1 /*
2 * QEMU RISC-V PMP (Physical Memory Protection)
3 *
4 * Author: Daire McNamara, daire.mcnamara@emdalo.com
5 * Ivan Griffin, ivan.griffin@emdalo.com
6 *
7 * This provides a RISC-V Physical Memory Protection implementation
8 *
9 * This program is free software; you can redistribute it and/or modify it
10 * under the terms and conditions of the GNU General Public License,
11 * version 2 or later, as published by the Free Software Foundation.
12 *
13 * This program is distributed in the hope it will be useful, but WITHOUT
14 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
15 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
16 * more details.
17 *
18 * You should have received a copy of the GNU General Public License along with
19 * this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "qemu/osdep.h"
23 #include "qemu/log.h"
24 #include "qapi/error.h"
25 #include "cpu.h"
26 #include "trace.h"
27 #include "exec/cputlb.h"
28 #include "exec/page-protection.h"
29 #include "exec/target_page.h"
30
31 static bool pmp_write_cfg(CPURISCVState *env, uint32_t addr_index,
32 uint8_t val);
33 static uint8_t pmp_read_cfg(CPURISCVState *env, uint32_t addr_index);
34
35 /*
36 * Convert the PMP permissions to match the truth table in the Smepmp spec.
37 */
pmp_get_smepmp_operation(uint8_t cfg)38 static inline uint8_t pmp_get_smepmp_operation(uint8_t cfg)
39 {
40 return ((cfg & PMP_LOCK) >> 4) | ((cfg & PMP_READ) << 2) |
41 (cfg & PMP_WRITE) | ((cfg & PMP_EXEC) >> 2);
42 }
43
44 /*
45 * Accessor method to extract address matching type 'a field' from cfg reg
46 */
pmp_get_a_field(uint8_t cfg)47 static inline uint8_t pmp_get_a_field(uint8_t cfg)
48 {
49 uint8_t a = cfg >> 3;
50 return a & 0x3;
51 }
52
53 /*
54 * Check whether a PMP is locked or not.
55 */
pmp_is_locked(CPURISCVState * env,uint32_t pmp_index)56 static inline int pmp_is_locked(CPURISCVState *env, uint32_t pmp_index)
57 {
58 if (env->pmp_state.pmp[pmp_index].cfg_reg & PMP_LOCK) {
59 return 1;
60 }
61
62 return 0;
63 }
64
65 /*
66 * Check whether a PMP is locked for writing or not.
67 * (i.e. has LOCK flag and mseccfg.RLB is unset)
68 */
pmp_is_readonly(CPURISCVState * env,uint32_t pmp_index)69 static int pmp_is_readonly(CPURISCVState *env, uint32_t pmp_index)
70 {
71 return pmp_is_locked(env, pmp_index) && !MSECCFG_RLB_ISSET(env);
72 }
73
74 /*
75 * Check whether `val` is an invalid Smepmp config value
76 */
pmp_is_invalid_smepmp_cfg(CPURISCVState * env,uint8_t val)77 static int pmp_is_invalid_smepmp_cfg(CPURISCVState *env, uint8_t val)
78 {
79 /* No check if mseccfg.MML is not set or if mseccfg.RLB is set */
80 if (!MSECCFG_MML_ISSET(env) || MSECCFG_RLB_ISSET(env)) {
81 return 0;
82 }
83
84 /*
85 * Adding a rule with executable privileges that either is M-mode-only
86 * or a locked Shared-Region is not possible
87 */
88 switch (pmp_get_smepmp_operation(val)) {
89 case 0:
90 case 1:
91 case 2:
92 case 3:
93 case 4:
94 case 5:
95 case 6:
96 case 7:
97 case 8:
98 case 12:
99 case 14:
100 case 15:
101 return 0;
102 case 9:
103 case 10:
104 case 11:
105 case 13:
106 return 1;
107 default:
108 g_assert_not_reached();
109 }
110 }
111
112 /*
113 * Count the number of active rules.
