Date   

Re: SBI Debug Console Extension Proposal (Draft v1)

Anup Patel
 

On Thu, Jun 2, 2022 at 6:29 PM Ved Shanbhogue <ved@...> wrote:

Should we keep this simple in the SBI - only have register based inputs - to send and receive 1 byte in each call?
Keeping it a simple out_byte or in_byte - a serial port like interface seems the simplest and most secure.
The legacy SBI v0.1 putchar() and getchar() are byte-level send/receive calls.

This is very slow for virtualized world particularly KVM RISC-V because each
SBI v0.1 putchar() or getchar() will trap to KVM RISC-V and KVM RISC-V will
forward it to user-space QEMU or KVMTOOL. This means each early print
character using SBI v0.1 putchar() will go all the way to host user-space and
come back. This is horribly slow for KVM Guest. This becomes further slower
for nested virtualization.

The MMIO based early prints are further worse because we have at least two
MMIO traps for every character where each MMIO exits to host user-space.

The shared memory based SBI puts() drastically reduces the number of SBI
traps hence reducing boot time with early prints enabled.

I worry about bugs/security issues that can be caused by M-mode firmware accessing strings in untrusted memory.
The VirtIO based para-virt devices rely heavily on shared memory so I think
it is possible to address security concerns related to shared memory.

The API as defined does not say whether the address is a virtual address or a physical address.
It is a physical address. I will clarify this in Draft v2.

If it is a virtual address then the SBI call will need to use a MPRV load/store to gather this data and will also need to deal with page fault, access faults, etc. that may occur on such accesses.
Yes, MPRV (or HLV/HSV) based load/store have performance issues
particularly due to page faults. These are prevalent in some of the
legacy SBI v0.1 calls. With SBI v0.2 (or higher), we have tried to
ensure that we don't use virtual addresses as parameter in newer SBI
calls.

Based on discussion it did not seem like it needs to be much fancier than this as this is for early OS/VMM code till it has enough functionality to directly interact with a uart.
The goal of the shared memory based SBI call for early prints is to
minimize the number of traps which in-turn helps virtualization to
drastically reduce boot-time.

Regards,
Anup


regards
ved



On Thu, Jun 2, 2022 at 7:43 AM Anup Patel <apatel@...> wrote:

On Thu, Jun 2, 2022 at 2:58 PM Heiko Stübner <heiko@...> wrote:

Am Donnerstag, 2. Juni 2022, 10:50:56 CEST schrieb Heiko Stübner:
Am Donnerstag, 2. Juni 2022, 10:47:58 CEST schrieb Anup Patel:
On Thu, Jun 2, 2022 at 12:02 AM Heiko Stübner <heiko@...> wrote:

Hi Anup,

Am Mittwoch, 1. Juni 2022, 18:17:32 CEST schrieb Anup Patel:
Hi All,

Below is the draft proposal for SBI Debug Console Extension.

Please review it and provide feedback.

Thanks,
Anup

Debug Console Extension (EID #0x4442434E "DBCN")
================================================

The debug console extension defines a generic mechanism for boot-time
early prints from supervisor-mode software which allows users to catch
boot-time issues in supervisor-mode software.

This extension replaces legacy console putchar (EID #0x01) extension
and it is better in following ways:
1) It follows the new calling convention defined for SBI v1.0
(or higher).
2) It is based on a shared memory area between SBI implementation
and supervisor-mode software so multiple characters can be
printed using a single SBI call.

The supervisor-mode software must set the shared memory area before
printing characters on the debug console. Also, all HARTs share the
same shared memory area so only one HART needs to set it at boot-time.

Function: Set Console Area (FID #0)
-----------------------------------

struct sbiret sbi_debug_console_set_area(unsigned long addr_div_by_4,
unsigned long size)

Set the shared memory area specified by `addr_div_by_2` and `size`
typo in the "div_by_2" (not 4 like below and in the function itself) ?


parameters. The `addr_div_by_4` parameter is base address of the
shared memory area right shifted by 2 whereas `size` parameter is
the size of shared memory area in bytes.

The shared memory area should be normal cacheable memory for the
supervisor-mode software. Also, the shared memory area is global
across all HARTs so SBI implementation must ensure atomicity in
setting the shared memory area.

Errors:
SBI_SUCCESS - Shared memory area set successfully.
SBI_ERR_INVALID_ADDRESS - The shared memory area pointed by
`addr_div_by_2` and `size` parameters
is not normal cacheable memory or not
accessible to supervisor-mode software.

Function: Console Puts (FID #1)
-------------------------------

struct sbiret sbi_debug_console_puts(unsigned long area_offset,
unsigned long num_chars)

Print the string specified by `area_offset` and `num_chars` on
the debug console. The `area_offset` parameter is the start of
string in the shard memory area whereas `num_chars` parameter
is the number of characters (or bytes) in the string.

This is a blocking SBI call and will only return after printing
all characters of the string.

Errors:
SBI_SUCCESS - Characters printed successfully.
SBI_ERR_INVALID_ADDRESS - The start of the string (i.e.
`area_offset`) or end of the string
(i.e. `area_offset + num_chars`) is
outside shared memory area.
This will vastly reduce the number of needed ecalls when outputting
characters, so this will probably improve performance quite a bit :-)


I guess I still would like to have an _additional_ single-character
putc call. As mentioned in the other thread [0], especially on consumer
hardware [where there is no elaborate debug infrastructure] this can
be a very handy debugging tool even in the earliest stages of a
booting kernel (both before relocation and even inside the startup
assembly).

I.e. just doing a
li a7, 1
li a6, 0
li a0, 36
ecall

in any kernel assembly will just output a "$" character right now, without
needing any preparation at all - same with using the current
sbi_console_putchar() directly in c-code.

This _can_ be very helpful in some cases, so I guess it would be nice
to keep such a functionality around also in the new spec.
You can easily create multiple pre-populated strings using ".asciiz" in
assembly sources. Just set the base address of pre-populated strings
once on boot hart and print from anywhere using usual 4-5 instruction
(similar to what posted above).
ok, sounds like a plan as well :-)
though, how does that relate to the time before MMU setup?

I.e. in response to Heinrich's mail you talk about svpbmt, so I guess you
expect virtual memory there, so what is the expected value-type before
the mmu is setup in S-mode ?
The memory type should be 0 (i.e. PMA) for the shared memory between
SBI implementation and supervisor software. Before MMU setup, the
memory type is by default 0 (i.e. PMA) so we don't have to mandate
any memory type for MMU disabled case.

We only have issue on systems with Svpmbt where supervisor software
can potentially map the shared memory as non-cacheable or IO (memory
type != 0) using PTE memory type bits.

In addition to above, a SBI implementation must ensure that the shared
memory address provided by supervisor software is a regular memory
(not MMIO device). This can be easily achieved in OpenSBI, KVM RISC-V,
and various hypervisors.

Regards,
Anup



[0] http://lists.infradead.org/pipermail/opensbi/2022-June/002796.html


Regards,
Anup






SBI changes

mark
 

we have seen a number of SBI changes proposed (debug console, ap tee, ...).

will there be one big rev ala priv 1.12, small fast tracks , something else?

I also suggest that this either needs to be run out of the priv sw HC or convene a new TG. Can we conduct this conversation there (and create the appropriate group or committee mail aliases).

Thanks
Mark

--------
sent from a mobile device. please forgive any typos.


Re: SBI Debug Console Extension Proposal (Draft v1)

洛佳 Luo Jia
 
Edited

Hello!
Glad to see a new proposal to the SBI standard. Besides to discussion before, I may (if possible or proper) suggest an idea of not implementing this extension, for SBI should provide transparency of peripherals to kernel other than wrap every possible drivers in SBI itself. Am I totally wrong, or are there any further ideas to this topic? Thanks :)

Best Regards,
Luo Jia


Re: SBI Debug Console Extension Proposal (Draft v1)

Anup Patel
 

On Thu, Jun 2, 2022 at 2:43 PM Heinrich Schuchardt
<heinrich.schuchardt@...> wrote:

On 6/2/22 10:44, Anup Patel wrote:
On Wed, Jun 1, 2022 at 11:59 PM Heinrich Schuchardt
<heinrich.schuchardt@...> wrote:

On 6/1/22 18:17, Anup Patel wrote:
Hi All,

Below is the draft proposal for SBI Debug Console Extension.

Please review it and provide feedback.

Thanks,
Anup

Debug Console Extension (EID #0x4442434E "DBCN")
================================================

The debug console extension defines a generic mechanism for boot-time
early prints from supervisor-mode software which allows users to catch
boot-time issues in supervisor-mode software.

This extension replaces legacy console putchar (EID #0x01) extension
and it is better in following ways:
Thanks for starting to close this gap.

1) It follows the new calling convention defined for SBI v1.0
(or higher).
2) It is based on a shared memory area between SBI implementation
and supervisor-mode software so multiple characters can be
printed using a single SBI call.
I miss a discussion of the conflicts that can arise if the configuration
of the serial console is changed by the caller.

Do we need an ecall that closes the SBI console to further access?
Usually, the serial port related code in M-mode firmware only uses
status and data registers so for most serial ports support the M-mode
firmware will adapt to serial port configuration changes.

In fact, this is why we never had a special SBI call for serial port
reconfiguration in legacy SBI v0.1 as well.

In case of virtualization, the serial port (or console) is emulated so
the special SBI call is not useful for virtualization.



The supervisor-mode software must set the shared memory area before
printing characters on the debug console. Also, all HARTs share the
same shared memory area so only one HART needs to set it at boot-time.
Isn't it M-mode software that has to program the MMU to allow all harts
in M-mode and S-mode access to the memory area? What is the S-mode
software to do about the memory area prior to calling
sbi_debug_console_set_area()?
Actually, it's the S-mode software which is voluntarily giving a portion of
its memory to be used as shared memory. The proposal only mandates
that whatever memory is selected by S-mode software should be a
regular cacheable memory (not IO memory). Also, if Svpbmt is available
then S-mode software should only use memory type 0 in the PTEs.



Function: Set Console Area (FID #0)
-----------------------------------

struct sbiret sbi_debug_console_set_area(unsigned long addr_div_by_4,
unsigned long size)
The console output is needed on the very start of the S-mode software,
before setting up anything.

