On 7/25/19 8:52 PM, Alistair Francis wrote:
> Setting write permission on dirty PTEs results in userspace inside a
> Hypervisor guest (VU) becoming corrupted. This appears to be becuase it
"because"
> ends up with write permission in the second stage translation in cases
> where we aren't doing a store.
>
> Signed-off-by: Alistair Francis <alistair.fran...@wdc.com>
> ---
> target/riscv/cpu_helper.c | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
> index e32b6126af..f027be7f16 100644
> --- a/target/riscv/cpu_helper.c
> +++ b/target/riscv/cpu_helper.c
> @@ -340,10 +340,8 @@ restart:
> if ((pte & PTE_X)) {
> *prot |= PAGE_EXEC;
> }
> - /* add write permission on stores or if the page is already
> dirty,
> - so that we TLB miss on later writes to update the dirty bit */
> - if ((pte & PTE_W) &&
> - (access_type == MMU_DATA_STORE || (pte & PTE_D))) {
> + /* add write permission on stores */
> + if ((pte & PTE_W) && (access_type == MMU_DATA_STORE)) {
> *prot |= PAGE_WRITE;
> }
> return TRANSLATE_SUCCESS;
>
