aboutsummaryrefslogtreecommitdiff
path: root/target/riscv/pmp.c
AgeCommit message (Collapse)Author
2021-06-08target/riscv/pmp: Add assert for ePMP operationsAlistair Francis
Although we construct epmp_operation in such a way that it can only be between 0 and 15 Coverity complains that we don't handle the other possible cases. To fix Coverity and make it easier for humans to read add a default case to the switch statement that calls g_assert_not_reached(). Fixes: CID 1453108 Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Reviewed-by: LIU Zhiwei <zhiwei_liu@c-sky.com> Message-id: ec5f225928eec448278c82fcb1f6805ee61dde82.1621550996.git.alistair.francis@wdc.com
2021-05-11target/riscv/pmp: Remove outdated commentAlistair Francis
Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Message-id: 10387eec21d2f17c499a78fdba85280cab4dd27f.1618812899.git.alistair.francis@wdc.com
2021-05-11target/riscv: Implementation of enhanced PMP (ePMP)Hou Weiying
This commit adds support for ePMP v0.9.1. The ePMP spec can be found in: https://docs.google.com/document/d/1Mh_aiHYxemL0umN3GTTw8vsbmzHZ_nxZXgjgOUzbvc8 Signed-off-by: Hongzheng-Li <Ethan.Lee.QNL@gmail.com> Signed-off-by: Hou Weiying <weiying_hou@outlook.com> Signed-off-by: Myriad-Dreamin <camiyoru@gmail.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Message-id: fef23b885f9649a4d54e7c98b168bdec5d297bb1.1618812899.git.alistair.francis@wdc.com [ Changes by AF: - Rebase on master - Update to latest spec - Use a switch case to handle ePMP MML permissions - Fix a few bugs ] Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-05-11target/riscv: Add ePMP CSR access functionsHou Weiying
Signed-off-by: Hongzheng-Li <Ethan.Lee.QNL@gmail.com> Signed-off-by: Hou Weiying <weiying_hou@outlook.com> Signed-off-by: Myriad-Dreamin <camiyoru@gmail.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Message-id: 270762cb2507fba6a9eeb99a774cf49f7da9cc32.1618812899.git.alistair.francis@wdc.com [ Changes by AF: - Rebase on master - Fix build errors - Fix some style issues ] Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2021-05-11target/riscv: Fix the PMP is locked check when using TORAlistair Francis
The RISC-V spec says: if PMP entry i is locked and pmpicfg.A is set to TOR, writes to pmpaddri-1 are ignored. The current QEMU code ignores accesses to pmpaddri-1 and pmpcfgi-1 which is incorrect. Update the pmp_is_locked() function to not check the supporting fields and instead enforce the lock functionality in the pmpaddr write operation. Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Message-id: 2831241458163f445a89bd59c59990247265b0c6.1618812899.git.alistair.francis@wdc.com
2021-03-22target/riscv: flush TLB pages if PMP permission has been changedJim Shu
If PMP permission of any address has been changed by updating PMP entry, flush all TLB pages to prevent from getting old permission. Signed-off-by: Jim Shu <cwshu@andestech.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 1613916082-19528-4-git-send-email-cwshu@andestech.com Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-03-22target/riscv: propagate PMP permission to TLB pageJim Shu
Currently, PMP permission checking of TLB page is bypassed if TLB hits Fix it by propagating PMP permission to TLB page permission. PMP permission checking also use MMU-style API to change TLB permission and size. Signed-off-by: Jim Shu <cwshu@andestech.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 1613916082-19528-2-git-send-email-cwshu@andestech.com Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-01-16target/riscv/pmp: Raise exception if no PMP entry is configuredAtish Patra
As per the privilege specification, any access from S/U mode should fail if no pmp region is configured. Signed-off-by: Atish Patra <atish.patra@wdc.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20201223192553.332508-1-atish.patra@wdc.com Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-11-03target/riscv: Add PMP state descriptionYifei Jiang
In the case of supporting PMP feature, add PMP state description to vmstate_riscv_cpu. 'vmstate_pmp_addr' and 'num_rules' could be regenerated by pmp_update_rule(). But there exists the problem of updating num_rules repeatedly in pmp_update_rule(). So here extracts pmp_update_rule_addr() and pmp_update_rule_nums() to update 'vmstate_pmp_addr' and 'num_rules' respectively. Signed-off-by: Yifei Jiang <jiangyifei@huawei.com> Signed-off-by: Yipeng Yin <yinyipeng1@huawei.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20201026115530.304-4-jiangyifei@huawei.com Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-08-21target/riscv: Change the TLB page size depends on PMP entries.Zong Li