114 */
pmp_get_num_rules(CPURISCVState * env)115 uint32_t pmp_get_num_rules(CPURISCVState *env)
116 {
117 return env->pmp_state.num_rules;
118 }
119
120 /*
121 * Accessor to get the cfg reg for a specific PMP/HART
122 */
pmp_read_cfg(CPURISCVState * env,uint32_t pmp_index)123 static inline uint8_t pmp_read_cfg(CPURISCVState *env, uint32_t pmp_index)
124 {
125 uint8_t pmp_regions = riscv_cpu_cfg(env)->pmp_regions;
126
127 if (pmp_index < pmp_regions) {
128 return env->pmp_state.pmp[pmp_index].cfg_reg;
129 }
130
131 return 0;
132 }
133
134
135 /*
136 * Accessor to set the cfg reg for a specific PMP/HART
137 * Bounds checks and relevant lock bit.
138 */
pmp_write_cfg(CPURISCVState * env,uint32_t pmp_index,uint8_t val)139 static bool pmp_write_cfg(CPURISCVState *env, uint32_t pmp_index, uint8_t val)
140 {
141 uint8_t pmp_regions = riscv_cpu_cfg(env)->pmp_regions;
142
143 if (pmp_index < pmp_regions) {
144 if (env->pmp_state.pmp[pmp_index].cfg_reg == val) {
145 /* no change */
146 return false;
147 }
148
149 if (pmp_is_readonly(env, pmp_index)) {
150 qemu_log_mask(LOG_GUEST_ERROR,
151 "ignoring pmpcfg write - read only\n");
152 } else if (pmp_is_invalid_smepmp_cfg(env, val)) {
153 qemu_log_mask(LOG_GUEST_ERROR,
154 "ignoring pmpcfg write - invalid\n");
155 } else {
156 env->pmp_state.pmp[pmp_index].cfg_reg = val;
157 pmp_update_rule_addr(env, pmp_index);
158 return true;
159 }
160 } else {
161 qemu_log_mask(LOG_GUEST_ERROR,
162 "ignoring pmpcfg write - out of bounds\n");
163 }
164
165 return false;
166 }
167
pmp_unlock_entries(CPURISCVState * env)168 void pmp_unlock_entries(CPURISCVState *env)
169 {
170 uint32_t pmp_num = pmp_get_num_rules(env);
171 int i;
172
173 for (i = 0; i < pmp_num; i++) {
174 env->pmp_state.pmp[i].cfg_reg &= ~(PMP_LOCK | PMP_AMATCH);
175 }
176 }
177
pmp_decode_napot(hwaddr a,hwaddr * sa,hwaddr * ea)178 static void pmp_decode_napot(hwaddr a, hwaddr *sa, hwaddr *ea)
179 {
180 /*
181 * aaaa...aaa0 8-byte NAPOT range
182 * aaaa...aa01 16-byte NAPOT range
183 * aaaa...a011 32-byte NAPOT range
184 * ...
