From: Weiwei Li <liweiwei@iscas.ac.cn>
To: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>,
qemu-riscv@nongnu.org, qemu-devel@nongnu.org
Cc: liweiwei@iscas.ac.cn, palmer@dabbelt.com,
alistair.francis@wdc.com, bin.meng@windriver.com,
dbarboza@ventanamicro.com, richard.henderson@linaro.org,
wangjunqiang@iscas.ac.cn, lazyparser@gmail.com
Subject: Re: [PATCH 0/6] target/riscv: Fix PMP related problem
Date: Tue, 18 Apr 2023 14:11:38 +0800 [thread overview]
Message-ID: <ec43b0ce-21ab-50c9-e9dd-1707512b53a5@iscas.ac.cn> (raw)
In-Reply-To: <860f1cb8-71d0-51e8-eb5d-878c059a5eae@linux.alibaba.com>
On 2023/4/18 12:47, LIU Zhiwei wrote:
>
> On 2023/4/18 11:36, Weiwei Li wrote:
>>
>> On 2023/4/18 11:07, LIU Zhiwei wrote:
>>>
>>> On 2023/4/13 17:01, Weiwei Li wrote:
>>>> This patchset tries to fix the PMP bypass problem issue
>>>> https://gitlab.com/qemu-project/qemu/-/issues/1542
>>>
>>> Please add your analysis of this issue here.
>>>
>>> By the way, I think this problem is introduced by
>>>
>>> https://www.mail-archive.com/qemu-devel@nongnu.org/msg939331.html
>>
>> It seems have no relationship with this commit.
>>
>> I think there are several problems for this issue:
>>
>> 1. TLB will not be cached only when the access address have matched
>> PMP entry.
> TLB will be filled only when PMP check and PTW check pass.
>> So the other address access may hit the TLB(if first access of the
>> page didn't hit the PMP entry)
> This page will not be filled to TLB if the first access of the page
> didn't pass the PMP check.
I have given an example for this bypass in the replied email of patch 1.
Regards,
Weiwei Li
>>
>> and bypass the pmp check. This is fixed by patch 1.
>
> Never it should be.
>
> Zhiwei
>
>>
>> 2. Writing to pmpaddr didn't trigger tlb flush. This is fixed by
>> patch 3.
>>
>> 3. The tb isn't flushed when PMP permission changes, so It also may
>> hit the tb and bypass the changed PMP check for instruction fetch.
>> This is fixed by patch 5.
>>
>> 4. We set the tlb_size to 1 to make the TLB_INVALID_MASK set. However
>> this flag will be cleared after fill_tlb, and this will make the host
>> address be cached, and let the following instruction fetch in the
>> same tb bypass the PMP check. This is fixed by patch 6.
>>
>> Regards,
>>
>> Weiwei Li
>>
>>>
>>> I have commented on how to correct this patch. But by accident, it
>>> has been merged.
>>>
>>> Zhiwei
>>>
>>>>
>>>> The port is available here:
>>>> https://github.com/plctlab/plct-qemu/tree/plct-pmp-fix
>>>>
>>>> Weiwei Li (6):
>>>> target/riscv: Update pmp_get_tlb_size()
>>>> target/riscv: Move pmp_get_tlb_size apart from
>>>> get_physical_address_pmp
>>>> target/riscv: flush tlb when pmpaddr is updated
>>>> target/riscv: Flush TLB only when pmpcfg/pmpaddr really changes
>>>> target/riscv: flush tb when PMP entry changes
>>>> accel/tcg: Remain TLB_INVALID_MASK in the address when TLB is
>>>> re-filled
>>>>
>>>> accel/tcg/cputlb.c | 7 -----
>>>> target/riscv/cpu_helper.c | 19 ++++---------
>>>> target/riscv/pmp.c | 60
>>>> ++++++++++++++++++++++++++-------------
>>>> target/riscv/pmp.h | 3 +-
>>>> 4 files changed, 47 insertions(+), 42 deletions(-)
>>>>
prev parent reply other threads:[~2023-04-18 6:12 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-13 9:01 [PATCH 0/6] target/riscv: Fix PMP related problem Weiwei Li
2023-04-13 9:01 ` [PATCH 1/6] target/riscv: Update pmp_get_tlb_size() Weiwei Li
2023-04-18 2:53 ` Alistair Francis
2023-04-18 3:05 ` Weiwei Li
2023-04-18 5:18 ` LIU Zhiwei
2023-04-18 6:09 ` Weiwei Li
2023-04-18 7:08 ` LIU Zhiwei
2023-04-18 8:01 ` Weiwei Li
2023-04-13 9:01 ` [PATCH 2/6] target/riscv: Move pmp_get_tlb_size apart from get_physical_address_pmp Weiwei Li
2023-04-18 2:54 ` Alistair Francis
2023-04-13 9:01 ` [PATCH 3/6] target/riscv: flush tlb when pmpaddr is updated Weiwei Li
2023-04-18 2:36 ` Alistair Francis
2023-04-18 7:11 ` LIU Zhiwei
2023-04-18 8:13 ` Weiwei Li
2023-04-13 9:01 ` [PATCH 4/6] target/riscv: Flush TLB only when pmpcfg/pmpaddr really changes Weiwei Li
2023-04-18 2:39 ` Alistair Francis
2023-04-18 7:14 ` LIU Zhiwei
2023-04-13 9:01 ` [PATCH 5/6] target/riscv: flush tb when PMP entry changes Weiwei Li
2023-04-18 7:28 ` LIU Zhiwei
2023-04-13 9:01 ` [PATCH 6/6] accel/tcg: Remain TLB_INVALID_MASK in the address when TLB is re-filled Weiwei Li
2023-04-17 16:25 ` Daniel Henrique Barboza
2023-04-18 0:48 ` Weiwei Li
2023-04-18 7:18 ` Richard Henderson
2023-04-18 7:36 ` Richard Henderson
2023-04-18 8:18 ` Weiwei Li
2023-04-18 3:07 ` [PATCH 0/6] target/riscv: Fix PMP related problem LIU Zhiwei
2023-04-18 3:36 ` Weiwei Li
2023-04-18 4:47 ` LIU Zhiwei
2023-04-18 6:11 ` Weiwei Li [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ec43b0ce-21ab-50c9-e9dd-1707512b53a5@iscas.ac.cn \
--to=liweiwei@iscas.ac.cn \
--cc=alistair.francis@wdc.com \
--cc=bin.meng@windriver.com \
--cc=dbarboza@ventanamicro.com \
--cc=lazyparser@gmail.com \
--cc=palmer@dabbelt.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-riscv@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=wangjunqiang@iscas.ac.cn \
--cc=zhiwei_liu@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).