Can we avoid this extra function?

Can we simply assume that the caller of sbi_debug_console_puts()
provides a physical address pointer to a memory area that is suitable?
Theoretically, we can avoid the extra function to set shared memory area
but it will complicate things in future when we have supervisor software
encrypting it's own memory (using special ISA support) because in this
case supervisor software will have to unprotect memory every time the
sbi_debug_console_puts() is called and protect it again after the call.
Currently this function is just a nop(). It is not needed in this
revision of the extension.

The function might be called repeatedly by different threads with
different values. How do you want to keep track of all of these
different areas?
The shared memory area in case of this SBI extension will be shared
across all HARTs so the SBI implementation will ensure atomicity
in setting/reading shared memory coordinates. This way multiple
HARTs can call the sbi_debug_console_set_area() but only the
last call will be in effect.

Following text in the proposal explains above:
"The supervisor-mode software must set the shared memory area before
printing characters on the debug console. Also, all HARTs share the
same shared memory area so only one HART needs to set it at boot-time."

Maybe this text is not giving a clear picture ?


Memory shared between different security realms will arise in many
different scenarios. As this is not console specific it should be in a
separate extension. That extension should be defined once we have
clarity about how security realms are managed.
In the case of this extension, the shared memory is global across all
HARTs and it mostly contains bytes to be printed. In case of steal
time accounting, the shared memory is separate for each HART and
it is a well-defined data structure.

Clearly, the usage of shared memory is extension specific.

The VirtIO devices are a good (and time tested) example of shared
memory based approaches. Over there as well, the shared memory
(i.e. various VirtIO rings) are setup by Guest and there is no central
pool of shared memory (i.e no dedicated VirtIO device managing
shared memory).

Similar to VirtIO world, we should let SBI extension define its own
shared memory usage and API.

Regards,
Anup





Set the shared memory area specified by `addr_div_by_2` and `size`
%s/addr_div_by_2/addr_div_by_4/
Okay, I will update.


parameters. The `addr_div_by_4` parameter is base address of the
%s/is base/is the base/
Okay, I will update.


shared memory area right shifted by 2 whereas `size` parameter is
the size of shared memory area in bytes.
Why shifting the address? I would prefer to keep it simple for the
caller. If the alignment is not suitable, return an error.

But why is an alignment needed here at all? And why 4 aligned?
For RV32 S-mode, the physical address space is 34bits wide but
"unsigned long" is 32bits wide. This is because Sv32 PTEs allow
34bits of PPN. In fact, even instructions such as HFENCE.GVMA
have this "address right shift by 2" requirement based on this rationale.



The shared memory area should be normal cacheable memory for the
supervisor-mode software. Also, the shared memory area is global
across all HARTs so SBI implementation must ensure atomicity in
setting the shared memory area.

Errors:
SBI_SUCCESS - Shared memory area set successfully.
SBI_ERR_INVALID_ADDRESS - The shared memory area pointed by
`addr_div_by_2` and `size` parameters
is not normal cacheable memory or not
accessible to supervisor-mode software.

Function: Console Puts (FID #1)
-------------------------------

struct sbiret sbi_debug_console_puts(unsigned long area_offset,
unsigned long num_chars)
I would prefer to simply pass a physical address pointer here with no
requirements on alignment. And no prior SBI call.
sbi_debug_console_set_area() might be called with different values by
different threads. An offset is ambiguous as it does not define to which
of the different shared areas it relates. Please, use a pointer.


Do we need num_chars? Are we expecting to provide binary output? Using
0x00 as terminator would be adequate in most cases.
Bare-metal tests (or assembly sources) can print sub-strings from
a large per-populated string in shared memory. Assuming that string
is always terminated by 0x00 in sbi_debug_console_puts() will break
this flexibility.
OK



What is the requirement on the console? Does it have to support 8bit
output to allow for UTF-8?
We need to clarify this. Suggestions ?
The platform specification would be the right place to require 8-bit
support for the console.



Do we make any assumptions about encoding?
Same as above, this needs more clarification. Suggestions ?
We should add to the platform specification that UTF-8 output is assumed
on the serial console.


I am of the opinion to keep such encoding related assumptions to be
minimal.


How would we handle a console set up to 7bit + parity if a character >
0x7f is sent?
I would consider this to be part of the clarification we add for encoding.
We should state if extra bits are ignored or the bytes are not send.
The easiest thing is to just ignore the extra bits. So let't state this
here.

Best regards

Heinrich




Print the string specified by `area_offset` and `num_chars` on
the debug console. The `area_offset` parameter is the start of
string in the shard memory area whereas `num_chars` parameter
%s/shard/shared/
Okay, I will update.


is the number of characters (or bytes) in the string.

This is a blocking SBI call and will only return after printing
all characters of the string.

Errors:
SBI_SUCCESS - Characters printed successfully.
SBI_ERR_INVALID_ADDRESS - The start of the string (i.e.
`area_offset`) or end of the string
(i.e. `area_offset + num_chars`) is
outside shared memory area.
There could be other reasons of failures:

* set up of the UART failed in OpenSBI
* no UART defined in the device-tree
* ...

So let us add SBI_ERR_FAILED to the list.
Okay, I will add.


Best regards

Heinrich
Regards,
Anup


Re: SBI Debug Console Extension Proposal (Draft v1)

Ved Shanbhogue
 

Should we keep this simple in the SBI - only have register based inputs - to send and receive 1 byte in each call?
Keeping it a simple out_byte or in_byte - a serial port like interface seems the simplest and most secure. 
I worry about bugs/security issues that can be caused by M-mode firmware accessing strings in untrusted memory.
The API as defined does not say whether the address is a virtual address or a physical address. 
If it is a virtual address then the SBI call will need to use a MPRV load/store to gather this data and will also need to deal with page fault, access faults, etc. that may occur on such accesses.
Based on discussion it did not seem like it needs to be much fancier than this as this is for early OS/VMM code till it has enough functionality to directly interact with a uart.

regards
ved



On Thu, Jun 2, 2022 at 7:43 AM Anup Patel <apatel@...> wrote:
On Thu, Jun 2, 2022 at 2:58 PM Heiko Stübner <heiko@...> wrote:
>
> Am Donnerstag, 2. Juni 2022, 10:50:56 CEST schrieb Heiko Stübner:
> > Am Donnerstag, 2. Juni 2022, 10:47:58 CEST schrieb Anup Patel:
> > > On Thu, Jun 2, 2022 at 12:02 AM Heiko Stübner <heiko@...> wrote:
> > > >
> > > > Hi Anup,
> > > >
> > > > Am Mittwoch, 1. Juni 2022, 18:17:32 CEST schrieb Anup Patel:
> > > > > Hi All,
> > > > >
> > > > > Below is the draft proposal for SBI Debug Console Extension.
> > > > >
> > > > > Please review it and provide feedback.
> > > > >
> > > > > Thanks,
> > > > > Anup
> > > > >
> > > > > Debug Console Extension (EID #0x4442434E "DBCN")
> > > > > ================================================
> > > > >
> > > > > The debug console extension defines a generic mechanism for boot-time
> > > > > early prints from supervisor-mode software which allows users to catch
> > > > > boot-time issues in supervisor-mode software.
> > > > >
> > > > > This extension replaces legacy console putchar (EID #0x01) extension
> > > > > and it is better in following ways:
> > > > > 1) It follows the new calling convention defined for SBI v1.0
> > > > >    (or higher).
> > > > > 2) It is based on a shared memory area between SBI implementation
> > > > >    and supervisor-mode software so multiple characters can be
> > > > >    printed using a single SBI call.
> > > > >
> > > > > The supervisor-mode software must set the shared memory area before
> > > > > printing characters on the debug console. Also, all HARTs share the
> > > > > same shared memory area so only one HART needs to set it at boot-time.
> > > > >
> > > > > Function: Set Console Area (FID #0)
> > > > > -----------------------------------
> > > > >
> > > > > struct sbiret sbi_debug_console_set_area(unsigned long addr_div_by_4,
> > > > >                                          unsigned long size)
> > > > >
> > > > > Set the shared memory area specified by `addr_div_by_2` and `size`
> > > >
> > > > typo in the "div_by_2" (not 4 like below and in the function itself) ?
> > > >
> > > >
> > > > > parameters. The `addr_div_by_4` parameter is base address of the
> > > > > shared memory area right shifted by 2 whereas `size` parameter is
> > > > > the size of shared memory area in bytes.
> > > > >
> > > > > The shared memory area should be normal cacheable memory for the
> > > > > supervisor-mode software. Also, the shared memory area is global
> > > > > across all HARTs so SBI implementation must ensure atomicity in
> > > > > setting the shared memory area.
> > > > >
> > > > > Errors:
> > > > > SBI_SUCCESS                - Shared memory area set successfully.
> > > > > SBI_ERR_INVALID_ADDRESS - The shared memory area pointed by
> > > > >                           `addr_div_by_2` and `size` parameters
> > > > >                           is not normal cacheable memory or not
> > > > >                           accessible to supervisor-mode software.
> > > > >
> > > > > Function: Console Puts (FID #1)
> > > > > -------------------------------
> > > > >
> > > > > struct sbiret sbi_debug_console_puts(unsigned long area_offset,
> > > > >                                      unsigned long num_chars)
> > > > >
> > > > > Print the string specified by `area_offset` and `num_chars` on
> > > > > the debug console. The `area_offset` parameter is the start of
> > > > > string in the shard memory area whereas `num_chars` parameter
> > > > > is the number of characters (or bytes) in the string.
> > > > >
> > > > > This is a blocking SBI call and will only return after printing
> > > > > all characters of the string.
> > > > >
> > > > > Errors:
> > > > > SBI_SUCCESS                - Characters printed successfully.
> > > > > SBI_ERR_INVALID_ADDRESS    - The start of the string (i.e.
> > > > >                           `area_offset`) or end of the string
> > > > >                           (i.e. `area_offset + num_chars`) is
> > > > >                           outside shared memory area.
> > > >
> > > > This will vastly reduce the number of needed ecalls when outputting
> > > > characters, so this will probably improve performance quite a bit :-)
> > > >
> > > >
> > > > I guess I still would like to have an _additional_ single-character
> > > > putc call. As mentioned in the other thread [0], especially on consumer
> > > > hardware [where there is no elaborate debug infrastructure] this can
> > > > be a very handy debugging tool even in the earliest stages of a
> > > > booting kernel (both before relocation and even inside the startup
> > > > assembly).
> > > >
> > > > I.e. just doing a
> > > >         li a7, 1
> > > >         li a6, 0
> > > >         li a0, 36
> > > >         ecall
> > > >
> > > > in any kernel assembly will just output a "$" character right now, without
> > > > needing any preparation at all - same with using the current
> > > > sbi_console_putchar() directly in c-code.
> > > >
> > > > This _can_ be very helpful in some cases, so I guess it would be nice
> > > > to keep such a functionality around also in the new spec.
> > >
> > > You can easily create multiple pre-populated strings using ".asciiz" in
> > > assembly sources. Just set the base address of pre-populated strings
> > > once on boot hart and print from anywhere using usual 4-5 instruction
> > > (similar to what posted above).
> >
> > ok, sounds like a plan as well :-)
>
> though, how does that relate to the time before MMU setup?
>
> I.e. in response to Heinrich's mail you talk about svpbmt, so I guess you
> expect virtual memory there, so what is the expected value-type before
> the mmu is setup in S-mode ?

