From nobody Sun Sep 28 15:58:49 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307353618248.279965179285; Wed, 27 Aug 2025 08:09:13 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHhO-0003II-L6; Wed, 27 Aug 2025 11:04:30 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHhB-00030r-AQ; Wed, 27 Aug 2025 11:04:18 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHh9-0004sc-7u; Wed, 27 Aug 2025 11:04:16 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 4BF3D14C536; Wed, 27 Aug 2025 18:02:57 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 39E9B26983E; Wed, 27 Aug 2025 18:03:24 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Vac Chen , Alistair Francis , Michael Tokarev Subject: [Stable-10.0.4 14/59] target/riscv: Fix pmp range wraparound on zero Date: Wed, 27 Aug 2025 18:02:19 +0300 Message-ID: <20250827150323.2694101-14-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307355487116600 Content-Type: text/plain; charset="utf-8" From: Vac Chen pmp_is_in_range() prefers to match addresses within the interval [start, end]. To archieve this, pmpaddrX is decremented during the end address update. In TOR mode, a rule is ignored if its start address is greater than or equal to its end address. However, if pmpaddrX is set to 0, this decrement operation causes the calulated end address to wrap around to UINT_MAX. In this scenario, the address guard for this PMP entry would become ineffective. This patch addresses the issue by moving the guard check earlier, preventing the problematic wraparound when pmpaddrX is zero. Signed-off-by: Vac Chen Reviewed-by: Alistair Francis Message-ID: <20250706065554.42953-1-vacantron@gmail.com> Signed-off-by: Alistair Francis (cherry picked from commit 77707bfdf871199bbee665e721ced961aaf3a798) Signed-off-by: Michael Tokarev diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c index c5f6cdaccb..a9e69de917 100644 --- a/target/riscv/pmp.c +++ b/target/riscv/pmp.c @@ -206,11 +206,12 @@ void pmp_update_rule_addr(CPURISCVState *env, uint32_= t pmp_index) break; =20 case PMP_AMATCH_TOR: - sa =3D prev_addr << 2; /* shift up from [xx:0] to [xx+2:2] */ - ea =3D (this_addr << 2) - 1u; - if (sa > ea) { + if (prev_addr >=3D this_addr) { sa =3D ea =3D 0u; + break; } + sa =3D prev_addr << 2; /* shift up from [xx:0] to [xx+2:2] */ + ea =3D (this_addr << 2) - 1u; break; =20 case PMP_AMATCH_NA4: --=20 2.47.2