From 4b927bc37359dec23f67d3427fc982945f24f404 Mon Sep 17 00:00:00 2001 From: Christian Krinitsin Date: Wed, 21 May 2025 21:21:26 +0200 Subject: add gitlab issues in toml format --- .../host_missing/accel_missing/1542.toml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 gitlab/issues/target_riscv/host_missing/accel_missing/1542.toml (limited to 'gitlab/issues/target_riscv/host_missing/accel_missing/1542.toml') diff --git a/gitlab/issues/target_riscv/host_missing/accel_missing/1542.toml b/gitlab/issues/target_riscv/host_missing/accel_missing/1542.toml new file mode 100644 index 000000000..f7fc69c5b --- /dev/null +++ b/gitlab/issues/target_riscv/host_missing/accel_missing/1542.toml @@ -0,0 +1,21 @@ +id = 1542 +title = "Non-Executable PMP regions of size less than 4K trigger instruction access faults non-deterministically" +state = "closed" +created_at = "2023-03-13T21:06:56.173Z" +closed_at = "2023-06-15T04:33:51.396Z" +labels = ["target: riscv"] +url = "https://gitlab.com/qemu-project/qemu/-/issues/1542" +host-os = "Bare-metal" +host-arch = "RISC-V" +qemu-version = "7.2.0, master" +guest-os = "Bare-metal" +guest-arch = "RISC-V" +description = """When a non-executable PMP region of size less than 4K (page size) with a start address that is not 4K-aligned is created, QEMU will non-deterministically dispatch instruction access faults when instructions are executed from the PMP-covered region (will in some cases, won't in others, based on the current TLB state)""" +reproduce = """1. Create a PMP region of size less than 4K, that is not aligned to the start of the page, make it non-executable +2. Flush TLB with `sfence.vma x0, x0` +3. Jump to the start of the pmp-protected page and start executing instructions +4. Notice that no instruction access fault is reported once we reach the protected region inside the page""" +additional = """@rth7680 I believe this is at least partially an unintentional result of this commit that you authored: 7e0d9973ea665bf459b2dbd173d0e51bc6ca5216, which modified the behavior of `get_page_addr_code_hostp` probes to probe a single byte, instead of a full page size (signaled by passing 0). +This means that we initially probe the first byte of the page, see that no PMP faults are raised, and then assume that no other bytes in the page can cause a PMP fault. + +Note that I believe that simply changing this back to 0 from 1 is not enough, as this will likely simply reintroduce the issue I originally reported in #1053.""" -- cgit 1.4.1