The memory type should be 0 (i.e. PMA) for the shared memory between
SBI implementation and supervisor software. Before MMU setup, the
memory type is by default 0 (i.e. PMA) so we don't have to mandate
any memory type for MMU disabled case.

We only have issue on systems with Svpmbt where supervisor software
can potentially map the shared memory as non-cacheable or IO (memory
type != 0) using PTE memory type bits.

In addition to above, a SBI implementation must ensure that the shared
memory address provided by supervisor software is a regular memory
(not MMIO device). This can be easily achieved in OpenSBI, KVM RISC-V,
and various hypervisors.

Regards,
Anup

>
>
> > > > [0] http://lists.infradead.org/pipermail/opensbi/2022-June/002796.html
> > > >
> > > >
> > > >
> > >
> > > Regards,
> > > Anup
> > >
> >
> >
>
>
>
>






Re: SBI Debug Console Extension Proposal (Draft v1)

Anup Patel
 

On Thu, Jun 2, 2022 at 2:58 PM Heiko Stübner <heiko@...> wrote:

Am Donnerstag, 2. Juni 2022, 10:50:56 CEST schrieb Heiko Stübner:
Am Donnerstag, 2. Juni 2022, 10:47:58 CEST schrieb Anup Patel:
On Thu, Jun 2, 2022 at 12:02 AM Heiko Stübner <heiko@...> wrote:

Hi Anup,

Am Mittwoch, 1. Juni 2022, 18:17:32 CEST schrieb Anup Patel:
Hi All,

Below is the draft proposal for SBI Debug Console Extension.

Please review it and provide feedback.

Thanks,
Anup

Debug Console Extension (EID #0x4442434E "DBCN")
================================================

The debug console extension defines a generic mechanism for boot-time
early prints from supervisor-mode software which allows users to catch
boot-time issues in supervisor-mode software.

This extension replaces legacy console putchar (EID #0x01) extension
and it is better in following ways:
1) It follows the new calling convention defined for SBI v1.0
(or higher).
2) It is based on a shared memory area between SBI implementation
and supervisor-mode software so multiple characters can be
printed using a single SBI call.

The supervisor-mode software must set the shared memory area before
printing characters on the debug console. Also, all HARTs share the
same shared memory area so only one HART needs to set it at boot-time.

Function: Set Console Area (FID #0)
-----------------------------------

struct sbiret sbi_debug_console_set_area(unsigned long addr_div_by_4,
unsigned long size)

Set the shared memory area specified by `addr_div_by_2` and `size`
typo in the "div_by_2" (not 4 like below and in the function itself) ?


parameters. The `addr_div_by_4` parameter is base address of the
shared memory area right shifted by 2 whereas `size` parameter is
the size of shared memory area in bytes.

The shared memory area should be normal cacheable memory for the
supervisor-mode software. Also, the shared memory area is global
across all HARTs so SBI implementation must ensure atomicity in
setting the shared memory area.

Errors:
SBI_SUCCESS - Shared memory area set successfully.
SBI_ERR_INVALID_ADDRESS - The shared memory area pointed by
`addr_div_by_2` and `size` parameters
is not normal cacheable memory or not
accessible to supervisor-mode software.

Function: Console Puts (FID #1)
-------------------------------

struct sbiret sbi_debug_console_puts(unsigned long area_offset,
unsigned long num_chars)

Print the string specified by `area_offset` and `num_chars` on
the debug console. The `area_offset` parameter is the start of
string in the shard memory area whereas `num_chars` parameter
is the number of characters (or bytes) in the string.

This is a blocking SBI call and will only return after printing
all characters of the string.

Errors:
SBI_SUCCESS - Characters printed successfully.
SBI_ERR_INVALID_ADDRESS - The start of the string (i.e.
`area_offset`) or end of the string
(i.e. `area_offset + num_chars`) is
outside shared memory area.
This will vastly reduce the number of needed ecalls when outputting
characters, so this will probably improve performance quite a bit :-)


I guess I still would like to have an _additional_ single-character
putc call. As mentioned in the other thread [0], especially on consumer
hardware [where there is no elaborate debug infrastructure] this can
be a very handy debugging tool even in the earliest stages of a
booting kernel (both before relocation and even inside the startup
assembly).

I.e. just doing a
li a7, 1
li a6, 0
li a0, 36
ecall

in any kernel assembly will just output a "$" character right now, without
needing any preparation at all - same with using the current
sbi_console_putchar() directly in c-code.

This _can_ be very helpful in some cases, so I guess it would be nice
to keep such a functionality around also in the new spec.
You can easily create multiple pre-populated strings using ".asciiz" in
assembly sources. Just set the base address of pre-populated strings
once on boot hart and print from anywhere using usual 4-5 instruction
(similar to what posted above).
ok, sounds like a plan as well :-)
though, how does that relate to the time before MMU setup?

I.e. in response to Heinrich's mail you talk about svpbmt, so I guess you
expect virtual memory there, so what is the expected value-type before
the mmu is setup in S-mode ?
The memory type should be 0 (i.e. PMA) for the shared memory between
SBI implementation and supervisor software. Before MMU setup, the
memory type is by default 0 (i.e. PMA) so we don't have to mandate
any memory type for MMU disabled case.

We only have issue on systems with Svpmbt where supervisor software
can potentially map the shared memory as non-cacheable or IO (memory
type != 0) using PTE memory type bits.

In addition to above, a SBI implementation must ensure that the shared
memory address provided by supervisor software is a regular memory
(not MMIO device). This can be easily achieved in OpenSBI, KVM RISC-V,
and various hypervisors.

Regards,
Anup



[0] http://lists.infradead.org/pipermail/opensbi/2022-June/002796.html


Regards,
Anup



Re: SBI Debug Console Extension Proposal (Draft v1)

Anup Patel
 

On Thu, Jun 2, 2022 at 10:08 AM Xiang W <wxjstz@...> wrote:

在 2022-06-01星期三的 21:47 +0530,Anup Patel写道:
Hi All,

Below is the draft proposal for SBI Debug Console Extension.

Please review it and provide feedback.

Thanks,
Anup

Debug Console Extension (EID #0x4442434E "DBCN")
================================================

The debug console extension defines a generic mechanism for boot-time
early prints from supervisor-mode software which allows users to catch
boot-time issues in supervisor-mode software.

This extension replaces legacy console putchar (EID #0x01) extension
and it is better in following ways:
1) It follows the new calling convention defined for SBI v1.0
(or higher).
2) It is based on a shared memory area between SBI implementation
and supervisor-mode software so multiple characters can be
printed using a single SBI call.

The supervisor-mode software must set the shared memory area before
printing characters on the debug console. Also, all HARTs share the
same shared memory area so only one HART needs to set it at boot-time.

Function: Set Console Area (FID #0)
-----------------------------------

struct sbiret sbi_debug_console_set_area(unsigned long addr_div_by_4,
unsigned long size)

Set the shared memory area specified by `addr_div_by_2` and `size`
parameters. The `addr_div_by_4` parameter is base address of the
shared memory area right shifted by 2 whereas `size` parameter is
the size of shared memory area in bytes.

The shared memory area should be normal cacheable memory for the
supervisor-mode software. Also, the shared memory area is global
across all HARTs so SBI implementation must ensure atomicity in
setting the shared memory area.

Errors:
SBI_SUCCESS - Shared memory area set successfully.
SBI_ERR_INVALID_ADDRESS - The shared memory area pointed by
`addr_div_by_2` and `size` parameters
is not normal cacheable memory or not
accessible to supervisor-mode software.
Shared memory can be a single extension. The three interfaces are as follows

/* The supervisor hands a piece of physical memory to sbi for shared memory */
struct sbiret sbi_shared_memory_extrend(unsigned long addr, unsigned long size);


/* The supervisor applies for a piece of physical memory from sbi */
struct sbiret sbi_shared_memory_alloc(unsigned long size);


/* The supervisor notifies sbi to release the requested memory */
struct sbiret sbi_shared_memory_free(unsigned long addr);
Clearly, if we have a separate SBI extension to manage shared memory
then we will end-up with such memory management calls. Memory allocators
are generally hard to get it right and this also adds lot of bookkeeping and
state management in SBI implementations (e.g. OpenSBI, KVM RISC-V,
and various hypervisors).

Further, some of the SBI extensions (such as Steal Time Accounting) will
have separate shared memory for each HART whereas some (such as
Debug Console) will have global shared memory for all HARTs.

For clean and modular SBI implementations, I would recommend that
each SBI extension define its own shared memory setup API.

Regards,
Anup



Function: Console Puts (FID #1)
-------------------------------

struct sbiret sbi_debug_console_puts(unsigned long area_offset,
unsigned long num_chars)

Print the string specified by `area_offset` and `num_chars` on
the debug console. The `area_offset` parameter is the start of
string in the shard memory area whereas `num_chars` parameter
is the number of characters (or bytes) in the string.

This is a blocking SBI call and will only return after printing
all characters of the string.

