• State Accepted Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 350 subscribers
  • Views 4293 views
  • Users 0 members are here
Options
How was your experience today?
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

TTBR0_EL1, translation fault level 0 after switching identity mapping off

MrMino

Hello everyone.

I'm creating a single-core kernel for RPi 4B (ARMv8, BCM2711). I've successfully mapped the kernel in high memory, using TTBR1. TTBR0 stays on identity mapping until the load of the user process. For the last week I'm fighting with the following issue: after switching the TTBR0 table from identity to user process, the memory becomes inaccessible, and a translation fault level 0 is triggered at access.

Any clues as to what is happening are greatly appreciated, I've run out of ideas for what to check.

The old mapping works up until the switch, so that leads me to believe that the MMU is set up correctly. After the switch, the memory addresses that are mapped there are inaccessible, even when using GDB via JTAG.

My intuition tells me that I'm missing something about TLB maintenance, but I don't know what. The code that I'm using to invalidate TLB is the following:

Fullscreen
1
2
3
4
5
6
7
8
9
10
11
dsb ish
isb sy
msr ttbr0_el1, x20
ic iallu
dsb sy
isb sy
tlbi vmalle1
dmb sy
isb sy
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX


The TTBR adresses are:

Fullscreen
1
2
TTBR0: 0x100010000
TTBR1: 0xa5000
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX




The table descriptors for the user process, as seen from GDB, are as follows:

Fullscreen
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
(gdb) x/2gx 0xffff000100010000
0xffff000100010000: 0x0000000100012003 0x0000000000000000
(gdb) x/16gx 0xffff000100012000
0xffff000100012000: 0x0000000100013403 0x0000000000000000
0xffff000100012010: 0x0000000000000000 0x0000000000000000
0xffff000100012020: 0x0000000000000000 0x0000000000000000
0xffff000100012030: 0x0000000000000000 0x0000000000000000
0xffff000100012040: 0x0000000000000000 0x0000000000000000
0xffff000100012050: 0x0000000000000000 0x0000000000000000
0xffff000100012060: 0x0000000100016403 0x0000000000000000
0xffff000100012070: 0x0000000000000000 0x0000000000000000
(gdb) x/2gx 0xffff000100010000
0xffff000100010000: 0x0000000100012003 0x0000000000000000
(gdb) x/14gx 0xffff000100012000
0xffff000100012000: 0x0000000100013403 0x0000000000000000
0xffff000100012010: 0x0000000000000000 0x0000000000000000
0xffff000100012020: 0x0000000000000000 0x0000000000000000
0xffff000100012030: 0x0000000000000000 0x0000000000000000
0xffff000100012040: 0x0000000000000000 0x0000000000000000
0xffff000100012050: 0x0000000000000000 0x0000000000000000
0xffff000100012060: 0x0000000100016403 0x0000000000000000
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

0