[PATCH] target/riscv/pmp: fix NAPOT range computation overflow

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] target/riscv/pmp: fix NAPOT range computation overflow
@ 2022-04-08 16:25 ` Nicolas Pitre
  0 siblings, 0 replies; 6+ messages in thread
From: Nicolas Pitre @ 2022-04-08 16:25 UTC (permalink / raw)
  To: qemu-devel, qemu-riscv; +Cc: Alistair Francis, Bin Meng, Palmer Dabbelt

There is an overflow with the current code where a pmpaddr value of 
0x1fffffff is decoded as sa=0 and ea=0 whereas it should be sa=0 and 
ea=0xffffffff.

Fix that by simplifying the computation. There is in fact no need for 
ctz64() nor special case for -1 to achieve proper results.

Signed-off-by: Nicolas Pitre <nico@fluxnic.net>
---

This is in fact the same patch I posted yesterday but turns out its 
scope is far more important than I initially thought.

diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c
index 81b61bb65c..151da3fa08 100644
--- a/target/riscv/pmp.c
+++ b/target/riscv/pmp.c
@@ -141,17 +141,9 @@ static void pmp_decode_napot(target_ulong a, target_ulong *sa, target_ulong *ea)
        0111...1111   2^(XLEN+2)-byte NAPOT range
        1111...1111   Reserved
     */
-    if (a == -1) {
-        *sa = 0u;
-        *ea = -1;
-        return;
-    } else {
-        target_ulong t1 = ctz64(~a);
-        target_ulong base = (a & ~(((target_ulong)1 << t1) - 1)) << 2;
-        target_ulong range = ((target_ulong)1 << (t1 + 3)) - 1;
-        *sa = base;
-        *ea = base + range;
-    }
+    a = (a << 2) | 0x3;
+    *sa = a & (a + 1);
+    *ea = a | (a + 1);
 }
 
 void pmp_update_rule_addr(CPURISCVState *env, uint32_t pmp_index)


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [PATCH] target/riscv/pmp: fix NAPOT range computation overflow
@ 2022-04-08 16:25 ` Nicolas Pitre
  0 siblings, 0 replies; 6+ messages in thread
From: Nicolas Pitre @ 2022-04-08 16:25 UTC (permalink / raw)
  To: qemu-devel, qemu-riscv; +Cc: Palmer Dabbelt, Alistair Francis, Bin Meng

There is an overflow with the current code where a pmpaddr value of 
0x1fffffff is decoded as sa=0 and ea=0 whereas it should be sa=0 and 
ea=0xffffffff.

Fix that by simplifying the computation. There is in fact no need for 
ctz64() nor special case for -1 to achieve proper results.

Signed-off-by: Nicolas Pitre <nico@fluxnic.net>
---

This is in fact the same patch I posted yesterday but turns out its 
scope is far more important than I initially thought.

diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c
index 81b61bb65c..151da3fa08 100644
--- a/target/riscv/pmp.c
+++ b/target/riscv/pmp.c
@@ -141,17 +141,9 @@ static void pmp_decode_napot(target_ulong a, target_ulong *sa, target_ulong *ea)
        0111...1111   2^(XLEN+2)-byte NAPOT range
        1111...1111   Reserved
     */
-    if (a == -1) {
-        *sa = 0u;
-        *ea = -1;
-        return;
-    } else {
-        target_ulong t1 = ctz64(~a);
-        target_ulong base = (a & ~(((target_ulong)1 << t1) - 1)) << 2;
-        target_ulong range = ((target_ulong)1 << (t1 + 3)) - 1;
-        *sa = base;
-        *ea = base + range;
-    }
+    a = (a << 2) | 0x3;
+    *sa = a & (a + 1);
+    *ea = a | (a + 1);
 }
 
 void pmp_update_rule_addr(CPURISCVState *env, uint32_t pmp_index)


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH] target/riscv/pmp: fix NAPOT range computation overflow
  2022-04-08 16:25 ` Nicolas Pitre
@ 2022-04-13 23:42   ` Alistair Francis
  -1 siblings, 0 replies; 6+ messages in thread
From: Alistair Francis @ 2022-04-13 23:42 UTC (permalink / raw)
  To: Nicolas Pitre
  Cc: Alistair Francis, Palmer Dabbelt, Bin Meng, open list:RISC-V,
	qemu-devel@nongnu.org Developers