Errors:
SBI_SUCCESS - Characters printed successfully.
SBI_ERR_INVALID_ADDRESS - The start of the string (i.e.
`area_offset`) or end of the string
(i.e. `area_offset + num_chars`) is
outside shared memory area.


Re: [sig-hypervisors] SBI Debug Console Extension Proposal (Draft v1)

Schwarz, Konrad <konrad.schwarz@...>
 

Hi Anup,

From: sig-hypervisors@... <sig-hypervisors@...> On Behalf Of Anup Patel via
lists.riscv.org
Subject: [sig-hypervisors] SBI Debug Console Extension Proposal (Draft v1)

Below is the draft proposal for SBI Debug Console Extension.
Here are my thoughts:

* Guest memory access: I think this would be the first SBI extension to require access to
guest memory. This needs to be considered carefully, but I think the higher bandwidth afforded by
the interface is useful enough to allow this.

* API:
* Currently, only a write interface is provided. It would be much better to have a
read/write interface.

Benefits of this would be to allow a hypervisor to control an OS, e.g., for testing purposes
or to automate installation tasks. Inter-guest communication could also be realized
via such an interface.

* As the relationship between SBI and OS is the same as OS and user process, an interface
in the style of e.g., Unix IO is possible.

* Global shared memory buffer design and alternatives:

The API should have per read() or write() parameters for buffer address and length.
This makes it easy for different parts of the OS kernel to output strings directly,
without requiring thread synchronization of the shared buffer used by the present proposal.
A single buffer (i.e., shared memory) will in most SW architectures require an
extra copying of the formatted output string into the shared memory region, which
would be avoided using per read()/write() call parameters.
The exact same argument applies to the SBI implementation: a multi-hart machine
utilizing a single shared memory block to communicate with S-mode software
will require m-mode thread synchronization when accessing the block.
Having only a single shared memory block will lead to scaling problems
on high hart count machines.

I see no advantages of the proposed design to dedicate a block of memory to
I/O in advance (and no modern API does this).
The SBI implementation will still need to be prepared to handle
access faults on each read and write call, there is no amortization of one-time costs
regarding address translation or permission checking that I see. In the H-extension,
the guest memory access instructions are as effective as possible, for M-mode code,
I'm sure that efficient access to S-mode virtual addresses is possible as well.
(Or the convention can be made that addresses are specified as guest-physical,
which should be avoided if efficient alternatives are available in RISC-V.
Note that the draft proposal does not speak of this at all).

* Multiple device support: a parameter should be allocated to allow the OS to
select which of possibly several output devices to utilize, like the "file
descriptor" parameter of the POSIX read()/write() interface.

This raises the question of binding these file descriptors to physical devices,
but a start could be made in analogy to Unix (again), where devices 0, 1, 2 are
assigned to standard in, standard out, and standard error, and in many cases
will be attached to the same physical device, and that are pre-opened when the
OS starts. As in Unix, the semantics of these would be roughly defined,
but an OS could write out its boot logging strings to 2, and drive an interactive
console process (such as a shell) from 0 and 1.

The question of binding string-valued names to file descriptor (open()) and
closing them, etc., could be deferred to a later date and possibly
be implementation defined.

* Asynchronicity and flow control: Unix solves this (poorly) via select()
or the SIGIO signal. If SBI introduces an interface for this, this will need to
co-exist with the OS scheduling that is largely driven by the interrupt controller,
which is a hard thing to do.

I think that the SBI interface should
be best effort, copying all data from the client immediately (as Unix does):
when buffer space in the SBI implementation is exhausted,
it should return short counts; if the SBI client is prepared to wait, a blocking
flush call could be added, which returns when some measure space is
available in the SBI implementation's output buffers (or when input is available).

The existing Unix interfaces for this can again be used as a guide; they
should be mature enough to cover all relevant cases.

For highest performance, an S-mode interrupt could be synthesized by the
SBI implementation when buffer space is available.

With best regards,
Konrad Schwarz

Siemens AG
T CED SES-DE
Otto-Hahn-Ring 6
81739 Munich, Germany
Phone: +49 (89) 7805-22579
Fax.: +49 (89) 636-33045
Mobile: +49 (1522) 8864636
mailto:konrad.schwarz@...
www.siemens.com

Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Jim Hagemann Snabe; Managing Board: Roland Busch, Chairman, President and Chief Executive Officer; Cedrik Neike, Matthias Rebellius, Ralf P. Thomas, Judith Wiese; Registered offices: Berlin and Munich, Germany; Commercial registries: Berlin-Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322


Re: SBI Debug Console Extension Proposal (Draft v1)

Heiko Stuebner <heiko@...>
 

Am Donnerstag, 2. Juni 2022, 10:50:56 CEST schrieb Heiko Stübner:
Am Donnerstag, 2. Juni 2022, 10:47:58 CEST schrieb Anup Patel:
On Thu, Jun 2, 2022 at 12:02 AM Heiko Stübner <heiko@...> wrote:

Hi Anup,

Am Mittwoch, 1. Juni 2022, 18:17:32 CEST schrieb Anup Patel:
Hi All,

Below is the draft proposal for SBI Debug Console Extension.

Please review it and provide feedback.

Thanks,
Anup

Debug Console Extension (EID #0x4442434E "DBCN")
================================================

The debug console extension defines a generic mechanism for boot-time
early prints from supervisor-mode software which allows users to catch
boot-time issues in supervisor-mode software.

This extension replaces legacy console putchar (EID #0x01) extension
and it is better in following ways:
1) It follows the new calling convention defined for SBI v1.0
(or higher).
2) It is based on a shared memory area between SBI implementation
and supervisor-mode software so multiple characters can be
printed using a single SBI call.

The supervisor-mode software must set the shared memory area before
printing characters on the debug console. Also, all HARTs share the
same shared memory area so only one HART needs to set it at boot-time.

Function: Set Console Area (FID #0)
-----------------------------------

struct sbiret sbi_debug_console_set_area(unsigned long addr_div_by_4,
unsigned long size)

Set the shared memory area specified by `addr_div_by_2` and `size`
typo in the "div_by_2" (not 4 like below and in the function itself) ?


parameters. The `addr_div_by_4` parameter is base address of the
shared memory area right shifted by 2 whereas `size` parameter is
the size of shared memory area in bytes.

The shared memory area should be normal cacheable memory for the
supervisor-mode software. Also, the shared memory area is global
across all HARTs so SBI implementation must ensure atomicity in
setting the shared memory area.

Errors:
SBI_SUCCESS - Shared memory area set successfully.
SBI_ERR_INVALID_ADDRESS - The shared memory area pointed by
`addr_div_by_2` and `size` parameters
is not normal cacheable memory or not
accessible to supervisor-mode software.

Function: Console Puts (FID #1)
-------------------------------

struct sbiret sbi_debug_console_puts(unsigned long area_offset,
unsigned long num_chars)

Print the string specified by `area_offset` and `num_chars` on
the debug console. The `area_offset` parameter is the start of
string in the shard memory area whereas `num_chars` parameter
is the number of characters (or bytes) in the string.

This is a blocking SBI call and will only return after printing
all characters of the string.

Errors:
SBI_SUCCESS - Characters printed successfully.
SBI_ERR_INVALID_ADDRESS - The start of the string (i.e.
`area_offset`) or end of the string
(i.e. `area_offset + num_chars`) is
outside shared memory area.
This will vastly reduce the number of needed ecalls when outputting
characters, so this will probably improve performance quite a bit :-)


I guess I still would like to have an _additional_ single-character
putc call. As mentioned in the other thread [0], especially on consumer
hardware [where there is no elaborate debug infrastructure] this can
be a very handy debugging tool even in the earliest stages of a
booting kernel (both before relocation and even inside the startup
assembly).

I.e. just doing a
li a7, 1
li a6, 0
li a0, 36
ecall

in any kernel assembly will just output a "$" character right now, without
needing any preparation at all - same with using the current
sbi_console_putchar() directly in c-code.

This _can_ be very helpful in some cases, so I guess it would be nice
to keep such a functionality around also in the new spec.
You can easily create multiple pre-populated strings using ".asciiz" in
assembly sources. Just set the base address of pre-populated strings
once on boot hart and print from anywhere using usual 4-5 instruction
(similar to what posted above).
ok, sounds like a plan as well :-)
though, how does that relate to the time before MMU setup?

I.e. in response to Heinrich's mail you talk about svpbmt, so I guess you
expect virtual memory there, so what is the expected value-type before
the mmu is setup in S-mode ?


[0] http://lists.infradead.org/pipermail/opensbi/2022-June/002796.html


Regards,
Anup


Re: SBI Debug Console Extension Proposal (Draft v1)

Heinrich Schuchardt
 

On 6/2/22 10:44, Anup Patel wrote:
On Wed, Jun 1, 2022 at 11:59 PM Heinrich Schuchardt
<heinrich.schuchardt@...> wrote:

On 6/1/22 18:17, Anup Patel wrote:
Hi All,

Below is the draft proposal for SBI Debug Console Extension.

Please review it and provide feedback.

Thanks,
Anup

Debug Console Extension (EID #0x4442434E "DBCN")
================================================

The debug console extension defines a generic mechanism for boot-time
early prints from supervisor-mode software which allows users to catch
boot-time issues in supervisor-mode software.

This extension replaces legacy console putchar (EID #0x01) extension
and it is better in following ways:
Thanks for starting to close this gap.

1) It follows the new calling convention defined for SBI v1.0
(or higher).
2) It is based on a shared memory area between SBI implementation
and supervisor-mode software so multiple characters can be
printed using a single SBI call.
I miss a discussion of the conflicts that can arise if the configuration
of the serial console is changed by the caller.

Do we need an ecall that closes the SBI console to further access?
Usually, the serial port related code in M-mode firmware only uses
status and data registers so for most serial ports support the M-mode
firmware will adapt to serial port configuration changes.
In fact, this is why we never had a special SBI call for serial port
reconfiguration in legacy SBI v0.1 as well.
In case of virtualization, the serial port (or console) is emulated so
the special SBI call is not useful for virtualization.