185 * aa01...1111 2^XLEN-byte NAPOT range
186 * a011...1111 2^(XLEN+1)-byte NAPOT range
187 * 0111...1111 2^(XLEN+2)-byte NAPOT range
188 * 1111...1111 Reserved
189 */
190 a = (a << 2) | 0x3;
191 *sa = a & (a + 1);
192 *ea = a | (a + 1);
193 }
194
pmp_update_rule_addr(CPURISCVState * env,uint32_t pmp_index)195 void pmp_update_rule_addr(CPURISCVState *env, uint32_t pmp_index)
196 {
197 uint8_t this_cfg = env->pmp_state.pmp[pmp_index].cfg_reg;
198 target_ulong this_addr = env->pmp_state.pmp[pmp_index].addr_reg;
199 target_ulong prev_addr = 0u;
200 hwaddr sa = 0u;
201 hwaddr ea = 0u;
202
203 if (pmp_index >= 1u) {
204 prev_addr = env->pmp_state.pmp[pmp_index - 1].addr_reg;
205 }
206
207 switch (pmp_get_a_field(this_cfg)) {
208 case PMP_AMATCH_OFF:
209 sa = 0u;
210 ea = -1;
211 break;
212
213 case PMP_AMATCH_TOR:
214 if (prev_addr >= this_addr) {
215 sa = ea = 0u;
216 break;
217 }
218 sa = prev_addr << 2; /* shift up from [xx:0] to [xx+2:2] */
219 ea = (this_addr << 2) - 1u;
220 break;
221
222 case PMP_AMATCH_NA4:
223 sa = this_addr << 2; /* shift up from [xx:0] to [xx+2:2] */
224 ea = (sa + 4u) - 1u;
225 break;
226
227 case PMP_AMATCH_NAPOT:
228 pmp_decode_napot(this_addr, &sa, &ea);
229 break;
230
231 default:
232 sa = 0u;
233 ea = 0u;
234 break;
235 }
236
237 env->pmp_state.addr[pmp_index].sa = sa;
238 env->pmp_state.addr[pmp_index].ea = ea;
239 }
240
pmp_update_rule_nums(CPURISCVState * env)241 void pmp_update_rule_nums(CPURISCVState *env)
242 {
243 int i;
244 uint8_t pmp_regions = riscv_cpu_cfg(env)->pmp_regions;
245
246 env->pmp_state.num_rules = 0;
247 for (i = 0; i < pmp_regions; i++) {
248 const uint8_t a_field =
249 pmp_get_a_field(env->pmp_state.pmp[i].cfg_reg);
250 if (PMP_AMATCH_OFF != a_field) {
251 env->pmp_state.num_rules++;
252 }
253 }
254 }
255
pmp_is_in_range(CPURISCVState * env,int pmp_index,hwaddr addr)256 static int pmp_is_in_range(CPURISCVState *env, int pmp_index, hwaddr addr)
257 {
258 int result = 0;
259
260 if ((addr >= env->pmp_state.addr[pmp_index].sa) &&
261 (addr <= env->pmp_state.addr[pmp_index].ea)) {
262 result = 1;
263 } else {
264 result = 0;
265 }
266
267 return result;
268 }
269
270 /*
271 * Check if the address has required RWX privs when no PMP entry is matched.
272 */
pmp_hart_has_privs_default(CPURISCVState * env,pmp_priv_t privs,pmp_priv_t * allowed_privs,target_ulong mode)273 static bool pmp_hart_has_privs_default(CPURISCVState *env, pmp_priv_t privs,
274 pmp_priv_t *allowed_privs,
275 target_ulong mode)
276 {
277 bool ret;
278
279 if (MSECCFG_MMWP_ISSET(env)) {
280 /*
281 * The Machine Mode Whitelist Policy (mseccfg.MMWP) is set
282 * so we default to deny all, even for M-mode.
283 */
284 *allowed_privs = 0;
285 return false;
286 } else if (MSECCFG_MML_ISSET(env)) {
287 /*
288 * The Machine Mode Lockdown (mseccfg.MML) bit is set
289 * so we can only execute code in M-mode with an applicable
290 * rule. Other modes are disabled.
291 */
292 if (mode == PRV_M && !(privs & PMP_EXEC)) {
293 ret = true;
294 *allowed_privs = PMP_READ | PMP_WRITE;
295 } else {
296 ret = false;
297 *allowed_privs = 0;
298 }
299
300 return ret;
301 }
302
303 if (!riscv_cpu_cfg(env)->pmp || (mode == PRV_M)) {
304 /*
305 * Privileged spec v1.10 states if HW doesn't implement any PMP entry
306 * or no PMP entry matches an M-Mode access, the access succeeds.
307 */
308 ret = true;
309 *allowed_privs = PMP_READ | PMP_WRITE | PMP_EXEC;
310 } else {
311 /*
312 * Other modes are not allowed to succeed if they don't * match a rule,
313 * but there are rules. We've checked for no rule earlier in this
314 * function.
