kr...@berkeley.edu wrote:
>> On Fri, 15 Jul 2016 21:59:52 -0700, "Stefan O'Rear" <
sor...@gmail.com> said:
>>
> | On Fri, Jul 8, 2016 at 2:21 AM, Krste Asanovic <
kr...@berkeley.edu> wrote:
> || (p21) Virtualization Management Field in mstatus Register
>
> | In principle, a kernel could host multiple processes with different
> | requirements for virtual address mapping, and those requirements could
> | change over the lifetime of the process. (Imagine a Sv39 process
> | being automatically promoted to Sv48 after attempting to mmap more
> | than 256GiB of user address space.) Is that a supported use case?
>
> No - the intent is the OS only ever runs with one VM. We are
> planning to supports optimizations that remove unneeded levels of the
> page table when running with larger virtual address spaces.
>
I had a similar idea when I first read the privileged ISA draft, except
that I thought of it in the context of a user program (such as a Lisp
runtime) being able to trade address space for tag bits and gain a bit
of efficiency along the way. In a nutshell, I propose combining all Sv*
VM modes into three variants of an Spage ("supervisor-controlled
paging") VM mode. The three variants would be Spage32/Spage64/Spage128
for running RV32/RV64/RV128 supervisors, respectively. An
implementation that supports Spage need only support the mode
corresponding to its native width, but may support narrower widths for
compatibility with narrower supervisors.
An address space in the current RISC-V model can be thought of as a
paging depth (LEVELS in sec. 4.5.2) and a root physical page number.
For implementations that support multiple base architectures, an
additional field is needed for width selection, but this field need only
be one bit on RV64 (to select running RV32 user code) and two bits on
RV128 (to choose between RV128/RV64/RV32). Further, width selection
should probably use one of the reserved bits in the RV64 PTE to allow
interworking between RV32 and RV64 code, so I will set that issue aside
for now.
Since only one paging depth is practical on RV32, the new field is zero
bits wide and the RV32 sptbr is unchanged. For RV64, I propose
inserting a two bit paging depth field (exact name to be determined:
"paging depth" (PD), "table count" (TC), "paging levels" (PL), or
something else if someone else has a good idea for it) that stores the
number of page tables to use, minus 3, between ASID and root PPN in
sptbr, reducing the width of ASID by two bits. This should not be
problem, as even a 16 mebislot TLB (needed to make full use of a 24-bit
ASID--and that if only one entry from each ASID is stored, otherwise the
TLB needs to be even larger) seems impractical.
If each page table handles 9 bits of the virtual address in RV64, then
this approach provides virtual address spaces from 39 to 66 bits with
the top two bits in a "66-bit" virtual address space sign-extended from
bit 63. Following the pattern, if each RV128 page table handles 8 bits
of the virtual address, a four bit paging depth field with no offset
enables virtual address spaces from 12 to 132 bits, with the top four
bits in a "132-bit" virtual address space sign-extended from bit 127.
Since the general convention is to map the supervisor at the top of the
address space, varying paging depth will have no effect on the
supervisor mappings provided that the supervisor correctly maps itself
into every root page table. User code that uses tag bits need only
ensure that all-1s is not a valid tag, since such a pointer is
indistinguishable from a supervisor address. To fully support tagged
pointers, a flag needs to be added somewhere that relaxes address
checking and makes the unused bits don't-care in user mode.
A further step is to have separate ssptbr and suptbr registers for
supervisor and user page table bases. I have a rough outline that I'll
fill in if there is interest in the concept.
On a somewhat related matter, PUM should have no effect on instruction
fetch and S-mode should not be allowed to execute code from user pages
under any circumstance. Likewise, H-mode should never be allowed to
execute code from pages belonging to supervisors. What uses, other than
exploits, are there for running S-mode code from user pages or H-mode
code from supervisor pages?
On this note, how are M-mode instruction fetches translated in paging
modes? It seems to be unspecified. Am I overlooking something? Do
supervisors really have the ability to replace the M-mode trap handler
by mapping their own code at that address?
-- Jacob