The supervisor-mode software must set the shared memory area before
printing characters on the debug console. Also, all HARTs share the
same shared memory area so only one HART needs to set it at boot-time.
Isn't it M-mode software that has to program the MMU to allow all harts
in M-mode and S-mode access to the memory area? What is the S-mode
software to do about the memory area prior to calling
sbi_debug_console_set_area()?
Actually, it's the S-mode software which is voluntarily giving a portion of
its memory to be used as shared memory. The proposal only mandates
that whatever memory is selected by S-mode software should be a
regular cacheable memory (not IO memory). Also, if Svpbmt is available
then S-mode software should only use memory type 0 in the PTEs.



Function: Set Console Area (FID #0)
-----------------------------------

struct sbiret sbi_debug_console_set_area(unsigned long addr_div_by_4,
unsigned long size)
The console output is needed on the very start of the S-mode software,
before setting up anything.

Can we avoid this extra function?

Can we simply assume that the caller of sbi_debug_console_puts()
provides a physical address pointer to a memory area that is suitable?
Theoretically, we can avoid the extra function to set shared memory area
but it will complicate things in future when we have supervisor software
encrypting it's own memory (using special ISA support) because in this
case supervisor software will have to unprotect memory every time the
sbi_debug_console_puts() is called and protect it again after the call.
Currently this function is just a nop(). It is not needed in this revision of the extension.

The function might be called repeatedly by different threads with different values. How do you want to keep track of all of these different areas?

Memory shared between different security realms will arise in many different scenarios. As this is not console specific it should be in a separate extension. That extension should be defined once we have clarity about how security realms are managed.




Set the shared memory area specified by `addr_div_by_2` and `size`
%s/addr_div_by_2/addr_div_by_4/
Okay, I will update.


parameters. The `addr_div_by_4` parameter is base address of the
%s/is base/is the base/
Okay, I will update.


shared memory area right shifted by 2 whereas `size` parameter is
the size of shared memory area in bytes.
Why shifting the address? I would prefer to keep it simple for the
caller. If the alignment is not suitable, return an error.

But why is an alignment needed here at all? And why 4 aligned?
For RV32 S-mode, the physical address space is 34bits wide but
"unsigned long" is 32bits wide. This is because Sv32 PTEs allow
34bits of PPN. In fact, even instructions such as HFENCE.GVMA
have this "address right shift by 2" requirement based on this rationale.



The shared memory area should be normal cacheable memory for the
supervisor-mode software. Also, the shared memory area is global
across all HARTs so SBI implementation must ensure atomicity in
setting the shared memory area.

Errors:
SBI_SUCCESS - Shared memory area set successfully.
SBI_ERR_INVALID_ADDRESS - The shared memory area pointed by
`addr_div_by_2` and `size` parameters
is not normal cacheable memory or not
accessible to supervisor-mode software.

Function: Console Puts (FID #1)
-------------------------------

struct sbiret sbi_debug_console_puts(unsigned long area_offset,
unsigned long num_chars)
I would prefer to simply pass a physical address pointer here with no
requirements on alignment. And no prior SBI call.
sbi_debug_console_set_area() might be called with different values by different threads. An offset is ambiguous as it does not define to which of the different shared areas it relates. Please, use a pointer.


Do we need num_chars? Are we expecting to provide binary output? Using
0x00 as terminator would be adequate in most cases.
Bare-metal tests (or assembly sources) can print sub-strings from
a large per-populated string in shared memory. Assuming that string
is always terminated by 0x00 in sbi_debug_console_puts() will break
this flexibility.
OK



What is the requirement on the console? Does it have to support 8bit
output to allow for UTF-8?
We need to clarify this. Suggestions ?
The platform specification would be the right place to require 8-bit support for the console.



Do we make any assumptions about encoding?
Same as above, this needs more clarification. Suggestions ?
We should add to the platform specification that UTF-8 output is assumed on the serial console.

I am of the opinion to keep such encoding related assumptions to be
minimal.


How would we handle a console set up to 7bit + parity if a character >
0x7f is sent?
I would consider this to be part of the clarification we add for encoding.
We should state if extra bits are ignored or the bytes are not send.
The easiest thing is to just ignore the extra bits. So let't state this here.

Best regards

Heinrich




Print the string specified by `area_offset` and `num_chars` on
the debug console. The `area_offset` parameter is the start of
string in the shard memory area whereas `num_chars` parameter
%s/shard/shared/
Okay, I will update.


is the number of characters (or bytes) in the string.

This is a blocking SBI call and will only return after printing
all characters of the string.

Errors:
SBI_SUCCESS - Characters printed successfully.
SBI_ERR_INVALID_ADDRESS - The start of the string (i.e.
`area_offset`) or end of the string
(i.e. `area_offset + num_chars`) is
outside shared memory area.
There could be other reasons of failures:

* set up of the UART failed in OpenSBI
* no UART defined in the device-tree
* ...

So let us add SBI_ERR_FAILED to the list.
Okay, I will add.


Best regards

Heinrich
Regards,
Anup


Re: SBI Debug Console Extension Proposal (Draft v1)

Heiko Stuebner <heiko@...>
 

Am Donnerstag, 2. Juni 2022, 10:47:58 CEST schrieb Anup Patel:
On Thu, Jun 2, 2022 at 12:02 AM Heiko Stübner <heiko@...> wrote:

Hi Anup,

Am Mittwoch, 1. Juni 2022, 18:17:32 CEST schrieb Anup Patel:
Hi All,

Below is the draft proposal for SBI Debug Console Extension.

Please review it and provide feedback.

Thanks,
Anup

Debug Console Extension (EID #0x4442434E "DBCN")
================================================

The debug console extension defines a generic mechanism for boot-time
early prints from supervisor-mode software which allows users to catch
boot-time issues in supervisor-mode software.

This extension replaces legacy console putchar (EID #0x01) extension
and it is better in following ways:
1) It follows the new calling convention defined for SBI v1.0
(or higher).
2) It is based on a shared memory area between SBI implementation
and supervisor-mode software so multiple characters can be
printed using a single SBI call.

The supervisor-mode software must set the shared memory area before
printing characters on the debug console. Also, all HARTs share the
same shared memory area so only one HART needs to set it at boot-time.

Function: Set Console Area (FID #0)
-----------------------------------

struct sbiret sbi_debug_console_set_area(unsigned long addr_div_by_4,
unsigned long size)

Set the shared memory area specified by `addr_div_by_2` and `size`
typo in the "div_by_2" (not 4 like below and in the function itself) ?


parameters. The `addr_div_by_4` parameter is base address of the
shared memory area right shifted by 2 whereas `size` parameter is
the size of shared memory area in bytes.

The shared memory area should be normal cacheable memory for the
supervisor-mode software. Also, the shared memory area is global
across all HARTs so SBI implementation must ensure atomicity in
setting the shared memory area.

Errors:
SBI_SUCCESS - Shared memory area set successfully.
SBI_ERR_INVALID_ADDRESS - The shared memory area pointed by
`addr_div_by_2` and `size` parameters
is not normal cacheable memory or not
accessible to supervisor-mode software.

Function: Console Puts (FID #1)
-------------------------------

struct sbiret sbi_debug_console_puts(unsigned long area_offset,
unsigned long num_chars)

Print the string specified by `area_offset` and `num_chars` on
the debug console. The `area_offset` parameter is the start of
string in the shard memory area whereas `num_chars` parameter
is the number of characters (or bytes) in the string.

This is a blocking SBI call and will only return after printing
all characters of the string.

Errors:
SBI_SUCCESS - Characters printed successfully.
SBI_ERR_INVALID_ADDRESS - The start of the string (i.e.
`area_offset`) or end of the string
(i.e. `area_offset + num_chars`) is
outside shared memory area.
This will vastly reduce the number of needed ecalls when outputting
characters, so this will probably improve performance quite a bit :-)


I guess I still would like to have an _additional_ single-character
putc call. As mentioned in the other thread [0], especially on consumer
hardware [where there is no elaborate debug infrastructure] this can
be a very handy debugging tool even in the earliest stages of a
booting kernel (both before relocation and even inside the startup
assembly).

I.e. just doing a
li a7, 1
li a6, 0
li a0, 36
ecall

in any kernel assembly will just output a "$" character right now, without
needing any preparation at all - same with using the current
sbi_console_putchar() directly in c-code.

This _can_ be very helpful in some cases, so I guess it would be nice
to keep such a functionality around also in the new spec.
You can easily create multiple pre-populated strings using ".asciiz" in
assembly sources. Just set the base address of pre-populated strings
once on boot hart and print from anywhere using usual 4-5 instruction
(similar to what posted above).
ok, sounds like a plan as well :-)


[0] http://lists.infradead.org/pipermail/opensbi/2022-June/002796.html


Regards,
Anup


Re: SBI Debug Console Extension Proposal (Draft v1)

Anup Patel
 

On Thu, Jun 2, 2022 at 9:14 AM Xiang W <wxjstz@...> wrote:

在 2022-06-01星期三的 21:47 +0530,Anup Patel写道:
Hi All,

Below is the draft proposal for SBI Debug Console Extension.

Please review it and provide feedback.

Thanks,
Anup
The use of these two APIs is too complicated, and the supervisor-mode
software needs to create a data structure to manage the Console Area.
I recommend using the simpler interface:

struct sbiret sbi_debug_console_puts(unsigned long addr,
unsigned long num_chars)
Heinrich has a similar suggestion so please see my response to
his comment.

Regards,
Anup


Regards,
Xiang W

Debug Console Extension (EID #0x4442434E "DBCN")
================================================

The debug console extension defines a generic mechanism for boot-time
early prints from supervisor-mode software which allows users to catch
boot-time issues in supervisor-mode software.

This extension replaces legacy console putchar (EID #0x01) extension
and it is better in following ways:
1) It follows the new calling convention defined for SBI v1.0
(or higher).
2) It is based on a shared memory area between SBI implementation
and supervisor-mode software so multiple characters can be
printed using a single SBI call.

The supervisor-mode software must set the shared memory area before
printing characters on the debug console. Also, all HARTs share the
same shared memory area so only one HART needs to set it at boot-time.

Function: Set Console Area (FID #0)
-----------------------------------

struct sbiret sbi_debug_console_set_area(unsigned long addr_div_by_4,
unsigned long size)

Set the shared memory area specified by `addr_div_by_2` and `size`
parameters. The `addr_div_by_4` parameter is base address of the
shared memory area right shifted by 2 whereas `size` parameter is
the size of shared memory area in bytes.

