Hello,
I got a little problem in ARMv8's MMU.
Obviously, when we access the kernel virtual address in application such as :
unsigned long *p = 0xffffffff28008000; unsigned long x = *p; *p = 1;
The application will be killed by kernel and then reports "segment fault".
But What the actual action does by MMU in ARMv8? When does it find the permission fault?
In the first time it gets the VA? OR when MMU obtains the value from the TTBR1_EL1? OR at the time when MMU translates the table and gets some descriptor which determines the permission?
Thanks for your answer.
In my circumstance, I just use Linux OS. And I made a module to check what TCR_EL1's value is. I found that in my processor, the TCR_EL1.E0PD1 ==0 and TCR_EL1.EPDn==0. And in my test_module, I Set the page table descriptor (translated from TTBR1_EL1) 's AP filed to be 0b01 (means allow user rw).
But after all of things done, I still get "segment fault" when access kernel virtual address in user application.
So, I still have this question.
In that case, you need to check the ESR_EL1 value being reported when the MMU faults the access. The syndrome will tell you why access was blocked.
Besides the check of ESR_EL1 as from Martin, another thought is to make sure that your AP bits on the right page table entry for this virtual address. there are some unused kernel VA holes . fffffe0000000000 - ffffffffffffffff (2TB ) guard region. and your VA is under this region.
more info: www.kernel.org/.../memory.rst