XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd

Keeping Coherency on Arm:
Reborn
Julien Grall <julien.grall@arm.com>
Xen Developer Summit 2019
© 2019 Arm Limited

Xen and Arm
Over the past years, a few architectural compliance issues where iden ﬁed in Xen:
Boot code
Memory subsystem
Guest memory subsystem
Atomics helper
2 © 2019 Arm Limited

Xen runs ﬁne for me.
What are you talking about?

Xen and Arm - 2
Some of the recent examples:
4.11 failing to boot on Thunder-X
https://lists.xenproject.org/archives/html/xen-devel/2019-06/msg00184.html
32-bit guest intermi ently failing to boot
Assump on of system registers layout
XSA-295
https://xenbits.xen.org/xsa/advisory-295.txt

Why following the ARM ARM?
Reliability
Upgrading to a newer processor without Xen modiﬁca ons

Scope
This talk is focusing on boot and memory handling.
Focussing on architectural guarantees.
The Architecture Reference Manual is authorita ve.

Page-table updates

Page table entry
An entry can point to either a block mapping, transla on table or a page descriptor.
Note that whilst Arm supports diﬀerent granules (4KB, 16KB and 64KB), Xen only supports 4KB.

Page table entry - 2
Each block mapping and page descriptor contains informa on such as:
Access permission: read, write, execute never
Memory type: Device or Normal memory
Shareability: non-shareable, inner-shareable, outer-shareable
Cacheability
Access ﬂag
Con guous bit
Non-Global bit

TLB entries
TLB is a structure which caches results of the transla on table walks.
Each TLB entry
contains data from the page descriptor.
is tagged by ASID and VMID.

Address Space Iden fier
The Address Space Iden fier (ASID)
iden fies pages associated to a single address space (e.g. a process).
applies for EL1 (kernel) and EL0 (userspace) transla on regime.
provides a mechanism for changing process-specific table without requiring TLB invalida on.
is cached by the TLB entries.

Virtual Machine Iden fier
The Virtual Machine Iden fier (VMID)
iden fies the current virtual machine (Non-Secure EL1 & EL0).
has its own independent ASID space.
is cached by the TLB entries so no TLB invalida on is required when switching between VM.

Con guous bit
It indicates whether the entry is one of a number of adjacent page table entries that point to a
con guous output address range.
The number of adjacent entries depends on the page size.
For instance with 4KB, it will be 16 entries.
The TLB is allowed to cache a con guous region in a single entry.

Non-Global (nG) bit
The non-Global bit applies only for Stage-1 page tables.
nG 0 means the region is available for all ASIDs.
nG 1 means the region is restricted to the current ASID.
Global mapping can be invalidated by using any ASID.

Special considera ons apply to
transla on table updates ...
ARM ARM

Page table updates
Page table updates may require one to use a break-before-make sequence.
It is a sequence required by the ARM ARM to update page table entries.
Required for certain update of the tables.
Ensures that a coherent view of the page tables is used by all observers.

Why do we care?
Page tables are used by diﬀerent observers
HW transla on table walkers
Observers may be accessing the page-tables during updates

What could happen?
The TLB may hold two mappings for the same address and might lead to
CONSTRAINED UNPREDICTABLE behavior and break coherency
A processor may see access erroneous data
This may be either of the TLB entry or an amalgama on of the two
A TLB conﬂict abort

When to use it
Changing the size of the block
Replacing a block mapping with a transla on table
Replacing a transla on table with block mapping
Se ng/Unse ng the con guous bit
Changing the output address if one of the entry is writeable
Changing the memory type
Changing the cacheability a ributes
Crea ng global entry that might overlaps non-global entries

When it is not necessary
Changing the permission of an entry
Changing the access ﬂag

Steps
It is a 4 steps approach:
1. Replace the old entry with an invalid entry
2. Invalidate the cached old entries with a broadcas ng TLB invalida on instruc on
3. Wait for the comple on of the TLB instruc on with a dsb followed by an isb
4. Write the new entry

Accessing Memory with MMU oﬀ

Cache architecture
(Modified) Harvard architecture
Mul ple levels of caching (with snooping)
Separate I-cache and D-cache (no snooping between I and D)
Either PIPT or non-aliasing VIPT for D-cache
Mee ng at the Point of Unifica on (PoU)
Controlled by a ributes in the page tables
Memory type (normal, device)
Cacheability, Shareability
Two Enable bits (I and C)
Actually not really an Enable switch
More like a global ”a ribute override”
Generally invisible to normal so ware
With a few key excep ons
An example is wri ng with MMU turned off

Accessing memory with MMU oﬀ/on
Memory can be wri en with MMU oﬀ and read with MMU on
An example is preparing the page-tables at boot
What could possibly go wrong?

Accessing memory with MMU off/on
Memory can be wri en with MMU off and read with MMU on
An example is preparing the page-tables at boot
What could possibly go wrong?
Write access with MMU off are non-cacheable
The state of the cache may be unknown
It may contain dirty/clean lines
Cache can specula vely load a line
Without proper cache maintenance:
Data may be overwri en
Old data may be read

Arm64 Image boot protocol
The Arm64 Image speciﬁca on describes the state of the processor at boot
MMU will be turned oﬀ
Loaded Image will be cleaned to Point Of Coherency (PoC)
The state of cache for the rest of the RAM is unknown
This includes BSS

Wri ng in the loaded image
The loaded image is cleaned to PoC
The cache may contain clean line for the region modiﬁed
Steps required
1. Write the data
2. Invalidate to PoC the region modiﬁed
Remove any clean line
Avoid to read the wrong data

Wri ng outside of the loaded image
The state of the cache is not known for any RAM but the loaded image
The cache may contain clean or dirty line for the region modiﬁed
Steps required
Remove any line
Prevent dirty cache line to be evicted
Avoid to overwrite the data
2. Write the data
Remove any line that were specula vely loaded
Avoid to read the wrong data

Implica ons for Xen

Implica ons for Xen
Parts of the boot and memory code needs to be rewri en.
Memory wri en with MMU oﬀ
Se ng up page-tables

Memory wri en with MMU off
At the moment, Xen is modifying the following part with MMU off
Zeroing BSS
Required because boot page-tables are part of it
This can be moved later if page-tables are moved out
Se ng-up ini al page-tables
Ini al page-tables are always writen with MMU off
Cache maintenance is required

A 1:1 mapping is necessary to turn the MMU on
It may clash with part of memory layout
The memory layout is sta c
At the moment, Xen is avoiding the clash by switching page-tables
This is not safe to do with the MMU is turned on

The 1:1 mapping needs to be kept for
CPU bring-up
Suspend/Resume

The 1:1 mapping needs to be kept for
CPU bring-up
Suspend/Resume
The memory layout needs to be dynamic to avoid clash

Upstreaming
The work is split in mul ple series as it is quite consequent.
Part of the page-tables update has been merged
Boot code reworked is under review
Comments, reviews, tes ng, help are more than welcomed

Ques ons?

The Arm trademarks featured in this presenta on are registered trademarks or
trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All rights
reserved. All other marks featured may be trademarks of their respec ve owners.
www.arm.com/company/policies/trademarks
© 2019 Arm Limited

XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd

More Related Content

XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd