linux - Linux 内核如何干扰 Zedboard 上 RISC-V custom0 指令的执行？

Question

dummy_rocc 是 RISCV 工具中一个简单的内置 RoCC 加速器示例，其中定义了多个 custom0 指令。设置 dummy_rocc 后(在 Spike ISA 模拟器或 Rocket-FPGA 上，不同)，我们使用 dummy_rocc_test -- 一个用户程序测试用例来验证 dummy_rocc 加速器的正确性。我们有两种运行 dummy_rocc_test 的方法，可以在 pk(代理内核)或 Linux 上运行。

我曾经在 Spike ISA 模拟器上设置过 dummy_rocc，dummy_rocc_test 在 pk 或 Linux 上运行良好。

现在我在 Zedboard 上用 Rocket-FPGA 替换了 Spike。在 pk 上执行成功时:

root@zynq:~# ./fesvr-zynq pk /nfs/copy_to_rootfs/work/dummy_rocc_test
begin
after asm code
load x into accumulator 2 (funct=0)
read it back into z (funct=1) to verify it
accumulate 456 into it (funct=3)
verify it
do it all again, but initialize acc2 via memory this time (funct=2)
do it all again, but initialize acc2 via memory this time (funct=2)
do it all again, but initialize acc2 via memory this time (funct=2)
success!

在Linux上执行失败:

./fesvr-zynq +disk=/nfs/root.bin bbl /nfs/fpga-zynq/zedboard/fpga-images-zedboard/riscv/vmlinux
..................................Booting RISC-V Linux.........................................
/ # ./work/dummy_rocc_test
begin
after asm code
[    0.400000] dummy_rocc_test[23]: unhandled signal 4 code 0x30001 at 0x0000000000800500 in ]
[    0.400000] CPU: 0 PID: 23 Comm: dummy_rocc_test Not tainted 3.14.33-g043bb5d #1
[    0.400000] task: ffffffff8fa3f500 ti: ffffffff8fb76000 task.ti: ffffffff8fb76000
[    0.400000] sepc: 0000000000800500 ra : 00000000008004fc sp : 0000003fff943c70
[    0.400000]  gp : 0000000000882198 tp : 0000000000884700 t0 : 0000000000000000
[    0.400000]  t1 : 000000000080adc8 t2 : 8101010101010100 s0 : 0000003fff943ca0
[    0.400000]  s1 : 0000000000800d5c a0 : 000000000000000f a1 : 0000002000002000
[    0.400000]  a2 : 000000000000000f a3 : 000000000085cee8 a4 : 0000000000000001
[    0.400000]  a5 : 000000000000007b a6 : 0000000000000008 a7 : 0000000000000040
[    0.400000]  s2 : 0000000000000000 s3 : 00000000008a2668 s4 : 00000000008d8d98
[    0.400000]  s5 : 00000000008d7770 s6 : 0000000000000008 s7 : 00000000008d6000
[    0.400000]  s8 : 00000000008d8d60 s9 : 0000000000000000 s10: 00000000008a32b8
[    0.400000]  s11: ffffffffffffffff t3 : 000000000000000b t4 : 000000006ffffdff
[    0.400000]  t5 : 000000000000000a t6 : 000000006ffffeff
[    0.400000] sstatus: 8000000000003008 sbadaddr: 0000000000800500 scause: 0000000000000002
Illegal instruction

截图显示“信号 4”是由 custom0 指令引起的。 readelf screenshot of dummy_rocc_test

所以我的问题是“Linux内核如何干扰Zedboard上RISC-V custom0指令的执行？”

dummy_rocc_test 源码提供引用:

// The following is a RISC-V program to test the functionality of the
// dummy RoCC accelerator.
// Compile with riscv64-unknown-elf-gcc dummy_rocc_test.c
// Run with spike --extension=dummy_rocc pk a.out

#include <assert.h>
#include <stdio.h>
#include <stdint.h>

int main() {
  printf("begin\n");
  uint64_t x = 123, y = 456, z = 0;
  // load x into accumulator 2 (funct=0)
// asm  code
   asm volatile ("addi a1, a1, 2");

/// printf again
  printf("after asm code\n");
  asm volatile ("custom0 x0, %0, 2, 0" : : "r"(x));
  printf("load x into accumulator 2 (funct=0)\n");
  // read it back into z (funct=1) to verify it
  asm volatile ("custom0 %0, x0, 2, 1" : "=r"(z));
  printf("read it back into z (funct=1) to verify it\n");
  assert(z == x);
  // accumulate 456 into it (funct=3)
  asm volatile ("custom0 x0, %0, 2, 3" : : "r"(y));
  printf("accumulate 456 into it (funct=3)\n");
  // verify it
  asm volatile ("custom0 %0, x0, 2, 1" : "=r"(z));
  printf("verify it\n");
  assert(z == x+y);
  // do it all again, but initialize acc2 via memory this time (funct=2)
  asm volatile ("custom0 x0, %0, 2, 2" : : "r"(&x));
  printf("do it all again, but initialize acc2 via memory this time (funct=2)\n");
  asm volatile ("custom0 x0, %0, 2, 3" : : "r"(y));
  printf("do it all again, but initialize acc2 via memory this time (funct=2)\n");
  asm volatile ("custom0 %0, x0, 2, 1" : "=r"(z));
  printf("do it all again, but initialize acc2 via memory this time (funct=2)\n");
  assert(z == x+y);

  printf("success!\n");
}

Answer 1

“非法指令”是指您的处理器抛出非法指令异常。

由于 custom0 不会成为 Linux 知道如何在软件中执行的东西(因为它是可定制的东西!)，Linux 会 panic 并抛出您看到的错误。

我要问你的问题是“你是否在处理器中实现了 custom0 指令？是否启用了它？当你使用代理内核时，程序是否正确执行了你的 custom0 指令并返回了正确的答案？”