[PATCH 0/3] target/arm, hw/arm/smmuv3: Advertise TTL and BBM features

qemu-arm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 0/3] target/arm, hw/arm/smmuv3: Advertise TTL and BBM features

From:	Peter Maydell
Subject:	[PATCH 0/3] target/arm, hw/arm/smmuv3: Advertise TTL and BBM features
Date:	Tue, 26 Apr 2022 17:04:19 +0100

These patches advertise support for the CPU FEAT_TTL and FEAT_BBM,
and for the SMMUv3.2-BBML2 which is the SMMU's equivalent to
FEAT_BBM).  For all of these, our current implementation is
sufficient to allow us to claim support, so these patches just set ID
bits.  The bulk of the patches is in the commit messages which
justify why this is OK...

To start with the simpler one, FEAT_TTL allows the guest to provide
an optional hint in TLB invalidate operations about which translation
table level holds the leaf entry for the address being invalidated. 
Since we don't need that information and we correctly ignore the
field that holds the TTL hint information, we can safely advertise
that we support FEAT_TTL.

FEAT_BBM is the complicated one.  The description in the Arm ARM of
the requirements of FEAT_BBM is admirably clear on the guarantees it
provides software, but slightly more obscure on what that means for
implementations.  The description of the equivalent SMMU feature in
the SMMU specification (IHI0070D.b section 3.21.1) is perhaps a bit
more detailed and includes some example valid implementation choices.

The informal summary of FEAT_BBM is that it is about permitting an OS
to switch a range of memory between "covered by a huge page" and
"covered by a sequence of normal pages" without having to engage in
the 'break-before-make' dance that has traditionally been necessary. 
The 'break-before-make' sequence is:

 * replace the old translation table entry with an invalid entry
 * execute a DSB insn
 * execute a broadcast TLB invalidate insn
 * execute a DSB insn
 * write the new translation table entry
 * execute a DSB insn

The point of this is to ensure that no TLB can simultaneously contain
TLB entries for the old and the new entry, which would traditionally
be UNPREDICTABLE (allowing the CPU to generate a TLB Conflict fault
or to use a random mishmash of values from the old and the new
entry).  FEAT_BBM level 2 says "for the specific case where the only
thing that changed is the size of the block, the TLB is guaranteed
not to do weird things even if there are multiple entries for an
address", which means that software can now do:

 * replace old translation table entry with new entry
 * DSB
 * broadcast TLB invalidate
 * DSB

As the SMMU spec notes, valid ways to do this include:

 * if there are multiple entries in the TLB for an address,
   choose one of them and use it, ignoring the others
 * if there are multiple entries in the TLB for an address,
   throw them all out and do a page table walk to get a new one

QEMU's page table walk implementation for Arm CPUs already meets the
requirements for FEAT_BBM level 2. When we cache an entry in our TCG
TLB, we do so only for the specific (non-huge) page that the address
is in, and there is no way for the TLB data structure to ever have
more than one TLB entry for that page. (We handle huge pages only in
that we track what part of the address space is covered by huge pages
so that a TLB invalidate operation for an address in a huge page
results in an invalidation of the whole TLB.) We ignore the Contiguous
bit in page table entries, so we don't have to do anything for the
parts of FEAT_BBM that deal with changes to the Contiguous bit.

Our SMMUv3 implementation  (unlike our CPU TLB) does allow multiple
TLB entries for an address, because the translation table level is
part of the SMMUIOTLBKey, and so our IOTLB hashtable can include
entries for the same address where the leaf was at different levels
(i.e.  both hugepage and normal page).  So here we rely on "pick one
of the multiple entries and ignore the rest" being a valid
implementation.

FEAT_BBM level 2 also requires that the nT bit in block descriptors
must be ignored. Since commit 39a1fd25287f5dece5 we do this for
the CPU; we always have done for the SMMU.

So for both SMMU and CPU we can advertise "level 2" BBM support.

(Note that we still can't yet advertise our SMMU as an SMMU v3.2,
because v3.2 requires support for the S2FWB feature, which we don't
yet implement. I might look at that when I do the CPU FEAT_S2FWB.)

thanks
-- PMM


Peter Maydell (3):
  target/arm: Advertise support for FEAT_TTL
  target/arm: Advertise support for FEAT_BBM level 2
  hw/arm/smmuv3: Advertise support for SMMUv3.2-BBML2

 docs/system/arm/emulation.rst | 2 ++
 hw/arm/smmuv3-internal.h      | 1 +
 hw/arm/smmuv3.c               | 1 +
 target/arm/cpu64.c            | 2 ++
 4 files changed, 6 insertions(+)

-- 
2.25.1

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 0/3] target/arm, hw/arm/smmuv3: Advertise TTL and BBM features, Peter Maydell <=
- [PATCH 1/3] target/arm: Advertise support for FEAT_TTL, Peter Maydell, 2022/04/26
- [PATCH 2/3] target/arm: Advertise support for FEAT_BBM level 2, Peter Maydell, 2022/04/26
- [PATCH 3/3] hw/arm/smmuv3: Advertise support for SMMUv3.2-BBML2, Peter Maydell, 2022/04/26
  - Re: [PATCH 3/3] hw/arm/smmuv3: Advertise support for SMMUv3.2-BBML2, Eric Auger, 2022/04/28
    - Re: [PATCH 3/3] hw/arm/smmuv3: Advertise support for SMMUv3.2-BBML2, Peter Maydell, 2022/04/28
    - Re: [PATCH 3/3] hw/arm/smmuv3: Advertise support for SMMUv3.2-BBML2, Eric Auger, 2022/04/28
- Re: [PATCH 0/3] target/arm, hw/arm/smmuv3: Advertise TTL and BBM features, Richard Henderson, 2022/04/26

Prev by Date: Re: [PATCH v3 35/60] target/arm: Handle cpreg registration for missing EL
Next by Date: [PATCH 1/3] target/arm: Advertise support for FEAT_TTL
Previous by thread: [PATCH] target/arm: Disable cryptographic instructions when neon is disabled
Next by thread: [PATCH 1/3] target/arm: Advertise support for FEAT_TTL
Index(es):
- Date
- Thread