On 7/25/19 8:52 PM, Alistair Francis wrote: > Setting write permission on dirty PTEs results in userspace inside a > Hypervisor guest (VU) becoming corrupted. This appears to be becuase it
"because" > ends up with write permission in the second stage translation in cases > where we aren't doing a store. > > Signed-off-by: Alistair Francis <alistair.fran...@wdc.com> > --- > target/riscv/cpu_helper.c | 6 ++---- > 1 file changed, 2 insertions(+), 4 deletions(-) > > diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c > index e32b6126af..f027be7f16 100644 > --- a/target/riscv/cpu_helper.c > +++ b/target/riscv/cpu_helper.c > @@ -340,10 +340,8 @@ restart: > if ((pte & PTE_X)) { > *prot |= PAGE_EXEC; > } > - /* add write permission on stores or if the page is already > dirty, > - so that we TLB miss on later writes to update the dirty bit */ > - if ((pte & PTE_W) && > - (access_type == MMU_DATA_STORE || (pte & PTE_D))) { > + /* add write permission on stores */ > + if ((pte & PTE_W) && (access_type == MMU_DATA_STORE)) { > *prot |= PAGE_WRITE; > } > return TRANSLATE_SUCCESS; >