From 7b6cf951e2f0fa70d6599f1e1d03f664b674a75e Mon Sep 17 00:00:00 2001 From: Brandon Potter Date: Fri, 17 Feb 2017 12:01:51 -0500 Subject: sparc: fix bugs caused by cd7f3a1dbf55 Turns out that SPARC SE mode relied on M5_pid being "0" in all cases. The entries in the SPARC TLBs are accessed with M5_pid as their context. This is buggy in the sense that it will never work with more than one process or any initialization that doesn't have the M5_pid value passed in as "0". cd7f3a1dbf55 broke the SPARC build because it deletes M5_pid and uses a _pid with a default of "100" instead. This caused the SPARC TLB to never return any valid lookups for any request; the program never moved past the first instruction with SPARC SE in the regression tester. The solution proposed in this changeset is to initialize the address space identification register with the PID value that is passed into the process class as a parameter from Python. This should return the correct responses from the TLB since the insertions and lookups into the page table will be using the same PID. Furthermore, there are corner cases in the code which elevate privileges and revert to using context "0" as the context in the TLB. I believe that these are related to kernel level traps and hypervisor privilege escalations, but I'm not completely sure. I've tried to address the corner cases properly, but it would be beneficial to have someone who is familiar with the SPARC architecture to take a look at this fix. --- src/arch/sparc/faults.cc | 110 +++++++++++++++++++++++++++++++++++++++++++--- src/arch/sparc/process.cc | 3 ++ 2 files changed, 107 insertions(+), 6 deletions(-) (limited to 'src') diff --git a/src/arch/sparc/faults.cc b/src/arch/sparc/faults.cc index 27a928f48..e2ff87726 100644 --- a/src/arch/sparc/faults.cc +++ b/src/arch/sparc/faults.cc @@ -628,9 +628,43 @@ FastInstructionAccessMMUMiss::invoke(ThreadContext *tc, if (!success) { panic("Tried to execute unmapped address %#x.\n", vaddr); } else { - Addr alignedVaddr = p->pTable->pageAlign(vaddr); - tc->getITBPtr()->insert(alignedVaddr, 0 /*partition id*/, - p->_pid /*context id*/, false, entry.pte); + Addr alignedvaddr = p->pTable->pageAlign(vaddr); + + // Grab fields used during instruction translation to figure out + // which context to use. + uint64_t tlbdata = tc->readMiscRegNoEffect(MISCREG_TLB_DATA); + + // Inside a VM, a real address is the address that guest OS would + // interpret to be a physical address. To map to the physical address, + // it still needs to undergo a translation. The instruction + // translation code in the SPARC ITLB code assumes that the context is + // zero (kernel-level) if real addressing is being used. + bool is_real_address = !bits(tlbdata, 4); + + // The SPARC ITLB code assumes that traps are executed in context + // zero so we carry that assumption through here. + bool trapped = bits(tlbdata, 18, 16) > 0; + + // The primary context acts as a PASID. It allows the MMU to + // distinguish between virtual addresses that would alias to the + // same physical address (if two or more processes shared the same + // virtual address mapping). + int primary_context = bits(tlbdata, 47, 32); + + // The partition id distinguishes between virtualized environments. + int const partition_id = 0; + + // Given the assumptions in the translateInst code in the SPARC ITLB, + // the logic works out to the following for the context. + int context_id = (is_real_address || trapped) ? 0 : primary_context; + + // Insert the TLB entry. + // The entry specifying whether the address is "real" is set to + // false for syscall emulation mode regardless of whether the + // address is real in preceding code. Not sure sure that this is + // correct, but also not sure if it matters at all. + tc->getITBPtr()->insert(alignedvaddr, partition_id, context_id, + false, entry.pte); } } @@ -652,9 +686,73 @@ FastDataAccessMMUMiss::invoke(ThreadContext *tc, const StaticInstPtr &inst) if (!success) { panic("Tried to access unmapped address %#x.