From: Palmer Dabbelt <palmer@sifive.com> To: Peter Maydell <peter.maydell@linaro.org> Cc: Alistair Francis <alistair.francis@wdc.com>, Palmer Dabbelt <palmer@sifive.com>, qemu-riscv@nongnu.org, qemu-devel@nongnu.org, Hesham Almatary <Hesham.Almatary@cl.cam.ac.uk> Subject: [Qemu-devel] [PULL 09/34] RISC-V: Fix a PMP bug where it succeeds even if PMP entry is off Date: Fri, 28 Jun 2019 10:32:02 -0700 [thread overview] Message-ID: <20190628173227.31925-10-palmer@sifive.com> (raw) In-Reply-To: <20190628173227.31925-1-palmer@sifive.com> From: Hesham Almatary <Hesham.Almatary@cl.cam.ac.uk> The current implementation returns 1 (PMP check success) if the address is in range even if the PMP entry is off. This is a bug. For example, if there is a PMP check in S-Mode which is in range, but its PMP entry is off, this will succeed, which it should not. The patch fixes this bug by only checking the PMP permissions if the address is in range and its corresponding PMP entry it not off. Otherwise, it will keep the ret = -1 which will be checked and handled correctly at the end of the function. Signed-off-by: Hesham Almatary <Hesham.Almatary@cl.cam.ac.uk> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Palmer Dabbelt <palmer@sifive.com> --- target/riscv/pmp.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c index 5944f4cb6607..958c7502a0e0 100644 --- a/target/riscv/pmp.c +++ b/target/riscv/pmp.c @@ -258,11 +258,12 @@ bool pmp_hart_has_privs(CPURISCVState *env, target_ulong addr, /* fully inside */ const uint8_t a_field = pmp_get_a_field(env->pmp_state.pmp[i].cfg_reg); - if ((s + e) == 2) { - if (PMP_AMATCH_OFF == a_field) { - return 1; - } + /* + * If the PMP entry is not off and the address is in range, do the priv + * check + */ + if (((s + e) == 2) && (PMP_AMATCH_OFF != a_field)) { allowed_privs = PMP_READ | PMP_WRITE | PMP_EXEC; if ((mode != PRV_M) || pmp_is_locked(env, i)) { allowed_privs &= env->pmp_state.pmp[i].cfg_reg; -- 2.21.0
WARNING: multiple messages have this Message-ID (diff)
From: Palmer Dabbelt <palmer@sifive.com> To: Peter Maydell <peter.maydell@linaro.org> Cc: qemu-devel@nongnu.org, qemu-riscv@nongnu.org, Hesham Almatary <Hesham.Almatary@cl.cam.ac.uk>, Alistair Francis <alistair.francis@wdc.com>, Palmer Dabbelt <palmer@sifive.com> Subject: [Qemu-riscv] [PULL 09/34] RISC-V: Fix a PMP bug where it succeeds even if PMP entry is off Date: Fri, 28 Jun 2019 10:32:02 -0700 [thread overview] Message-ID: <20190628173227.31925-10-palmer@sifive.com> (raw) In-Reply-To: <20190628173227.31925-1-palmer@sifive.com> From: Hesham Almatary <Hesham.Almatary@cl.cam.ac.uk> The current implementation returns 1 (PMP check success) if the address is in range even if the PMP entry is off. This is a bug. For example, if there is a PMP check in S-Mode which is in range, but its PMP entry is off, this will succeed, which it should not. The patch fixes this bug by only checking the PMP permissions if the address is in range and its corresponding PMP entry it not off. Otherwise, it will keep the ret = -1 which will be checked and handled correctly at the end of the function. Signed-off-by: Hesham Almatary <Hesham.Almatary@cl.cam.ac.uk> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Palmer Dabbelt <palmer@sifive.com> --- target/riscv/pmp.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c index 5944f4cb6607..958c7502a0e0 100644 --- a/target/riscv/pmp.c +++ b/target/riscv/pmp.c @@ -258,11 +258,12 @@ bool pmp_hart_has_privs(CPURISCVState *env, target_ulong addr, /* fully inside */ const uint8_t a_field = pmp_get_a_field(env->pmp_state.pmp[i].cfg_reg); - if ((s + e) == 2) { - if (PMP_AMATCH_OFF == a_field) { - return 1; - } + /* + * If the PMP entry is not off and the address is in range, do the priv + * check + */ + if (((s + e) == 2) && (PMP_AMATCH_OFF != a_field)) { allowed_privs = PMP_READ | PMP_WRITE | PMP_EXEC; if ((mode != PRV_M) || pmp_is_locked(env, i)) { allowed_privs &= env->pmp_state.pmp[i].cfg_reg; -- 2.21.0
next prev parent reply other threads:[~2019-06-28 17:53 UTC|newest] Thread overview: 73+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-06-28 17:31 [Qemu-devel] [PULL] RISC-V Patches for the 4.1 Soft Freeze, Part 2 v2 Palmer Dabbelt 2019-06-28 17:31 ` [Qemu-riscv] " Palmer Dabbelt 2019-06-28 17:31 ` [Qemu-devel] [PULL 01/34] target/riscv: Allow setting ISA extensions via CPU props Palmer Dabbelt 2019-06-28 17:31 ` [Qemu-riscv] " Palmer Dabbelt 2019-06-28 17:31 ` [Qemu-devel] [PULL 02/34] sifive_prci: Read and write PRCI registers Palmer Dabbelt 2019-06-28 17:31 ` [Qemu-riscv] " Palmer Dabbelt 2019-06-28 17:31 ` [Qemu-devel] [PULL 03/34] target/riscv: Fix PMP range boundary address bug Palmer Dabbelt 2019-06-28 17:31 ` [Qemu-riscv] " Palmer Dabbelt 2019-06-28 17:31 ` [Qemu-devel] [PULL 04/34] target/riscv: Implement riscv_cpu_unassigned_access Palmer Dabbelt 2019-06-28 17:31 ` [Qemu-riscv] " Palmer Dabbelt 2019-06-28 17:31 ` [Qemu-devel] [PULL 05/34] RISC-V: Only Check PMP if MMU translation succeeds Palmer Dabbelt 2019-06-28 17:31 ` [Qemu-riscv] " Palmer Dabbelt 2019-06-28 17:31 ` [Qemu-devel] [PULL 06/34] RISC-V: Raise access fault exceptions on PMP violations Palmer Dabbelt 2019-06-28 17:31 ` [Qemu-riscv] " Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-devel] [PULL 07/34] RISC-V: Check for the effective memory privilege mode during PMP checks Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-riscv] " Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-devel] [PULL 08/34] RISC-V: Check PMP during Page Table Walks Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-riscv] " Palmer