Validate CPU virtual addresses on access (#1987)

* Enable PTE null checks again * Do address validation on EmitPtPointerLoad, and make it branchless * PTC version increment * Mask of pointer tag for exclusive access * Move mask to the correct place Co-authored-by: LDj3SNuD <35856442+LDj3SNuD@users.noreply.github.com>
2021-02-16 15:04:19 -03:00 · 2021-02-16 15:04:19 -03:00 · 715b605e95
commit 715b605e95
parent 6f1d964801
4 changed files with 52 additions and 122 deletions
--- a/Ryujinx.Cpu/MemoryManager.cs
+++ b/Ryujinx.Cpu/MemoryManager.cs
@ -21,6 +21,8 @@ namespace Ryujinx.Cpu

        private const int PteSize = 8;

+        private const int PointerTagBit = 62;
+
        private readonly InvalidAccessHandler _invalidAccessHandler;

        /// <summary>
@ -556,11 +558,12 @@ namespace Ryujinx.Cpu
            // Protection is inverted on software pages, since the default value is 0.
            protection = (~protection) & MemoryPermission.ReadAndWrite;

-            long tag = (long)protection << 48;
-            if (tag > 0)
+            long tag = protection switch
            {
-                tag |= long.MinValue; // If any protection is present, the whole pte is negative.
-            }
+                MemoryPermission.None => 0L,
+                MemoryPermission.Read => 2L << PointerTagBit,
+                _ => 3L << PointerTagBit
+            };

            ulong endVa = (va + size + PageMask) & ~(ulong)PageMask;
            long invTagMask = ~(0xffffL << 48);
@ -628,7 +631,7 @@ namespace Ryujinx.Cpu
            // tracking using host guard pages in future, but also supporting platforms where this is not possible.

            // Write tag includes read protection, since we don't have any read actions that aren't performed before write too.
-            long tag = (write ? 3L : 1L) << 48;
+            long tag = (write ? 3L : 2L) << PointerTagBit;

            ulong endVa = (va + size + PageMask) & ~(ulong)PageMask;