315 */
316 ret = false;
317 *allowed_privs = 0;
318 }
319
320 return ret;
321 }
322
323
324 /*
325 * Public Interface
326 */
327
328 /*
329 * Check if the address has required RWX privs to complete desired operation
330 * Return true if a pmp rule match or default match
331 * Return false if no match
332 */
pmp_hart_has_privs(CPURISCVState * env,hwaddr addr,target_ulong size,pmp_priv_t privs,pmp_priv_t * allowed_privs,target_ulong mode)333 bool pmp_hart_has_privs(CPURISCVState *env, hwaddr addr,
334 target_ulong size, pmp_priv_t privs,
335 pmp_priv_t *allowed_privs, target_ulong mode)
336 {
337 int i = 0;
338 int pmp_size = 0;
339 hwaddr s = 0;
340 hwaddr e = 0;
341 uint8_t pmp_regions = riscv_cpu_cfg(env)->pmp_regions;
342
343 /* Short cut if no rules */
344 if (0 == pmp_get_num_rules(env)) {
345 return pmp_hart_has_privs_default(env, privs, allowed_privs, mode);
346 }
347
348 if (size == 0) {
349 if (riscv_cpu_cfg(env)->mmu) {
350 /*
351 * If size is unknown (0), assume that all bytes
352 * from addr to the end of the page will be accessed.
353 */
354 pmp_size = -(addr | TARGET_PAGE_MASK);
355 } else {
356 pmp_size = 2 << riscv_cpu_mxl(env);
357 }
358 } else {
359 pmp_size = size;
360 }
361
362 /*
363 * 1.10 draft priv spec states there is an implicit order
364 * from low to high
365 */
366 for (i = 0; i < pmp_regions; i++) {
367 s = pmp_is_in_range(env, i, addr);
368 e = pmp_is_in_range(env, i, addr + pmp_size - 1);
369
370 /* partially inside */
371 if ((s + e) == 1) {
372 qemu_log_mask(LOG_GUEST_ERROR,
373 "pmp violation - access is partially inside\n");
374 *allowed_privs = 0;
375 return false;
376 }
377
378 /* fully inside */
379 const uint8_t a_field =
380 pmp_get_a_field(env->pmp_state.pmp[i].cfg_reg);
381
382 if (((s + e) == 2) && (PMP_AMATCH_OFF != a_field)) {
383 /*
384 * If the PMP entry is not off and the address is in range,
385 * do the priv check
386 */
387 if (!MSECCFG_MML_ISSET(env)) {
388 /*
389 * If mseccfg.MML Bit is not set, do pmp priv check
390 * This will always apply to regular PMP.
391 */
392 *allowed_privs = PMP_READ | PMP_WRITE | PMP_EXEC;
393 if ((mode != PRV_M) || pmp_is_locked(env, i)) {
394 *allowed_privs &= env->pmp_state.pmp[i].cfg_reg;
395 }
396 } else {
397 /*
398 * If mseccfg.MML Bit set, do the enhanced pmp priv check
399 */
400 const uint8_t smepmp_operation =
401 pmp_get_smepmp_operation(env->pmp_state.pmp[i].cfg_reg);
402
403 if (mode == PRV_M) {
404 switch (smepmp_operation) {
405 case 0:
406 case 1:
407 case 4:
408 case 5:
409 case 6:
410 case 7:
411 case 8:
412 *allowed_privs = 0;
413 break;
414 case 2:
415 case 3:
416 case 14:
417 *allowed_privs = PMP_READ | PMP_WRITE;
418 break;
419 case 9:
420 case 10:
421 *allowed_privs = PMP_EXEC;
422 break;
423 case 11:
424 case 13:
425 *allowed_privs = PMP_READ | PMP_EXEC;
426 break;
427 case 12:
428 case 15:
429 *allowed_privs = PMP_READ;
430 break;
431 default:
432 g_assert_not_reached();
433 }
434 } else {
435 switch (smepmp_operation) {
436 case 0:
437 case 8:
438 case 9:
439 case 12:
440 case 13:
441 case 14:
442 *allowed_privs = 0;
443 break;
444 case 1:
445 case 10:
446 case 11:
447 *allowed_privs = PMP_EXEC;
448 break;
449 case 2:
450 case 4:
451 case 15:
452 *allowed_privs = PMP_READ;
453 break;
454 case 3:
455 case 6:
456 *allowed_privs = PMP_READ | PMP_WRITE;
457 break;
458 case 5:
459 *allowed_privs = PMP_READ | PMP_EXEC;
460 break;
461 case 7:
462 *allowed_privs = PMP_READ | PMP_WRITE | PMP_EXEC;
463 break;
464 default:
465 g_assert_not_reached();
466 }
467 }
468 }
469
470 /*
471 * If matching address range was found, the protection bits
472 * defined with PMP must be used. We shouldn't fallback on
473 * finding default privileges.
