Page MenuHomeFreeBSD
Differential D30644

riscv: Handle hardware-managed dirty bit updates in pmap_promote_l2()
ClosedPublic
Actions

Authored by markj on Jun 4 2021, 6:22 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Nov 2, 11:57 PM
Unknown Object (File)
Wed, Oct 30, 1:44 AM
Unknown Object (File)
Fri, Oct 25, 4:17 PM
Unknown Object (File)
Thu, Oct 17, 6:28 PM
Unknown Object (File)
Thu, Oct 17, 6:49 AM
Unknown Object (File)
Wed, Oct 16, 11:09 PM
Unknown Object (File)
Tue, Oct 15, 5:09 AM
Unknown Object (File)
Sat, Oct 12, 9:31 PM
View All 92 Files
Subscribers
arichardson
imp
jrtc27

Details

Reviewers
alc
kib
freebsdphab-AX9_cmx.ietfng.org
jrtc27
Group Reviewers
riscv
Commits
rGc05748e028b8: riscv: Handle hardware-managed dirty bit updates in pmap_promote_l2()
Summary

When adding transparent superpage support I neglected to handle
hardware-managed dirty bits here. In particular, when comparing the
attributes of a run of 512 PTEs, we must handle the possibility that the
hardware will set PTE_D on a clean, writable mapping.

Following the example of amd64 and arm64, change riscv's
pmap_promote_l2() to downgrade clean, writable mappings to read-only, so
that updates are synchronized by the pmap lock.

Note that the change clears PTE_W without an sfence.vma. When hardware
management of the dirty bit is implemented, the implementation is
required to atomically check that the leaf PTE is writable and set
PTE_D. Therefore I believe there is no danger that a downgraded mapping
will be dirtied via a cached translation. In the worst case, we'll get
a spurious page fault, at which point we issue sfence.vma.

Fixes: f6893f09d
MFC after: 1 week

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj created this revision.Jun 4 2021, 6:22 PM
Herald added a subscriber: imp. · View Herald TranscriptJun 4 2021, 6:22 PM
markj requested review of this revision.Jun 4 2021, 6:22 PM
markj added a parent revision: D30643: arm64: Fix pmap_copy()'s handling of 2MB mappings.
markj added a child revision: D30645: riscv: Rename pmap_fault_fixup() to pmap_fault().
Harbormaster completed remote builds in B39712: Diff 90428.Jun 4 2021, 6:23 PM
markj added reviewers: alc, kib, riscv.Jun 4 2021, 6:23 PM
markj mentioned this in D30550: RISC-V pmap: remove incorrect assertions in pmap_demote_l2_locked.
jrtc27 added a subscriber: jrtc27.Jun 4 2021, 6:41 PM

I agree with your assessment about not needing sfence.vma, but that's probably worth a comment in the source.

sys/riscv/riscv/pmap.c
2564

Hm, PTE_W is an int not a pt_entry_t, does that not cause issues for the high bits? I guess it's fine because bitwise negation on signed integers is implementation-defined, and in this case two's complement means the int -> unsigned long conversion does the right thing... and we use this pattern elsewhere. Seems dangerous but I think this is all well-defined by a combination of the C spec and knowing the implementation is two's complement, though it would probably make sense for all the PTE_* constants to be the same type as pt_entry_t, both in width and signedness...

jrtc27 added a reviewer: freebsdphab-AX9_cmx.ietfng.org.Jun 4 2021, 6:42 PM
markj added a comment.Jun 4 2021, 7:14 PM
In D30644#688379, @jrtc27 wrote:

I agree with your assessment about not needing sfence.vma, but that's probably worth a comment in the source.

Yes, I'll add one.

sys/riscv/riscv/pmap.c
2564

That assumption is made in pretty much all of the pmaps, it seems. We could perhaps specify a type suffix of ul in the literal value for all of the constants, I think that would do the right thing were we ever to implement riscv32.

jrtc27 added inline comments.Jun 4 2021, 7:16 PM
sys/riscv/riscv/pmap.c
2564

Yeah, I started writing the comment thinking you had a bug there and would trash the upper bits, but then it turned into general musings. As you say, it's a pretty common pattern, and not just for pmap code. As for riscv32, well, that seems like a bit of a waste of time, but hey if someone wants to do it (properly) I won't stop them...

markj updated this revision to Diff 90433.Jun 4 2021, 7:27 PM

Add a comment explaining why we downgrade protections and why we don't
execute sfence.vma.

