清除TLB缓存
处理器用地址转换缓存(通常称为 TLB,全称为 Translation Lookaside Buffer)来提高虚拟地址与物理地址转换性能。为了 降低 TLB 缓存本身的开销,大多数处理器不会让它时刻与页表保持一致。这意味着如果操作系统修改了页表,那么这个缓存会变得陈旧而不可用。RISC-V 的 S 模式添加了另一条 sfence.vma 指令来解决这个问题。这条指令会通知处理器,软件可能已经修改了页表,于是处理器可以相应地刷新 TLB 缓存。它需要两个可选的参数,这样可以缩小缓存刷新的范围。一个位于 rs1,它指示了页表哪个虚址对应的转换被修改了;另一个位于 rs2,它给出了被修改页表的进程的地址空间标识符(ASID)。如果两者都是 x0,便会刷新整个转换缓存。
特权指令:
sfence.vma: supervisor-mode fence.virtual memory addreee,刷新当前CPU下的TLB,在多核系统中,如果一个hart修改了页表,执行sfence.vma之后,仅仅是刷新了当前hart的TLB,无法刷新其他hart的TLB。所以在必须通知其他remote hart来刷新TLB (__sbi_tlb_flush_range -> sbi_remote_sfence_vma)
Example 1
$ git show 21190b74bcf3a36ebab9a715088c29f59877e1f3
riscv: Add sfence.vma after early page table changes
This invalidates local TLB after modifying the page tables during early init as
it's too early to handle suprious faults as we otherwise do.
Fixes: f2c17aabc917 ("RISC-V: Implement compile-time fixed mappings")
diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c
index 787c75f751a5..ca03762a3733 100644
--- a/arch/riscv/mm/init.c
+++ b/arch/riscv/mm/init.c
@@ -226,12 +226,11 @@ void __set_fixmap(enum fixed_addresses idx, phys_addr_t phys, pgprot_t prot)
ptep = &fixmap_pte[pte_index(addr)];
- if (pgprot_val(prot)) {
+ if (pgprot_val(prot))
set_pte(ptep, pfn_pte(phys >> PAGE_SHIFT, prot));
- } else {
+ else
pte_clear(&init_mm, addr, ptep);
- local_flush_tlb_page(addr);
- }
+ local_flush_tlb_page(addr);
}
#ifdef CONFIG_MMU
static inline void local_flush_tlb_all(void)
{
__asm__ __volatile__ ("sfence.vma" : : : "memory");
}
/* Flush one page from local TLB */
static inline void local_flush_tlb_page(unsigned long addr)
{
ALT_FLUSH_TLB_PAGE(__asm__ __volatile__ ("sfence.vma %0" : : "r" (addr) : "memory"));
}
> >> This above patch addes local_flush_tlb_page(addr) to use sfence.vma after the page table changed. That address will be used immediately in memset(nextp, 0, PAGE_SIZE) to cause this issue so we should add the sfence.vma before we use it.
Alternate version of this commit description can be: Invalidate local TLB after both set_pet() and clear_pte() because the address can be used immediately after page table change.
Example 2
$ git show bf587caae305ae3b4393077fb22c98478ee55755
riscv: mm: synchronize MMU after pte change
Because RISC-V compliant implementations can cache invalid entries
in TLB, an SFENCE.VMA is necessary after changes to the page table.
This patch adds an SFENCE.vma for the vmalloc_fault path.
diff --git a/arch/riscv/mm/fault.c b/arch/riscv/mm/fault.c
index cec8be9e2d6a..5b72e60c5a6b 100644
--- a/arch/riscv/mm/fault.c
+++ b/arch/riscv/mm/fault.c
@@ -29,6 +29,7 @@
#include <asm/pgalloc.h>
#include <asm/ptrace.h>
+#include <asm/tlbflush.h>
/*
* This routine handles page faults. It determines the address and the
@@ -278,6 +279,18 @@ asmlinkage void do_page_fault(struct pt_regs *regs)
pte_k = pte_offset_kernel(pmd_k, addr);
if (!pte_present(*pte_k))
goto no_context;
+
+ /*
+ * The kernel assumes that TLBs don't cache invalid
+ * entries, but in RISC-V, SFENCE.VMA specifies an
+ * ordering constraint, not a cache flush; it is
+ * necessary even after writing invalid entries.
+ * Relying on flush_tlb_fix_spurious_fault would
+ * suffice, but the extra traps reduce
+ * performance. So, eagerly SFENCE.VMA.
+ */
+ local_flush_tlb_page(addr);
+
return;
}
}
以下信息源自GitHub的 #204 issue中, Alexandre Joannou和Andrew Waterman的讨论:
对于当前指令集手册中关于SFENCE.VMA的部分可以做如下解读:
- 对内存中的PTEs进行写操作需用SFENCE.VMA进行同步;
- 对PMP CSRs进行写操作需用SFENCE.VMA进行同步;
- 对satp CSR进行写操作无需使用SFENCE.VMA进行同步(即,紧跟在使能转换的写satp操作后的那条指令的取指地址是会被转换的)。
- 对PMP CSRs进行写操作需显式的同步,而对satp的操作则不需要,暗示着某种微架构支持(可能是一种在大多数实现中的流水线阻塞)
从描述上来看,为什么对PMPs的操作描述相较于satp“没有那么严谨”?
- Andrew Waterman 认为这是为了更容易使用缓存标签和TLB等机制来实现对PMPs的缓存,而satp本身则不被缓存。
一种相关的硬件行为描述如下:某些有效的PTEs已被缓存在系统中,此时更新PMP使那些PTEs无法再被访问。尽管如此,这些PTEs依然可以被命中,直到一个SFENCE.VMA指令(rs1=x0,rs2=x0)的执行。
- Andrew Waterman 认为Alexandre Joannou描述的这种硬件行为是正确的。
References
1, kernel
2, riscv-privileged-20211203.pdf - 4.2 Supervisor Instructions
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
