target/riscv: Fix PMP range boundary address bug

A wrong address is passed to `pmp_is_in_range` while checking if a
memory access is within a PMP range.
Since the ending address of the pmp range (i.e., pmp_state.addr[i].ea)
is set to the last address in the range (i.e., pmp base + pmp size - 1),
memory accesses containg the last address in the range will always fail.

For example, assume that a PMP range is 4KB from 0x87654000 such that
the last address within the range is 0x87654fff.
1-byte access to 0x87654fff should be considered to be fully inside the
PMP range.
However the access now fails and complains partial inclusion because
pmp_is_in_range(env, i, addr + size) returns 0 whereas
pmp_is_in_range(env, i, addr) returns 1.

Backports commit 49db9fa1fd7c252596b53cf80876e06f407d09ed from qemu
This commit is contained in:
Dayeol Lee 2019-08-08 16:42:08 -04:00 committed by Lioncash
parent 1e148beb0e
commit 6528c78fd5
No known key found for this signature in database
GPG key ID: 4E3C3CC1031BA9C7

View file

@ -246,7 +246,7 @@ bool pmp_hart_has_privs(CPURISCVState *env, target_ulong addr,
from low to high */
for (i = 0; i < MAX_RISCV_PMPS; i++) {
s = pmp_is_in_range(env, i, addr);
e = pmp_is_in_range(env, i, addr + size);
e = pmp_is_in_range(env, i, addr + size - 1);
/* partially inside */
if ((s + e) == 1) {