From: Weiwei Li <liweiwei@iscas.ac.cn>
To: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>,
Weiwei Li <liweiwei@iscas.ac.cn>,
qemu-riscv@nongnu.org, qemu-devel@nongnu.org
Cc: palmer@dabbelt.com, alistair.francis@wdc.com,
bin.meng@windriver.com, dbarboza@ventanamicro.com,
richard.henderson@linaro.org, wangjunqiang@iscas.ac.cn,
lazyparser@gmail.com
Subject: Re: [PATCH 0/6] target/riscv: Fix PMP related problem
Date: Tue, 18 Apr 2023 11:36:52 +0800 [thread overview]
Message-ID: <3ace9e9e-91cf-36e6-a18f-494fd44dffab@iscas.ac.cn> (raw)
In-Reply-To: <3038155a-6190-5aa5-7425-ad0d957fd7a6@linux.alibaba.com>
On 2023/4/18 11:07, LIU Zhiwei wrote:
>
> On 2023/4/13 17:01, Weiwei Li wrote:
>> This patchset tries to fix the PMP bypass problem issue
>> https://gitlab.com/qemu-project/qemu/-/issues/1542
>
> Please add your analysis of this issue here.
>
> By the way, I think this problem is introduced by
>
> https://www.mail-archive.com/qemu-devel@nongnu.org/msg939331.html
It seems have no relationship with this commit.
I think there are several problems for this issue:
1. TLB will not be cached only when the access address have matched PMP
entry. So the other address access may hit the TLB(if first access of
the page didn't hit the PMP entry)
and bypass the pmp check. This is fixed by patch 1.
2. Writing to pmpaddr didn't trigger tlb flush. This is fixed by patch 3.
3. The tb isn't flushed when PMP permission changes, so It also may hit
the tb and bypass the changed PMP check for instruction fetch. This is
fixed by patch 5.
4. We set the tlb_size to 1 to make the TLB_INVALID_MASK set. However
this flag will be cleared after fill_tlb, and this will make the host
address be cached, and let the following instruction fetch in the same
tb bypass the PMP check. This is fixed by patch 6.
Regards,
Weiwei Li
>
> I have commented on how to correct this patch. But by accident, it has
> been merged.
>
> Zhiwei
>
>>
>> The port is available here:
>> https://github.com/plctlab/plct-qemu/tree/plct-pmp-fix
>>
>> Weiwei Li (6):
>> target/riscv: Update pmp_get_tlb_size()
>> target/riscv: Move pmp_get_tlb_size apart from
>> get_physical_address_pmp
>> target/riscv: flush tlb when pmpaddr is updated
>> target/riscv: Flush TLB only when pmpcfg/pmpaddr really changes
>> target/riscv: flush tb when PMP entry changes
>> accel/tcg: Remain TLB_INVALID_MASK in the address when TLB is
>> re-filled
>>
>> accel/tcg/cputlb.c | 7 -----
>> target/riscv/cpu_helper.c | 19 ++++---------
>> target/riscv/pmp.c | 60 ++++++++++++++++++++++++++-------------
>> target/riscv/pmp.h | 3 +-
>> 4 files changed, 47 insertions(+), 42 deletions(-)
>>
next prev parent reply other threads:[~2023-04-18 3:38 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-13 9:01 [PATCH 0/6] target/riscv: Fix PMP related problem Weiwei Li
2023-04-13 9:01 ` [PATCH 1/6] target/riscv: Update pmp_get_tlb_size() Weiwei Li
2023-04-18 2:53 ` Alistair Francis
2023-04-18 3:05 ` Weiwei Li
2023-04-18 5:18 ` LIU Zhiwei
2023-04-18 6:09 ` Weiwei Li
2023-04-18 7:08 ` LIU Zhiwei
2023-04-18 8:01 ` Weiwei Li
2023-04-13 9:01 ` [PATCH 2/6] target/riscv: Move pmp_get_tlb_size apart from get_physical_address_pmp Weiwei Li
2023-04-18 2:54 ` Alistair Francis
2023-04-13 9:01 ` [PATCH 3/6] target/riscv: flush tlb when pmpaddr is updated Weiwei Li
2023-04-18 2:36 ` Alistair Francis
2023-04-18 7:11 ` LIU Zhiwei
2023-04-18 8:13 ` Weiwei Li
2023-04-13 9:01 ` [PATCH 4/6] target/riscv: Flush TLB only when pmpcfg/pmpaddr really changes Weiwei Li
2023-04-18 2:39 ` Alistair Francis
2023-04-18 7:14 ` LIU Zhiwei
2023-04-13 9:01 ` [PATCH 5/6] target/riscv: flush tb when PMP entry changes Weiwei Li
2023-04-18 7:28 ` LIU Zhiwei
2023-04-13 9:01 ` [PATCH 6/6] accel/tcg: Remain TLB_INVALID_MASK in the address when TLB is re-filled Weiwei Li
2023-04-17 16:25 ` Daniel Henrique Barboza
2023-04-18 0:48 ` Weiwei Li
2023-04-18 7:18 ` Richard Henderson
2023-04-18 7:36 ` Richard Henderson
2023-04-18 8:18 ` Weiwei Li
2023-04-18 3:07 ` [PATCH 0/6] target/riscv: Fix PMP related problem LIU Zhiwei
2023-04-18 3:36 ` Weiwei Li [this message]
2023-04-18 4:47 ` LIU Zhiwei
2023-04-18 6:11 ` Weiwei Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3ace9e9e-91cf-36e6-a18f-494fd44dffab@iscas.ac.cn \
--to=liweiwei@iscas.ac.cn \
--cc=alistair.francis@wdc.com \
--cc=bin.meng@windriver.com \
--cc=dbarboza@ventanamicro.com \
--cc=lazyparser@gmail.com \
--cc=palmer@dabbelt.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-riscv@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=wangjunqiang@iscas.ac.cn \
--cc=zhiwei_liu@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).