474 */
475 return (privs & *allowed_privs) == privs;
476 }
477 }
478
479 /* No rule matched */
480 return pmp_hart_has_privs_default(env, privs, allowed_privs, mode);
481 }
482
483 /*
484 * Handle a write to a pmpcfg CSR
485 */
pmpcfg_csr_write(CPURISCVState * env,uint32_t reg_index,target_ulong val)486 void pmpcfg_csr_write(CPURISCVState *env, uint32_t reg_index,
487 target_ulong val)
488 {
489 int i;
490 uint8_t cfg_val;
491 int pmpcfg_nums = 2 << riscv_cpu_mxl(env);
492 bool modified = false;
493
494 trace_pmpcfg_csr_write(env->mhartid, reg_index, val);
495
496 for (i = 0; i < pmpcfg_nums; i++) {
497 cfg_val = (val >> 8 * i) & 0xff;
498 modified |= pmp_write_cfg(env, (reg_index * 4) + i, cfg_val);
499 }
500
501 /* If PMP permission of any addr has been changed, flush TLB pages. */
502 if (modified) {
503 pmp_update_rule_nums(env);
504 tlb_flush(env_cpu(env));
505 }
506 }
507
508
509 /*
510 * Handle a read from a pmpcfg CSR
511 */
pmpcfg_csr_read(CPURISCVState * env,uint32_t reg_index)512 target_ulong pmpcfg_csr_read(CPURISCVState *env, uint32_t reg_index)
513 {
514 int i;
515 target_ulong cfg_val = 0;
516 target_ulong val = 0;
517 int pmpcfg_nums = 2 << riscv_cpu_mxl(env);
518
519 for (i = 0; i < pmpcfg_nums; i++) {
520 val = pmp_read_cfg(env, (reg_index * 4) + i);
521 cfg_val |= (val << (i * 8));
522 }
523 trace_pmpcfg_csr_read(env->mhartid, reg_index, cfg_val);
524
525 return cfg_val;
526 }
527
528
529 /*
530 * Handle a write to a pmpaddr CSR
531 */
pmpaddr_csr_write(CPURISCVState * env,uint32_t addr_index,target_ulong val)532 void pmpaddr_csr_write(CPURISCVState *env, uint32_t addr_index,
533 target_ulong val)
534 {
535 trace_pmpaddr_csr_write(env->mhartid, addr_index, val);
536 bool is_next_cfg_tor = false;
537 uint8_t pmp_regions = riscv_cpu_cfg(env)->pmp_regions;
538
539 if (addr_index < pmp_regions) {
540 if (env->pmp_state.pmp[addr_index].addr_reg == val) {
541 /* no change */
542 return;
543 }
544
545 /*
546 * In TOR mode, need to check the lock bit of the next pmp
547 * (if there is a next).
