diff options
author | Brandon Potter <brandon.potter@amd.com> | 2017-02-17 12:01:51 -0500 |
---|---|---|
committer | Brandon Potter <brandon.potter@amd.com> | 2017-02-17 12:01:51 -0500 |
commit | 7b6cf951e2f0fa70d6599f1e1d03f664b674a75e (patch) | |
tree | 342f92ef408a0f61a8931ac520f211cd5a55e6da /src/arch/sparc | |
parent | 96f8ff57025947a6f2afd28ca4b8b6126a15b09d (diff) | |
download | gem5-7b6cf951e2f0fa70d6599f1e1d03f664b674a75e.tar.xz |
sparc: fix bugs caused by cd7f3a1dbf55
Turns out that SPARC SE mode relied on M5_pid being "0" in
all cases. The entries in the SPARC TLBs are accessed with
M5_pid as their context. This is buggy in the sense that it
will never work with more than one process or any
initialization that doesn't have the M5_pid value passed in
as "0".
cd7f3a1dbf55 broke the SPARC build because it deletes M5_pid
and uses a _pid with a default of "100" instead. This caused
the SPARC TLB to never return any valid lookups for any
request; the program never moved past the first instruction
with SPARC SE in the regression tester.
The solution proposed in this changeset is to initialize
the address space identification register with the PID value
that is passed into the process class as a parameter from
Python. This should return the correct responses from the TLB
since the insertions and lookups into the page table will be
using the same PID.
Furthermore, there are corner cases in the code which elevate
privileges and revert to using context "0" as the context in
the TLB. I believe that these are related to kernel level
traps and hypervisor privilege escalations, but I'm not
completely sure. I've tried to address the corner cases
properly, but it would be beneficial to have someone who is
familiar with the SPARC architecture to take a look at this
fix.
Diffstat (limited to 'src/arch/sparc')
-rw-r--r-- | src/arch/sparc/faults.cc | 110 | ||||
-rw-r--r-- | src/arch/sparc/process.cc | 3 |
2 files changed, 107 insertions, 6 deletions
diff --git a/src/arch/sparc/faults.cc b/src/arch/sparc/faults.cc index 27a928f48..e2ff87726 100644 --- a/src/arch/sparc/faults.cc +++ b/src/arch/sparc/faults.cc @@ -628,9 +628,43 @@ FastInstructionAccessMMUMiss::invoke(ThreadContext *tc, if (!success) { panic("Tried to execute unmapped address %#x.\n", vaddr); } else { - Addr alignedVaddr = p->pTable->pageAlign(vaddr); - tc->getITBPtr()->insert(alignedVaddr, 0 /*partition id*/, - p->_pid /*context id*/, false, entry.pte); + Addr alignedvaddr = p->pTable->pageAlign(vaddr); + + // Grab fields used during instruction translation to figure out + // which context to use. + uint64_t tlbdata = tc->readMiscRegNoEffect(MISCREG_TLB_DATA); + + // Inside a VM, a real address is the address that guest OS would + // interpret to be a physical address. To map to the physical address, + // it still needs to undergo a translation. The instruction + // translation code in the SPARC ITLB code assumes that the context is + // zero (kernel-level) if real addressing is being used. + bool is_real_address = !bits(tlbdata, 4); + + // The SPARC ITLB code assumes that traps are executed in context + // zero so we carry that assumption through here. + bool trapped = bits(tlbdata, 18, 16) > 0; + + // The primary context acts as a PASID. It allows the MMU to + // distinguish between virtual addresses that would alias to the + // same physical address (if two or more processes shared the same + // virtual address mapping). + int primary_context = bits(tlbdata, 47, 32); + + // The partition id distinguishes between virtualized environments. + int const partition_id = 0; + + // Given the assumptions in the translateInst code in the SPARC ITLB, + // the logic works out to the following for the context. + int context_id = (is_real_address || trapped) ? 0 : primary_context; + + // Insert the TLB entry. + // The entry specifying whether the address is "real" is set to + // false for syscall emulation mode regardless of whether the + // address is real in preceding code. Not sure sure that this is + // correct, but also not sure if it matters at all. + tc->getITBPtr()->insert(alignedvaddr, partition_id, context_id, + false, entry.pte); } } @@ -652,9 +686,73 @@ FastDataAccessMMUMiss::invoke(ThreadContext *tc, const StaticInstPtr &inst) if (!success) { panic("Tried to access unmapped address %#x.