The shared memory area should be normal cacheable memory for the
supervisor-mode software. Also, the shared memory area is global
across all HARTs so SBI implementation must ensure atomicity in
setting the shared memory area.

Errors:
SBI_SUCCESS - Shared memory area set successfully.
SBI_ERR_INVALID_ADDRESS - The shared memory area pointed by
`addr_div_by_2` and `size` parameters
is not normal cacheable memory or not
accessible to supervisor-mode software.

Function: Console Puts (FID #1)
-------------------------------

struct sbiret sbi_debug_console_puts(unsigned long area_offset,
unsigned long num_chars)

Print the string specified by `area_offset` and `num_chars` on
the debug console. The `area_offset` parameter is the start of
string in the shard memory area whereas `num_chars` parameter
is the number of characters (or bytes) in the string.

This is a blocking SBI call and will only return after printing
all characters of the string.

Errors:
SBI_SUCCESS - Characters printed successfully.
SBI_ERR_INVALID_ADDRESS - The start of the string (i.e.
`area_offset`) or end of the string
(i.e. `area_offset + num_chars`) is
outside shared memory area.


--
opensbi mailing list
opensbi@...
http://lists.infradead.org/mailman/listinfo/opensbi


Re: SBI Debug Console Extension Proposal (Draft v1)

Anup Patel
 

On Thu, Jun 2, 2022 at 12:02 AM Heiko Stübner <heiko@...> wrote:

Hi Anup,

Am Mittwoch, 1. Juni 2022, 18:17:32 CEST schrieb Anup Patel:
Hi All,

Below is the draft proposal for SBI Debug Console Extension.

Please review it and provide feedback.

Thanks,
Anup

Debug Console Extension (EID #0x4442434E "DBCN")
================================================

The debug console extension defines a generic mechanism for boot-time
early prints from supervisor-mode software which allows users to catch
boot-time issues in supervisor-mode software.

This extension replaces legacy console putchar (EID #0x01) extension
and it is better in following ways:
1) It follows the new calling convention defined for SBI v1.0
(or higher).
2) It is based on a shared memory area between SBI implementation
and supervisor-mode software so multiple characters can be
printed using a single SBI call.

The supervisor-mode software must set the shared memory area before
printing characters on the debug console. Also, all HARTs share the
same shared memory area so only one HART needs to set it at boot-time.

Function: Set Console Area (FID #0)
-----------------------------------

struct sbiret sbi_debug_console_set_area(unsigned long addr_div_by_4,
unsigned long size)

Set the shared memory area specified by `addr_div_by_2` and `size`
typo in the "div_by_2" (not 4 like below and in the function itself) ?


parameters. The `addr_div_by_4` parameter is base address of the
shared memory area right shifted by 2 whereas `size` parameter is
the size of shared memory area in bytes.

The shared memory area should be normal cacheable memory for the
supervisor-mode software. Also, the shared memory area is global
across all HARTs so SBI implementation must ensure atomicity in
setting the shared memory area.

Errors:
SBI_SUCCESS - Shared memory area set successfully.
SBI_ERR_INVALID_ADDRESS - The shared memory area pointed by
`addr_div_by_2` and `size` parameters
is not normal cacheable memory or not
accessible to supervisor-mode software.

Function: Console Puts (FID #1)
-------------------------------

struct sbiret sbi_debug_console_puts(unsigned long area_offset,
unsigned long num_chars)

Print the string specified by `area_offset` and `num_chars` on
the debug console. The `area_offset` parameter is the start of
string in the shard memory area whereas `num_chars` parameter
is the number of characters (or bytes) in the string.

This is a blocking SBI call and will only return after printing
all characters of the string.

Errors:
SBI_SUCCESS - Characters printed successfully.
SBI_ERR_INVALID_ADDRESS - The start of the string (i.e.
`area_offset`) or end of the string
(i.e. `area_offset + num_chars`) is
outside shared memory area.
This will vastly reduce the number of needed ecalls when outputting
characters, so this will probably improve performance quite a bit :-)


I guess I still would like to have an _additional_ single-character
putc call. As mentioned in the other thread [0], especially on consumer
hardware [where there is no elaborate debug infrastructure] this can
be a very handy debugging tool even in the earliest stages of a
booting kernel (both before relocation and even inside the startup
assembly).

I.e. just doing a
li a7, 1
li a6, 0
li a0, 36
ecall

in any kernel assembly will just output a "$" character right now, without
needing any preparation at all - same with using the current
sbi_console_putchar() directly in c-code.

This _can_ be very helpful in some cases, so I guess it would be nice
to keep such a functionality around also in the new spec.
You can easily create multiple pre-populated strings using ".asciiz" in
assembly sources. Just set the base address of pre-populated strings
once on boot hart and print from anywhere using usual 4-5 instruction
(similar to what posted above).



Thanks
Heiko


[0] http://lists.infradead.org/pipermail/opensbi/2022-June/002796.html


Regards,
Anup


Re: SBI Debug Console Extension Proposal (Draft v1)

Anup Patel
 

On Wed, Jun 1, 2022 at 11:59 PM Heinrich Schuchardt
<heinrich.schuchardt@...> wrote:

On 6/1/22 18:17, Anup Patel wrote:
Hi All,

Below is the draft proposal for SBI Debug Console Extension.

Please review it and provide feedback.

Thanks,
Anup

Debug Console Extension (EID #0x4442434E "DBCN")
================================================

The debug console extension defines a generic mechanism for boot-time
early prints from supervisor-mode software which allows users to catch
boot-time issues in supervisor-mode software.

This extension replaces legacy console putchar (EID #0x01) extension
and it is better in following ways:
Thanks for starting to close this gap.

1) It follows the new calling convention defined for SBI v1.0
(or higher).
2) It is based on a shared memory area between SBI implementation
and supervisor-mode software so multiple characters can be
printed using a single SBI call.
I miss a discussion of the conflicts that can arise if the configuration
of the serial console is changed by the caller.

Do we need an ecall that closes the SBI console to further access?
Usually, the serial port related code in M-mode firmware only uses
status and data registers so for most serial ports support the M-mode
firmware will adapt to serial port configuration changes.

In fact, this is why we never had a special SBI call for serial port
reconfiguration in legacy SBI v0.1 as well.

In case of virtualization, the serial port (or console) is emulated so
the special SBI call is not useful for virtualization.



The supervisor-mode software must set the shared memory area before
printing characters on the debug console. Also, all HARTs share the
same shared memory area so only one HART needs to set it at boot-time.
Isn't it M-mode software that has to program the MMU to allow all harts
in M-mode and S-mode access to the memory area? What is the S-mode
software to do about the memory area prior to calling
sbi_debug_console_set_area()?
Actually, it's the S-mode software which is voluntarily giving a portion of
its memory to be used as shared memory. The proposal only mandates
that whatever memory is selected by S-mode software should be a
regular cacheable memory (not IO memory). Also, if Svpbmt is available
then S-mode software should only use memory type 0 in the PTEs.



Function: Set Console Area (FID #0)
-----------------------------------

struct sbiret sbi_debug_console_set_area(unsigned long addr_div_by_4,
unsigned long size)
The console output is needed on the very start of the S-mode software,
before setting up anything.

Can we avoid this extra function?

Can we simply assume that the caller of sbi_debug_console_puts()
provides a physical address pointer to a memory area that is suitable?
Theoretically, we can avoid the extra function to set shared memory area
but it will complicate things in future when we have supervisor software
encrypting it's own memory (using special ISA support) because in this
case supervisor software will have to unprotect memory every time the
sbi_debug_console_puts() is called and protect it again after the call.



Set the shared memory area specified by `addr_div_by_2` and `size`
%s/addr_div_by_2/addr_div_by_4/
Okay, I will update.


parameters. The `addr_div_by_4` parameter is base address of the
%s/is base/is the base/
Okay, I will update.


shared memory area right shifted by 2 whereas `size` parameter is
the size of shared memory area in bytes.
Why shifting the address? I would prefer to keep it simple for the
caller. If the alignment is not suitable, return an error.

But why is an alignment needed here at all? And why 4 aligned?
For RV32 S-mode, the physical address space is 34bits wide but
"unsigned long" is 32bits wide. This is because Sv32 PTEs allow
34bits of PPN. In fact, even instructions such as HFENCE.GVMA
have this "address right shift by 2" requirement based on this rationale.



The shared memory area should be normal cacheable memory for the
supervisor-mode software. Also, the shared memory area is global
across all HARTs so SBI implementation must ensure atomicity in
setting the shared memory area.

Errors:
SBI_SUCCESS - Shared memory area set successfully.
SBI_ERR_INVALID_ADDRESS - The shared memory area pointed by
`addr_div_by_2` and `size` parameters
is not normal cacheable memory or not
accessible to supervisor-mode software.

Function: Console Puts (FID #1)
-------------------------------

struct sbiret sbi_debug_console_puts(unsigned long area_offset,
unsigned long num_chars)
I would prefer to simply pass a physical address pointer here with no
requirements on alignment. And no prior SBI call.

Do we need num_chars? Are we expecting to provide binary output? Using
0x00 as terminator would be adequate in most cases.
Bare-metal tests (or assembly sources) can print sub-strings from
a large per-populated string in shared memory. Assuming that string
is always terminated by 0x00 in sbi_debug_console_puts() will break
this flexibility.


What is the requirement on the console? Does it have to support 8bit
output to allow for UTF-8?
We need to clarify this. Suggestions ?


Do we make any assumptions about encoding?
Same as above, this needs more clarification. Suggestions ?

I am of the opinion to keep such encoding related assumptions to be
minimal.


How would we handle a console set up to 7bit + parity if a character >
0x7f is sent?
I would consider this to be part of the clarification we add for encoding.



Print the string specified by `area_offset` and `num_chars` on
the debug console. The `area_offset` parameter is the start of
string in the shard memory area whereas `num_chars` parameter
%s/shard/shared/
Okay, I will update.


is the number of characters (or bytes) in the string.

This is a blocking SBI call and will only return after printing
all characters of the string.

