RE: framebuffer corruption due to overlapping stp instructions on arm64

From: Mikulas Patocka
Date: Wed Aug 08 2018 - 14:56:08 EST




On Wed, 8 Aug 2018, David Laight wrote:

> From: Arnd Bergmann
> > Sent: 08 August 2018 17:31
> ..
> > > They do modify the same byte, but with the same value. Suppose that you
> > > want to copy a piece of data that is between 8 and 16 bytes long. You can
> > > do this:
> > >
> > > add src_end, src, len
> > > add dst_end, dst, len
> > > ldr x0, [src]
> > > ldr x1, [src_end - 8]
> > > str x0, [dst]
> > > str x1, [dst_end - 8]
>
> I've done that myself (on x86) copied the last 'word' first then
> everything else in increasing address order.
>
> > > The ARM64 memcpy uses this trick heavily in order to reduce branching, and
> > > this is what makes the PCIe controller choke.
>
> More likely the write combining buffer?

When I write to memory (using the NC mapping - that is also used in the
PCI BAR), I get no corruption. So the corruption must be in the PCIe
controller, not the core or memory subsystem.

I also tried to disable write streaming on NC mapping with a chicken bit,
but it didn't help.

> > So when a single unaligned 'stp' gets translated into a PCIe with TLP
> > with length=5 (20 bytes) and LastBE = ~1stBE, write combining the
> > overlapping stores gives us a TLP with a longer length (5..8 for two
> > stores), and byte-enable bits that are not exactly a complement.
>
> Write combining should generate a much longer TLP.
> Depending on the size of the write combining buffer.
>
> But in the above case I'd have thought that the second write
> would fail to 'combine' - because it isn't contiguous with the
> stored data.
>
> So something more complex will be going on.
>
> David

Mikulas