diff mbox series

target/riscv: Smepmp: Skip applying default rules when address matches

Message ID 20230209055206.229392-1-hchauhan@ventanamicro.com
State New
Headers show
Series target/riscv: Smepmp: Skip applying default rules when address matches | expand

Commit Message

Himanshu Chauhan Feb. 9, 2023, 5:52 a.m. UTC
When MSECCFG.MML is set, after checking the address range in PMP if the
asked permissions are not same as programmed in PMP, the default
permissions are applied. This should only be the case when there
is no matching address is found.

This patch skips applying default rules when matching address range
is found. It returns the index of the match PMP entry.

fixes: 824cac681c3 (target/riscv: Fix PMP propagation for tlb)

Signed-off-by: Himanshu Chauhan <hchauhan@ventanamicro.com>
---
 target/riscv/pmp.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

Comments

Daniel Henrique Barboza Feb. 9, 2023, 9:51 a.m. UTC | #1
On 2/9/23 02:52, Himanshu Chauhan wrote:
> When MSECCFG.MML is set, after checking the address range in PMP if the
> asked permissions are not same as programmed in PMP, the default
> permissions are applied. This should only be the case when there
> is no matching address is found.
> 
> This patch skips applying default rules when matching address range
> is found. It returns the index of the match PMP entry.
> 
> fixes: 824cac681c3 (target/riscv: Fix PMP propagation for tlb)

Nit: tag starts with capital "F":

Fixes: 824cac681c3 (target/riscv: Fix PMP propagation for tlb)

> 
> Signed-off-by: Himanshu Chauhan <hchauhan@ventanamicro.com>
> ---

Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>

>   target/riscv/pmp.c | 9 ++++++---
>   1 file changed, 6 insertions(+), 3 deletions(-)
> 
> diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c
> index d85ad07caa..0dfdb35828 100644
> --- a/target/riscv/pmp.c
> +++ b/target/riscv/pmp.c
> @@ -446,9 +446,12 @@ int pmp_hart_has_privs(CPURISCVState *env, target_ulong addr,
>                   }
>               }
>   
> -            if ((privs & *allowed_privs) == privs) {
> -                ret = i;
> -            }
> +            /*
> +             * If matching address range was found, the protection bits
> +             * defined with PMP must be used. We shouldn't fallback on
> +             * finding default privileges.
> +             */
> +            ret = i;
>               break;
>           }
>       }
Alistair Francis Feb. 9, 2023, 11:39 p.m. UTC | #2
On Thu, Feb 9, 2023 at 3:53 PM Himanshu Chauhan
<hchauhan@ventanamicro.com> wrote:
>
> When MSECCFG.MML is set, after checking the address range in PMP if the
> asked permissions are not same as programmed in PMP, the default
> permissions are applied. This should only be the case when there
> is no matching address is found.
>
> This patch skips applying default rules when matching address range
> is found. It returns the index of the match PMP entry.
>
> fixes: 824cac681c3 (target/riscv: Fix PMP propagation for tlb)
>
> Signed-off-by: Himanshu Chauhan <hchauhan@ventanamicro.com>

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>

Alistair

> ---
>  target/riscv/pmp.c | 9 ++++++---
>  1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c
> index d85ad07caa..0dfdb35828 100644
> --- a/target/riscv/pmp.c
> +++ b/target/riscv/pmp.c
> @@ -446,9 +446,12 @@ int pmp_hart_has_privs(CPURISCVState *env, target_ulong addr,
>                  }
>              }
>
> -            if ((privs & *allowed_privs) == privs) {
> -                ret = i;
> -            }
> +            /*
> +             * If matching address range was found, the protection bits
> +             * defined with PMP must be used. We shouldn't fallback on
> +             * finding default privileges.
> +             */
> +            ret = i;
>              break;
>          }
>      }
> --
> 2.39.1
>
>
Alistair Francis Feb. 10, 2023, 2:41 a.m. UTC | #3
On Thu, Feb 9, 2023 at 3:53 PM Himanshu Chauhan
<hchauhan@ventanamicro.com> wrote:
>
> When MSECCFG.MML is set, after checking the address range in PMP if the
> asked permissions are not same as programmed in PMP, the default
> permissions are applied. This should only be the case when there
> is no matching address is found.
>
> This patch skips applying default rules when matching address range
> is found. It returns the index of the match PMP entry.
>
> fixes: 824cac681c3 (target/riscv: Fix PMP propagation for tlb)
>
> Signed-off-by: Himanshu Chauhan <hchauhan@ventanamicro.com>

Thanks!