548 */
549 if (addr_index + 1 < pmp_regions) {
550 uint8_t pmp_cfg = env->pmp_state.pmp[addr_index + 1].cfg_reg;
551 is_next_cfg_tor = PMP_AMATCH_TOR == pmp_get_a_field(pmp_cfg);
552
553 if (pmp_is_readonly(env, addr_index + 1) && is_next_cfg_tor) {
554 qemu_log_mask(LOG_GUEST_ERROR,
555 "ignoring pmpaddr write - pmpcfg+1 read only\n");
556 return;
557 }
558 }
559
560 if (!pmp_is_readonly(env, addr_index)) {
561 env->pmp_state.pmp[addr_index].addr_reg = val;
562 pmp_update_rule_addr(env, addr_index);
563 if (is_next_cfg_tor) {
564 pmp_update_rule_addr(env, addr_index + 1);
565 }
566 tlb_flush(env_cpu(env));
567 } else {
568 qemu_log_mask(LOG_GUEST_ERROR,
569 "ignoring pmpaddr write - read only\n");
570 }
571 } else {
572 qemu_log_mask(LOG_GUEST_ERROR,
573 "ignoring pmpaddr write - out of bounds\n");
574 }
575 }
576
577
578 /*
579 * Handle a read from a pmpaddr CSR
580 */
pmpaddr_csr_read(CPURISCVState * env,uint32_t addr_index)581 target_ulong pmpaddr_csr_read(CPURISCVState *env, uint32_t addr_index)
582 {
583 target_ulong val = 0;
584 uint8_t pmp_regions = riscv_cpu_cfg(env)->pmp_regions;
585
586 if (addr_index < pmp_regions) {
587 val = env->pmp_state.pmp[addr_index].addr_reg;
588 trace_pmpaddr_csr_read(env->mhartid, addr_index, val);
589 } else {
590 qemu_log_mask(LOG_GUEST_ERROR,
591 "ignoring pmpaddr read - out of bounds\n");
592 }
593
594 return val;
595 }
596
597 /*
598 * Handle a write to a mseccfg CSR
599 */
mseccfg_csr_write(CPURISCVState * env,target_ulong val)600 void mseccfg_csr_write(CPURISCVState *env, target_ulong val)
601 {
602 int i;
603 uint64_t mask = MSECCFG_MMWP | MSECCFG_MML;
604 uint8_t pmp_regions = riscv_cpu_cfg(env)->pmp_regions;
605 /* Update PMM field only if the value is valid according to Zjpm v1.0 */
606 if (riscv_cpu_cfg(env)->ext_smmpm &&
607 riscv_cpu_mxl(env) == MXL_RV64 &&
608 get_field(val, MSECCFG_PMM) != PMM_FIELD_RESERVED) {
609 mask |= MSECCFG_PMM;
610 }
611
612 trace_mseccfg_csr_write(env->mhartid, val);
613
614 /* RLB cannot be enabled if it's already 0 and if any regions are locked */
615 if (!MSECCFG_RLB_ISSET(env)) {
616 for (i = 0; i < pmp_regions; i++) {
617 if (pmp_is_locked(env, i)) {
618 val &= ~MSECCFG_RLB;
619 break;
620 }
621 }
622 }
623
624 if (riscv_cpu_cfg(env)->ext_smepmp) {
625 /* Sticky bits */
626 val |= (env->mseccfg & mask);
627 if ((val ^ env->mseccfg) & mask) {
628 tlb_flush(env_cpu(env));
629 }
630 } else {
631 mask |= MSECCFG_RLB;
632 val &= ~(mask);
633 }
634
635 /* M-mode forward cfi to be enabled if cfi extension is implemented */
636 if (env_archcpu(env)->cfg.ext_zicfilp) {
637 val |= (val & MSECCFG_MLPE);
638 }
639
640 env->mseccfg = val;
641 }
642
643 /*
644 * Handle a read from a mseccfg CSR
645 */
mseccfg_csr_read(CPURISCVState * env)646 target_ulong mseccfg_csr_read(CPURISCVState *env)
647 {
648 trace_mseccfg_csr_read(env->mhartid, env->mseccfg);
649 return env->mseccfg;
650 }
651
652 /*
653 * Calculate the TLB size.