\n", vaddr); } else { - Addr alignedVaddr = p->pTable->pageAlign(vaddr); - tc->getDTBPtr()->insert(alignedVaddr, 0 /*partition id*/, - p->_pid /*context id*/, false, entry.pte); + Addr alignedvaddr = p->pTable->pageAlign(vaddr); + + // Grab fields used during data translation to figure out + // which context to use. + uint64_t tlbdata = tc->readMiscRegNoEffect(MISCREG_TLB_DATA); + + // The primary context acts as a PASID. It allows the MMU to + // distinguish between virtual addresses that would alias to the + // same physical address (if two or more processes shared the same + // virtual address mapping). There's a secondary context used in the + // DTLB translation code, but it should __probably__ be zero for + // syscall emulation code. (The secondary context is used by Solaris + // to allow kernel privilege code to access user space code: + // [ISBN 0-13-022496-0]:PG199.) + int primary_context = bits(tlbdata, 47, 32); + + // "Hyper-Privileged Mode" is in use. There are three main modes of + // operation for Sparc: Hyper-Privileged Mode, Privileged Mode, and + // User Mode. + int hpriv = bits(tlbdata, 0); + + // Reset, Error and Debug state is in use. Something horrible has + // happened or the system is operating in Reset Mode. + int red = bits(tlbdata, 1); + + // Inside a VM, a real address is the address that guest OS would + // interpret to be a physical address. To map to the physical address, + // it still needs to undergo a translation. The instruction + // translation code in the SPARC ITLB code assumes that the context is + // zero (kernel-level) if real addressing is being used. + int is_real_address = !bits(tlbdata, 5); + + // Grab the address space identifier register from the thread context. + // XXX: Inspecting how setMiscReg and setMiscRegNoEffect behave for + // MISCREG_ASI causes me to think that the ASI register implementation + // might be bugged. The NoEffect variant changes the ASI register + // value in the architectural state while the normal variant changes + // the context field in the thread context's currently decoded request + // but does not directly affect the ASI register value in the + // architectural state. The ASI values and the context field in the + // request packet seem to have completely different uses. + MiscReg reg_asi = tc->readMiscRegNoEffect(MISCREG_ASI); + ASI asi = static_cast<ASI>(reg_asi); + + // The SPARC DTLB code assumes that traps are executed in context + // zero if the asi value is ASI_IMPLICIT (which is 0x0). There's also + // an assumption that the nucleus address space is being used, but + // the context is the relevant issue since we need to pass it to TLB. + bool trapped = bits(tlbdata, 18, 16) > 0; + + // Given the assumptions in the translateData code in the SPARC DTLB, + // the logic works out to the following for the context. + int context_id = ((!hpriv && !red && is_real_address) || + asiIsReal(asi) || + (trapped && asi == ASI_IMPLICIT)) + ? 0 : primary_context; + + // The partition id distinguishes between virtualized environments. + int const partition_id = 0; + + // Insert the TLB entry. + // The entry specifying whether the address is "real" is set to + // false for syscall emulation mode regardless of whether the + // address is real in preceding code. Not sure sure that this is + // correct, but also not sure if it matters at all. + tc->getDTBPtr()->insert(alignedvaddr, partition_id, context_id, + false, entry.pte); } } diff --git a/src/arch/sparc/process.cc b/src/arch/sparc/process.cc index c14680a6a..75c2529ef 100644 --- a/src/arch/sparc/process.cc +++ b/src/arch/sparc/process.cc @@ -149,6 +149,9 @@ SparcLiveProcess::initState() // Set the ASI register to something fixed tc->setMiscReg(MISCREG_ASI, ASI_PRIMARY); + // Set the MMU Primary Context Register to hold the process' pid + tc->setMiscReg(MISCREG_MMU_P_CONTEXT, _pid); + /* * T1 specific registers */ |