CNRV

为推广RISC-V尽些薄力

View the Project on GitHub

RISC-V 双周简报 (2018-01-18)

要点新闻:

RV新闻

DornerWorks 获得 DARPA SBIR 的合约,得以发展 seL4 Microkernel 的 RISC-V port

DornerWorks 最近获得 DAPRA SBIR的合约,得以和其伙伴Draper一起发展 Inherently Secure Processor 和其对应的 RISC-V port。

Links:

Google开源新的 RISC-V IP核: “BottleRocket”

BottleRocket是RISCV RV32IMC的实现。

Google在2017年11月29日在Github上非官方开源了BottleRocket的RTL代码,同时表明这并不是一个官方支持的Google产品,其使用Chisel编写:GitHub Link

BottleRocket实现了32bit的RV32IMC ISA,特权指令集版本为v1.10,拥有Machine和User两种特权模式,支持压缩指令集(RVC)。它采用经典的三级流水线架构,与Z-Scale和V-Scale的微结构类似。对于打算从ARM迁移到RISCV的人又是一个好消息,因为它使用AMBA AXI4Lite总线,预计ARM AMBA下的多种IP可以比较方便与其整合,不需要Tilelink2AXI桥。

与UCB的Rocket Chip比较而言,BottleRocket显得更加简单直接。其最初发布的版源代码引用了部分Rocket Chip的组件,实现部分仅有11个源码文件。

或许是刚刚发布不久的关系,BottleRocket默认选项编译出的Verilog代码似乎没有对FPGA进行优化,逻辑层数很深。默认配置是16周期乘法器,对数字信号处理不友好。总共使用约26k个门,对于一个三级流水线的处理器而言已经不错了。

(特别感谢 黄锐 的整理和介绍)

开源硬件更新

lowRISC 发布带100M以太网支持的第5版

lowRISC是一个由英国剑桥大学的研究人员成立的非盈利组织,致力于提供基于RISC-V的多核处理器平台。现在支持使用Rocket-Chip核PULPino的多核系统。 最近lowRISC发布了其第五版代码,编号为ethernet-v0.5。 该版本包含了一个开源的以太网MAC模块,并支持了网络启动核网络文件系统。 具体的描述请参见第五版的用户指导: http://www.lowrisc.org/docs/ethernet-v0.5/

开源软件更新

glibc 的 RISC-V port v4

Palmer最近提交了第四版的glibc port,并希望之后不会再有Linux ABI的变动。希望这个port 能准时赶上2月1日的glibc 2.27发布。错过了就要再等半年了….

From Palmer

It’s been a bit more than two weeks since the last patch set, and I think we’re starting to get something that’s in reasonable shape. Thanks to Darius for putting in a lot of time into the v4. We’ve also gotten the test suite in a bit better shape: we’re down to 200 failures when running natively on Linux, and all the test suite failures when running in user mode emulate appear to be environment issues. As far as I know the only remaining issue in our port is to triage the test suite failures, most of which we’re hoping are just deficiencies in our current environment. Of course, now that I’ve said that I’m sure we’ll find a bunch of bugs all over the place :)

Links:

QEMU的 RISC-V port v2 和 v3

Michael Clark最近提交了第二版和第三版的qemu port。这两版主要是bug的修正,还没有加进更多的功能。

From Michael:

This patch series has major clean ups to target/riscv. There may be some feedback that has been missed however the changelog is growing quite large so we have decided to respin the patch series. No new features have been added however a number of bugs have been fixed.

Link: QEMU port v3

第二次针对 Fedora/RISC-V bootstrap的结果

随着Linux ABI 逐渐固定下来,最近Richard 针对Fedora/RISC-V 做了第二次bootstrap,不过还没完成stage4。

Steps of bootstrapping made by Richard W.M. Jones:

stages 1 & 2: QEMU and cross-compiler are built from riscv-qemu and riscv-tools.

  • https://github.com/rwmjones/fedora-riscv-bootstrap/blob/1858bd496378ddcce88a63c5ceda5483d7b4fdbe/Makefile#L21
  • https://github.com/rwmjones/fedora-riscv-bootstrap/blob/1858bd496378ddcce88a63c5ceda5483d7b4fdbe/Makefile#L71

stage 3: We build a minimal Fedora/x86_64 chroot and remove all x86_64 ELF binaries and libraries. Using the hosted cross-compiler we build RISC-V binaries and libraries and to replace the x86 ones. We then build a disk image from the chroot (it has many other hacky aspects to it) and boot it under qemu.

  • https://github.com/rwmjones/fedora-riscv-bootstrap/blob/1858bd496378ddcce88a63c5ceda5483d7b4fdbe/Makefile#L117

The stage 3 disk image is just enough to run ‘rpmbuild’ and ‘gcc’ and a small handful of other tools, which is just enough to build RPMs.

  • https://github.com/rwmjones/fedora-riscv-bootstrap/blob/1858bd496378ddcce88a63c5ceda5483d7b4fdbe/Makefile#L1386

stage 4: Using only RPMs generated from stage 3 we build a pristine disk image. This disk image contains only files controlled by RPMs [actually there are two additional files needed: /init and a poweroff binary, both eventually will be replaced by systemd].