654 * It's possible that PMP regions only cover partial of the TLB page, and
655 * this may split the page into regions with different permissions.
656 * For example if PMP0 is (0x80000008~0x8000000F, R) and PMP1 is (0x80000000
657 * ~0x80000FFF, RWX), then region 0x80000008~0x8000000F has R permission, and
658 * the other regions in this page have RWX permissions.
659 * A write access to 0x80000000 will match PMP1. However we cannot cache the
660 * translation result in the TLB since this will make the write access to
661 * 0x80000008 bypass the check of PMP0.
662 * To avoid this we return a size of 1 (which means no caching) if the PMP
663 * region only covers partial of the TLB page.
664 */
pmp_get_tlb_size(CPURISCVState * env,hwaddr addr)665 target_ulong pmp_get_tlb_size(CPURISCVState *env, hwaddr addr)
666 {
667 hwaddr pmp_sa;
668 hwaddr pmp_ea;
669 hwaddr tlb_sa = addr & ~(TARGET_PAGE_SIZE - 1);
670 hwaddr tlb_ea = tlb_sa + TARGET_PAGE_SIZE - 1;
671 int i;
672 uint8_t pmp_regions = riscv_cpu_cfg(env)->pmp_regions;
673
674 /*
675 * If PMP is not supported or there are no PMP rules, the TLB page will not
676 * be split into regions with different permissions by PMP so we set the
677 * size to TARGET_PAGE_SIZE.
678 */
679 if (!riscv_cpu_cfg(env)->pmp || !pmp_get_num_rules(env)) {
680 return TARGET_PAGE_SIZE;
681 }
682
683 for (i = 0; i < pmp_regions; i++) {
684 if (pmp_get_a_field(env->pmp_state.pmp[i].cfg_reg) == PMP_AMATCH_OFF) {
685 continue;
686 }
687
688 pmp_sa = env->pmp_state.addr[i].sa;
689 pmp_ea = env->pmp_state.addr[i].ea;
690
691 /*
692 * Only the first PMP entry that covers (whole or partial of) the TLB
693 * page really matters:
694 * If it covers the whole TLB page, set the size to TARGET_PAGE_SIZE,
695 * since the following PMP entries have lower priority and will not
696 * affect the permissions of the page.
697 * If it only covers partial of the TLB page, set the size to 1 since
698 * the allowed permissions of the region may be different from other
699 * region of the page.
700 */
701 if (pmp_sa <= tlb_sa && pmp_ea >= tlb_ea) {
702 return TARGET_PAGE_SIZE;
703 } else if ((pmp_sa >= tlb_sa && pmp_sa <= tlb_ea) ||
704 (pmp_ea >= tlb_sa && pmp_ea <= tlb_ea)) {
705 return 1;
706 }
707 }
708
709 /*
710 * If no PMP entry matches the TLB page, the TLB page will also not be
711 * split into regions with different permissions by PMP so we set the size
712 * to TARGET_PAGE_SIZE.
713 */
714 return TARGET_PAGE_SIZE;
715 }
716
717 /*
718 * Convert PMP privilege to TLB page privilege.
719 */
pmp_priv_to_page_prot(pmp_priv_t pmp_priv)720 int pmp_priv_to_page_prot(pmp_priv_t pmp_priv)
721 {
722 int prot = 0;
723
724 if (pmp_priv & PMP_READ) {
725 prot |= PAGE_READ;
726 }
727 if (pmp_priv & PMP_WRITE) {
728 prot |= PAGE_WRITE;
729 }
730 if (pmp_priv & PMP_EXEC) {
731 prot |= PAGE_EXEC;
732 }
733
734 return prot;
735 }
736