User mode can access address which has a page table entry with U=0.

LuChengTHU commented 6 years ago

I print the PTE and see U=0, V=R=W=X=1. My user mode program can access the address of kernel, but it cannot access CSR (so it is indeed in user mode). The spec says "U-mode software may only accessthe page when U=1". What is the meaning of "may"???

michaeljclark commented 6 years ago

Thanks for the bug report. Can you please provide a link to your test code.

michaeljclark commented 6 years ago

The following code in cpu_helper.c should do the following (if my reading is correct):

return TRANSLATE_FAIL for (pte & PTE_U) U=1 and not U-mode and (not SUM or ifetch)
return TRANSLATE_FAIL for !(pte & PTE_U) U=0 and not S-mode

https://github.com/riscv/riscv-qemu/blob/63506ec079cd4eef319775fd48882900d41d439c/target/riscv/cpu_helper.c#L234-L241

The second clause should trigger for your test case (U=0 and U-mode). Perhaps we can try your test and instrument this code with some log messages to see what is going on with your test case.

riscvarchive / riscv-qemu

User mode can access address which has a page table entry with U=0. #146