  • https://github.com/rwmjones/fedora-riscv-bootstrap/blob/1858bd496378ddcce88a63c5ceda5483d7b4fdbe/Makefile#L1420

Link: Status of the second bootstrap of Fedora/RISC-V

技术讨论

使用PMA来控制物理内存区间内对非对齐的内存操作核原子操作的控制

在12月21日的简报中我们提及了关于“使用硬件支持非对齐内存访问的处理器必须支持对非对齐地址的原子操作”的争议。 现在看来,物理内存空间的属性标志已经较好地规定了一个物理空间上对非对齐操作的处理。 具体来说:

Andrew Waterman的原文:https://groups.google.com/a/groups.riscv.org/d/msg/isa-dev/J1udFtmPEwI/RtHERGbSBAAJ

代码更新

linux kernel 4.15-rc8 的更新。

这次的更新包含:

Ok, another week has gone by, and here’s the promised rc8.

I’m still hoping that this will be the last rc, despite all the Meltdown and Spectre hoopla. But we will just have to see, it obviously requires this upcoming week to not come with any huge surprises.

The patches aren’t huge, but architecture updates do end up being a largish part. That’s partly due to the x86 “retpoline” support (well, the basic stuff that is uncontested), but also because the powerpc people decided they wanted to play too, so there’s some low-level kernel entry changes there too. Aren’t we lucky?

Oh, and there’s a small RISC-V update too.

Link: 更多细节请访问LKML

安全点评

总结熔断(Meltdown)和幽灵(Spectre)漏洞

继月初简报中报道的英特尔惊天漏洞,现在该漏洞的各具体细节都已经过了一系列的讨论。现在我们来大概总结一下。

这次总共爆出了三个漏洞,我们来分别说一说:

熔断漏洞 CVE-2017-5754:内存数据访问的权限缺失

处理器为了提高性能,往往会预取(prefetch或者speculative access)内存数据并预测执行代码。 现在发现,英特尔处理器在预取数据的时候,并没有及时对数据页的权限做检查,导致底权限的代码能够预取高权限的数据并使用该数据执行预测执行的代码。 这种优化导致跨权读取的数据被放入缓存,并存入物理寄存器引发更多的预测执行痕迹。 通过缓存侧信道,攻击者获得缓存内的数据和预测执行的痕迹,即可猜出跨权数据。

为了修复该漏洞,各大操作系统厂商都在积极添加内核页表分离(KPTI)补丁。该方桉旨在分离用户和系统地址空间。 这样预取跨权数据时会因为页表缺失而失败,从而堵上侧信道的数据来源。 由于当前处理器(主要是英特尔处理器)不直接支持单独的系统页表寄存器,导致内核上下文切换时会强迫刷新TLB,造成性能下降。 新一代的处理器已添加PCID对系统页表的支持,则不需要刷新TLB,则不会有明显性能损失。

RISC-V指令集正在积极探讨从指令集层面直接支持内核页表分离,相信很快将纳入特权指令集标准。 同时,支持乱序的RISC-V核BOOM由于使用Rocket-Chip的数据缓存设计,不会越权读取跨权数据,天然不受熔断漏洞的影响。

幽灵漏洞 CVE-2017-5753:通过恶意训练直接跳转的分支预测从而预测执行内核代码

现代处理器一般都会通过分支预测器预取指令执行。攻击者可以通过恶意训练分支预测器然后导致处理器预测执行不该执行的代码。 该漏洞如果被用于攻击一般会用于而已执行内核代码从而造成内核数据泄露。

修复该漏洞可以在软件强制在关键代码区域内延迟分支预测从而降低预测执行代码的数量。 英特尔的建议是在关键分支代码之前添加LFENCE指令。 从硬件上也可以尝试选择性预测执行。比如在执行内核关键代码区时直接关闭分支预测。

幽灵漏洞 CVE-2017-5715:通过恶意训练间接跳转的跳转目标预测从而预测执行内核代码或用户代码

现代处理器不光能分支预测,还能直接预测分支跳转核间接跳转的目标地址,从而达到对间接跳转的预取指支持。 攻击者则利用该特性,恶意训练对跳转目标的预测器(BTB),达到跳转到任意代码的目的。

从软件上修复,可以使用特殊的函数调用方式执行关键函数以确保关键函数的执行不能由跳转目标预测决定。 从硬件上,可以要求上下文切换时清空BTB,这则直接避免了跨进程或跨优先级的恶意跳转目标训练。 对于利用该漏洞直接预测执行用户代码,可以用英特尔的SMEP核SMAP特性堵上直接使用用户代码对内核的代码注入。

实用资料

RISC-V debug spec的介绍

HelloWorld 最近在 IT 铁人赛上连载了一系列关于RISC-V debug spec 和openocd的文章。有兴趣研究debug spec 和其openocd实作的可以参考。另外,NonerKao也在铁人赛上连载了一系列关于RISC-V assembly 的文章。对于elf,nn,as 或是相关工具有兴趣的朋友可以看看。

