diff options
| author | Christian Krinitsin <mail@krinitsin.com> | 2025-07-03 19:39:53 +0200 |
|---|---|---|
| committer | Christian Krinitsin <mail@krinitsin.com> | 2025-07-03 19:39:53 +0200 |
| commit | dee4dcba78baf712cab403d47d9db319ab7f95d6 (patch) | |
| tree | 418478faf06786701a56268672f73d6b0b4eb239 /results/classifier/108/debug/1053 | |
| parent | 4d9e26c0333abd39bdbd039dcdb30ed429c475ba (diff) | |
| download | emulator-bug-study-dee4dcba78baf712cab403d47d9db319ab7f95d6.tar.gz emulator-bug-study-dee4dcba78baf712cab403d47d9db319ab7f95d6.zip | |
restructure results
Diffstat (limited to 'results/classifier/108/debug/1053')
| -rw-r--r-- | results/classifier/108/debug/1053 | 24 |
1 files changed, 0 insertions, 24 deletions
diff --git a/results/classifier/108/debug/1053 b/results/classifier/108/debug/1053 deleted file mode 100644 index 1de5c454..00000000 --- a/results/classifier/108/debug/1053 +++ /dev/null @@ -1,24 +0,0 @@ -debug: 0.993 -device: 0.726 -performance: 0.624 -other: 0.620 -graphic: 0.463 -semantic: 0.437 -socket: 0.389 -vnc: 0.319 -boot: 0.315 -network: 0.297 -KVM: 0.276 -PID: 0.233 -permissions: 0.225 -files: 0.086 - -Executable PMP regions of size less than 4K always trigger an instruction access fault -Description of problem: -When configuring a PMP region that is less than 4K in size (Page size), and then trying to execute instructions inside said region, TCG always throws a PMP exception, even though the area allows code execution. -Additional information: -I've debugged the issue already, and it's happening because of the following optimization in TCG: - -TCG uses `get_page_addr_code_hostp` in order to try and get the translation cached for a whole page of instructions; if this function is unable to translate a whole page, it's supposed to simply return `-1`, and then the caller is supposed to translate and execute on a per-instruction basis. In this case `get_page_addr_code_hostp` calls `tlb_fill`, which then calls `riscv_cpu_tlb_fill`, which then calls `get_physical_address_pmp` to perform the PMP access checks. When said instructions are covered by a PMP region which is smaller than a page, this check then fails, since PMP regions must cover the whole access in order to allow it. At this point `riscv_cpu_tlb_fill` will see that a PMP fault happened, and since `probe` is set to false by `get_page_addr_code_hostp`, it will throw a RISC-V access fault exception instead of just returning a failure that `get_page_addr_code_hostp` can handle (by only accessing the memory of the specific instruction instead, which will be fully covered by the PMP region). - -I haven't tried to fix it myself (my first idea is to simply make `get_page_addr_code_hostp` set the probe flag), since I'm not sure if changing that part of TCG will affect other architectures that I'm not aware of. |