Commit fa2cf74883 for qemu.org
commit fa2cf7488379d9b14041a7bcd76867c9bdad2b5e
Author: Inochi Amaoto <inochiama@gmail.com>
Date: Mon Jun 22 19:34:01 2026 +0800
target/riscv: Check PMP before updating PTE
According to the RISC-V spec, the PTE update is a supervisor write
operations, and it should also follow the CPU PMP configuration like
the PTE read.
Cc: qemu-stable@nongnu.org
Signed-off-by: Inochi Amaoto <inochiama@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20260622113402.563196-1-inochiama@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index 59edcdd370..2db07f5dfb 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -1655,10 +1655,18 @@ static int get_physical_address(CPURISCVState *env, hwaddr *physical,
/* Page table updates need to be atomic with MTTCG enabled */
if (updated_pte != pte && !is_debug) {
+ int pmp_prot, pmp_ret;
+
if (!adue) {
return TRANSLATE_FAIL;
}
+ pmp_ret = get_physical_address_pmp(env, &pmp_prot, pte_addr,
+ sxlen_bytes, MMU_DATA_STORE, PRV_S);
+ if (pmp_ret != TRANSLATE_SUCCESS) {
+ return TRANSLATE_PMP_FAIL;
+ }
+
/*
* - if accessed or dirty bits need updating, and the PTE is
* in RAM, then we do so atomically with a compare and swap.