[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v6 00/12] target/riscv: Fix PMP related problem
From: |
Alistair Francis |
Subject: |
Re: [PATCH v6 00/12] target/riscv: Fix PMP related problem |
Date: |
Thu, 18 May 2023 19:46:17 +1000 |
On Wed, May 17, 2023 at 7:16 PM Weiwei Li <liweiwei@iscas.ac.cn> wrote:
>
> This patchset originally tries to fix the PMP bypass problem issue
> https://gitlab.com/qemu-project/qemu/-/issues/1542:
>
> * TLB will be cached if the matched PMP entry cover the whole page. However
> PMP entries with higher priority may cover part of the page (but not match
> the access address), which means different regions in this page may have
> different permission rights. So it also cannot be cached (patch 1).
> * Writing to pmpaddr and MML/MMWP didn't trigger tlb flush (patch 7 and 9).
> * We set the tlb_size to 1 to make the TLB_INVALID_MASK set, and and the next
> access will again go through tlb_fill. However, this way will not work in
> tb_gen_code() => get_page_addr_code_hostp(): the TLB host address will be
> cached, and the following instructions can use this host address directly
> which may lead to the bypass of PMP related check (original patch 11).
>
> The port is available here:
> https://github.com/plctlab/plct-qemu/tree/plct-pmp-fix-v6
>
> v6:
>
> * Update comments in Patch 1
> * Remove the merged Patch 11
>
> v5:
>
> * Mov the original Patch 6 to Patch 3
> * add Patch 4 to change the return type of pmp_hart_has_privs() to bool
> * add Patch 5 to make RLB/MML/MMWP bits writable only when Smepmp is enabled
> * add Patch 6 to remove unused paramters in pmp_hart_has_privs_default()
> * add Patch 7 to flush tlb when MMWP or MML bits are changed
> * add Patch 8 to update the next rule addr in pmpaddr_csr_write()
> * add Patch 13 to deny access if access is partially inside the PMP entry
>
> v4:
>
> * Update comments for Patch 1, and move partial check code from Patch 2 to
> Patch 1
>
> * Restore log message change in Patch 2
>
> * Update commit message and the way to improve the problem in Patch 6
>
> v3:
>
> * Ignore disabled PMP entry in pmp_get_tlb_size() in Patch 1
>
> * Drop Patch 5, since tb jmp cache have been flushed in tlb_flush, so flush
> tb seems unnecessary.
>
> * Fix commit message problems in Patch 8 (Patch 7 in new patchset)
>
> v2:
>
> * Update commit message for patch 1
> * Add default tlb_size when pmp is diabled or there is no rules and only get
> the tlb size when translation success in patch 2
> * Update get_page_addr_code_hostp instead of probe_access_internal to fix the
> cached host address for instruction fetch in patch 6
> * Add patch 7 to make the short up really work in pmp_hart_has_privs
> * Add patch 8 to use pmp_update_rule_addr() and pmp_update_rule_nums()
> separately
>
> Weiwei Li (12):
> target/riscv: Update pmp_get_tlb_size()
> target/riscv: Move pmp_get_tlb_size apart from
> get_physical_address_pmp
> target/riscv: Make the short cut really work in pmp_hart_has_privs
> target/riscv: Change the return type of pmp_hart_has_privs() to bool
> target/riscv: Make RLB/MML/MMWP bits writable only when Smepmp is
> enabled
> target/riscv: Remove unused paramters in pmp_hart_has_privs_default()
> target/riscv: Flush TLB when MMWP or MML bits are changed
> target/riscv: Update the next rule addr in pmpaddr_csr_write()
> target/riscv: Flush TLB when pmpaddr is updated
> target/riscv: Flush TLB only when pmpcfg/pmpaddr really changes
> target/riscv: Separate pmp_update_rule() in pmpcfg_csr_write
> target/riscv: Deny access if access is partially inside the PMP entry
Thanks!
Applied to riscv-to-apply.next
Alistair
>
> target/riscv/cpu_helper.c | 27 ++---
> target/riscv/pmp.c | 203 ++++++++++++++++++++++----------------
> target/riscv/pmp.h | 11 +--
> 3 files changed, 135 insertions(+), 106 deletions(-)
>
> --
> 2.25.1
>
>
- [PATCH v6 07/12] target/riscv: Flush TLB when MMWP or MML bits are changed, (continued)
- [PATCH v6 07/12] target/riscv: Flush TLB when MMWP or MML bits are changed, Weiwei Li, 2023/05/17
- [PATCH v6 01/12] target/riscv: Update pmp_get_tlb_size(), Weiwei Li, 2023/05/17
- [PATCH v6 03/12] target/riscv: Make the short cut really work in pmp_hart_has_privs, Weiwei Li, 2023/05/17
- [PATCH v6 05/12] target/riscv: Make RLB/MML/MMWP bits writable only when Smepmp is enabled, Weiwei Li, 2023/05/17
- [PATCH v6 02/12] target/riscv: Move pmp_get_tlb_size apart from get_physical_address_pmp, Weiwei Li, 2023/05/17
- [PATCH v6 08/12] target/riscv: Update the next rule addr in pmpaddr_csr_write(), Weiwei Li, 2023/05/17
- [PATCH v6 09/12] target/riscv: Flush TLB when pmpaddr is updated, Weiwei Li, 2023/05/17
- [PATCH v6 10/12] target/riscv: Flush TLB only when pmpcfg/pmpaddr really changes, Weiwei Li, 2023/05/17
- [PATCH v6 12/12] target/riscv: Deny access if access is partially inside the PMP entry, Weiwei Li, 2023/05/17
- [PATCH v6 11/12] target/riscv: Separate pmp_update_rule() in pmpcfg_csr_write, Weiwei Li, 2023/05/17
- Re: [PATCH v6 00/12] target/riscv: Fix PMP related problem,
Alistair Francis <=