Links:

芯片编译公众号的开篇——RISC-V Tools编译安装三部曲

李浩同学在这个公众号中手把手的介绍了怎么编译与安装RISC-V tools。不过小编还是期待有好心人能早日释出pre-built版本啊,最好是能用apt-get isntall就拿到更好。

Links:

行业视角

The Bisquick Alternative - SiFive Uses RISC-V to Simplify SoC Creation

微处理器领域的资深编辑和分析师Jim Turley在EE Journal上用生动诙谐的语言发表了他对RISC-V的一些看法。他首先提到了SiFive目前正在做的事情,展望了在未来定制化芯片时代或许不久就会到来。最后他对RISC-V在简洁性和平衡性上也表示赞同。

Everybody wants their own custom or semi-custom device, but not everyone is equipped to design or build one, the company believes. Kang compares his customer base to programmers creating new smartphone apps. They’re good programmers, but they don’t know – or need to know – everything about how smartphones are put together. It’s enough to know what you want, not necessarily all the steps involved in making it happen. Today, anyone developing a custom chip has to be deeply knowledgeable about each step of design, testing, verification, and fabrication. SiFive is hoping to dumb that down a bit.

In the process, the company uses RISC-V as a configurable part of its IP portfolio. Again, the company doesn’t expect its customers to be microprocessor aficionados, or to have strong ideas about how to customize their CPU. That’s what SiFive is for. They can recommend the changes, if any, that will benefit the customer’s application, and then make those changes happen. Along the way, SiFive will surround the CPU with its in-house IP, produce a complete design, and fab it for you at TSMC. Just add water.

It’s right there in the name: RISC-V. As in, “reduced instruction set.” The whole point behind any RISC architecture is simplicity; that you can do more with less. Superfluous instructions aren’t just unnecessary; they’re bad things. Gratuitous features just add hardware complexity and slow down the pipeline. John von Neumann posited that computers really need only three operations; anything beyond that is window-dressing. Today’s RISC machines aren’t quite that Spartan, but the point is still valid. RISC-V, like most other RISC architectures, is already supposed to be “just right,” neither too simple nor too complicated. Meddling with that would seem to defeat the purpose.

Still, SiFive is happy to let you experiment. Maybe you’ll discover that one custom feature that radically alters your system’s performance, or security, or power consumption. Or maybe you’re happy with the standard configuration. Either way, SiFive can make your SoC dreams come true. You can have your pancake and eat it, too.

Link: The Bisquick Alternative: SiFive Uses RISC-V to Simplify SoC Creation

MIPS Is Back, With An Eye on AI

MIPS重回硅谷,得到了新的VC的投资并且开始招兵买马,EETime的这篇文章采访了多为业内人士讲述了这几年MIPS所经历的种种,

Lost identity, foot print

While MIPS was under Imagination Technologies’ roof, it lost focus, its own identity and its footprint on the market. Bemanian acknowledged during the interview that many MIPS engineers felt as though they were forced into becoming what they were not in order to support its parent company. Imagination had hoped MIPS could be the processing core in the mobile market. “We felt as though we lost our heritage,” Bemanian said.

Krewell added, “What’s missing is mainstream operating system support (Android and Windows). Even embedded OS support is starting to wane.” Further, the problem, as he sees it, is “that the trajectory for MIPS was heading in the wrong direction and with the rise of RISC-V, there was less and less reason to support MIPS as an alternative to ARM.”

MIPS似乎也打算紧随潮流的参与到AI的浪潮中,另一件值得关注的事情是MIPS的创始人之一John Hennessy也强势回归!

In his view, MIPS’ versatility and efficiency will work to MIPS’ advantage as it moves deeper into the AI market. MIPS can handle payload in the data plane, but will also be very effective in managing data in the control plane on the edge. “MIPS can be a part of inference engines or it can be used to manage accelerators around GPUs and FPGAs as well,” Bemanian said.

In a statement, Hennessy said, “With the emergence of AI in applications that will touch all of our lives in ways we can’t yet begin to fathom, this is an incredibly exciting time to see MIPS position themselves in the epicenter of the AI universe.” He emphasized the initial simplicity, efficiency and extensibility of the MIPS architecture will provide “advantages for an ever-changing range of applications.”

Link: MIPS Is Back, With An Eye on AI

CNRV网站更新

暴走事件

二月

五月

招聘简讯

CNRV提供为行业公司提供公益性质的一句话的招聘信息发布,若有任何体系结构、IC设计、软件开发的招聘信息,欢迎联系我们!


整理编集: 宋威、黄柏玮、郭雄飞

特別感謝:黃銳


欢迎关注微信公众号CNRV,接收最新最时尚的RISC-V讯息!

CNRV微信公众号


知识共享许可协议
本作品采用知识共享署名-非商业性使用-相同方式共享 3.0 中国大陆许可协议进行许可。