zephyr/soc/xtensa/dc233c
Daniel Leung debb9f6352 xtensa: dc233c: force invalidating TLBs during page table swap
QEMU MMU tracing showed that there might be something wrong with
its Xtensa MMU implementation, which result in access violation
when running samples/userspace/hello_world_user.

Here is the MMU trace from QEMU from failed runs:

  get_pte: autorefill(00109020): PTE va = 20000424, pa = 0010c424
  get_physical_addr_mmu: autorefill(00109020): 00109000 -> 00109006
  xtensa_cpu_tlb_fill(00109020, 1, 0) -> 00109020, ret = 0
  xtensa_cpu_tlb_fill(00109028, 1, 0) -> 00109028, ret = 0
  xtensa_cpu_tlb_fill(00109014, 0, 2) -> 00103050, ret = 26

The place where it fails is during reading from 0x109014.
From the trace above, the auto-refill maps 0x109000 correctly
with ring 0 and RW access with WB cache (which should be correct
the first time under kernel mode). The page 0x109000 is the libc
partition which needs to be accessible from user thread.
However, when accessing that page, the returned physical address
became 0x103050 (and resulting in load/store access violation).
We always identity map memory pages so it should never return
a different physical address.

After forcing TLB invalidation during page table swaps, the MMU
trace is:

  get_pte: autorefill(00109020): PTE va = 20000424, pa = 0010c424
  get_physical_addr_mmu: autorefill(00109020): 00109000 -> 00109006
  xtensa_cpu_tlb_fill(00109020, 1, 0) -> 00109020, ret = 0
  get_pte: autorefill(00109028): PTE va = 21000424, pa = 0010e424
  get_physical_addr_mmu: autorefill(00109028): 00109000 -> 00109022
  xtensa_cpu_tlb_fill(00109028, 1, 0) -> 00109028, ret = 0
  get_pte: autorefill(00109014): PTE va = 21000424, pa = 0010e424
  get_physical_addr_mmu: autorefill(00109014): 00109000 -> 00109022
  xtensa_cpu_tlb_fill(00109014, 0, 2) -> 00109014, ret = 0
  xtensa_cpu_tlb_fill(00109020, 0, 0) -> 00109020, ret = 0

Here, when the same page is accessed, it got the correct PTE
entry, which is ring 2 with RW access mode (but no cache).
Actually accessing the variable via virtual address returns
the correct physical address: 0x109014.

So workaround that by forcing TLB invalidation during page swap.

Fixes #66029

Signed-off-by: Daniel Leung <daniel.leung@intel.com>
2023-12-27 15:59:05 +00:00
..
include xtensa: rename z_xtensa to simply xtensa 2023-12-13 09:41:24 +01:00
CMakeLists.txt cmake: cleanup and simplify the standard include logic in Zephyr 2023-11-06 18:57:30 -05:00
Kconfig.defconfig boards: qemu_xtensa: use dc233c core 2023-10-20 15:00:14 +02:00
Kconfig.soc xtensa: dc233c: force invalidating TLBs during page table swap 2023-12-27 15:59:05 +00:00
mmu.c xtensa: mmu: rename prefix z_xtensa to xtensa_mmu 2023-12-13 09:41:24 +01:00