The minimum granularity of PMP is 4 bytes, it is small than 4KB page size, therefore, the pmp checking would be ignored if its range doesn't start from the alignment of one page. This patch detects the pmp entries and sets the small page size to TLB if there is a PMP entry which cover the page size. Signed-off-by: Zong Li <zong.li@sifive.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-Id: <6b0bf48662ef26ab4c15381a08e78a74ebd7ca79.1595924470.git.zong.li@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-08-21riscv: Fix bug in setting pmpcfg CSR for RISCV64Hou Weiying
First, sizeof(target_ulong) equals to 4 on riscv32, so this change does not change the function on riscv32. Second, sizeof(target_ulong) equals to 8 on riscv64, and 'reg_index * 8 + i' is not a legal pmp_index (we will explain later), which should be 'reg_index * 4 + i'. If the parameter reg_index equals to 2 (means that we will change the value of pmpcfg2, or the second pmpcfg on riscv64), then pmpcfg_csr_write(env, 2, val) will map write tasks to pmp_write_cfg(env, 2 * 8 + [0...7], val). However, no cfg csr is indexed by value 16 or 23 on riscv64, so we consider it as a bug. We are looking for constant (e.g., define a new constant named RISCV_WORD_SIZE) in QEMU to help others understand code better, but none was found. A possible good explanation of this literal is it is the minimum word length on riscv is 4 bytes (32 bit). Signed-off-by: Hongzheng-Li <Ethan.Lee.QNL@gmail.com> Signed-off-by: Hou Weiying <weiying_hou@outlook.com> Signed-off-by: Myriad-Dreamin <camiyoru@gmail.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-Id: <SG2PR02MB263420036254AC8841F66CE393460@SG2PR02MB2634.apcprd02.prod.outlook.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-07-13target/riscv: Fix pmp NA4 implementationAlexandre Mergnat
The end address calculation for NA4 mode is wrong because the address used isn't shifted. It doesn't watch 4 bytes but a huge range because the end address calculation is wrong. The solution is to use the shifted address calculated for start address variable. Modifications are tested on Zephyr OS userspace test suite which works for other RISC-V boards (E31 and E34 core). Signed-off-by: Alexandre Mergnat <amergnat@baylibre.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20200706084550.24117-1-amergnat@baylibre.com Message-Id: <20200706084550.24117-1-amergnat@baylibre.com> [ Changes by AF: - Improve the commit title and message ] Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-06-19target/riscv: Use a smaller guess size for no-MMU PMPAlistair Francis
Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Bin Meng <bin.meng@windriver.com>
2019-10-28target/riscv: PMP violation due to wrong size parameterDayeol Lee
riscv_cpu_tlb_fill() uses the `size` parameter to check PMP violation using pmp_hart_has_privs(). However, if the size is unknown (=0), the ending address will be `addr - 1` as it is `addr + size - 1` in `pmp_hart_has_privs()`. This always causes a false PMP violation on the starting address of the range, as `addr - 1` is not in the range. In order to fix, we just assume that all bytes from addr to the end of the page will be accessed if the size is unknown. Signed-off-by: Dayeol Lee <dayeol@berkeley.edu> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2019-09-17target/riscv/pmp: Convert qemu_log_mask(LOG_TRACE) to trace eventsPhilippe Mathieu-Daudé
Use the always-compiled trace events, remove the now unused RISCV_DEBUG_PMP definition. Note pmpaddr_csr_read() could previously do out-of-bound accesses passing addr_index >= MAX_RISCV_PMPS. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2019-09-17target/riscv/pmp: Restrict priviledged PMP to system-mode emulationPhilippe Mathieu-Daudé
The RISC-V Physical Memory Protection is restricted to privileged modes. Restrict its compilation to QEMU system builds. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2019-06-23RISC-V: Fix a PMP bug where it succeeds even if PMP entry is offHesham Almatary
The current implementation returns 1 (PMP check success) if the address is in range even if the PMP entry is off. This is a bug. For example, if there is a PMP check in S-Mode which is in range, but its PMP entry is off, this will succeed, which it should not. The patch fixes this bug by only checking the PMP permissions if the address is in range and its corresponding PMP entry it not off. Otherwise, it will keep the ret = -1 which will be checked and handled correctly at the end of the function. Signed-off-by: Hesham Almatary <Hesham.Almatary@cl.cam.ac.uk> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2019-06-23RISC-V: Check for the effective memory privilege mode during PMP checksHesham Almatary
