RISC-V: Zicbom instructions do not check PMA permissions
Host environment
-
QEMU flavor:
qemu-system-riscv64 -
QEMU version:
v10.2.2 -
QEMU command line:
qemu-system-riscv64 -d in_asm,int,mmu,unimp,cpu,fpu,vpu,exec,nochain -D sv39_zicbom_access_fault.elf.trace.log -nographic -semihosting -icount shift=1 -machine virt -cpu max,pmu-mask=0xfffffff8 -bios sv39_zicbom_access_fault.elfEmulated/Virtualized environment
Description of problem
The attached elf executes cbo.clean, cbo.flush and cbo.inval with a virtual address that maps to physical address 0x100. This address raises access faults for load, store and jump (no RWX PMA permissions). Therefore, it must also raise store access faults when Zicbom instructions are executed with that address. According to section 20.4.2.2 of the Unpriv ISA spec
A cache-block management instruction is permitted to access the specified cache block whenever a load instruction or store instruction is permitted to access the corresponding physical addresses. If neither a load instruction nor store instruction is permitted to access the physical addresses, but an instruction fetch is permitted to access the physical addresses, whether a cache-block management instruction is permitted to access the cache block is UNSPECIFIED. If access to the cache block is not permitted, a cache-block management instruction raises a store page-fault or store guest-page-fault exception if address translation does not permit any access or raises a store access-fault exception otherwise.
When physical address 0x100 does not allow read, write & execute, it must also not allow Zicbom instructions and raise store access faults.