summary refs log tree commit diff stats
path: root/results/scraper/launchpad-without-comments/1886076
diff options
context:
space:
mode:
Diffstat (limited to 'results/scraper/launchpad-without-comments/1886076')
-rw-r--r--results/scraper/launchpad-without-comments/188607636
1 files changed, 36 insertions, 0 deletions
diff --git a/results/scraper/launchpad-without-comments/1886076 b/results/scraper/launchpad-without-comments/1886076
new file mode 100644
index 000000000..96e82dcc2
--- /dev/null
+++ b/results/scraper/launchpad-without-comments/1886076
@@ -0,0 +1,36 @@
+risc-v pmp implementation error
+
+QEMU Commit fc1bff958998910ec8d25db86cd2f53ff125f7ab
+
+
+RISC-V PMP implementation is not correct on QEMU.
+
+When an access is granted there is no more PMP check on the 4KB memory range of the accessed location.
+A cache flush is needed in order to force a PMP check on next access to this 4KB memory range.
+A correct implementation would be to grant access to the maximum allowed area around the accessed location within the 4KB memory range.
+
+For instance, if PMP is configured to block all accesses from 0x80003000 to 0x800037FF and from 0x80003C00 to 0x80003FFF:
+1st case:
+    1) A read access is done @0x80003900 --> access OK as expected
+    2) Then a read access is done @0x80003400 --> access OK while it must be blocked!
+2nd case:
+    1) A read access is done @0x80003900 --> access OK as expected
+    2) Cache is flushed (__asm__ __volatile__ ("sfence.vma" : : : "memory");)  
+    3) A read access is done @0x80003400 --> access blocked as expected
+
+Analysis:
+    After the 1st read @0x80003900 QEMU add the memory range 0x80003000 to 0x80003FFF into a TLB entry.
+    Then no more PMP check is done from 0x80003000 to 0x80003FFF until the TLB is flushed.
+What should be done:
+    Only the range 0x80003800 to 0x80003BFF should be added to the TLB entry.
+
+The 4KB range is the default size of a TLB page on QEMU for RISCV.
+The minimum size that can be set is 64Bytes. However the PMP granularity can be as low as 4Bytes.
+
+I tested a quick fix and PMP is working as expected.
+The quick fix consist in replacing this line:
+tlb_set_page(cs, address & TARGET_PAGE_MASK, pa & TARGET_PAGE_MASK, prot, mmu_idx, TARGET_PAGE_SIZE);
+By this one in target/riscv/cpu_helper.c:
+tlb_set_page(cs, address & ~0x3, pa & ~0x3, prot, mmu_idx, size);
+
+This quick fix has to be optimized in order to consume less HW resources, as explained at the beginning.
\ No newline at end of file