From nobody Tue Feb 10 20:09:16 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org ARC-Seal: i=1; a=rsa-sha256; t=1680881624; cv=none; d=zohomail.com; s=zohoarc; b=DQRaclHBUIUk8dennfS5fVXoRvmbOMUdW0itgBURahO0d+giiPwYuyzdooi54uP6Ld6sy71KmY//adkpUudT+esBhoxs8aW67rmfuca0LO2XwMsRGWKegX74mTIudBqT403nLAbDVkRYp897t5kqWl/+FqrjAsZPK+GAoIAyJqY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1680881624; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=qHvpvSfgkj9tu+hRk0yn7GWcOobm4PCzYSJvGPlX4lw=; b=grtpX7P1zpFYvOFgWftKwd1iqtwly9N0lzCfdftWHDGEAzWGgZbbNzEMk+v0Ql870MFhZwZaYW8VakibBLHW5sY33ZsHdtmMCP9Ydo6Lnc4kiX41UuTe4jisW/8rnVOJtNeb9spU+0q0wXttQvEUqlUVXbFxXlW16hULquYC9c0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1680881624764503.6050980937832; Fri, 7 Apr 2023 08:33:44 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pko5I-0007Z9-EC; Fri, 07 Apr 2023 11:33:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pko5H-0007Yu-6o; Fri, 07 Apr 2023 11:33:03 -0400 Received: from forward101b.mail.yandex.net ([178.154.239.148]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pko5F-00038w-Eu; Fri, 07 Apr 2023 11:33:02 -0400 Received: from mail-nwsmtp-smtp-production-main-10.sas.yp-c.yandex.net (mail-nwsmtp-smtp-production-main-10.sas.yp-c.yandex.net [IPv6:2a02:6b8:c14:2481:0:640:e0:0]) by forward101b.mail.yandex.net (Yandex) with ESMTP id 0051A600C1; Fri, 7 Apr 2023 18:32:55 +0300 (MSK) Received: by mail-nwsmtp-smtp-production-main-10.sas.yp-c.yandex.net (smtp/Yandex) with ESMTPSA id qWTExFWWv8c0-TQlMbU41; Fri, 07 Apr 2023 18:32:54 +0300 X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=syntacore.com; s=mail; t=1680881574; bh=qHvpvSfgkj9tu+hRk0yn7GWcOobm4PCzYSJvGPlX4lw=; h=Message-Id:Date:Cc:Subject:To:From; b=vKo6e/Wu7l9M59JwYdwi7wXKSqSDOWFH+oEYVhYJCq4Q/v/L5v2c28AquvHwv34T+ YFmBLBpPGzsxEOyZhskobUI4nxTUYvmzx7h96DCRnu8/ICirDWVerSx3lTyyF4muYs XOJiQbEvmPmu8c33HnSAuKmu/HiDgRiW1yFFcCTo= Authentication-Results: mail-nwsmtp-smtp-production-main-10.sas.yp-c.yandex.net; dkim=pass header.i=@syntacore.com From: Irina Ryapolova To: qemu-devel@nongnu.org Cc: palmer@dabbelt.com, alistair.francis@wdc.com, bin.meng@windriver.com, liweiwei@iscas.ac.cn, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, qemu-riscv@nongnu.org, Irina Ryapolova Subject: [PATCH v2] target/riscv: Fix Guest Physical Address Translation Date: Fri, 7 Apr 2023 18:32:25 +0300 Message-Id: <20230407153225.156395-1-irina.ryapolova@syntacore.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=178.154.239.148; envelope-from=irina.ryapolova@syntacore.com; helo=forward101b.mail.yandex.net X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @syntacore.com) X-ZM-MESSAGEID: 1680881626793100001 Before changing the flow check for sv39/48/57. According to specification (for Supervisor mode): Sv39 implementations support a 39-bit virtual address space, divided into 4= KiB pages. Instruction fetch addresses and load and store effective addresses, which a= re 64 bits, must have bits 63=E2=80=9339 all equal to bit 38, or else a page-fault exce= ption will occur. Likewise for Sv48 and Sv57. So the high bits are equal to bit 38 for sv39. According to specification (for Hypervisor mode): For Sv39x4, address bits of the guest physical address 63:41 must all be ze= ros, or else a guest-page-fault exception occurs. Likewise for Sv48x4 and Sv57x4. For Sv48x4 address bits 63:50 must all be zeros, or else a guest-page-fault= exception occurs. For Sv57x4 address bits 63:59 must all be zeros, or else a guest-page-fault= exception occurs. For example we are trying to access address 0xffff_ffff_ff01_0000 with only= G-translation enabled. So expected behavior is to generate exception. But qemu doesn't generate su= ch exception. For the old check, we get va_bits =3D=3D 41, mask =3D=3D (1 << 24) - 1, masked_msbs =3D=3D (0xffff_ff= ff_ff01_0000 >> 40) & mask =3D=3D mask. Accordingly, the condition masked_msbs !=3D 0 && masked_msbs !=3D mask is n= ot fulfilled and the check passes. Signed-off-by: Irina Ryapolova Reviewed-by: Alistair Francis Reviewed-by: Weiwei Li --- Changes for v2: -Add more detailed commit message --- target/riscv/cpu_helper.c | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c index f88c503cf4..27289f2305 100644 --- a/target/riscv/cpu_helper.c +++ b/target/riscv/cpu_helper.c @@ -863,17 +863,24 @@ static int get_physical_address(CPURISCVState *env, h= waddr *physical, =20 CPUState *cs =3D env_cpu(env); int va_bits =3D PGSHIFT + levels * ptidxbits + widened; - target_ulong mask, masked_msbs; =20 - if (TARGET_LONG_BITS > (va_bits - 1)) { - mask =3D (1L << (TARGET_LONG_BITS - (va_bits - 1))) - 1; - } else { - mask =3D 0; - } - masked_msbs =3D (addr >> (va_bits - 1)) & mask; + if (first_stage =3D=3D true) { + target_ulong mask, masked_msbs; + + if (TARGET_LONG_BITS > (va_bits - 1)) { + mask =3D (1L << (TARGET_LONG_BITS - (va_bits - 1))) - 1; + } else { + mask =3D 0; + } + masked_msbs =3D (addr >> (va_bits - 1)) & mask; =20 - if (masked_msbs !=3D 0 && masked_msbs !=3D mask) { - return TRANSLATE_FAIL; + if (masked_msbs !=3D 0 && masked_msbs !=3D mask) { + return TRANSLATE_FAIL; + } + } else { + if (vm !=3D VM_1_10_SV32 && addr >> va_bits !=3D 0) { + return TRANSLATE_FAIL; + } } =20 int ptshift =3D (levels - 1) * ptidxbits; --=20 2.25.1