Applied to riscv-to-apply.next

Alistair

> ---
>  target/riscv/pmp.c | 9 ++++++---
>  1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c
> index d85ad07caa..0dfdb35828 100644
> --- a/target/riscv/pmp.c
> +++ b/target/riscv/pmp.c
> @@ -446,9 +446,12 @@ int pmp_hart_has_privs(CPURISCVState *env, target_ulong addr,
>                  }
>              }
>
> -            if ((privs & *allowed_privs) == privs) {
> -                ret = i;
> -            }
> +            /*
> +             * If matching address range was found, the protection bits
> +             * defined with PMP must be used. We shouldn't fallback on
> +             * finding default privileges.
> +             */
> +            ret = i;
>              break;
>          }
>      }
> --
> 2.39.1
>
>
LIU Zhiwei Feb. 13, 2023, 4:22 a.m. UTC | #4
On 2023/2/9 13:52, Himanshu Chauhan wrote:
> When MSECCFG.MML is set, after checking the address range in PMP if the
> asked permissions are not same as programmed in PMP, the default
> permissions are applied. This should only be the case when there
> is no matching address is found.
>
> This patch skips applying default rules when matching address range
> is found. It returns the index of the match PMP entry.
>
> fixes: 824cac681c3 (target/riscv: Fix PMP propagation for tlb)
>
> Signed-off-by: Himanshu Chauhan <hchauhan@ventanamicro.com>
> ---
>   target/riscv/pmp.c | 9 ++++++---
>   1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c
> index d85ad07caa..0dfdb35828 100644
> --- a/target/riscv/pmp.c
> +++ b/target/riscv/pmp.c
> @@ -446,9 +446,12 @@ int pmp_hart_has_privs(CPURISCVState *env, target_ulong addr,
>                   }
>               }
>   
> -            if ((privs & *allowed_privs) == privs) {
> -                ret = i;
> -            }
> +            /*
> +             * If matching address range was found, the protection bits
> +             * defined with PMP must be used. We shouldn't fallback on
> +             * finding default privileges.
> +             */
> +            ret = i;

Notice the return value is the matching rule index, which includes

1) the address range is matching.

2) the permission of the PMP rule and the memory access type are matching.


So we can't simply remove the second check.  I think the right fix is:

            if ((privs & *allowed_privs) == privs) {
                 ret = i;
  -         }
  +         } else {
  +		ret = -2;
  +         }

The -2 return value avoids finding the default privileges. And it implies no matching rule is found.

Zhiwei

>               break;
>           }
>       }
Himanshu Chauhan Feb. 13, 2023, 5:21 a.m. UTC | #5
On 13/02/23 09:52, LIU Zhiwei wrote:
>
> On 2023/2/9 13:52, Himanshu Chauhan wrote:
>> When MSECCFG.MML is set, after checking the address range in PMP if the
>> asked permissions are not same as programmed in PMP, the default
>> permissions are applied. This should only be the case when there
>> is no matching address is found.
>>
>> This patch skips applying default rules when matching address range
>> is found. It returns the index of the match PMP entry.
>>
>> fixes: 824cac681c3 (target/riscv: Fix PMP propagation for tlb)
>>
>> Signed-off-by: Himanshu Chauhan <hchauhan@ventanamicro.com>
>> ---
>>   target/riscv/pmp.c | 9 ++++++---
>>   1 file changed, 6 insertions(+), 3 deletions(-)
>>
>> diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c
>> index d85ad07caa..0dfdb35828 100644
>> --- a/target/riscv/pmp.c
>> +++ b/target/riscv/pmp.c
>> @@ -446,9 +446,12 @@ int pmp_hart_has_privs(CPURISCVState *env, 
>> target_ulong addr,
>>                   }
>>               }
>>   -            if ((privs & *allowed_privs) == privs) {
>> -                ret = i;
>> -            }
>> +            /*
>> +             * If matching address range was found, the protection bits
>> +             * defined with PMP must be used. We shouldn't fallback on
>> +             * finding default privileges.
>> +             */
>> +            ret = i;
>
> Notice the return value is the matching rule index, which includes
>
> 1) the address range is matching.
>
> 2) the permission of the PMP rule and the memory access type are 
> matching.
>
>
> So we can't simply remove the second check.  I think the right fix is:
>
>            if ((privs & *allowed_privs) == privs) {
>                 ret = i;
>  -         }
>  +         } else {
>  +        ret = -2;
>  +         }
>
> The -2 return value avoids finding the default privileges. And it 
> implies no matching rule is found.
>
> Zhiwei

Hi Zhiwei,

In case the address range is matched and MSECCFG.MML is set, the 
permission in *allowed_privs* are binding. So if the index matching is 
returned, the binding permissions are applied by the caller function.

