPN) << PGSHIFT; > + base = (hwaddr)get_field(env->satp, SATP_PPN) << PGSHIFT; > sum = get_field(env->mstatus, MSTATUS_SUM); > vm = get_field(env->satp, SATP_MODE); > switch (vm) { > @@ -201,7 +201,7 @@ static int get_physical_address(CPURISCVState *env, hwaddr *physical, > g_assert_not_reached(); > } > } else { > - base = env->sptbr << PGSHIFT; > + base = (hwaddr)(env->sptbr) << PGSHIFT; > sum = !get_field(env->mstatus, MSTATUS_PUM); > vm = get_field(env->mstatus, MSTATUS_VM); > switch (vm) { > @@ -239,7 +239,7 @@ restart: > ((1 << ptidxbits) - 1); > > /* check that physical address of PTE is legal */ > - target_ulong pte_addr = base + idx * ptesize; > + hwaddr pte_addr = base + idx * ptesize; > > if (riscv_feature(env, RISCV_FEATURE_PMP) && > !pmp_hart_has_privs(env, pte_addr, sizeof(target_ulong), > @@ -251,7 +251,7 @@ restart: > #elif defined(TARGET_RISCV64) > target_ulong pte = ldq_phys(cs->as, pte_addr); > #endif > - target_ulong ppn = pte >> PTE_PPN_SHIFT; > + hwaddr ppn = pte >> PTE_PPN_SHIFT; > > if (!(pte & PTE_V)) { > /* Invalid PTE */ > -- > 2.7.4 > >
Hi Palmer, On Sat, Aug 10, 2019 at 9:49 AM Alistair Francis <alistair23@gmail.com> wrote: > > On Wed, Aug 7, 2019 at 7:50 PM Bin Meng <bmeng.cn@gmail.com> wrote: > > > > For RV32, the root page table's PPN has 22 bits hence its address > > bits could be larger than the maximum bits that target_ulong is > > able to represent. Use hwaddr instead. > > > > Signed-off-by: Bin Meng <bmeng.cn@gmail.com> > > Reviewed-by: Alistair Francis <alistair.francis@wdc.com> > Would you take this one too? Regards, Bin
On Wed, Aug 14, 2019 at 5:46 PM Bin Meng <bmeng.cn@gmail.com> wrote: > > Hi Palmer, > > On Sat, Aug 10, 2019 at 9:49 AM Alistair Francis <alistair23@gmail.com> wrote: > > > > On Wed, Aug 7, 2019 at 7:50 PM Bin Meng <bmeng.cn@gmail.com> wrote: > > > > > > For RV32, the root page table's PPN has 22 bits hence its address > > > bits could be larger than the maximum bits that target_ulong is > > > able to represent. Use hwaddr instead. > > > > > > Signed-off-by: Bin Meng <bmeng.cn@gmail.com> > > > > Reviewed-by: Alistair Francis <alistair.francis@wdc.com> > > > > Would you take this one too? > Ping? What's the status of this patch? Regards, Bin
On Sun, 18 Aug 2019 23:00:40 PDT (-0700), bmeng.cn@gmail.com wrote: > On Wed, Aug 14, 2019 at 5:46 PM Bin Meng <bmeng.cn@gmail.com> wrote: >> >> Hi Palmer, >> >> On Sat, Aug 10, 2019 at 9:49 AM Alistair Francis <alistair23@gmail.com> wrote: >> > >> > On Wed, Aug 7, 2019 at 7:50 PM Bin Meng <bmeng.cn@gmail.com> wrote: >> > > >> > > For RV32, the root page table's PPN has 22 bits hence its address >> > > bits could be larger than the maximum bits that target_ulong is >> > > able to represent. Use hwaddr instead. >> > > >> > > Signed-off-by: Bin Meng <bmeng.cn@gmail.com> >> > >> > Reviewed-by: Alistair Francis <alistair.francis@wdc.com> >> > >> >> Would you take this one too? >> > > Ping? > > What's the status of this patch? Also in the patch queue.
© 2016 - 2024 Red Hat, Inc.