• State Accepted Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 22 subscribers
  • Views 21049 views
  • Users 0 members are here
2025 survey

We are running a survey to help us improve the experience for all of our members. If you see the survey appear, please take the time to tell us about your experience if you can.

Options
Related
How was your experience today?
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

TLB Conflict abort

hntuan94

Hi All,

I want to check TLB Conflict abort.

How can I create an address which matches multiple entries in the TLB as ARMv8 spec mentioned.

ARMv8 spec:

"An address can hit multiple entries in the TLB if the TLB has been invalidated inappropriately, for example if TLB
invalidation required by the architecture has not been performed."

Thanks,

Parents
  • +1 Arm Employee Badge

    It's quite hard to come up with a sequence which definitely generates the exception, as you don't have precise control of the MMU.  But try something like this:

    • Map a 4KB page (address X)
    • Touch that page, in order to get the translation cached in the TLB
    • Modify the translation tables, replacing the mapping for address X with a 2MB mapping - DO NOT INVALIDATE the TLB
    • Touch "X + 4KB".  This will/should miss in the TLB, causing a new walk returning the 2MB mapping
    • Touch X.  Assuming they've not been evicted, you'll hit both on the 4KB and 2MB mapping - as both cover address X.
Reply
  • +1 Arm Employee Badge

    It's quite hard to come up with a sequence which definitely generates the exception, as you don't have precise control of the MMU.  But try something like this:

    • Map a 4KB page (address X)
    • Touch that page, in order to get the translation cached in the TLB
    • Modify the translation tables, replacing the mapping for address X with a 2MB mapping - DO NOT INVALIDATE the TLB
    • Touch "X + 4KB".  This will/should miss in the TLB, causing a new walk returning the 2MB mapping
    • Touch X.  Assuming they've not been evicted, you'll hit both on the 4KB and 2MB mapping - as both cover address X.
Children
  • 0 in reply to Martin Weidmann

    Thanks!

    I could create an address matches 2 entries as your suggestion but the TLB Conflict abort was not generated with ARM model.

    1. First memory access: Address cached in the TLB (4KB)

    clk TLB FILL cpu0.UTLB 4K 0x8180000000_NS EL2_n, nG asid=0:0x8180000000_NS

    2. Second memory access: Address cached in the TLB (2MB)

    clk TLB FILL cpu0.UTLB 2M 0x8180000000_NS EL2_n, nG asid=0:0x8180000000_NS

    3. Final memory access: Expect TLB conflict abort but not happened.

    It seems TLB not only cached the address but also the size etc, combining all conditions it's hard to create TLB conflict.

  • 0 Arm Employee Badge in reply to hntuan94

    Which model are using?  If it's the AEM FVP, you need to enable TLB conflict reporting:

    -C cluster0.has_tlb_conflict_abort=1
    -C cluster1.has_tlb_conflict_abort=1

    Or, for the single cluster systems:

    -C cluster.has_tlb_conflict_abort=1