Github_Repos/cvw
1
0
Fork 1
mirror of https://github.com/openhwgroup/cvw synced 2025-02-11 06:05:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Coverage improvements; remove incorrect logic checking NAPOT nonleaf PTE

Browse Source
This commit is contained in:
David Harris 2024-01-02 00:35:17 -08:00
parent 66dce731a0
commit d229dc06ee
4 changed files with 325 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/mmu/hptw.sv
View File

@ -139,7 +139,7 @@ module hptw import cvw::*; #(parameter cvw_t P) (
assign LeafPTE = Executable | Writable | Readable;
assign ValidPTE = Valid & ~(Writable & ~Readable);
assign ValidLeafPTE = ValidPTE & LeafPTE;
assign ValidNonLeafPTE = ValidPTE & ~LeafPTE;
assign ValidNonLeafPTE = Valid & ~LeafPTE;
if(P.SVADU_SUPPORTED) begin : hptwwrites
logic ReadAccess, WriteAccess;
@ -255,13 +255,14 @@ module hptw import cvw::*; #(parameter cvw_t P) (
end
// Page Table Walker FSM
// there is a bug here. Each memory access needs to be potentially flushed if the PMA/P checkers
// *** there is a bug here (RT). Each memory access needs to be potentially flushed if the PMA/P checkers
// generate an access fault. Specially the store on UDPATE_PTE needs to check for access violation.
// I think the solution is to do 1 of the following
// 1. Allow the HPTW to generate exceptions and stop walking immediately.
// 2. If the store would generate an exception don't store to dcache but still write the TLB. When we go back
// to LEAF then the PMA/P. Wait this does not work. The PMA/P won't be looking a the address in the table, but
// rather than physical address of the translated instruction/data. So we must generate the exception.
// *** DH 1/1/24 another bug: when the NAPOT bits (PTE[62:61]) are nonzero on a nonleaf PTE, the walker should make a page fault
flopenl #(.TYPE(statetype)) WalkerStateReg(clk, reset | FlushW, 1'b1, NextWalkerState, IDLE, WalkerState);
always_comb
case (WalkerState)

6
src/mmu/tlb/tlbcontrol.sv
View File

@ -85,8 +85,7 @@ module tlbcontrol import cvw::*; #(parameter cvw_t P, ITLB = 0) (
assign PBMemoryType = PTE_PBMT & {2{Translate & TLBHit & P.SVPBMT_SUPPORTED}};
// check if reserved, N, or PBMT bits are malformed w in RV64
assign BadPBMT = PTE_PBMT != 0 & (~(P.SVPBMT_SUPPORTED & ENVCFG_PBMTE) |
{PTE_X, PTE_W, PTE_R} == 3'b000) | PTE_PBMT == 3; // PBMT must be zero if not supported or for non-leaf PTEs;
assign BadPBMT = ((PTE_PBMT != 0) & ~(P.SVPBMT_SUPPORTED & ENVCFG_PBMTE)) | PTE_PBMT == 3; // PBMT must be zero if not supported; value of 3 is reserved
assign BadNAPOT = PTE_N & (~P.SVNAPOT_SUPPORTED | ~NAPOT4); // N must be be 0 if CVNAPOT is not supported or not 64 KiB contiguous region
assign BadReserved = PTE_RESERVED; // Reserved bits must be zero
@ -94,8 +93,7 @@ module tlbcontrol import cvw::*; #(parameter cvw_t P, ITLB = 0) (
if (ITLB == 1) begin:itlb // Instruction TLB fault checking
// User mode may only execute user mode pages, and supervisor mode may
// only execute non-user mode pages.
assign ImproperPrivilege = ((EffectivePrivilegeMode == P.U_MODE) & ~PTE_U) |
((EffectivePrivilegeMode == P.S_MODE) & PTE_U);
assign ImproperPrivilege = ((PrivilegeModeW == P.U_MODE) & ~PTE_U) | ((PrivilegeModeW == P.S_MODE) & PTE_U);
assign PreUpdateDA = ~PTE_A;
assign InvalidAccess = ~PTE_X;
end else begin:dtlb // Data TLB fault checking

3
testbench/tests.vh
View File

@ -44,8 +44,9 @@ string tvpaths[] = '{
string coverage64gc[] = '{
`COVERAGE,
"ieu",
"tlbmisc",
"tlbNAPOT",
"ieu",
"priv",
"ebu",
"csrwrites",

