According to the RME supplement: 5.1.2.3 Realm EL1&0 stage 2 translation
If the stage 2 translation for a Realm stage 1 translation table walk resolves to an address not in the Realm physicaladdress space, it causes a stage 2 Permission fault.
Does this mean memory pages in non-secure PAS cannot be shared with a realm at all?
However, in the same subsection:
"If a Block or Page descriptor fetched for Realm EL1&0 stage 2 translation has NS set to 1, the output address is inthe Non-secure physical address space. Otherwise, the output address is in the Realm physical address space."
If we cannot share a page between Realm EL1&0 and Non-secure world, what's the purpose of the NS bit in a Block or Page descriptor for S2 translation table?
Is there a way to share memory pages between Realm EL1/0 and the non-secure world?
I am running a realm with a linux kernel image. I tried to share memory pages in non-sec pas with the realm for data access purpose by setting the NS bit to 1 in the last level page table entries of S2 table. Some page access by the linux realm generated data abort with S1PTW bit set and permission fault. This seems to make sense according to the specification above. However, some other pages with the same flags did not cause any data abort. Please correct me where I am wrong at.
Thanks in advance.
It comes down to the first bit of the spec you quoted:
Bokdeuk Jeong said:If a Block or Page descriptor fetched for Realm EL1&0 stage 2 translation has NS set to 1, the output address is inthe Non-secure physical address space. Otherwise, the output address is in the Realm physical address space."
The important part here is "for a Realm stage 1 translation table walk". The restriction is specifically that Realm EL1&0 translation tables cannot be fetched from Non-secure memory.
So yes, memory in the Non-secure PAS can be shared between Realm and Non-secure state. As you spotted, that's why there is a NS bit in the Realm S2 tables. But you cannot put the Realm state translation tables into NS memory.
I only put S2 tables in Realm PAS, but not the S1 tables. Thank you so much!