Errors:
SBI_SUCCESS - Characters printed successfully.
SBI_ERR_INVALID_ADDRESS - The start of the string (i.e.
`area_offset`) or end of the string
(i.e. `area_offset + num_chars`) is
outside shared memory area.
There could be other reasons of failures:

* set up of the UART failed in OpenSBI
* no UART defined in the device-tree
* ...

So let us add SBI_ERR_FAILED to the list.
Okay, I will add.


Best regards

Heinrich
Regards,
Anup


Re: [sig-hypervisors] SBI Debug Console Extension Proposal (Draft v1)

Anup Patel
 

On Wed, Jun 1, 2022 at 11:51 PM Dylan Reid <dylan@...> wrote:

On Wed, Jun 01, 2022 at 09:47:32PM +0530, Anup Patel wrote:
Hi All,

Below is the draft proposal for SBI Debug Console Extension.

Please review it and provide feedback.

Thanks,
Anup

Debug Console Extension (EID #0x4442434E "DBCN")
================================================

The debug console extension defines a generic mechanism for boot-time
early prints from supervisor-mode software which allows users to catch
boot-time issues in supervisor-mode software.

This extension replaces legacy console putchar (EID #0x01) extension
and it is better in following ways:
Thanks, it will be nice to drop putchar.

1) It follows the new calling convention defined for SBI v1.0
(or higher).
2) It is based on a shared memory area between SBI implementation
and supervisor-mode software so multiple characters can be
printed using a single SBI call.

The supervisor-mode software must set the shared memory area before
printing characters on the debug console. Also, all HARTs share the
same shared memory area so only one HART needs to set it at boot-time.

Function: Set Console Area (FID #0)
-----------------------------------

struct sbiret sbi_debug_console_set_area(unsigned long addr_div_by_4,
unsigned long size)

Set the shared memory area specified by `addr_div_by_2` and `size`
parameters. The `addr_div_by_4` parameter is base address of the
shared memory area right shifted by 2 whereas `size` parameter is
the size of shared memory area in bytes.

The shared memory area should be normal cacheable memory for the
supervisor-mode software. Also, the shared memory area is global
across all HARTs so SBI implementation must ensure atomicity in
setting the shared memory area.

Errors:
SBI_SUCCESS - Shared memory area set successfully.
SBI_ERR_INVALID_ADDRESS - The shared memory area pointed by
`addr_div_by_2` and `size` parameters
is not normal cacheable memory or not
accessible to supervisor-mode software.

Function: Console Puts (FID #1)
-------------------------------

struct sbiret sbi_debug_console_puts(unsigned long area_offset,
unsigned long num_chars)
What is the motivation for `area_offset`? Will the supervisor use
different offsets for different harts?
There are variety of ways in which supervisor software can use
tarea_offset:
1) Use lock to serialize access to shared memory and always
use fixed offset (maybe zero) from all HARTs
2) No lock to protect shared memory and instead each HART
will use separate offsets to print

In addition to above, bare-metal test code (or assembly sources)
can have pre-populated strings (i.e. "PASS", "FAIL", "ERROR", etc)
in shared memory and simply use different offsets to print different
strings.


What are the advantages and disadvantages of the offset vs. using a ring
buffer for example?
Mandating a ring on shared memory will make things complicated
for bare metal test code (or assembly sources). Also, there is no
scheduler in M-mode firmware to have worker thread for consuming
bytes from a ring.

The "area_offset" is relatively more flexible in this case because it
allows sophisticated supervisor software to create ring on shared
memory without the SBI implementation knowing about it where:
1) The head & tail will be maintained by supervisor software
2) supervisor software will have a consumer thread to consume
bytes from ring and print using puts()



Print the string specified by `area_offset` and `num_chars` on
the debug console. The `area_offset` parameter is the start of
string in the shard memory area whereas `num_chars` parameter
is the number of characters (or bytes) in the string.

This is a blocking SBI call and will only return after printing
all characters of the string.

Errors:
SBI_SUCCESS - Characters printed successfully.
SBI_ERR_INVALID_ADDRESS - The start of the string (i.e.
`area_offset`) or end of the string
(i.e. `area_offset + num_chars`) is
outside shared memory area.







Regards,
Anup


Re: SBI Debug Console Extension Proposal (Draft v1)

Heiko Stuebner <heiko@...>
 

Hi Anup,

Am Mittwoch, 1. Juni 2022, 18:17:32 CEST schrieb Anup Patel:
Hi All,

Below is the draft proposal for SBI Debug Console Extension.

Please review it and provide feedback.

Thanks,
Anup

Debug Console Extension (EID #0x4442434E "DBCN")
================================================

The debug console extension defines a generic mechanism for boot-time
early prints from supervisor-mode software which allows users to catch
boot-time issues in supervisor-mode software.

This extension replaces legacy console putchar (EID #0x01) extension
and it is better in following ways:
1) It follows the new calling convention defined for SBI v1.0
(or higher).
2) It is based on a shared memory area between SBI implementation
and supervisor-mode software so multiple characters can be
printed using a single SBI call.

The supervisor-mode software must set the shared memory area before
printing characters on the debug console. Also, all HARTs share the
same shared memory area so only one HART needs to set it at boot-time.

Function: Set Console Area (FID #0)
-----------------------------------

struct sbiret sbi_debug_console_set_area(unsigned long addr_div_by_4,
unsigned long size)

Set the shared memory area specified by `addr_div_by_2` and `size`
typo in the "div_by_2" (not 4 like below and in the function itself) ?


parameters. The `addr_div_by_4` parameter is base address of the
shared memory area right shifted by 2 whereas `size` parameter is
the size of shared memory area in bytes.

The shared memory area should be normal cacheable memory for the
supervisor-mode software. Also, the shared memory area is global
across all HARTs so SBI implementation must ensure atomicity in
setting the shared memory area.

Errors:
SBI_SUCCESS - Shared memory area set successfully.
SBI_ERR_INVALID_ADDRESS - The shared memory area pointed by
`addr_div_by_2` and `size` parameters
is not normal cacheable memory or not
accessible to supervisor-mode software.

Function: Console Puts (FID #1)
-------------------------------

struct sbiret sbi_debug_console_puts(unsigned long area_offset,
unsigned long num_chars)

Print the string specified by `area_offset` and `num_chars` on
the debug console. The `area_offset` parameter is the start of
string in the shard memory area whereas `num_chars` parameter
is the number of characters (or bytes) in the string.

This is a blocking SBI call and will only return after printing
all characters of the string.

Errors:
SBI_SUCCESS - Characters printed successfully.
SBI_ERR_INVALID_ADDRESS - The start of the string (i.e.
`area_offset`) or end of the string
(i.e. `area_offset + num_chars`) is
outside shared memory area.
This will vastly reduce the number of needed ecalls when outputting
characters, so this will probably improve performance quite a bit :-)


I guess I still would like to have an _additional_ single-character
putc call. As mentioned in the other thread [0], especially on consumer
hardware [where there is no elaborate debug infrastructure] this can
be a very handy debugging tool even in the earliest stages of a
booting kernel (both before relocation and even inside the startup
assembly).

I.e. just doing a
li a7, 1
li a6, 0
li a0, 36
ecall

in any kernel assembly will just output a "$" character right now, without
needing any preparation at all - same with using the current
sbi_console_putchar() directly in c-code.

This _can_ be very helpful in some cases, so I guess it would be nice
to keep such a functionality around also in the new spec.


Thanks
Heiko


[0] http://lists.infradead.org/pipermail/opensbi/2022-June/002796.html


Re: SBI Debug Console Extension Proposal (Draft v1)

Heinrich Schuchardt
 

On 6/1/22 18:17, Anup Patel wrote:
Hi All,
Below is the draft proposal for SBI Debug Console Extension.
Please review it and provide feedback.
Thanks,
Anup
Debug Console Extension (EID #0x4442434E "DBCN")
================================================
The debug console extension defines a generic mechanism for boot-time
early prints from supervisor-mode software which allows users to catch
boot-time issues in supervisor-mode software.
This extension replaces legacy console putchar (EID #0x01) extension
and it is better in following ways:
Thanks for starting to close this gap.

1) It follows the new calling convention defined for SBI v1.0
(or higher).
2) It is based on a shared memory area between SBI implementation
and supervisor-mode software so multiple characters can be
printed using a single SBI call.
I miss a discussion of the conflicts that can arise if the configuration of the serial console is changed by the caller.

Do we need an ecall that closes the SBI console to further access?

The supervisor-mode software must set the shared memory area before
printing characters on the debug console. Also, all HARTs share the
same shared memory area so only one HART needs to set it at boot-time.
Isn't it M-mode software that has to program the MMU to allow all harts in M-mode and S-mode access to the memory area? What is the S-mode software to do about the memory area prior to calling sbi_debug_console_set_area()?

Function: Set Console Area (FID #0)
-----------------------------------
struct sbiret sbi_debug_console_set_area(unsigned long addr_div_by_4,
unsigned long size)
The console output is needed on the very start of the S-mode software, before setting up anything.

Can we avoid this extra function?

Can we simply assume that the caller of sbi_debug_console_puts() provides a physical address pointer to a memory area that is suitable?

Set the shared memory area specified by `addr_div_by_2` and `size`
%s/addr_div_by_2/addr_div_by_4/

parameters. The `addr_div_by_4` parameter is base address of the
%s/is base/is the base/

shared memory area right shifted by 2 whereas `size` parameter is
the size of shared memory area in bytes.
Why shifting the address? I would prefer to keep it simple for the caller. If the alignment is not suitable, return an error.

But why is an alignment needed here at all? And why 4 aligned?

The shared memory area should be normal cacheable memory for the
supervisor-mode software. Also, the shared memory area is global
across all HARTs so SBI implementation must ensure atomicity in
setting the shared memory area.
Errors:
SBI_SUCCESS - Shared memory area set successfully.
SBI_ERR_INVALID_ADDRESS - The shared memory area pointed by
`addr_div_by_2` and `size` parameters
is not normal cacheable memory or not
accessible to supervisor-mode software.
Function: Console Puts (FID #1)
-------------------------------
struct sbiret sbi_debug_console_puts(unsigned long area_offset,
unsigned long num_chars)
I would prefer to simply pass a physical address pointer here with no requirements on alignment. And no prior SBI call.

