Hello everyone,
I'm experimenting a bit with MMU after understanding its core principles. Specifically I can successfully enable it with an identity mapping for TTBR0 (no TTBR1) on a Raspberry Pi 3 (Cortex A-53, ARMv8 AArch64).
The next step I wanted to try is to access memory through TTBR1. If I understand correctly TTBR1 page tables are used when the most significant 16 bits of the address in question are set to 1 (the first 8 can be disabled through VA tagging, but I'm not interested in that for now). Following that I set both TTBR0 and TTBR1 to the same page table (simple identity mapping) and tried to access the same data by changing the first 2 bytes of the address. The code I'm trying to run is
ptr = &x; uart0_putc(*ptr); ptr = (char*)((uint64_t)ptr | 0xffff000000000000); uart0_putc(*ptr);
The modified address read yields however a level 0 page translation fault.
For reference, this is the Github repo with the full code: github.com/.../uARM_pienv
This looked very simple to me, and I can't wrap my head around the problem. Maybe I'm missing something from the ARM ARM? I've been reading on the topic but can't find anything. Any help is appreciated.
Hello,
The starting VA of the upper-VA-range is controlled by TCR's T1SZ field.
The sizes of two VA ranges are controlled by adjusting their boundaries, but the boundary for lower range is its end, while the boundary for the upper is its start.
~
To further clarify: I had completely overlooked the T1SZ field, and for various reasons its VA range was too small (thus the translation fault).
I have found the relevant parts for the different boundaries in the reference manual and I now have a much better picture of the whole system. Thanks for assisting me!