rustsbi-qemu: deref virtual address may fail

Handle possible failure of deref virtual address by machine trap detection
Add `prv_mem` module for this purpose

Signed-off-by: luojia65 <me@luojia.cc>

Author: luojia65

CHANGELOG.md

@@ -0,0 +1,28 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres
+to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## Unreleased
+
+### Added
+
+- Handle possible failure of deref virtual address by machine trap detection
+
+### Modified
+
+## [0.1.0] - 2022-02-13
+
+### Added
+
+- Adapts to RustSBI version 0.2.0
+- Implement SBI non-retentive resume procedure
+- PMP updates, use stabilized core::arch::asm! macro, thanks to @wyfcyx
+- Fixes on usage of CLINT peripheral, thanks to @duskmoon314
+- Numerous fixes to HSM module implementation, more documents
+
+[Unreleased]: https://github.com/rustsbi/rustsbi-qemu/compare/v0.1.0...HEAD
+
+[0.1.0]: https://github.com/rustsbi/rustsbi-qemu/releases/tag/v0.1.0

Cargo.lock

@@ -1,14 +1,14 @@
-use crate::feature;
-use crate::qemu_hsm::{pause, HsmCommand, QemuHsm};
-use crate::runtime::{MachineTrap, Runtime, SupervisorContext};
 use core::{
     ops::{Generator, GeneratorState},
     pin::Pin,
 };
-use riscv::register::{
-    mie, mip,
-    scause::{Exception, Trap},
-};
+
+use riscv::register::{mcause, mie, mip, scause::{Exception, Trap}};
+
+use crate::feature;
+use crate::prv_mem::{self, SupervisorPointer};
+use crate::qemu_hsm::{HsmCommand, pause, QemuHsm};
+use crate::runtime::{MachineTrap, Runtime, SupervisorContext};
 
 pub fn execute_supervisor(supervisor_mepc: usize, hart_id: usize, a1: usize, hsm: QemuHsm) -> ! {
     let mut rt = Runtime::new_sbi_supervisor(supervisor_mepc, hart_id, a1);
@@ -40,8 +40,12 @@ pub fn execute_supervisor(supervisor_mepc: usize, hart_id: usize, a1: usize, hsm
             }
             GeneratorState::Yielded(MachineTrap::IllegalInstruction()) => {
                 let ctx = rt.context_mut();
-                // FIXME: get_vaddr_u32这个过程可能出错。
-                let ins = unsafe { get_vaddr_u32(ctx.mepc) } as usize;
+                let ptr: SupervisorPointer<usize> = SupervisorPointer::cast(ctx.mepc);
+                let deref_ans = unsafe { prv_mem::try_read(ptr) };
+                let ins = match deref_ans {
+                    Ok(ins) => ins,
+                    Err(e) => fail_cant_read_exception_address(ctx, e),
+                };
                 if !emulate_illegal_instruction(ctx, ins) {
                     unsafe {
                         if feature::should_transfer_trap(ctx) {
@@ -107,32 +111,24 @@ pub fn execute_supervisor(supervisor_mepc: usize, hart_id: usize, a1: usize, hsm
 }
 
 #[inline]
-unsafe fn get_vaddr_u32(vaddr: usize) -> u32 {
-    let mut ans: u32;
-    core::arch::asm!("
-        li      {tmp}, (1 << 17)
-        csrrs   {tmp}, mstatus, {tmp}
-        lwu     {ans}, 0({vaddr})
-        csrw    mstatus, {tmp}
-        ",
-        tmp = out(reg) _,
-        vaddr = in(reg) vaddr,
-        ans = lateout(reg) ans
-    );
-    ans
-}
-
 fn emulate_illegal_instruction(ctx: &mut SupervisorContext, ins: usize) -> bool {
     if feature::emulate_rdtime(ctx, ins) {
         return true;
     }
     false
 }
 
-// 真·非法指令异常，是M层出现的
+// Illegal instruction occurred in M level
 fn fail_illegal_instruction(ctx: &mut SupervisorContext, ins: usize) -> ! {
     #[cfg(target_pointer_width = "64")]
     panic!("invalid instruction from machine level, mepc: {:016x?}, instruction: {:016x?}, context: {:016x?}", ctx.mepc, ins, ctx);
     #[cfg(target_pointer_width = "32")]
     panic!("invalid instruction from machine level, mepc: {:08x?}, instruction: {:08x?}, context: {:08x?}", ctx.mepc, ins, ctx);
 }
+
+fn fail_cant_read_exception_address(ctx: &mut SupervisorContext, cause: mcause::Exception) -> ! {
+    #[cfg(target_pointer_width = "64")]
+    panic!("can't read exception address, cause: {:?}, mepc: {:016x?}, context: {:016x?}", cause, ctx.mepc, ctx);
+    #[cfg(target_pointer_width = "32")]
+    panic!("can't read exception address, cause: {:?}, mepc: {:08x?}, context: {:08x?}", cause, ctx.mepc, ctx);
+}

rustsbi-qemu/src/execute.rs

@@ -3,16 +3,16 @@ use crate::runtime::SupervisorContext;
 
 #[inline]
 pub fn emulate_rdtime(ctx: &mut SupervisorContext, ins: usize) -> bool {
-    if ins & 0xFFFFF07F == 0xC0102073 {
+    return if ins & 0xFFFFF07F == 0xC0102073 {
         let rd = ((ins >> 7) & 0b1_1111) as u8;
         let clint = clint::Clint::new(0x2000000 as *mut u8);
         let time_usize = clint.get_mtime() as usize;
         set_register_xi(ctx, rd, time_usize);
         ctx.mepc = ctx.mepc.wrapping_add(4); // skip rdtime instruction
-        return true;
+        true
     } else {
-        return false; // is not a rdtime instruction
-    }
+        false // is not a rdtime instruction
+    };
 }
 
 #[inline]

rustsbi-qemu/src/feature/emulate_rdtime.rs

@@ -6,24 +6,25 @@
 #![feature(default_alloc_error_handler)]
 
 extern crate alloc;
-
 #[macro_use]
 extern crate rustsbi;
 
+use core::arch::asm;
+use core::panic::PanicInfo;
+
+use buddy_system_allocator::LockedHeap;
+
 mod clint;
 mod count_harts;
 mod execute;
 mod feature;
 mod hart_csr_utils;
 mod ns16550a;
+mod prv_mem;
 mod qemu_hsm;
 mod runtime;
 mod test_device;
 
-use buddy_system_allocator::LockedHeap;
-use core::arch::asm;
-use core::panic::PanicInfo;
-
 const PER_HART_STACK_SIZE: usize = 4 * 4096; // 16KiB
 const SBI_STACK_SIZE: usize = 8 * PER_HART_STACK_SIZE; // assume 8 cores in QEMU
 #[link_section = ".bss.uninit"]