318
tests/coverage/tlbmisc.S Normal file
View File

@ -0,0 +1,318 @@
///////////////////////////////////////////
// tlbmisc.S
//
// Written David_Harris@hmc.edu 1/1/24
//
// Purpose: Test coverage for other TLB issues
//
// A component of the CORE-V-WALLY configurable RISC-V project.
//
// Copyright (C) 2021-23 Harvey Mudd College & Oklahoma State University
//
// SPDX-License-Identifier: Apache-2.0 WITH SHL-2.1
//
// Licensed under the Solderpad Hardware License v 2.1 (the License); you may not use this file
// except in compliance with the License, or, at your option, the Apache License version 2.0. You
// may obtain a copy of the License at
//
// https://solderpad.org/licenses/SHL-2.1/
//
// Unless required by applicable law or agreed to in writing, any work distributed under the
// License is distributed on an AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
// either express or implied. See the License for the specific language governing permissions
// and limitations under the License.
////////////////////////////////////////////////////////////////////////////////////////////////
// load code to initalize stack, handle interrupts, terminate
#include "WALLY-init-lib.h"
# run-elf.bash find this in project description
main:
li t5, 0x1
slli t5, t5, 62
ori t5, t5, 0xF0
csrs menvcfg, t5 # menvcfg.PBMTE = 1, CBZE, CBCFE, CBIE all 1
# store ret instruction in case we jump to an address mapping to 80000000
li t0, 0x80000000
li t5, 0x8082 # return instruction opcode
sw t5, 0(t0)
fence.i
# Page table root address at 0x80010000; SV48
li t5, 0x9000000000080010
csrw satp, t5
# sfence.vma x0, x0
# switch to supervisor mode
li a0, 1
ecall
# Instruction fetch from misaligned pages
jal changetoipfhandler # set up trap handler to return from instruction page fault if necessary
li t0, 0x8000000000
jalr ra, t0 # jump misaligned terapage
li t0, 0x00000000
jalr ra, t0 # jump to misaligned gigapage
li t0, 0x80200000
jalr ra, t0 # jump to misaligned megapage
# exercise malformed PBMT pages
# page has PBMT = 3 (reserved)
li t0, 0x80400000
lw t1, 0(t0) # read from page
sw t1, 0(t0) # write to page
jalr ra, t0 # jump to page
# Nonleaf PTE has PBMT != 0 # this should cause a page fault during page walking. However, as of issue 546 1/1/24, both ImperasDV and Wally don't detect this
li t0, 0x80600000
lw t1, 0(t0) # read from page
sw t1, 0(t0) # write to page
jalr ra, t0 # jump to page
# change back to default trap handler after checking everything that might cause an instruction page fault
jal changetodefaulthandler
# exercise CBOM instructions with various permissions
li t0, 0x80800000
cbo.zero (t0)
cbo.clean (t0)
li t0, 0x80801000
cbo.zero (t0)
cbo.clean (t0)
li t0, 0x80802000
cbo.zero (t0)
cbo.clean (t0)
li t0, 0x80803000
cbo.zero (t0)
cbo.clean (t0)
# set mstatus.MXR
li a0, 3
ecall
li t0, 1
slli t0, t0, 19
csrs mstatus, t0 # mstatus.mxr = 1
li a0, 1
ecall
# exercise CBOM again now that MXR is set
li t0, 0x80800000
cbo.zero (t0)
cbo.clean (t0)
li t0, 0x80801000
cbo.zero (t0)
cbo.clean (t0)
li t0, 0x80802000
cbo.zero (t0)
cbo.clean (t0)
li t0, 0x80803000
cbo.zero (t0)
cbo.clean (t0)
# clear mstatus.MXR
li a0, 3
ecall
li t0, 1
slli t0, t0, 19
csrc mstatus, t0 # mstatus.mxr = 1
li a0, 1
ecall
# wrap up
li a0, 3 # switch back to machine mode because code at 0x80000000 may not have clean page table entry
ecall
j done
changetoipfhandler:
li a0, 3
ecall # switch to machine mode
la a0, ipf_handler
csrw mtvec, a0 # point to new handler
li a0, 1
ecall # switch back to supervisor mode
ret
changetodefaulthandler:
li a0, 3
ecall # switch to machine mode
la a0, trap_handler
csrw mtvec, a0 # point to new handler
li a0, 1
ecall # switch back to supervisor mode
ret
instructionpagefaulthandler:
csrw mepc, ra # go back to calling function
mret
.align 4 # trap handlers must be aligned to multiple of 4
ipf_handler:
# Load trap handler stack pointer tp
csrrw tp, mscratch, tp # swap MSCRATCH and tp
sd t0, 0(tp) # Save t0 and t1 on the stack
sd t1, -8(tp)
csrr t0, mcause # Check the cause
li t1, 8 # is it an ecall trap?
