For example, if one of PMP entries matches, it must exit the loop and return result.
However, it only exits the loop when result is true, making all PMP entries ignored when result is false.
That breaks priority rule of the PMP, allowing any protection fails when lower-priority entry defines the address accessible.
I found that the new PMP implementation skips any high-priority PMP rules.
See code below, https://github.com/riscv/riscv-qemu/blob/riscv-qemu-3.1/target/riscv/pmp.c#L196
For example, if one of PMP entries matches, it must exit the loop and return
result. However, it only exits the loop whenresultis true, making all PMP entries ignored whenresultis false.That breaks priority rule of the PMP, allowing any protection fails when lower-priority entry defines the address accessible.