diff --git a/chapter4.adoc b/chapter4.adoc index 52ed8a7..6f9a346 100644 --- a/chapter4.adoc +++ b/chapter4.adoc @@ -233,49 +233,61 @@ supervisor domain are ascertained as follows: is 2^12^; MTT_PTE_SIZE = 8 bytes (for RV32, MTT_PTE_SIZE = 4 bytes). The `mttp` register must be active, i.e., the effective privilege mode must not be M-mode. -2. Let _mpte_ be the value of the `MTT` table entry at address _a_ + _pa.pn[i]_ +2. If _pa_ is greater than maximum-addressable physical address under the +current MTT mode, or is greater than a platform-defined maximum-addressable +physical address for the hart, then stop and raise an access-fault exception +corresponding to the original access type. + +[NOTE] +==== +Restricting the _pa_ to the maximum-addressable PA width supported by a platform +allows for optimizing memory requirements of the MTT structures such as the +MTTL2 and MTTL3 entry tables, when the PA width is not 34, 46, or 56 bits. +==== + +3. Let _mpte_ be the value of the `MTT` table entry at address _a_ + _pa.pn[i]_ x MTT_PTE_SIZE. If accessing _mpte_ violates a PMA or PMP check, raise an access-fault exception corresponding to the original access type. -3. If any bits or encodings that are reserved for future standard use are +4. If any bits or encodings that are reserved for future standard use are set within _mpte_, stop and raise an access-fault exception corresponding to the original access type. -4. Otherwise, the _mpte_ is valid. If (_i_=1) or (_i_=2 and _mpte.type_ is not -`MTT_L1_DIR`), go to step 5. Otherwise, the _mpte_ is a pointer to the next +5. Otherwise, the _mpte_ is valid. If (_i_=1) or (_i_=2 and _mpte.type_ is not +`MTT_L1_DIR`), go to step 6. Otherwise, the _mpte_ is a pointer to the next level of the `MTT`. Let _i_ = _i_-1. Let _a_ = _mpte.ppn_ x PAGESIZE and go to -step 2. Note that when _mpte.type_ = `MTT_L1_DIR`, the _mpte.ppn_ is the value +step 3. Note that when _mpte.type_ = `MTT_L1_DIR`, the _mpte.ppn_ is the value of the _mpte.info_ field. -5. A leaf _mpte_ has been found. If any bits or encodings within _mpte.type_ +6. A leaf _mpte_ has been found. If any bits or encodings within _mpte.type_ and _mpte.info_ that are reserved for future standard use, per <>, are set within _mpte_, stop and raise an access-fault exception corresponding to the access type. -6. The _mpte_ is a valid leaf _mpte_. Fetch the access-permissions for the +7. The _mpte_ is a valid leaf _mpte_. Fetch the access-permissions for the physical address per the steps described below: * if _i_=2, and the _mpte.type_ field directly specifies the access-permissions for 1 GiB page regions (via 32 MTTL2 entries with identical _mpte.type_ values - -see <>); go to step 7, else +see <>); go to step 8, else * if _i_=2, and for XLEN = 64 and the _mpte.type_ field value `2M_PAGES`, the _mpte.info_[31:0] field contains 16 entries of 2-bit access-permission encodings for 16 2 MiB address regions; For XLEN=32 and _mpte.type_ field value of `4M_PAGES`, the _mpte.info_[16:0] field contains 8 entries of 2-bit access-permission encodings for 8 4 MiB regions - see <>; -go to step 7, else +go to step 8, else * if _i_=1, the _mpte_ contains XLEN/4 4-bit entries that hold access-permission encodings for 4 KiB pages. The entry is selected by _pa.pn[0]_. The least significant 2 bits of each entry specify the access-permission encoding for the _pa_. The encodings are specified in <>. -7. Determine if the requested physical memory access is allowed per the +8. Determine if the requested physical memory access is allowed per the access-permissions. If access is not permitted, stop and raise an access-fault exception corresponding to the original access type. -8. The access is allowed per the `MTT` lookup. +9. The access is allowed per the `MTT` lookup. All implicit accesses to the memory tracking table data structures in this algorithm are performed using width MTT_PTE_SIZE. @@ -302,7 +314,7 @@ MTT is checked for all accesses to physical memory, unless the effective privile mode is M, including accesses that have undergone virtual to physical memory translation, but excluding MTT checker accesses to MTT structures. Data accesses in M-mode when the MPRV bit in mstatus is set and the MPP field in mstatus contains S -or U are subject to MTT checks. MTT checker accesses to MTT structures are to be +or U are subject to MTT checks. MTT checker accesses to MTT structures are to be treated as implicit M-mode accesses and are subject to PMP/Smepmp and IOPMP checks. The MTT checker indexes the MTT using the physical address of the access to lookup and enforce the access permissions.