andi t0, t0, 0xFC # if CAUSE = 8, 9, or 11
beq t0, t1, ecall # yes, take ecall
csrr t0, mcause
li t1, 12 # is it an instruction page fault
beq t0, t1, ipf # yes, return to calling function
j trap_return
ipf:
csrw mepc, ra # return to calling function
ld t1, -8(tp) # restore t1 and t0
ld t0, 0(tp)
csrrw tp, mscratch, tp # restore tp
mret # return from trap
.data
.align 16
# root Page table situated at 0x80010000
pagetable:
.8byte 0x200044C1 # 0x00000000-0x80_00000000: PTE at 0x80011000 C1 dirty, accessed, valid
.8byte 0x00000000000010CF # misaligned terapage at 0x80_00000000
# next page table at 0x80011000
.align 12
.8byte 0x00000000000010CF # misaligned gigapage at 0x00000000
.8byte 0x00000000200058C1 # PTE for pages at 0x40000000
.8byte 0x00000000200048C1 # gigapage at 0x80000000 pointing to 0x80120000
# Next page table at 0x80012000 for gigapage at 0x80000000
.align 12
.8byte 0x0000000020004CC1 # for VA starting at 80000000 (pointer to NAPOT 64 KiB pages)
.8byte 0x0000000020014CCF # for VA starting at 80200000 (misaligned megapage)
.8byte 0x00000000200050C1 # for VA starting at 80400000 (bad PBMT pages)
.8byte 0x4000000020004CC1 # for VA starting at 80600000 (bad entry: nonleaf PTE can't have PBMT != 0)
.8byte 0x00000000200054C1 # for VA starting at 80800000 (testing rwx permissiosn with cbom/cboz)
.8byte 0x0000000020004CC1
.8byte 0x0000000020004CC1
.8byte 0x0000000020004CC1
.8byte 0x0000000020004CC1
.8byte 0x0000000020004CC1
.8byte 0x0000000020004CC1
.8byte 0x0000000020004CC1
.8byte 0x0000000020004CC1
.8byte 0x0000000020004CC1
.8byte 0x0000000020004CC1
.8byte 0x0000000020004CC1
.8byte 0x0000000020004CC1
.8byte 0x0000000020004CC1
.8byte 0x0000000020004CC1
.8byte 0x0000000020004CC1
.8byte 0x0000000020004CC1
.8byte 0x0000000020004CC1
.8byte 0x0000000020004CC1
.8byte 0x0000000020004CC1
.8byte 0x0000000020004CC1
.8byte 0x0000000020004CC1
.8byte 0x0000000020004CC1
.8byte 0x0000000020004CC1
.8byte 0x0000000020004CC1
.8byte 0x0000000020004CC1
.8byte 0x0000000020004CC1
.8byte 0x0000000020004CC1
.8byte 0x0000000020004CC1
.8byte 0x0000000020004CC1
.8byte 0x0000000020004CC1
.8byte 0x0000000020004CC1
.8byte 0x0000000020004CC1
.8byte 0x0000000020004CC1
# Leaf page table at 0x80013000 with NAPOT pages
.align 12
#80000000
.8byte 0xA0000000200020CF
.8byte 0xA0000000200020CF
.8byte 0xA0000000200020CF
.8byte 0xA0000000200020CF
.8byte 0xA0000000200020CF
.8byte 0xA0000000200020CF
.8byte 0xA0000000200020CF
.8byte 0xA0000000200020CF
.8byte 0xA0000000200020CF
.8byte 0xA0000000200020CF
.8byte 0xA0000000200020CF
.8byte 0xA0000000200020CF
.8byte 0xA0000000200020CF
.8byte 0xA0000000200020CF
.8byte 0xA0000000200020CF
.8byte 0xA0000000200020CF
.8byte 0x80000000200060CF
.8byte 0x80000000200060CF
.8byte 0x80000000200060CF
.8byte 0x80000000200060CF
.8byte 0x80000000200060CF
.8byte 0x80000000200060CF
.8byte 0x80000000200060CF
.8byte 0x80000000200060CF
.8byte 0x80000000200060CF
.8byte 0x80000000200060CF
.8byte 0x80000000200060CF
.8byte 0x80000000200060CF
.8byte 0x80000000200060CF
.8byte 0x80000000200060CF
.8byte 0x80000000200060CF
.8byte 0x80000000200060CF
.8byte 0x800000002000A0CF
.8byte 0x800000002000A0CF
.8byte 0x800000002000A0CF
.8byte 0x800000002000A0CF
.8byte 0x800000002000A0CF
.8byte 0x800000002000A0CF
.8byte 0x800000002000A0CF
.8byte 0x800000002000A0CF
.8byte 0x800000002000A0CF
.8byte 0x800000002000A0CF
.8byte 0x800000002000A0CF
.8byte 0x800000002000A0CF
.8byte 0x800000002000A0CF
.8byte 0x800000002000A0CF
.8byte 0x800000002000A0CF
.8byte 0x800000002000A0CF
.8byte 0x800000002000E0CF
.8byte 0x800000002000E0CF
.8byte 0x800000002000E0CF
.8byte 0x800000002000E0CF
.8byte 0x800000002000E0CF
.8byte 0x800000002000E0CF
# Leaf page table at 0x80014000 with PBMT pages
.align 12
#80400000
.8byte 0x60000000200020CF # reserved entry
# Leaf page table at 0x80015000 with various permissions for testing CBOM and CBOZ
.align 12
#80800000
.8byte 0x00000000200000CF # valid rwx for VA 80800000
.8byte 0x00000000200000CF # valid r x for VA 80801000
.8byte 0x00000000200000CF # valid r for VA 80802000
.8byte 0x00000000200000CF # valid x for CA 80003000