riscv aspec: add check for top-level PT in PT unmap decode

See also SELFOUR-2158
2019-05-08 17:08:59 +10:00 · 2019-05-08 17:08:59 +10:00 · 0feb5c1a1e
parent 3e5c0b7cf5
commit 0feb5c1a1e
1 changed files with 7 additions and 0 deletions
--- a/spec/abstract/RISCV64/ArchDecode_A.thy
+++ b/spec/abstract/RISCV64/ArchDecode_A.thy
@ -176,6 +176,13 @@ definition decode_page_table_invocation :: "'z::state_ext arch_decoder"
     then doE
       final \<leftarrow> liftE $ is_final_cap (ArchObjectCap cap);
       unlessE final $ throwError RevokeFirst;
+       case cap of
+         PageTableCap pt (Some (asid, _)) \<Rightarrow> doE
+             \<comment> \<open>cannot invoke unmap on top level page table\<close>
+             pt_opt \<leftarrow> liftE $ gets $ vspace_for_asid asid;
+             whenE (pt_opt = Some pt) $ throwError RevokeFirst
+           odE
+       | _ \<Rightarrow> returnOk ();
       returnOk $ InvokePageTable $ PageTableUnmap cap cte
     odE
     else throwError IllegalOperation"