diff options
author | Hesham Almatary <Hesham.Almatary@cl.cam.ac.uk> | 2019-05-30 14:51:34 +0100 |
---|---|---|
committer | Palmer Dabbelt <palmer@sifive.com> | 2019-06-23 23:44:42 -0700 |
commit | f8162068f18f2f264a0355938784f54089234211 (patch) | |
tree | fea319920a4f27af65a6d64ab573e74fdcc1a7d5 /target/riscv/pmp.c | |
parent | 1f447aec787bfbbd078afccae44fc4c92acb4fed (diff) | |
download | qemu-f8162068f18f2f264a0355938784f54089234211.zip |
RISC-V: Fix a PMP bug where it succeeds even if PMP entry is off
The current implementation returns 1 (PMP check success) if the address is in
range even if the PMP entry is off. This is a bug.
For example, if there is a PMP check in S-Mode which is in range, but its PMP
entry is off, this will succeed, which it should not.
The patch fixes this bug by only checking the PMP permissions if the address is
in range and its corresponding PMP entry it not off. Otherwise, it will keep
the ret = -1 which will be checked and handled correctly at the end of the
function.
Signed-off-by: Hesham Almatary <Hesham.Almatary@cl.cam.ac.uk>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
Diffstat (limited to 'target/riscv/pmp.c')
-rw-r--r-- | target/riscv/pmp.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c index 5944f4cb66..958c7502a0 100644 --- a/target/riscv/pmp.c +++ b/target/riscv/pmp.c @@ -258,11 +258,12 @@ bool pmp_hart_has_privs(CPURISCVState *env, target_ulong addr, /* fully inside */ const uint8_t a_field = pmp_get_a_field(env->pmp_state.pmp[i].cfg_reg); - if ((s + e) == 2) { - if (PMP_AMATCH_OFF == a_field) { - return 1; - } + /* + * If the PMP entry is not off and the address is in range, do the priv + * check + */ + if (((s + e) == 2) && (PMP_AMATCH_OFF != a_field)) { allowed_privs = PMP_READ | PMP_WRITE | PMP_EXEC; if ((mode != PRV_M) || pmp_is_locked(env, i)) { allowed_privs &= env->pmp_state.pmp[i].cfg_reg; |