aboutsummaryrefslogtreecommitdiff
path: root/target/riscv
diff options
context:
space:
mode:
authorAlistair Francis <alistair.francis@wdc.com>2021-04-19 16:16:25 +1000
committerAlistair Francis <alistair.francis@wdc.com>2021-05-11 20:02:06 +1000
commit94c6ba83c1a1e45558bd32421b85233053a1c6f3 (patch)
treea6c52823f9505937855564b37b9411521de7347a /target/riscv
parent0924a423baa227fa8fb363232c20a997cb6f617b (diff)
downloadqemu-94c6ba83c1a1e45558bd32421b85233053a1c6f3.zip
qemu-94c6ba83c1a1e45558bd32421b85233053a1c6f3.tar.gz
qemu-94c6ba83c1a1e45558bd32421b85233053a1c6f3.tar.bz2
target/riscv: Fix the PMP is locked check when using TOR
The RISC-V spec says: if PMP entry i is locked and pmpicfg.A is set to TOR, writes to pmpaddri-1 are ignored. The current QEMU code ignores accesses to pmpaddri-1 and pmpcfgi-1 which is incorrect. Update the pmp_is_locked() function to not check the supporting fields and instead enforce the lock functionality in the pmpaddr write operation. Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Message-id: 2831241458163f445a89bd59c59990247265b0c6.1618812899.git.alistair.francis@wdc.com
Diffstat (limited to 'target/riscv')
-rw-r--r--target/riscv/pmp.c26
1 files changed, 16 insertions, 10 deletions
diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c
index cff0201..a3b253b 100644
--- a/target/riscv/pmp.c
+++ b/target/riscv/pmp.c
@@ -59,16 +59,6 @@ static inline int pmp_is_locked(CPURISCVState *env, uint32_t pmp_index)
return 0;
}
- /* In TOR mode, need to check the lock bit of the next pmp
- * (if there is a next)
- */
- const uint8_t a_field =
- pmp_get_a_field(env->pmp_state.pmp[pmp_index + 1].cfg_reg);
- if ((env->pmp_state.pmp[pmp_index + 1u].cfg_reg & PMP_LOCK) &&
- (PMP_AMATCH_TOR == a_field)) {
- return 1;
- }
-
return 0;
}
@@ -380,7 +370,23 @@ void pmpaddr_csr_write(CPURISCVState *env, uint32_t addr_index,
target_ulong val)
{
trace_pmpaddr_csr_write(env->mhartid, addr_index, val);
+
if (addr_index < MAX_RISCV_PMPS) {
+ /*
+ * In TOR mode, need to check the lock bit of the next pmp
+ * (if there is a next).
+ */
+ if (addr_index + 1 < MAX_RISCV_PMPS) {
+ uint8_t pmp_cfg = env->pmp_state.pmp[addr_index + 1].cfg_reg;
+
+ if (pmp_cfg & PMP_LOCK &&
+ PMP_AMATCH_TOR == pmp_get_a_field(pmp_cfg)) {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "ignoring pmpaddr write - pmpcfg + 1 locked\n");
+ return;
+ }
+ }
+
if (!pmp_is_locked(env, addr_index)) {
env->pmp_state.pmp[addr_index].addr_reg = val;
pmp_update_rule(env, addr_index);