Which case does my patch break?

- Himanshu

>
>>               break;
>>           }
>>       }
LIU Zhiwei Feb. 13, 2023, 5:42 a.m. UTC | #6
On 2023/2/13 13:21, Himanshu Chauhan wrote:
>
> On 13/02/23 09:52, LIU Zhiwei wrote:
>>
>> On 2023/2/9 13:52, Himanshu Chauhan wrote:
>>> When MSECCFG.MML is set, after checking the address range in PMP if the
>>> asked permissions are not same as programmed in PMP, the default
>>> permissions are applied. This should only be the case when there
>>> is no matching address is found.
>>>
>>> This patch skips applying default rules when matching address range
>>> is found. It returns the index of the match PMP entry.
>>>
>>> fixes: 824cac681c3 (target/riscv: Fix PMP propagation for tlb)
>>>
>>> Signed-off-by: Himanshu Chauhan <hchauhan@ventanamicro.com>
>>> ---
>>>   target/riscv/pmp.c | 9 ++++++---
>>>   1 file changed, 6 insertions(+), 3 deletions(-)
>>>
>>> diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c
>>> index d85ad07caa..0dfdb35828 100644
>>> --- a/target/riscv/pmp.c
>>> +++ b/target/riscv/pmp.c
>>> @@ -446,9 +446,12 @@ int pmp_hart_has_privs(CPURISCVState *env, 
>>> target_ulong addr,
>>>                   }
>>>               }
>>>   -            if ((privs & *allowed_privs) == privs) {
>>> -                ret = i;
>>> -            }
>>> +            /*
>>> +             * If matching address range was found, the protection 
>>> bits
>>> +             * defined with PMP must be used. We shouldn't fallback on
>>> +             * finding default privileges.
>>> +             */
>>> +            ret = i;
>>
>> Notice the return value is the matching rule index, which includes
>>
>> 1) the address range is matching.
>>
>> 2) the permission of the PMP rule and the memory access type are 
>> matching.
>>
>>
>> So we can't simply remove the second check.  I think the right fix is:
>>
>>            if ((privs & *allowed_privs) == privs) {
>>                 ret = i;
>>  -         }
>>  +         } else {
>>  +        ret = -2;
>>  +         }
>>
>> The -2 return value avoids finding the default privileges. And it 
>> implies no matching rule is found.
>>
>> Zhiwei
>
> Hi Zhiwei,
>
> In case the address range is matched and MSECCFG.MML is set, the 
> permission in *allowed_privs* are binding. 
Yes.
> So if the index matching is returned, the binding permissions are 
> applied by the caller function.
Yes. And the index will also be used. So we should check both conditions 
in this function.
>
> Which case does my patch break?

Look at the get_physical_address_pmp which calls pmp_hart_has_privs,

     pmp_index = pmp_hart_has_privs(env, addr, size, 1 << access_type,

                                    &pmp_priv, mode);

     if (pmp_index < 0) {

         *prot = 0;

         return TRANSLATE_PMP_FAIL;

     }

     *prot = pmp_priv_to_page_prot(pmp_priv);

     if ((tlb_size != NULL) && pmp_index != MAX_RISCV_PMPS) {

         target_ulong tlb_sa = addr & ~(TARGET_PAGE_SIZE - 1);

         target_ulong tlb_ea = tlb_sa + TARGET_PAGE_SIZE - 1;

         *tlb_size = pmp_get_tlb_size(env, pmp_index, tlb_sa, tlb_ea);

     }

returnTRANSLATE_SUCCESS;

You break the pmp_index < 0 condition.  If ((privs & *allowed_privs) != 
privs,  the get_physical_address_pmp should return fail.

Zhiwei

>
> - Himanshu
>
>>
>>>               break;
>>>           }
>>>       }
diff mbox series

Patch

diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c
index d85ad07caa..0dfdb35828 100644
--- a/target/riscv/pmp.c
+++ b/target/riscv/pmp.c
@@ -446,9 +446,12 @@  int pmp_hart_has_privs(CPURISCVState *env, target_ulong addr,
                 }
             }
 
-            if ((privs & *allowed_privs) == privs) {
-                ret = i;
-            }
+            /*
+             * If matching address range was found, the protection bits
+             * defined with PMP must be used. We shouldn't fallback on
+             * finding default privileges.
+             */
+            ret = i;
             break;
         }
     }