Dabbelt 2019-06-28 17:32 ` Palmer Dabbelt [this message] 2019-06-28 17:32 ` [Qemu-riscv] [PULL 09/34] RISC-V: Fix a PMP bug where it succeeds even if PMP entry is off Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-devel] [PULL 10/34] RISC-V: Fix a PMP check with the correct access size Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-riscv] " Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-devel] [PULL 11/34] riscv: virt: Correct pci "bus-range" encoding Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-riscv] " Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-devel] [PULL 12/34] RISC-V: Fix a memory leak when realizing a sifive_e Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-riscv] " Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-devel] [PULL 13/34] target/riscv: Restructure deprecatd CPUs Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-riscv] " Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-devel] [PULL 14/34] target/riscv: Add the privledge spec version 1.11.0 Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-riscv] " Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-devel] [PULL 15/34] target/riscv: Add the mcountinhibit CSR Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-riscv] " Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-devel] [PULL 16/34] target/riscv: Set privledge spec 1.11.0 as default Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-riscv] " Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-devel] [PULL 17/34] qemu-deprecated.texi: Deprecate the RISC-V privledge spec 1.09.1 Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-riscv] " Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-devel] [PULL 18/34] target/riscv: Require either I or E base extension Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-riscv] " Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-devel] [PULL 19/34] target/riscv: Remove user version information Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-riscv] " Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-devel] [PULL 20/34] target/riscv: Add support for disabling/enabling Counters Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-riscv] " Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-devel] [PULL 21/34] RISC-V: Add support for the Zifencei extension Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-riscv] " Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-devel] [PULL 22/34] RISC-V: Add support for the Zicsr extension Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-riscv] " Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-devel] [PULL 23/34] RISC-V: Clear load reservations on context switch and SC Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-riscv] " Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-devel] [PULL 24/34] RISC-V: Update syscall list for 32-bit support Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-riscv] " Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-devel] [PULL 25/34] riscv: virt: Add cpu-topology DT node Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-riscv] " Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-devel] [PULL 26/34] disas/riscv: Disassemble reserved compressed encodings as illegal Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-riscv] " Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-devel] [PULL 27/34] disas/riscv: Fix `rdinstreth` constraint Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-riscv] " Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-devel] [PULL 28/34] riscv: sifive_u: Do not create hard-coded phandles in DT Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-riscv] " Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-devel] [PULL 29/34] riscv: sifive_u: Update the plic hart config to support multicore Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-riscv] " Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-devel] [PULL 30/34] hw/riscv: Split out the boot functions Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-riscv] " Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-devel] [PULL 31/34] hw/riscv: Add support for loading a firmware Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-riscv] " Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-devel] [PULL 32/34] hw/riscv: Extend the kernel loading support Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-riscv] " Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-devel] [PULL 33/34] roms: Add OpenSBI version 0.3 Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-riscv] " Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-devel] [PULL 34/34] hw/riscv: Load OpenSBI as the default firmware Palmer Dabbelt 2019-06-28 17:32 ` [Qemu-riscv] " Palmer Dabbelt 2019-07-01 16:55 ` [Qemu-devel] [PULL] RISC-V Patches for the 4.1 Soft Freeze, Part 2 v2 Peter Maydell 2019-07-01 16:55 ` [Qemu-riscv] " Peter Maydell -- strict thread matches above, loose matches on Subject: below -- 2019-06-27 15:19 [Qemu-devel] [PULL] RISC-V Patches for the 4.1 Soft Freeze, Part 2 Palmer Dabbelt 2019-06-27 15:19 ` [Qemu-devel] [PULL 09/34] RISC-V: Fix a PMP bug where it succeeds even if PMP entry is off Palmer Dabbelt
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20190628173227.31925-10-palmer@sifive.com \ --to=palmer@sifive.com \ --cc=Hesham.Almatary@cl.cam.ac.uk \ --cc=alistair.francis@wdc.com \ --cc=peter.maydell@linaro.org \ --cc=qemu-devel@nongnu.org \ --cc=qemu-riscv@nongnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.