feat(mpt): add mpt v0.4 support to NEMU#1046
Conversation
NEMU Performance Results - XS Interpreter
NEMU Performance Results - XS Ref Shared Object
|
|
Good job, LGTM. |
| return false; | ||
| } | ||
|
|
||
| #ifdef CONFIG_RV_MPT_CHECK |
There was a problem hiding this comment.
This wires the MPT permission check only into check_paddr(). However, with
CONFIG_PERF_OPT, normal translated accesses use the Host TLB path in vaddr.c. A
Host TLB miss will call paddr_read() / paddr_write() and therefore check MPT
once, but after the entry is filled, hosttlb_read() / hosttlb_write() hit paths
directly use host_read() / host_write() without calling check_paddr() again.
This means the cached Host TLB entry is not coherent with MPT state. In particular,
regarding invalidating Host TLB entries: the current CSR side effect only flushes on
satp writes.
Please confirm whether the issue described above actually exists. Should we make Host
TLB entries coherent with the MPT state? I am concerned that the current
implementation carries significant risk, so please evaluate and fix it.
There was a problem hiding this comment.
the TLB now flushes when mmpt csr changes.
| cpu.mbmc = reg_ss.mbmc; | ||
| #endif | ||
| #ifdef CONFIG_RV_MPT_CHECK | ||
| reg_ss.mmpt = cpu.mmpt; |
There was a problem hiding this comment.
Do you mean "cpu.mmpt = reg_ss.mmpt;" here? Seem to be opposite.
| raise_read_access_fault(trap_type, vaddr); | ||
| Log("isa mpt check failed, vaddr=" FMT_WORD ", paddr=" FMT_PADDR ", len=0x%x, type=0x%x, mode=0x%x", | ||
| vaddr, addr, len, type, mode); |
There was a problem hiding this comment.
Here should first "Log" and then "raise_access_fault". Because if we raise a fault first, the execution flow will jump away and will not come back to execute the log output here.
NEMU Performance Results - XS Interpreter
NEMU Performance Results - XS Ref Shared Object
|
|
lgtm |
Related issue: N/A
Type of change: feature request, other enhancement
Impact: add new MPT extension
Development Phase: implementation
Release Notes
This PR adds MPT v0.4 functionality into the NEMU. Memory Protection Tables (MPT) is a RISC-V hardware extension that enforces fine‑grained access control on physical memory. It is designed for multi‑tenant and multi‑supervisor‑domain environments, where traditional isolation mechanisms (PMP, MMU) are insufficient. MPT allows a root domain security manager (RDSM) to define per‑domain access policies (read, write, execute) for arbitrary physical memory regions, using a multi‑level table structure stored in memory. It works alongside PMP and the virtual memory system: an access is allowed only if all three protection mechanisms permit it.