• State Accepted Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 348 subscribers
  • Views 832 views
  • Users 0 members are here
Options
Related
How was your experience today?
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RME: how to share memory pages in non-sec pas with a realm?

Bokdeuk Jeong

According to the RME supplement:
         5.1.2.3 Realm EL1&0 stage 2 translation

If the stage 2 translation for a Realm stage 1 translation table walk resolves to an address not in the Realm physical
address space, it causes a stage 2 Permission fault.

Does this mean memory pages in non-secure PAS cannot be shared with a realm at all?

However, in the same subsection:

"If a Block or Page descriptor fetched for Realm EL1&0 stage 2 translation has NS set to 1, the output address is in
the Non-secure physical address space. Otherwise, the output address is in the Realm physical address space."

If we cannot share a page between Realm EL1&0 and Non-secure world, what's the purpose of the NS bit in a Block or Page descriptor for S2 translation table?

Is there a way to share memory pages between Realm EL1/0 and the non-secure world?

I am running a realm with a linux kernel image. I tried to share memory pages in non-sec pas with the realm for data access purpose by setting the NS bit to 1 in the last level page table entries of S2 table. Some page access by the linux realm generated data abort with S1PTW bit set and permission fault. This seems to make sense according to the specification above. However, some other pages with the same flags did not cause any data abort. Please correct me where I am wrong at.

Thanks in advance.

Parents
  • 0

    It comes down to the first bit of the spec you quoted:

    Bokdeuk Jeong said:
    If a Block or Page descriptor fetched for Realm EL1&0 stage 2 translation has NS set to 1, the output address is in
    the Non-secure physical address space. Otherwise, the output address is in the Realm physical address space."

    The important part here is "for a Realm stage 1 translation table walk".  The restriction is specifically that Realm EL1&0 translation tables cannot be fetched from Non-secure memory.

    So yes, memory in the Non-secure PAS can be shared between Realm and Non-secure state.  As you spotted, that's why there is a NS bit in the Realm S2 tables.  But you cannot put the Realm state translation tables into NS memory.

Reply
  • 0

    It comes down to the first bit of the spec you quoted:

    Bokdeuk Jeong said:
    If a Block or Page descriptor fetched for Realm EL1&0 stage 2 translation has NS set to 1, the output address is in
    the Non-secure physical address space. Otherwise, the output address is in the Realm physical address space."

    The important part here is "for a Realm stage 1 translation table walk".  The restriction is specifically that Realm EL1&0 translation tables cannot be fetched from Non-secure memory.

    So yes, memory in the Non-secure PAS can be shared between Realm and Non-secure state.  As you spotted, that's why there is a NS bit in the Realm S2 tables.  But you cannot put the Realm state translation tables into NS memory.

Children