Do we need num_chars? Are we expecting to provide binary output? Using 0x00 as terminator would be adequate in most cases.

What is the requirement on the console? Does it have to support 8bit output to allow for UTF-8?

Do we make any assumptions about encoding?

How would we handle a console set up to 7bit + parity if a character > 0x7f is sent?

Print the string specified by `area_offset` and `num_chars` on
the debug console. The `area_offset` parameter is the start of
string in the shard memory area whereas `num_chars` parameter
%s/shard/shared/

is the number of characters (or bytes) in the string.
This is a blocking SBI call and will only return after printing
all characters of the string.
Errors:
SBI_SUCCESS - Characters printed successfully.
SBI_ERR_INVALID_ADDRESS - The start of the string (i.e.
`area_offset`) or end of the string
(i.e. `area_offset + num_chars`) is
outside shared memory area.
There could be other reasons of failures:

* set up of the UART failed in OpenSBI
* no UART defined in the device-tree
* ...

So let us add SBI_ERR_FAILED to the list.

Best regards

Heinrich


Re: [sig-hypervisors] SBI Debug Console Extension Proposal (Draft v1)

Dylan Reid
 

On Wed, Jun 01, 2022 at 09:47:32PM +0530, Anup Patel wrote:
Hi All,

Below is the draft proposal for SBI Debug Console Extension.

Please review it and provide feedback.

Thanks,
Anup

Debug Console Extension (EID #0x4442434E "DBCN")
================================================

The debug console extension defines a generic mechanism for boot-time
early prints from supervisor-mode software which allows users to catch
boot-time issues in supervisor-mode software.

This extension replaces legacy console putchar (EID #0x01) extension
and it is better in following ways:
Thanks, it will be nice to drop putchar.

1) It follows the new calling convention defined for SBI v1.0
(or higher).
2) It is based on a shared memory area between SBI implementation
and supervisor-mode software so multiple characters can be
printed using a single SBI call.

The supervisor-mode software must set the shared memory area before
printing characters on the debug console. Also, all HARTs share the
same shared memory area so only one HART needs to set it at boot-time.

Function: Set Console Area (FID #0)
-----------------------------------

struct sbiret sbi_debug_console_set_area(unsigned long addr_div_by_4,
unsigned long size)

Set the shared memory area specified by `addr_div_by_2` and `size`
parameters. The `addr_div_by_4` parameter is base address of the
shared memory area right shifted by 2 whereas `size` parameter is
the size of shared memory area in bytes.

The shared memory area should be normal cacheable memory for the
supervisor-mode software. Also, the shared memory area is global
across all HARTs so SBI implementation must ensure atomicity in
setting the shared memory area.

Errors:
SBI_SUCCESS - Shared memory area set successfully.
SBI_ERR_INVALID_ADDRESS - The shared memory area pointed by
`addr_div_by_2` and `size` parameters
is not normal cacheable memory or not
accessible to supervisor-mode software.

Function: Console Puts (FID #1)
-------------------------------

struct sbiret sbi_debug_console_puts(unsigned long area_offset,
unsigned long num_chars)
What is the motivation for `area_offset`? Will the supervisor use
different offsets for different harts?

What are the advantages and disadvantages of the offset vs. using a ring
buffer for example?


Print the string specified by `area_offset` and `num_chars` on
the debug console. The `area_offset` parameter is the start of
string in the shard memory area whereas `num_chars` parameter
is the number of characters (or bytes) in the string.

This is a blocking SBI call and will only return after printing
all characters of the string.

Errors:
SBI_SUCCESS - Characters printed successfully.
SBI_ERR_INVALID_ADDRESS - The start of the string (i.e.
`area_offset`) or end of the string
(i.e. `area_offset + num_chars`) is
outside shared memory area.





SBI Debug Console Extension Proposal (Draft v1)

Anup Patel
 

Hi All,

Below is the draft proposal for SBI Debug Console Extension.

Please review it and provide feedback.

Thanks,
Anup

Debug Console Extension (EID #0x4442434E "DBCN")
================================================

The debug console extension defines a generic mechanism for boot-time
early prints from supervisor-mode software which allows users to catch
boot-time issues in supervisor-mode software.

This extension replaces legacy console putchar (EID #0x01) extension
and it is better in following ways:
1) It follows the new calling convention defined for SBI v1.0
(or higher).
2) It is based on a shared memory area between SBI implementation
and supervisor-mode software so multiple characters can be
printed using a single SBI call.

The supervisor-mode software must set the shared memory area before
printing characters on the debug console. Also, all HARTs share the
same shared memory area so only one HART needs to set it at boot-time.

Function: Set Console Area (FID #0)
-----------------------------------

struct sbiret sbi_debug_console_set_area(unsigned long addr_div_by_4,
unsigned long size)

Set the shared memory area specified by `addr_div_by_2` and `size`
parameters. The `addr_div_by_4` parameter is base address of the
shared memory area right shifted by 2 whereas `size` parameter is
the size of shared memory area in bytes.

The shared memory area should be normal cacheable memory for the
supervisor-mode software. Also, the shared memory area is global
across all HARTs so SBI implementation must ensure atomicity in
setting the shared memory area.

Errors:
SBI_SUCCESS - Shared memory area set successfully.
SBI_ERR_INVALID_ADDRESS - The shared memory area pointed by
`addr_div_by_2` and `size` parameters
is not normal cacheable memory or not
accessible to supervisor-mode software.

Function: Console Puts (FID #1)
-------------------------------

struct sbiret sbi_debug_console_puts(unsigned long area_offset,
unsigned long num_chars)

Print the string specified by `area_offset` and `num_chars` on
the debug console. The `area_offset` parameter is the start of
string in the shard memory area whereas `num_chars` parameter
is the number of characters (or bytes) in the string.

This is a blocking SBI call and will only return after printing
all characters of the string.

Errors:
SBI_SUCCESS - Characters printed successfully.
SBI_ERR_INVALID_ADDRESS - The start of the string (i.e.
`area_offset`) or end of the string
(i.e. `area_offset + num_chars`) is
outside shared memory area.


Profiles for RISC-V

Aaron Durbin
 

Hi All,


My apologies for the long email up front. I hope people find this useful as well as a starting point for a broader discussion in how all these pieces fit together within RISC-V. There are implications to the decisions we make on this front. I’m cross posting to multiple lists for visibility. However, please direct all responses to the Profiles mailing list: https://lists.riscv.org/g/tech-profiles


I had volunteered to take a stab at describing the interaction between Profiles, Platforms, and OS-A SEE. As alluded to in the last list item, this particular write up will focus on OS-A (application level devices) and the A Profiles. In the current proposed specification, there can and will be Profiles defined for different target markets/applications. I hope I captured the intent of what has been said in meetings I have been in as well as what is written previously. Please provide any feedback where I am wrong in my understanding of the direction on these particular topics.


For Profiles, Platforms, and OS-A SEE, there is a dependency chain in that a Profile serves as the base dependency and OS-A SEE would depend on a Profile. A Platform, in turn, would depend on an OS-A SEE. The OS-A SEE is about providing specs for binary operating systems for booting, and a Platform is targeting particular manifestations of RISC-V implementation for a particular target market (e.g. server). Each will, or can, have different versions of their requirements over time. One can think of a tuple of those specification versions culminating in distinct requirements for both hardware and software implementations.


Profiles are expected to be a roadmap of the future support expected in both software and hardware. In the current Profile proposed specification, there are RVA20S64 and RVA22S64 variants. There’s also a proposal for a RVA23S64 Profile based on what is known today about in-flight extensions that are working through the system in 2022. Within the current proposed specification there are classifications of options/extensions: mandatory, supported optional, unsupported optional, and incompatible. Please read the proposed specification for details of the meanings. In short, the mandatory classification provides baseline expectations, and the incompatible classification sets an expectation that those options/extensions are *not* present.


The intention for a Profile is to “only describe ISA features, not a complete execution environment.” It should be noted, though maybe obvious to some, that a Profile is providing expectations for both the instruction stream that can be emitted from a compiler as well as other architectural state that does not have an impact on the compiler’s instruction emission (runtime handling within the OS, e.g.). The Profile is expecting that software can assume all those mandatory requirements exist, either in instruction support or runtime. 


The current cadence is a yearly Profile release that incorporates the latest ratified extensions. While extensions/options may start in a supported optional categorization, the trend is that there is a progression to a mandatory classification for the ratified extensions. (Note: RVA23S64 proposal does have a case where an extension moves in the opposite direction).


With the aforementioned yearly Profile release cadence setting the roadmap in direction, one needs to figure out how to intercept a particular release from both a software and hardware implementation standpoint. An OS-A SEE version would need to pick a Profile version. With that in mind there is now a default target for the compiler to choose instructions (mandatory instructions). For the kernel itself adhering to a particular Profile, it’s not clear if the kernel would refuse to boot if a particular mandatory option/extension was not available on a particular implementation. The hardware implementers can take up to 2-3 years to deliver a product. As such, there is inherently a lag in interception on the hardware front with a Profile. A RVA22 Profile may not see compatible hardware until 2024, e.g.. But for binary compatibility of Operating Systems, one needs to figure out how to align against a Profile version (by way of an OS-A SEE). An implication I observe from the progression of extensions/options going to mandatory is that there is a multiplier effect on the number of build targets. That can be solved by fixing on a particular Profile version in time (read: older), and dealing with runtime choices for newer extensions/options. That’s simplistic, but I’m not sure that’s necessarily the best path. We may need to decide what extensions we truly want to be mandatory as a fixed baseline. A biennial cadence was proposed for a OS-A SEE release, but as I noted there are implications from the transitive dependencies of the Profile progression. I do want to point out that the previous explanation was focusing on binary compatibility. If a user/operator can rebuild their software, they certainly can target newer Profiles with the knowledge their particular piece of hardware supports it.


In short, we have multiple moving trains that we need to align the various specifications with the right version to ensure it fosters the best possible outcome for the RISC-V ecosystem. There are implications for hardware implementers bringing a product to market as well as software vendors who are bringing products to market too.


Thanks for taking the time to read and digest. I hope it produces a fruitful discussion that allows us to come up with the best plan that achieves the goals of hardware implementers, software implementers, and users.


-Aaron


121 - 140 of 1846