From: Alexandre Ghiti <alexgh...@rivosinc.com>
As per the specification, in 64-bit, if any of the pte reserved bits
60-54 is set an exception should be triggered (see 4.4.1, "Addressing and
Memory Protection"). In addition, we must check the napot/pbmt bits are
not set if those extensions are not active.
Reported-by: Andrea Parri <and...@rivosinc.com>
Signed-off-by: Alexandre Ghiti <alexgh...@rivosinc.com>
Reviewed-by: Alistair Francis <alistair.fran...@wdc.com>
Message-Id: <20230420150220.60919-1-alexgh...@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.fran...@wdc.com>
---
target/riscv/cpu_bits.h | 1 +
target/riscv/cpu_helper.c | 15 +++++++++++----
2 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
index fb63b8e125..59f0ffd9e1 100644
--- a/target/riscv/cpu_bits.h
+++ b/target/riscv/cpu_bits.h
@@ -644,6 +644,7 @@ typedef enum {
#define PTE_SOFT 0x300 /* Reserved for Software */
#define PTE_PBMT 0x6000000000000000ULL /* Page-based memory types */
#define PTE_N 0x8000000000000000ULL /* NAPOT translation */
+#define PTE_RESERVED 0x1FC0000000000000ULL /* Reserved bits */
#define PTE_ATTR (PTE_N | PTE_PBMT) /* All attributes bits */
/* Page table PPN shift amount */
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index b68dcfe7b6..57d04385f1 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -927,13 +927,20 @@ restart:
if (riscv_cpu_sxl(env) == MXL_RV32) {
ppn = pte >> PTE_PPN_SHIFT;
- } else if (pbmte || riscv_cpu_cfg(env)->ext_svnapot) {
- ppn = (pte & (target_ulong)PTE_PPN_MASK) >> PTE_PPN_SHIFT;
} else {
- ppn = pte >> PTE_PPN_SHIFT;
- if ((pte & ~(target_ulong)PTE_PPN_MASK) >> PTE_PPN_SHIFT) {
+ if (pte & PTE_RESERVED) {
+ return TRANSLATE_FAIL;
+ }
+
+ if (!pbmte && (pte & PTE_PBMT)) {
return TRANSLATE_FAIL;
}
+
+ if (!riscv_cpu_cfg(env)->ext_svnapot && (pte & PTE_N)) {
+ return TRANSLATE_FAIL;
+ }
+
+ ppn = (pte & (target_ulong)PTE_PPN_MASK) >> PTE_PPN_SHIFT;
}
if (!(pte & PTE_V)) {
--
2.40.0