The current PMP check function checks for env->priv which is not the effective memory privilege mode. For example, mstatus.MPRV could be set while executing in M-Mode, and in that case the privilege mode for the PMP check should be S-Mode rather than M-Mode (in env->priv) if mstatus.MPP == PRV_S. This patch passes the effective memory privilege mode to the PMP check. Functions that call the PMP check should pass the correct memory privilege mode after reading mstatus' MPRV/MPP or hstatus.SPRV (if Hypervisor mode exists). Suggested-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Hesham Almatary <Hesham.Almatary@cl.cam.ac.uk> Reviewed-by: Palmer Dabbelt <palmer@sifive.com> Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2019-06-23target/riscv: Fix PMP range boundary address bugDayeol Lee
A wrong address is passed to `pmp_is_in_range` while checking if a memory access is within a PMP range. Since the ending address of the pmp range (i.e., pmp_state.addr[i].ea) is set to the last address in the range (i.e., pmp base + pmp size - 1), memory accesses containg the last address in the range will always fail. For example, assume that a PMP range is 4KB from 0x87654000 such that the last address within the range is 0x87654fff. 1-byte access to 0x87654fff should be considered to be fully inside the PMP range. However the access now fails and complains partial inclusion because pmp_is_in_range(env, i, addr + size) returns 0 whereas pmp_is_in_range(env, i, addr) returns 1. Signed-off-by: Dayeol Lee <dayeol@berkeley.edu> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Michael Clark <mjc@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2019-06-12Include qemu-common.h exactly where neededMarkus Armbruster
No header includes qemu-common.h after this commit, as prescribed by qemu-common.h's file comment. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20190523143508.25387-5-armbru@redhat.com> [Rebased with conflicts resolved automatically, except for include/hw/arm/xlnx-zynqmp.h hw/arm/nrf51_soc.c hw/arm/msf2-soc.c block/qcow2-refcount.c block/qcow2-cluster.c block/qcow2-cache.c target/arm/cpu.h target/lm32/cpu.h target/m68k/cpu.h target/mips/cpu.h target/moxie/cpu.h target/nios2/cpu.h target/openrisc/cpu.h target/riscv/cpu.h target/tilegx/cpu.h target/tricore/cpu.h target/unicore32/cpu.h target/xtensa/cpu.h; bsd-user/main.c and net/tap-bsd.c fixed up]
2019-03-19riscv: pmp: Log pmp access errors as guest errorsAlistair Francis
Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2018-12-20target/riscv/pmp.c: Fix pmp_decode_napot()Anup Patel
Currently, start and end address of a PMP region are not decoded correctly by pmp_decode_napot(). Let's say we have a 128KB PMP region with base address as 0x80000000. Now, the PMPADDRx CSR value for this region will be 0x20003fff. The current pmp_decode_napot() implementation will decode PMPADDRx CSR as t1=14, base=0x100000000, and range=0x1ffff whereas it should have decoded PMPADDRx CSR as t1=14, base=0x80000000, and range=0x1fff. This patch fixes the base value decoding in pmp_decode_napot() when PMPADDRx CSR is not -1 (i.e. 0xffffffffffffffff). Signed-off-by: Anup Patel <anup@brainfault.org> Signed-off-by: Anup Patel <anup.patel@wdc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Palmer Dabbelt <palmer@sifive.com> Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2018-10-30target/riscv/pmp.c: pmpcfg_csr_read returns bogus value on RV64Dayeol Lee
pmp_read_cfg() returns 8-bit value, which is combined together to form a single pmpcfg CSR. The default promotion rules will result in an integer here ("i*8" is integer, which flows through) resulting in a 32-bit signed value on most hosts. That's bogus on RV64I, with the high bits of the CSR being wrong. Signed-off-by: Dayeol Lee <dayeol@berkeley.edu> Reviewed-by: Palmer Dabbelt <palmer@sifive.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2018-03-07RISC-V Physical Memory ProtectionMichael Clark
Implements the physical memory protection extension as specified in Privileged ISA Version 1.10. PMP (Physical Memory Protection) is as-of-yet unused and needs testing. The SiFive verification team have PMP test cases that will be run. Nothing currently depends on PMP support. It would be preferable to keep the code in-tree for folk that are interested in RISC-V PMP support. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daire McNamara <daire.mcnamara@emdalo.com> Signed-off-by: Ivan Griffin <ivan.griffin@emdalo.com> Signed-off-by: Michael Clark <mjc@sifive.com>