According to the RISC-V spec, the PTE update is a supervisor write operations, and it should also follow the CPU PMP configuration like the PTE read.
Signed-off-by: Inochi Amaoto <[email protected]> --- Changed from v1: 1. Separate code statements and declarations. --- target/riscv/cpu_helper.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c index 59edcdd370..2db07f5dfb 100644 --- a/target/riscv/cpu_helper.c +++ b/target/riscv/cpu_helper.c @@ -1655,10 +1655,18 @@ static int get_physical_address(CPURISCVState *env, hwaddr *physical, /* Page table updates need to be atomic with MTTCG enabled */ if (updated_pte != pte && !is_debug) { + int pmp_prot, pmp_ret; + if (!adue) { return TRANSLATE_FAIL; } + pmp_ret = get_physical_address_pmp(env, &pmp_prot, pte_addr, + sxlen_bytes, MMU_DATA_STORE, PRV_S); + if (pmp_ret != TRANSLATE_SUCCESS) { + return TRANSLATE_PMP_FAIL; + } + /* * - if accessed or dirty bits need updating, and the PTE is * in RAM, then we do so atomically with a compare and swap. -- 2.54.0