\n", vaddr); } else { - Addr alignedVaddr = p->pTable->pageAlign(vaddr); - tc->getDTBPtr()->insert(alignedVaddr, 0 /*partition id*/, - p->_pid /*context id*/, false, entry.pte); + Addr alignedvaddr = p->pTable->pageAlign(vaddr); + + // Grab fields used during data translation to figure out + // which context to use. + uint64_t tlbdata = tc->readMiscRegNoEffect(MISCREG_TLB_DATA); + + // The primary context acts as a PASID. It allows the MMU to + // distinguish between virtual addresses that would alias to the + // same physical address (if two or more processes shared the same + // virtual address mapping). There's a secondary context used in the + // DTLB translation code, but it should __probably__ be zero for + // syscall emulation code. (The secondary context is used by Solaris + // to allow kernel privilege code to access user space code: + // [ISBN 0-13-022496-0]:PG199.) + int primary_context = bits(tlbdata, 47, 32); + + // "Hyper-Privileged Mode" is in use. There are three main modes of + // operation for Sparc: Hyper-Privileged Mode, Privileged Mode, and + // User Mode. + int hpriv = bits(tlbdata, 0); + + // Reset, Error and Debug state is in use. Something horrible has + // happened or the system is operating in Reset Mode. + int red = bits(tlbdata, 1); + + // Inside a VM, a real address is the address that guest OS would + // interpret to be a physical address. To map to the physical address, + // it still needs to undergo a translation. The instruction + // translation code in the SPARC ITLB code assumes that the context is + // zero (kernel-level) if real addressing is being used. + int is_real_address = !bits(tlbdata, 5); + + // Grab the address space identifier register from the thread context. + // XXX: Inspecting how setMiscReg and setMiscRegNoEffect behave for + // MISCREG_ASI causes me to think that the ASI register implementation + // might be bugged. The NoEffect variant changes the ASI register + // value in the architectural state while the normal variant changes + // the context field in the thread context's currently decoded request + // but does not directly affect the ASI register value in the + // architectural state. The ASI values and the context field in the + // request packet seem to have completely different uses. + MiscReg reg_asi = tc->readMiscRegNoEffect(MISCREG_ASI); + ASI asi = static_cast(reg_asi); + + // The SPARC DTLB code assumes that traps are executed in context + // zero if the asi value is ASI_IMPLICIT (which is 0x0). There's also + // an assumption that the nucleus address space is being used, but + // the context is the relevant issue since we need to pass it to TLB. + bool trapped = bits(tlbdata, 18, 16) > 0; + + // Given the assumptions in the translateData code in the SPARC DTLB, + // the logic works out to the following for the context. + int context_id = ((!hpriv && !red && is_real_address) || + asiIsReal(asi) || + (trapped && asi == ASI_IMPLICIT)) + ? 0 : primary_context; + + // The partition id distinguishes between virtualized environments. + int const partition_id = 0; + + // Insert the TLB entry. + // The entry specifying whether the address is "real" is set to + // false for syscall emulation mode regardless of whether the + // address is real in preceding code. Not sure sure that this is + // correct, but also not sure if it matters at all. + tc->getDTBPtr()->insert(alignedvaddr, partition_id, context_id, + false, entry.pte); } } diff --git a/src/arch/sparc/process.cc b/src/arch/sparc/process.cc index c14680a6a..75c2529ef 100644 --- a/src/arch/sparc/process.cc +++ b/src/arch/sparc/process.cc @@ -149,6 +149,9 @@ SparcLiveProcess::initState() // Set the ASI register to something fixed tc->setMiscReg(MISCREG_ASI, ASI_PRIMARY); + // Set the MMU Primary Context Register to hold the process' pid + tc->setMiscReg(MISCREG_MMU_P_CONTEXT, _pid); + /* * T1 specific registers */ -- cgit v1.2.3