From 715b605e9541cd5a7e4cce7609d96dbc41cd0326 Mon Sep 17 00:00:00 2001 From: gdkchan Date: Tue, 16 Feb 2021 15:04:19 -0300 Subject: Validate CPU virtual addresses on access (#1987) * Enable PTE null checks again * Do address validation on EmitPtPointerLoad, and make it branchless * PTC version increment * Mask of pointer tag for exclusive access * Move mask to the correct place Co-authored-by: LDj3SNuD <35856442+LDj3SNuD@users.noreply.github.com> --- Ryujinx.Cpu/MemoryManager.cs | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'Ryujinx.Cpu/MemoryManager.cs') diff --git a/Ryujinx.Cpu/MemoryManager.cs b/Ryujinx.Cpu/MemoryManager.cs index cef20126..8c8bd3a4 100644 --- a/Ryujinx.Cpu/MemoryManager.cs +++ b/Ryujinx.Cpu/MemoryManager.cs @@ -21,6 +21,8 @@ namespace Ryujinx.Cpu private const int PteSize = 8; + private const int PointerTagBit = 62; + private readonly InvalidAccessHandler _invalidAccessHandler; /// @@ -556,11 +558,12 @@ namespace Ryujinx.Cpu // Protection is inverted on software pages, since the default value is 0. protection = (~protection) & MemoryPermission.ReadAndWrite; - long tag = (long)protection << 48; - if (tag > 0) + long tag = protection switch { - tag |= long.MinValue; // If any protection is present, the whole pte is negative. - } + MemoryPermission.None => 0L, + MemoryPermission.Read => 2L << PointerTagBit, + _ => 3L << PointerTagBit + }; ulong endVa = (va + size + PageMask) & ~(ulong)PageMask; long invTagMask = ~(0xffffL << 48); @@ -628,7 +631,7 @@ namespace Ryujinx.Cpu // tracking using host guard pages in future, but also supporting platforms where this is not possible. // Write tag includes read protection, since we don't have any read actions that aren't performed before write too. - long tag = (write ? 3L : 1L) << 48; + long tag = (write ? 3L : 2L) << PointerTagBit; ulong endVa = (va + size + PageMask) & ~(ulong)PageMask; -- cgit v1.2.3