[Qemu-devel] [PATCH] Arm MMU Fixes

[Qemu-devel] [PATCH] Arm MMU Fixes

[Matthew Warton]

[-- Attachment #1: Type: text/plain, Size: 1025 bytes --]

Hi,

I recently tracked down a problem in the simulation of our software  
on Qemu to two small problems in the ARM MMU code.

The first is that Qemu would not enable changing of the pid register  
on processors with an MMU.  This is a legal operation, and one that  
several parts of our kernel rely on.  See (for example) the ARM920t  
technical reference manual to verify that this register is available  
on ARM processors with an MMU.

The second fix is more subtle.  The Qemu TLB is architecture  
independent, and therefore does not track Domains with TLB entries.   
Thus when the domain register is changed the TLB needs to be flushed  
so that all of the memory accesses are again checked with the new  
permissions.  The lack of this flush was causing a protection fault  
to not be delivered in certain circumstances, leading to incorrect  
software execution.

I would appreciate it if you could incorporate this patch into future  
releases of Qemu.

Thankyou,
Matthew Warton

Open Kernel Labs
www.ok-labs.com


[-- Attachment #2: arm.diff --]
[-- Type: application/octet-stream, Size: 877 bytes --]

diff -ru qemu-snapshot-2007-10-11_05/target-arm/helper.c qemu-patched/target-arm/helper.c
--- qemu-snapshot-2007-10-11_05/target-arm/helper.c	2007-09-17 07:08:01.000000000 +1000
+++ qemu-patched/target-arm/helper.c	2007-10-15 11:33:49.000000000 +1000
@@ -703,6 +703,7 @@
         break;
     case 3: /* MMU Domain access control / MPU write buffer control.  */
         env->cp15.c3 = val;
+        tlb_flush(env, 1); /* Flush TLB as domain not tracked in TLB */
         break;
     case 4: /* Reserved.  */
         goto bad_reg;
@@ -813,8 +814,6 @@
     case 13: /* Process ID.  */
         switch (op2) {
         case 0:
-            if (!arm_feature(env, ARM_FEATURE_MPU))
-                goto bad_reg;
             /* Unlike real hardware the qemu TLB uses virtual addresses,
                not modified virtual addresses, so this causes a TLB flush.
              */

Re: [Qemu-devel] [PATCH] Arm MMU Fixes

[andrzej zaborowski]

Hi,

On 15/10/2007, Matthew Warton <mwarton@ok-labs.com> wrote:
> The first is that Qemu would not enable changing of the pid register
> on processors with an MMU.  This is a legal operation, and one that
> several parts of our kernel rely on.  See (for example) the ARM920t
> technical reference manual to verify that this register is available
> on ARM processors with an MMU.

I committed the change, but I'm wondering if it was originally a typo
and the operation should instead be illegal on processors with an MPU
(note that MPU != MMU), i.e. a spurious "!". Can somebody check this?

Thanks,
Andrew

Re: [Qemu-devel] [PATCH] Arm MMU Fixes

[Matthew Warton]

As far as I know (referencing ARM system-on-chip-architecture by  
Steve Furber) this is used on MPU ARMS as well.  Apparently it is  
included on some of these chips to support windows CE.

Personally I have no experience with MPU ARMs.

Thanks,
Matthew Warton

On 31/10/2007, at 11:49 AM, andrzej zaborowski wrote:

> Hi,
>
> On 15/10/2007, Matthew Warton <mwarton@ok-labs.com> wrote:
>> The first is that Qemu would not enable changing of the pid register
>> on processors with an MMU.  This is a legal operation, and one that
>> several parts of our kernel rely on.  See (for example) the ARM920t
>> technical reference manual to verify that this register is available
>> on ARM processors with an MMU.
>
> I committed the change, but I'm wondering if it was originally a typo
> and the operation should instead be illegal on processors with an MPU
> (note that MPU != MMU), i.e. a spurious "!". Can somebody check this?
>
> Thanks,
> Andrew
>
>
>