riscv: Panic on PMP errors
ClosedPublic
Actions

Authored by kp on Sep 24 2020, 10:54 AM.

Details

Reviewers

br
jrtc27
manu
jhb

Group Reviewers

riscv

Commits

rS366284: riscv: Panic on PMP errors

Summary

Load/store/fetch access exceptions always indicate a violation of a PMP
rule. We can't treat those as page faults, because updating the page
table and trying again will only result in exactly the same access
exception recurring. This leaves us in an endless exception loop.

We cannot recover from these exceptions, so panic instead.

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

kp requested review of this revision.Sep 24 2020, 10:54 AM

kp created this revision.

Harbormaster completed remote builds in B33795: Diff 77478.Sep 24 2020, 10:54 AM

That's not true. You can get those faults even without a PMP if you try and access non-existent memory or if the hardware gives a bus fault due to an access that's not legal for a given peripheral.

arichardson added a subscriber: arichardson.Sep 24 2020, 11:38 AM

Those would also be unrecoverable errors, right?

The problem I'm trying to address here is that if FreeBSD touches PMP protected memory it'll get a load/store/fetch fault and right now it treats that like a TLB miss, tries to load the right page table entry and then tries again. Which faults again, which ...

(And as an aside, is there a better resource about RISC-V in these situations than "RISC-V Instruction Set Manual: Volume II: Privileged Architecture"? I can't seem to find anything relevant about bus errors there, but I may also be overlooking it.)

Panicking here makes sense. Perhaps call it a "memory access exception" rather than a "PMP violation" per Jess's comment. I don't know of any other reference besides the priv spec.

Yeah, the privileged spec calls each an "X access fault". The non-PMP discussion is in the "Physical Memory Attributes" section, and is a more general thing that can include bus faults on implementations where they can occur.

Update panic message

Herald added a reviewer: manu. · View Herald TranscriptSep 27 2020, 3:54 PM

Herald added subscribers: bcran, jhibbits, emaste, andrew. · View Herald Transcript

Harbormaster completed remote builds in B33840: Diff 77568.Sep 27 2020, 3:54 PM

Hopefully correct patch

Harbormaster completed remote builds in B33841: Diff 77569.Sep 27 2020, 3:55 PM

emaste added a subscriber: mhorne.Sep 27 2020, 10:30 PM

jhb accepted this revision.Sep 29 2020, 5:56 PM

This revision is now accepted and ready to land.Sep 29 2020, 5:56 PM

Closed by commit rS366284: riscv: Panic on PMP errors (authored by kp). · Explain WhySep 30 2020, 8:24 AM

This revision was automatically updated to reflect the committed changes.

kp added a commit: rS366284: riscv: Panic on PMP errors.

Herald added a subscriber: imp. · View Herald TranscriptSep 30 2020, 8:24 AM

Should we be doing something for user load/store/fetch faults? Probably a SIGBUS?

Or maybe a panic if we don't expect that to ever happen (though if you start doing memory-mapped devices that's no longer the case).

In D26544#592591, @jrtc27 wrote:

Should we be doing something for user load/store/fetch faults? Probably a SIGBUS?

Yes, we should.

See https://reviews.freebsd.org/D26621

I mmap()ed /dev/mem and accessed PMP protected memory. I see the same endless fault loop as in kernel mode, but it's easily "fixed" by terminating the process.

I did need to implement /dev/mem mmap to test that: https://reviews.freebsd.org/D26622

Revision Contents
Changeset List

Path

Size

head/

sys/

riscv/

trap.c

3 lines

Diff 77670

View Options

head/sys/riscv/riscv/trap.c

riscv: Panic on PMP errorsClosedPublicActions