-
Notifications
You must be signed in to change notification settings - Fork 479
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PMP access failure #103
Comments
PMP0 entry has been there for quite some time. This is to protect the RAM area where OpenSBI firmware is running. I tried latest OpenSBI + U-Boot on SiFive unleashed but I was not able to reproduce this issue. What is different about your setup? For me, PAGE_OFFSET is 0xffffffe000000000, why is PAGE_OFFSET 0xffffffff80000000 in your case? |
I quickly tried PAGE_OFFSET 0xffffffff80000000 on QEMU/virt machine using Linux-5.1-rc2 kernel and it worked fine for me. It seems your using non-upstream kernel because at 0xffffffff80200034 I have clear_bss() part of head.S. If you are using https://github.com/riscv/riscv-linux tree then please stop using because that tree is obsolete and lacks many upstream changes. |
Thanks for checking this. I am not using a Linux kernel, by my own OS kernel instead. |
The real issue is that memory used by OpenSBI firmware is not marked as reserved in DTS passed to Linux and U-Boot. This needs to be either fixes in DTS itself OR OpenSBI has to update the DTS before passing it to Linux or U-Boot. There is already an existing issue for it: #70 We use PMP to protect OpenSBI firmware is to safe-guard it from buggy S-mode Software. |
I doubt this is related to #70. As you can see from ra register it is still 0x80200032 (the physical address). The PMP check happens right after satp is written, and virtual address translation is on. |
Please fix your OS kernel because we cannot allow S-mode access to firmware memory protected using PMP0. |
My OS kernel does not access to any firmware memory range. This is confirmed. I posted here in case someone knows any potential issues of PMP. |
Initially, I encountered few issues with PMP checking on QEMU but those turned-out to be QEMU bugs which are now fixed upstream QEMU. What you are seeing can also be some HW errata (who knows). For a test case, you can either come-up with test payload in OpenSBI or you can use U-Boot MM/MD commands to show PMP behaviour. |
Please try the test case lbmeng@f3ba28f Steps:
Log below:
|
Based your test code, it seems cache speculative access for S-mode is creating problems for you. As-per your test code, you are mapping 0xffffffff80000000 (V) -> 0x80000000 (P). This means you are mapping initial part of RAM as well which gives cache speculative access freedom to fetch memory from 0x80000000 hence it fails for you. In Linux, we start mapping from kernel load address onwards so we never see this issue. Try creating 2M/4KB mappings and don't map memory where firmware is running. |
I think in your test code the instruction |
My understanding is that the cache speculative access is to fetch several more instructions after current pc in the pipeline for better performance. In my test codes, the pc does not get any chance to be within the firmware memory range (0x80000000-0x8001ffff), hence there should be no speculative access falling into that range.
Yes, I see Linux is using 2M/4KB mappings and does not map the lower 2MB. But per my read of the privileged spec 1.10, what the test codes do seem not wrong. |
Bit 28 is the PPN[2] and PPN[2] maps 1GiB. |
Got it, there is no issue here. |
Is that the same as issue 65? |
No. |
Hi Bin, I believe Andrew answered your query. Please close this issue because its not related to OpenSBI. Regards, |
Closing this as Andrew confirmed it is a silicon erratum. |
Is there a pointer with information about this silicon erratum somewhere? |
On Fri, Jul 26, 2019 at 12:53 AM Kristof Provost ***@***.***> wrote:
Is there a pointer with information about this silicon erratum somewhere?
—
I don't know. Mabye Andrew or guys from SiFive knows.
Note: I still do not have time to investigate some combination of the PMP
settings and PTE settings. I suspect the errata is not limited to gigapage
usage.
Regards,
Bin
|
S-mode software needs a way to know memory used by SBI firmware so that it can correctly mark such memory as reserved. Related discussion: riscv-software-src/opensbi#103 Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
S-mode software needs a way to know memory used by SBI firmware so that it can correctly mark such memory as reserved. Related discussion: riscv-software-src/opensbi#103 Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
S-mode software needs a way to know memory used by SBI firmware so that it can correctly mark such memory as reserved. Related discussion: riscv-software-src/opensbi#103 Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
S-mode software needs a way to know memory used by SBI firmware so that it can correctly mark such memory as reserved. Related discussion: riscv-software-src/opensbi#103 Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
On SiFive FU540, OpenSBI sets up the PMP regions as follows:
PMP0: 0x0000000080000000-0x000000008001ffff (A)
PMP1: 0x0000000000000000-0x0000007fffffffff (A,R,W,X)
With above settings, when booting my kernel, I got:
From above log, both mepc and mtval point to 0xffffffff80200034, and this is the location where stvec is programmed. My codes is supposed to jump to stevc after satp is programmed with valid page tables. Both mstatus.MPP and mstatus.SPP is set to S-mode, so what happened is that after satp is written, the next instruction will immediately trap to stvec (mstatus.SPP <= 1), but at the same time, another exception trapped when trying to read instructions from stvec (mstatus.MPP <= 1)
After I changed OpenSBI to not program the PMP region 0 for the firmware image, like below:
PMP0: 0x0000000000000000-0x0000007fffffffff (A,R,W,X)
Then my kernel successfully boots.
So it seems that accessing 0xffffffff80200034 somehow falls into the access check of PMP region 0. But its address is not in the range at all. I can't figure out why this is the case.
The text was updated successfully, but these errors were encountered: