[PR] riscv: Fix page table traversal for SV39 [nuttx]

Wed, 04 Feb 2026 00:33:14 -0800 


hitHuang opened a new pull request, #18349:
URL: https://github.com/apache/nuttx/pull/18349

   With CONFIG_PAGING enabled and the RISC-V SV39 MMU active, the page fault 
handler incorrectly tracked page table levels: `ptprev` pointed to the L1 page 
table while `ptlevel` indicated L2. This inconsistency caused faulty virtual 
address resolution.
   
   This commit fixes the traversal logic to ensure consistent level tracking 
across all three page table levels (L1–L3), enabling reliable page fault 
handling and on-demand paging.
   
   Additional changes:
   - Set PGT_L3_SIZE to 2048 to enable mapping up to 8MB of address space.
   - Update knsh_paging config to avoid crashes caused by excessive memory 
alignment requirements.
   - Add knsh64_paging config to verify this commit works as expected.
   
   ## Summary
   
   This PR addresses a critical inconsistency in the RISC-V SV39 page fault 
handler when `CONFIG_PAGING` is enabled. During page table traversal, the 
variable `ptprev` incorrectly pointed to the L1 page table while `ptlevel` 
indicated L2. This mismatch led to incorrect virtual-to-physical address 
resolution and could cause system crashes or undefined behavior during 
on-demand paging.
   
   The fix ensures that page table level tracking (`ptlevel`) and pointer 
updates (`ptprev`) remain synchronized across all three levels (L1–L3) of the 
SV39 page table hierarchy.
   
   Additionally:
   
   - On the `qemu-rv64` target with `MMU_SV39` enabled, the combined kernel 
flash (`KFLASH`) and kernel SRAM (`KSRAM`) regions exceed **4 MiB** in size. 
Since each L3 page table entry maps a **4 KiB** page, the default `PGT_L3_SIZE` 
of **1024 entries**—covering only **4 MiB** of virtual address space—is 
insufficient to fully map these kernel memory regions. To ensure complete and 
correct mapping, `PGT_L3_SIZE` is increased from **1024** to **2048** entries, 
enabling support for up to **8 MiB** of virtual address space.
   
   - The existing `knsh_paging` configuration has been adjusted to relax overly 
strict memory alignment constraints that previously caused boot-time crashes.
   - A new `knsh64_paging` configuration is introduced specifically for 
`qemu-rv64` targets to validate correct operation of the updated page fault 
logic under SV39.
   
   ---
   
   ## Impact
   
   - **Users**: Developers using `CONFIG_PAGING` on RISC-V (especially with 
SV39 MMU) will now experience stable page fault handling.
   - **Build Process**: A new defconfig file (`knsh64_paging`) is added, and 
the existing `knsh_paging` config is modified. No changes to the build system 
are required.
   - **Hardware**: Verified on QEMU RISC-V 64-bit (`rv64gc`) and hardware based 
on the SiFive U74 core. The fix should apply to any SV39-compliant RISC-V 
platform.
   - **Compatibility**: Fully backward compatible—no API or ABI changes. Only 
affects systems with `CONFIG_PAGING=y` and MMU enabled.
   - **Security / Documentation**: No direct security implications. 
Documentation remains accurate, as this is a bug fix within existing documented 
features.
   
   ---
   
   ## Testing
   
   - **Host OS**: Ubuntu 20.04 LTS (x86_64)
   - **Target Boards**: 
     - `qemu-rv32`
     - `qemu-rv64`
     - Real hardware based on the SiFive U74 core
     
   ### Test Configuration
   
   - Primary test configuration: `rv-virt:knsh64_paging`  
   - The same procedure and behavior were verified with `rv-virt:knsh_paging` 
(32-bit variant).
   
   ### Build Procedure
   
   The following steps were used to build the system:
   
   ```bash
   $ cd nuttx
   $ ./tools/configure.sh -l rv-virt:knsh64_paging
   $ make V=1 -j $ (nproc)
   $ make export V=1 -j $ (nproc)
   $ pushd ../apps
   $ ./tools/mkimport.sh -z -x ../nuttx/nuttx-export-*.tar.gz
   $ make import V=1 -j $ (nproc)
   $ ./tools/mkromfsimg.sh ../nuttx/arch/risc-v/src/board/romfs_boot.c
   $ popd
   $ make V=1 -j $ (nproc)
   ```
   ### QEMU Launch Commands
   - **64-bit configuration** (`knsh64_paging`):
     ```bash
     qemu-system-riscv64 -M virt,aclint=on -cpu rv64 -kernel nuttx -nographic
     ```
   - **32-bit configuration** (`knsh_paging`):
     ```bash
     qemu-system-riscv32 -M virt,aclint=on -cpu rv32 -kernel nuttx -nographic
     ```
   ### Full Test Log
   ```
   ABC[    0.064000] riscv_fillpage: EXCEPTION: Store/AMO page fault. MCAUSE: 
000000000000000f, EPC: 000000008020f094, MTVAL: 00000000c0001000
   [    0.072000] riscv_fillpage: EXCEPTION: Store/AMO page fault. MCAUSE: 
000000000000000f, EPC: 000000008020f094, MTVAL: 00000000c0002000
   [    0.075000] riscv_fillpage: EXCEPTION: Store/AMO page fault. MCAUSE: 
000000000000000f, EPC: 000000008020f094, MTVAL: 00000000c0003000
   [    0.078000] riscv_fillpage: EXCEPTION: Store/AMO page fault. MCAUSE: 
000000000000000f, EPC: 000000008020f094, MTVAL: 00000000c0004000
   [    0.080000] riscv_fillpage: EXCEPTION: Store/AMO page fault. MCAUSE: 
000000000000000f, EPC: 000000008020f094, MTVAL: 00000000c0005000
   [    0.082000] riscv_fillpage: EXCEPTION: Store/AMO page fault. MCAUSE: 
000000000000000f, EPC: 000000008020f094, MTVAL: 00000000c0006000
   [    0.085000] riscv_fillpage: EXCEPTION: Store/AMO page fault. MCAUSE: 
000000000000000f, EPC: 000000008020f094, MTVAL: 00000000c0007000
   [    0.088000] riscv_fillpage: EXCEPTION: Store/AMO page fault. MCAUSE: 
000000000000000f, EPC: 000000008020f094, MTVAL: 00000000c0008000
   [    0.090000] riscv_fillpage: EXCEPTION: Store/AMO page fault. MCAUSE: 
000000000000000f, EPC: 000000008020f094, MTVAL: 00000000c0009000
   [    0.093000] riscv_fillpage: EXCEPTION: Store/AMO page fault. MCAUSE: 
000000000000000f, EPC: 000000008020f094, MTVAL: 00000000c000a000
   [    0.095000] riscv_fillpage: EXCEPTION: Store/AMO page fault. MCAUSE: 
000000000000000f, EPC: 000000008020f094, MTVAL: 00000000c000b000
   [    0.097000] riscv_fillpage: EXCEPTION: Store/AMO page fault. MCAUSE: 
000000000000000f, EPC: 000000008020f094, MTVAL: 00000000c000c000
   [    0.099000] riscv_fillpage: EXCEPTION: Store/AMO page fault. MCAUSE: 
000000000000000f, EPC: 000000008020f094, MTVAL: 00000000c000d000
   [    0.102000] riscv_fillpage: EXCEPTION: Store/AMO page fault. MCAUSE: 
000000000000000f, EPC: 000000008020f094, MTVAL: 00000000c000e000
   [    0.104000] riscv_fillpage: EXCEPTION: Store/AMO page fault. MCAUSE: 
000000000000000f, EPC: 000000008020f094, MTVAL: 00000000c000f000
   [    0.106000] riscv_fillpage: EXCEPTION: Store/AMO page fault. MCAUSE: 
000000000000000f, EPC: 000000008020f094, MTVAL: 00000000c0010000
   [    0.108000] riscv_fillpage: EXCEPTION: Store/AMO page fault. MCAUSE: 
000000000000000f, EPC: 000000008020f094, MTVAL: 00000000c0011000
   [    0.110000] riscv_fillpage: EXCEPTION: Store/AMO page fault. MCAUSE: 
000000000000000f, EPC: 000000008020f094, MTVAL: 00000000c0012000
   [    0.117000] riscv_fillpage: EXCEPTION: Store/AMO page fault. MCAUSE: 
000000000000000f, EPC: 000000008020fca2, MTVAL: 00000000c1000ff8
   [    0.124000] riscv_fillpage: EXCEPTION: Store/AMO page fault. MCAUSE: 
000000000000000f, EPC: 00000000802103d6, MTVAL: 00000000c08051d0
   
   NuttShell (NSH) NuttX-12.12.0
   nsh> hello
   [   14.893000] riscv_fillpage: EXCEPTION: Store/AMO page fault. MCAUSE: 
000000000000000f, EPC: 000000008020f094, MTVAL: 00000000c0001000
   [   14.900000] riscv_fillpage: EXCEPTION: Store/AMO page fault. MCAUSE: 
000000000000000f, EPC: 000000008020fca2, MTVAL: 00000000c1000ff8
   [   14.905000] riscv_fillpage: EXCEPTION: Store/AMO page fault. MCAUSE: 
000000000000000f, EPC: 00000000802103d6, MTVAL: 00000000c08065d0
   Hello, World!!
   nsh>
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to