From patchwork Wed Aug 14 12:30:00 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andrew Jones <ajones@ventanamicro.com>
X-Patchwork-Id: 1972407
Return-Path: 
 <opensbi-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (2048-bit key;
 secure) header.d=lists.infradead.org header.i=@lists.infradead.org
 header.a=rsa-sha256 header.s=bombadil.20210309 header.b=jEE7W2tO;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=ventanamicro.com header.i=@ventanamicro.com
 header.a=rsa-sha256 header.s=google header.b=h15jhTLD;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=lists.infradead.org
 (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;
 envelope-from=opensbi-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
 receiver=patchwork.ozlabs.org)
Received: from bombadil.infradead.org (bombadil.infradead.org
 [IPv6:2607:7c80:54:3::133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4WkSMG0rdDz1yZl
	for <incoming@patchwork.ozlabs.org>; Wed, 14 Aug 2024 22:32:42 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:Subject:Cc
	:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
	List-Owner; bh=oewurhIYHHXy3JE9M0Z1jwAOrPIV/f11xQoX+9FryZo=; b=jEE7W2tOZHSJ7h
	8Tclz+ICJ9eLmnNWe54VpwSlZU95tfSoqo6kyuF1ZeybmdzEfN5Cb35eo/XcWstBJ8UvU+UqqRCDJ
	++kJli7JmY4KlXjPHjYQYj5xz/9XVp/VLuJ/J7/FgUm1hriaK739ZDOUeCcuwnlx91OHAz2IXs3/G
	Bwd+j9WwUqOzNxO39BCvODyq0KIvS4IUR6DfZSfxtqHTipW44ziqkNA8BIpCVYysjFWeaAT9MDZpp
	GfA/mrtY/tjQLLG2yw1DNK7mQA8tpCQyW1+t9ItUE7nrInzzdVENXZMsr6f2Ip5KQt4egwmavkFX+
	fHlMTxb/05HCWW+B6+Iw==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux))
	id 1seDB1-00000006wa1-2Msh;
	Wed, 14 Aug 2024 12:32:31 +0000
Received: from mail-lf1-x135.google.com ([2a00:1450:4864:20::135])
	by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux))
	id 1seD8e-00000006w1p-24tb
	for opensbi@lists.infradead.org;
	Wed, 14 Aug 2024 12:30:05 +0000
Received: by mail-lf1-x135.google.com with SMTP id
 2adb3069b0e04-530e2287825so6118516e87.1
        for <opensbi@lists.infradead.org>;
 Wed, 14 Aug 2024 05:30:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=ventanamicro.com; s=google; t=1723638602; x=1724243402;
 darn=lists.infradead.org;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=L8eTqB/FTMb8G33qOlRHFlAWv0WRdlBkoqCUmcUXIeA=;
        b=h15jhTLDeTPSkCHkMQS91JkzSn6eu8toiVA/0EPps8oh1FXfxkenGP7z9nB7E2xgvJ
         tm9ERS+101EwACxnWpZmLDHpA/IqZSuBI3RkdzzAnyFVI8YVVZlyb47qmE9PPqJef63l
         92n6n4Zb+l3e6zOJu0ciAyrZwiIF4AY9qUm+XGld2yCKIT2gQMUlP5/3u9G6ymgugfWz
         EGm3qyKXHdzDYfVVfNflTOzylMxcRZZAMR/R6Wk8DOjiQpmUR31BfLnTvH/hMCJoDkN2
         hMW91S1EloDwWtF6fc4gYBqlO+nFaLBhC+ajWVRElWbwdY9JFw6uIGq+1p6sSXOkn0Rb
         NmOw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1723638602; x=1724243402;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=L8eTqB/FTMb8G33qOlRHFlAWv0WRdlBkoqCUmcUXIeA=;
        b=Qre/R1l7om9yyPHkxlB4j68age88gEY4h45kSFv8uhb/C4L8ZpAMUoqGZs0Eii1hvV
         k8qpsxrIrXKSu1houOw10nq6xPpoq75CdHv+WxP7IdFIP5bAxGBmc3R+ls3mScE2DG0G
         IuSWdlisF0puUhVkHML9k9ezVtnVtenvPRfkox5z2R0oiucbdwL7WCBNlRNQ7kL1BzmE
         SIxbHquTHzcgrC6sYMb/7igpCJqgVmzA7x2cvc0O6de1G4V/O44sFB4wwQAMPG+Py4t5
         bH9vhifX2dw+b8WZrro2l9ZfToJDIxWwgGcC0woLUmh1uoJp/7/nqai35oWw2LsvMuPn
         N9NQ==
X-Gm-Message-State: AOJu0Yyqb4rRY0nzhVUd12TkVBrFxKiiEhTJLFcSAjJLJMVzootPh/hM
	7chsKZ3uSOGtUnmN7xi/xdXm8NIlsgN/QAcuZBIaUb/lnojBkjgHyHBZ6jfZ2QGOx/ged7QeVat
	eDyc=
X-Google-Smtp-Source: 
 AGHT+IF3h0acn37qMGfw773VdLW4Uhk+eKZwmnHiBin8B3byR8UMfcr+CtkCnKQ4nOlaOaV7bibcuw==
X-Received: by 2002:a05:6512:3d8a:b0:52c:e3bd:c70b with SMTP id
 2adb3069b0e04-532eda5c8damr1837832e87.1.1723638601103;
        Wed, 14 Aug 2024 05:30:01 -0700 (PDT)
Received: from localhost (2001-1ae9-1c2-4c00-20f-c6b4-1e57-7965.ip6.tmcz.cz.
 [2001:1ae9:1c2:4c00:20f:c6b4:1e57:7965])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-429ded2882esm18284235e9.13.2024.08.14.05.30.00
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 14 Aug 2024 05:30:00 -0700 (PDT)
From: Andrew Jones <ajones@ventanamicro.com>
To: opensbi@lists.infradead.org
Cc: Anup Patel <apatel@ventanamicro.com>,
	cleger@rivosinc.com
Subject: [PATCH] lib: sbi: Add additional range checks for RV32
Date: Wed, 14 Aug 2024 14:30:00 +0200
Message-ID: <20240814122959.49914-2-ajones@ventanamicro.com>
X-Mailer: git-send-email 2.45.2
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20240814_053004_569358_012D4C75 
X-CRM114-Status: GOOD (  15.38  )
X-Spam-Score: -2.1 (--)
X-Spam-Report: Spam detection software,
 running on the system "bombadil.infradead.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  On RV32,
 M-mode can only access the first 4G of the physical
    address space because M-mode does not have an MMU to access the full
 34-bit
    physical address space. While we already ensure the "hi" regist [...]
 Content analysis details:   (-2.1 points, 5.0 required)
  pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/, no
                             trust
                             [2a00:1450:4864:20:0:0:0:135 listed in]
                             [list.dnswl.org]
  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
 author's
                             domain
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
                             envelope-from domain
 -0.1 DKIM_VALID             Message has at least one valid DKIM or DK
 signature
  0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily valid
 -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
                             [score: 0.0000]
 -0.0 T_SCC_BODY_TEXT_LINE   No description available.
X-BeenThere: opensbi@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <opensbi.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/opensbi>,
 <mailto:opensbi-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/opensbi/>
List-Post: <mailto:opensbi@lists.infradead.org>
List-Help: <mailto:opensbi-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/opensbi>,
 <mailto:opensbi-request@lists.infradead.org?subject=subscribe>
Sender: "opensbi" <opensbi-bounces@lists.infradead.org>
Errors-To: opensbi-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