On Sat, Apr 9, 2022 at 2:25 AM Nicolas Pitre <nico@fluxnic.net> wrote:
>
> There is an overflow with the current code where a pmpaddr value of
> 0x1fffffff is decoded as sa=0 and ea=0 whereas it should be sa=0 and
> ea=0xffffffff.
>
> Fix that by simplifying the computation. There is in fact no need for
> ctz64() nor special case for -1 to achieve proper results.
>
> Signed-off-by: Nicolas Pitre <nico@fluxnic.net>

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>

Alistair

> ---
>
> This is in fact the same patch I posted yesterday but turns out its
> scope is far more important than I initially thought.
>
> diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c
> index 81b61bb65c..151da3fa08 100644
> --- a/target/riscv/pmp.c
> +++ b/target/riscv/pmp.c
> @@ -141,17 +141,9 @@ static void pmp_decode_napot(target_ulong a, target_ulong *sa, target_ulong *ea)
>         0111...1111   2^(XLEN+2)-byte NAPOT range
>         1111...1111   Reserved
>      */
> -    if (a == -1) {
> -        *sa = 0u;
> -        *ea = -1;
> -        return;
> -    } else {
> -        target_ulong t1 = ctz64(~a);
> -        target_ulong base = (a & ~(((target_ulong)1 << t1) - 1)) << 2;
> -        target_ulong range = ((target_ulong)1 << (t1 + 3)) - 1;
> -        *sa = base;
> -        *ea = base + range;
> -    }
> +    a = (a << 2) | 0x3;
> +    *sa = a & (a + 1);
> +    *ea = a | (a + 1);
>  }
>
>  void pmp_update_rule_addr(CPURISCVState *env, uint32_t pmp_index)
>


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] target/riscv/pmp: fix NAPOT range computation overflow
@ 2022-04-13 23:42   ` Alistair Francis
  0 siblings, 0 replies; 6+ messages in thread
From: Alistair Francis @ 2022-04-13 23:42 UTC (permalink / raw)
  To: Nicolas Pitre
  Cc: qemu-devel@nongnu.org Developers, open list:RISC-V,
	Alistair Francis, Bin Meng, Palmer Dabbelt

On Sat, Apr 9, 2022 at 2:25 AM Nicolas Pitre <nico@fluxnic.net> wrote:
>
> There is an overflow with the current code where a pmpaddr value of
> 0x1fffffff is decoded as sa=0 and ea=0 whereas it should be sa=0 and
> ea=0xffffffff.
>
> Fix that by simplifying the computation. There is in fact no need for
> ctz64() nor special case for -1 to achieve proper results.
>
> Signed-off-by: Nicolas Pitre <nico@fluxnic.net>

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>

Alistair

> ---
>
> This is in fact the same patch I posted yesterday but turns out its
> scope is far more important than I initially thought.
>
> diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c
> index 81b61bb65c..151da3fa08 100644
> --- a/target/riscv/pmp.c
> +++ b/target/riscv/pmp.c
> @@ -141,17 +141,9 @@ static void pmp_decode_napot(target_ulong a, target_ulong *sa, target_ulong *ea)
>         0111...1111   2^(XLEN+2)-byte NAPOT range
>         1111...1111   Reserved
>      */
> -    if (a == -1) {
> -        *sa = 0u;
> -        *ea = -1;
> -        return;
> -    } else {
> -        target_ulong t1 = ctz64(~a);
> -        target_ulong base = (a & ~(((target_ulong)1 << t1) - 1)) << 2;
> -        target_ulong range = ((target_ulong)1 << (t1 + 3)) - 1;
> -        *sa = base;
> -        *ea = base + range;
> -    }
> +    a = (a << 2) | 0x3;
> +    *sa = a & (a + 1);
> +    *ea = a | (a + 1);
>  }
>
>  void pmp_update_rule_addr(CPURISCVState *env, uint32_t pmp_index)
>


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] target/riscv/pmp: fix NAPOT range computation overflow
  2022-04-08 16:25 ` Nicolas Pitre
@ 2022-04-19  4:34   ` Alistair Francis
  -1 siblings, 0 replies; 6+ messages in thread
From: Alistair Francis @ 2022-04-19  4:34 UTC (permalink / raw)
  To: Nicolas Pitre
  Cc: Alistair Francis, Palmer Dabbelt, Bin Meng, open list:RISC-V,
	qemu-devel@nongnu.org Developers

On Sat, Apr 9, 2022 at 2:25 AM Nicolas Pitre <nico@fluxnic.net> wrote:
>
> There is an overflow with the current code where a pmpaddr value of
> 0x1fffffff is decoded as sa=0 and ea=0 whereas it should be sa=0 and
> ea=0xffffffff.
>
> Fix that by simplifying the computation. There is in fact no need for
> ctz64() nor special case for -1 to achieve proper results.
>
> Signed-off-by: Nicolas Pitre <nico@fluxnic.net>

Thanks!

