Hello experts.
I making a security operating system using trustzone using ARMv8 big-little core.
I face some probleam of cache clean or invalidate.
I want to cache flush to used only secure-world memory based on virtual memory, no flush non-secure world cache line.
I know the ns bit in cache tags determine secure or non-secure.
and I found some coprocess register for cache flush based on virtual address like a ICIMVAU, DCIMVAC, DCCMVAC, DCCMVAU, DCCIMVAC.
but i didn't found the check secure cache or non-secure cache and operate to only secure world cache flush.
so how to flush to only secure area cache.
Is not supported operation?
thanks for read my question and please help me.
It depends on exactly what you mean...
The cache maintenance operations you are quoted take a virtual address as an argument. While the caches are tagged by physical address, which as you mentioned in whether the line is Secure or Non-secure.
A Secure virtual address can translate to either a Secure or Non-secure physical address. It's controlled by the Secure world's translation tables.
So invalidating (or clean+invalidating) all the Secure virtual addresses is straight forward. You just have to iterate through the address space.
However, if you only want to invalidate those Secure virtual addresses that translate to a Secure physical address, there isn't a specific command for that. You need to know which addresses you had mapped as what.
Aa Ha Thanks.
I understand what you mean!, and sorry i learnning english hehe.
I forget physical index physical tag. and secure virtual addresses translate secure physical address.
the secure physical address using 33bit and 33bit (0 or 1 ... i will find. hehehehe)
thanks for your comment. and please check to my understanded content.
Cache maintenance operations by virtual address in secure world will only affect the cache lines which are cached because of accessing that space in secure world.
This means secure world mapped this space as cachable. The memory space can be secure or non-secure, depends on your setting. The point is secure world mapped it then cache it.
I think you just want to flush cache lines accessed in secure world.
So as Martin said, just iterate all the virtual address space you want to operate on. This will not impact the cache lines which are cached in non-secure world.
BTW, if you're using cache operations by set/way:
Secure world operations will affect both secure and non-secure cache lines.
Non-secure world opertions will just affect non-secure cahce lines.
For more information about this, please refer to:
http://infocenter.arm.com/help/topic/com.arm.doc.faqs/ka16369.html
Thanks for your comment!
your comment make me a clearly understand!
Suddenly i have a one question about performance of cache flush.
If cache line size 64byte, iterate all the virtual address space is 4GB(4096 * 1024 * 1024 byte)/64byte = 67108864(loop count of all address space in 32bit)
but set/way is a less than all virtual address space. and virtual address translate to physical address before cache flush.
If using set/way cache flush (all cache line), must occure cache miss and get data from low level memory system.
but i guess set/way is more high performance, because set/way loop count is little (compare virtual address space)
how are you think the aspect of performance?
Something of a generalization, but you rarely want/need to clean and/or invalidate the entire address space. But rather a specific address range - for which the VA operations are best suited. For example, I have a buffer populated by an external master. It's only the address range of the buffer that needs maintenance operations. Flushing other lines is both unnecessary, and probably bad for performance (due then getting misses).
There also cases where you want to clean and/or invalidate the entire cache, regardless of addresses. Typically when the core or processor is being powered off. Then you use set/way operations.
Thanks for your comment!!.
In my case like linux address map! ( 0~3G User Space, 3~4G Kernel Space)
I know of this memory space very bad because don't need the 3GB space in secure world application. (later i will modify.)
I will flush all cache line used secure-world evenif interrupt forwarding to non-secure world, because this issue related security policy(non-secure world possible view to cache information in debugging).
so I will deside to cache flush set/way or virtual address. i don't know what is the make a high performance.
in my case no specific address range
Thanks.