On RV32, M-mode can only access the first 4G of the physical
address space because M-mode does not have an MMU to access the
full 34-bit physical address space. While we already ensure
the "hi" registers of RV32 physical address inputs are zero we
need to also ensure that the low register plus the size does
not cross into 4G address space. The check added to
sbi_domain_check_addr_range() should be enough for both DBCN
and SSE, but DBCN returns a different error code for high
addresses, so we patch that check too.

Signed-off-by: Andrew Jones <ajones@ventanamicro.com>
---

Should the SSE functions return SBI_ERR_FAILED in this case like DBCN
does? We'd need to patch the SSE spec to call out SBI_ERR_FAILED as
"Failed to write due to I/O errors." like DBCN does too.

 lib/sbi/sbi_domain.c     | 3 +++
 lib/sbi/sbi_ecall_dbcn.c | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/sbi/sbi_domain.c b/lib/sbi/sbi_domain.c
index 374ac36b2f3e..5f6efe884952 100644
--- a/lib/sbi/sbi_domain.c
+++ b/lib/sbi/sbi_domain.c
@@ -412,6 +412,9 @@ bool sbi_domain_check_addr_range(const struct sbi_domain *dom,
 	if (!dom)
 		return false;
 
+	if (max < addr)
+		return false;
+
 	while (addr < max) {
 		reg = find_region(dom, addr);
 		if (!reg)
diff --git a/lib/sbi/sbi_ecall_dbcn.c b/lib/sbi/sbi_ecall_dbcn.c
index 49a7713f48bb..a3262ab9a90c 100644
--- a/lib/sbi/sbi_ecall_dbcn.c
+++ b/lib/sbi/sbi_ecall_dbcn.c
@@ -39,7 +39,7 @@ static int sbi_ecall_dbcn_handler(unsigned long extid, unsigned long funcid,
 		 * physical address (i.e. a2 register) is non-zero on
 		 * RV64.
 		 */
-		if (regs->a2)
+		if (regs->a2 || regs->a1 + regs->a0 < regs->a1)
 			return SBI_ERR_FAILED;
 
 		if (!sbi_domain_check_addr_range(sbi_domain_thishart_ptr(),