diff options
| author | Irina Ryapolova <irina.ryapolova@syntacore.com> | 2023-04-18 10:54:23 +0300 |
|---|---|---|
| committer | Alistair Francis <alistair.francis@wdc.com> | 2023-05-05 10:49:50 +1000 |
| commit | 7bf14a2f3792a421321ba1087f1b8b16773bf9cd (patch) | |
| tree | fe8d72e9aff2149b857fac4a90e29a2ad4664c5c | |
| parent | eae04c4c131a8d95087c8568eb2cac1988262f25 (diff) | |
| download | qemu-7bf14a2f3792a421321ba1087f1b8b16773bf9cd.zip qemu-7bf14a2f3792a421321ba1087f1b8b16773bf9cd.tar.gz qemu-7bf14a2f3792a421321ba1087f1b8b16773bf9cd.tar.bz2 | |
target/riscv: Fix Guest Physical Address Translation
Before changing the flow check for sv39/48/57.
According to specification (for Supervisor mode):
Sv39 implementations support a 39-bit virtual address space, divided into 4 KiB
pages.
Instruction fetch addresses and load and store effective addresses, which are
64 bits,
must have bits 63–39 all equal to bit 38, or else a page-fault exception will
occur.
Likewise for Sv48 and Sv57.
So the high bits are equal to bit 38 for sv39.
According to specification (for Hypervisor mode):
For Sv39x4, address bits of the guest physical address 63:41 must all be zeros,
or else a
guest-page-fault exception occurs.
Likewise for Sv48x4 and Sv57x4.
For Sv48x4 address bits 63:50 must all be zeros, or else a guest-page-fault
exception occurs.
For Sv57x4 address bits 63:59 must all be zeros, or else a guest-page-fault
exception occurs.
For example we are trying to access address 0xffff_ffff_ff01_0000 with only
G-translation enabled.
So expected behavior is to generate exception. But qemu doesn't generate such
exception.
For the old check, we get
va_bits == 41, mask == (1 << 24) - 1, masked_msbs == (0xffff_ffff_ff01_0000 >>
40) & mask == mask.
Accordingly, the condition masked_msbs != 0 && masked_msbs != mask is not
fulfilled
and the check passes.
Signed-off-by: Irina Ryapolova <irina.ryapolova@syntacore.com>
Reviewed-by: Weiwei Li <liweiwei@iscas.ac.cn>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20230418075423.26217-1-irina.ryapolova@syntacore.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
| -rw-r--r-- | target/riscv/cpu_helper.c | 25 |
1 files changed, 16 insertions, 9 deletions
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c index 32a65f8..b68dcfe 100644 --- a/target/riscv/cpu_helper.c +++ b/target/riscv/cpu_helper.c @@ -837,17 +837,24 @@ static int get_physical_address(CPURISCVState *env, hwaddr *physical, CPUState *cs = env_cpu(env); int va_bits = PGSHIFT + levels * ptidxbits + widened; - target_ulong mask, masked_msbs; - if (TARGET_LONG_BITS > (va_bits - 1)) { - mask = (1L << (TARGET_LONG_BITS - (va_bits - 1))) - 1; - } else { - mask = 0; - } - masked_msbs = (addr >> (va_bits - 1)) & mask; + if (first_stage == true) { + target_ulong mask, masked_msbs; - if (masked_msbs != 0 && masked_msbs != mask) { - return TRANSLATE_FAIL; + if (TARGET_LONG_BITS > (va_bits - 1)) { + mask = (1L << (TARGET_LONG_BITS - (va_bits - 1))) - 1; + } else { + mask = 0; + } + masked_msbs = (addr >> (va_bits - 1)) & mask; + + if (masked_msbs != 0 && masked_msbs != mask) { + return TRANSLATE_FAIL; + } + } else { + if (vm != VM_1_10_SV32 && addr >> va_bits != 0) { + return TRANSLATE_FAIL; + } } bool pbmte = env->menvcfg & MENVCFG_PBMTE; |