Applied to riscv-to-apply.next

Alistair

> ---
>
> This is in fact the same patch I posted yesterday but turns out its
> scope is far more important than I initially thought.
>
> diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c
> index 81b61bb65c..151da3fa08 100644
> --- a/target/riscv/pmp.c
> +++ b/target/riscv/pmp.c
> @@ -141,17 +141,9 @@ static void pmp_decode_napot(target_ulong a, target_ulong *sa, target_ulong *ea)
>         0111...1111   2^(XLEN+2)-byte NAPOT range
>         1111...1111   Reserved
>      */
> -    if (a == -1) {
> -        *sa = 0u;
> -        *ea = -1;
> -        return;
> -    } else {
> -        target_ulong t1 = ctz64(~a);
> -        target_ulong base = (a & ~(((target_ulong)1 << t1) - 1)) << 2;
> -        target_ulong range = ((target_ulong)1 << (t1 + 3)) - 1;
> -        *sa = base;
> -        *ea = base + range;
> -    }
> +    a = (a << 2) | 0x3;
> +    *sa = a & (a + 1);
> +    *ea = a | (a + 1);
>  }
>
>  void pmp_update_rule_addr(CPURISCVState *env, uint32_t pmp_index)
>


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] target/riscv/pmp: fix NAPOT range computation overflow
@ 2022-04-19  4:34   ` Alistair Francis
  0 siblings, 0 replies; 6+ messages in thread
From: Alistair Francis @ 2022-04-19  4:34 UTC (permalink / raw)
  To: Nicolas Pitre
  Cc: qemu-devel@nongnu.org Developers, open list:RISC-V,
	Alistair Francis, Bin Meng, Palmer Dabbelt

On Sat, Apr 9, 2022 at 2:25 AM Nicolas Pitre <nico@fluxnic.net> wrote:
>
> There is an overflow with the current code where a pmpaddr value of
> 0x1fffffff is decoded as sa=0 and ea=0 whereas it should be sa=0 and
> ea=0xffffffff.
>
> Fix that by simplifying the computation. There is in fact no need for
> ctz64() nor special case for -1 to achieve proper results.
>
> Signed-off-by: Nicolas Pitre <nico@fluxnic.net>

Thanks!

Applied to riscv-to-apply.next

Alistair

> ---
>
> This is in fact the same patch I posted yesterday but turns out its
> scope is far more important than I initially thought.
>
> diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c
> index 81b61bb65c..151da3fa08 100644
> --- a/target/riscv/pmp.c
> +++ b/target/riscv/pmp.c
> @@ -141,17 +141,9 @@ static void pmp_decode_napot(target_ulong a, target_ulong *sa, target_ulong *ea)
>         0111...1111   2^(XLEN+2)-byte NAPOT range
>         1111...1111   Reserved
>      */
> -    if (a == -1) {
> -        *sa = 0u;
> -        *ea = -1;
> -        return;
> -    } else {
> -        target_ulong t1 = ctz64(~a);
> -        target_ulong base = (a & ~(((target_ulong)1 << t1) - 1)) << 2;
> -        target_ulong range = ((target_ulong)1 << (t1 + 3)) - 1;
> -        *sa = base;
> -        *ea = base + range;
> -    }
> +    a = (a << 2) | 0x3;
> +    *sa = a & (a + 1);
> +    *ea = a | (a + 1);
>  }
>
>  void pmp_update_rule_addr(CPURISCVState *env, uint32_t pmp_index)
>


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2022-04-19  4:36 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-08 16:25 [PATCH] target/riscv/pmp: fix NAPOT range computation overflow Nicolas Pitre
2022-04-08 16:25 ` Nicolas Pitre
2022-04-13 23:42 ` Alistair Francis
2022-04-13 23:42   ` Alistair Francis
2022-04-19  4:34 ` Alistair Francis
2022-04-19  4:34   ` Alistair Francis

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.