[PATCH v2] riscv: Make sure an exception is raised if a pte is malformed

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v2] riscv: Make sure an exception is raised if a pte is malformed

From:	Alexandre Ghiti
Subject:	[PATCH v2] riscv: Make sure an exception is raised if a pte is malformed
Date:	Wed, 19 Apr 2023 12:47:56 +0200

As per the privileged specification, in 64-bit, if any of the pte reserved
bits 60-54 is set an exception should be triggered, and the same applies to
napot/pbmt bits if those extensions are not enabled
(see 4.4.1, "Addressing and Memory Protection").

Reported-by: Andrea Parri <andrea@rivosinc.com>
Signed-off-by: Alexandre Ghiti <alexghiti@rivosinc.com>
---
 target/riscv/cpu_bits.h   |  1 +
 target/riscv/cpu_helper.c | 15 +++++++++++----
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
index fca7ef0cef..8d9ba2ce11 100644
--- a/target/riscv/cpu_bits.h
+++ b/target/riscv/cpu_bits.h
@@ -640,6 +640,7 @@ typedef enum {
 #define PTE_SOFT            0x300 /* Reserved for Software */
 #define PTE_PBMT            0x6000000000000000ULL /* Page-based memory types */
 #define PTE_N               0x8000000000000000ULL /* NAPOT translation */
+#define PTE_RESERVED        0x1FC0000000000000ULL /* Reserved bits */
 #define PTE_ATTR            (PTE_N | PTE_PBMT) /* All attributes bits */
 
 /* Page table PPN shift amount */
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index f88c503cf4..8dc832d1bb 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -946,13 +946,20 @@ restart:
 
         if (riscv_cpu_sxl(env) == MXL_RV32) {
             ppn = pte >> PTE_PPN_SHIFT;
-        } else if (pbmte || cpu->cfg.ext_svnapot) {
-            ppn = (pte & (target_ulong)PTE_PPN_MASK) >> PTE_PPN_SHIFT;
         } else {
-            ppn = pte >> PTE_PPN_SHIFT;
-            if ((pte & ~(target_ulong)PTE_PPN_MASK) >> PTE_PPN_SHIFT) {
+            if (pte & PTE_RESERVED) {
+                return TRANSLATE_FAIL;
+            }
+
+            if (!pbmte && (pte & PTE_PBMT)) {
                 return TRANSLATE_FAIL;
             }
+
+            if (!cpu->cfg.ext_svnapot && (pte & PTE_N)) {
+                return TRANSLATE_FAIL;
+            }
+
+            ppn = (pte & (target_ulong)PTE_PPN_MASK) >> PTE_PPN_SHIFT;
         }
 
         if (!(pte & PTE_V)) {
-- 
2.37.2

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v2] riscv: Make sure an exception is raised if a pte is malformed, Alexandre Ghiti <=
- Re: [PATCH v2] riscv: Make sure an exception is raised if a pte is malformed, Alistair Francis, 2023/04/19
- Re: [PATCH v2] riscv: Make sure an exception is raised if a pte is malformed, Alistair Francis, 2023/04/19
  - Re: [PATCH v2] riscv: Make sure an exception is raised if a pte is malformed, Alexandre Ghiti, 2023/04/20

Prev by Date: Re: [PATCH 2/4] vhost-user: Interface for migration state transfer
Next by Date: Re: [Virtio-fs] [PATCH 2/4] vhost-user: Interface for migration state transfer
Previous by thread: [PATCH v4] memory: Optimize replay of guest mapping
Next by thread: Re: [PATCH v2] riscv: Make sure an exception is raised if a pte is malformed
Index(es):
- Date
- Thread