Harbormaster completed remote builds in B39716: Diff 90433.Jun 4 2021, 7:27 PM
jrtc27 added inline comments.Jun 4 2021, 7:44 PM
sys/riscv/riscv/pmap.c
2565–2569

I think the atomic compare-and-swap requirement for hardware dirty tracking is important to mention in here (and maybe also that software dirty tracking will fault on the cached translations already anyway due to missing PTE_D)?

freebsdphab-AX9_cmx.ietfng.org added inline comments.Jun 4 2021, 8:51 PM
sys/riscv/riscv/pmap.c
2567

Just checking, but: there's no possibility that these cached translations will persist past the lifetime of the page table page now being updated? That is, by the time the page containing these l3 PTEs is recycled, we certainly will have done a global TLB invalidation? (Otherwise it seems like there's risk that the PTW might occasionally corrupt the PTE_D bit in bit patterns that happen to look like the PTEs?)

jrtc27 added inline comments.Jun 4 2021, 9:03 PM
sys/riscv/riscv/pmap.c
2567

See arm64's version of this code; the pmap_insert_pt_page ensures that.

markj marked an inline comment as done.Jun 4 2021, 10:03 PM
markj added inline comments.
sys/riscv/riscv/pmap.c
2567

Right, during promotion we don't discard the page containing the L3 PTEs. Instead it is saved in a per-pmap radix tree. During demotion we restore it. So it is ok to let stale TLB entries reference the old L3 entries so long as they are not clean and writable.

markj updated this revision to Diff 90436.Jun 4 2021, 10:10 PM

Try to better explain why it's ok to defer sfence.vma in pmap_promote_l2().

Harbormaster completed remote builds in B39719: Diff 90436.Jun 4 2021, 10:10 PM
jrtc27 accepted this revision.Jun 4 2021, 10:13 PM
This revision is now accepted and ready to land.Jun 4 2021, 10:13 PM
jrtc27 added a comment.Jun 4 2021, 10:14 PM

Wes, could you please check this does indeed fix the panic you were seeing with snmalloc, not just your hand-written test?

freebsdphab-AX9_cmx.ietfng.org added a comment.Jun 5 2021, 3:15 PM

Yes, this does look like it fixes the original panic I saw as well as my hand-written test. Thanks!

freebsdphab-AX9_cmx.ietfng.org accepted this revision.Jun 5 2021, 3:16 PM
arichardson added a subscriber: arichardson.Jun 5 2021, 5:16 PM

Can we also commit the test program from https://reviews.freebsd.org/D30550?

alc accepted this revision.Jun 6 2021, 7:57 AM
markj added a comment.Jun 6 2021, 4:26 PM
In D30644#688675, @arichardson wrote:

Can we also commit the test program from https://reviews.freebsd.org/D30550?

Yes, I will try to do this. Of course it can't really be committed as-is since there's never a guarantee that transparent promotion will succeed. But having some basic regression tests which verify that we demote superpages during various operations would be useful.

alc added a comment.Jun 6 2021, 7:15 PM
In D30644#688473, @jrtc27 wrote:

Wes, could you please check this does indeed fix the panic you were seeing with snmalloc, not just your hand-written test?

I'd be curious how the promotion count with snmalloc compares to jemalloc, particularly for clang.

Closed by commit rGc05748e028b8: riscv: Handle hardware-managed dirty bit updates in pmap_promote_l2() (authored by markj). · Explain WhyJun 6 2021, 8:47 PM
This revision was automatically updated to reflect the committed changes.
markj added a commit: rGc05748e028b8: riscv: Handle hardware-managed dirty bit updates in pmap_promote_l2().
freebsdphab-AX9_cmx.ietfng.org mentioned this in D31118: riscv pmap_fault: SFENCE.VMA more selectively.Jul 10 2021, 3:20 PM

Revision Contents
Changeset List

PathSize
sys/
riscv/
riscv/
41 lines

Diff 90496

View Options

sys/riscv/riscv/pmap.c

Loading...