Antonio Nino Diaz | b5d6809 | 2017-05-23 11:49:22 +0100 | [diff] [blame] | 1 | Translation Tables Library Design |
| 2 | ================================= |
| 3 | |
| 4 | |
| 5 | .. section-numbering:: |
| 6 | :suffix: . |
| 7 | |
| 8 | .. contents:: |
| 9 | |
| 10 | |
| 11 | This document describes the design of the translation tables library (version 2) |
Dan Handley | 610e7e1 | 2018-03-01 18:44:00 +0000 | [diff] [blame] | 12 | used by Trusted Firmware-A (TF-A). This library provides APIs to create page |
Antonio Nino Diaz | b5d6809 | 2017-05-23 11:49:22 +0100 | [diff] [blame] | 13 | tables based on a description of the memory layout, as well as setting up system |
| 14 | registers related to the Memory Management Unit (MMU) and performing the |
| 15 | required Translation Lookaside Buffer (TLB) maintenance operations. |
| 16 | |
| 17 | More specifically, some use cases that this library aims to support are: |
| 18 | |
| 19 | #. Statically allocate translation tables and populate them (at run-time) based |
| 20 | on a description of the memory layout. The memory layout is typically |
| 21 | provided by the platform port as a list of memory regions; |
| 22 | |
| 23 | #. Support for generating translation tables pertaining to a different |
| 24 | translation regime than the exception level the library code is executing at; |
| 25 | |
| 26 | #. Support for dynamic mapping and unmapping of regions, even while the MMU is |
| 27 | on. This can be used to temporarily map some memory regions and unmap them |
| 28 | later on when no longer needed; |
| 29 | |
| 30 | #. Support for non-identity virtual to physical mappings to compress the virtual |
| 31 | address space; |
| 32 | |
| 33 | #. Support for changing memory attributes of memory regions at run-time. |
| 34 | |
| 35 | |
| 36 | About version 1 and version 2 |
| 37 | ----------------------------- |
| 38 | |
| 39 | This document focuses on version 2 of the library, whose sources are available |
Sandrine Bailleux | 15530dd | 2019-02-08 15:26:36 +0100 | [diff] [blame] | 40 | in the `lib/xlat_tables_v2`_ directory. Version 1 of the library can still be |
| 41 | found in `lib/xlat_tables`_ directory but it is less flexible and doesn't |
Antonio Nino Diaz | b5d6809 | 2017-05-23 11:49:22 +0100 | [diff] [blame] | 42 | support dynamic mapping. Although potential bug fixes will be applied to both |
| 43 | versions, future features enhancements will focus on version 2 and might not be |
| 44 | back-ported to version 1. Therefore, it is recommended to use version 2, |
| 45 | especially for new platform ports. |
| 46 | |
| 47 | However, please note that version 2 is still in active development and is not |
| 48 | considered stable yet. Hence, compatibility breaks might be introduced. |
| 49 | |
| 50 | From this point onwards, this document will implicitly refer to version 2 of the |
| 51 | library. |
| 52 | |
| 53 | |
| 54 | Design concepts and interfaces |
| 55 | ------------------------------ |
| 56 | |
| 57 | This section presents some of the key concepts and data structures used in the |
| 58 | translation tables library. |
| 59 | |
| 60 | `mmap` regions |
| 61 | ~~~~~~~~~~~~~~ |
| 62 | |
| 63 | An ``mmap_region`` is an abstract, concise way to represent a memory region to |
| 64 | map. It is one of the key interfaces to the library. It is identified by: |
| 65 | |
| 66 | - its physical base address; |
| 67 | - its virtual base address; |
| 68 | - its size; |
Sandrine Bailleux | 8f23fa8 | 2017-09-28 21:58:12 +0100 | [diff] [blame] | 69 | - its attributes; |
| 70 | - its mapping granularity (optional). |
Antonio Nino Diaz | b5d6809 | 2017-05-23 11:49:22 +0100 | [diff] [blame] | 71 | |
Sandrine Bailleux | 15530dd | 2019-02-08 15:26:36 +0100 | [diff] [blame] | 72 | See the ``struct mmap_region`` type in `xlat_tables_v2.h`_. |
Antonio Nino Diaz | b5d6809 | 2017-05-23 11:49:22 +0100 | [diff] [blame] | 73 | |
| 74 | The user usually provides a list of such mmap regions to map and lets the |
| 75 | library transpose that in a set of translation tables. As a result, the library |
| 76 | might create new translation tables, update or split existing ones. |
| 77 | |
| 78 | The region attributes specify the type of memory (for example device or cached |
| 79 | normal memory) as well as the memory access permissions (read-only or |
Antonio Nino Diaz | dcf9d92 | 2017-10-04 16:52:15 +0100 | [diff] [blame] | 80 | read-write, executable or not, secure or non-secure, and so on). In the case of |
| 81 | the EL1&0 translation regime, the attributes also specify whether the region is |
Antonio Nino Diaz | 8643a81 | 2018-06-21 14:39:16 +0100 | [diff] [blame] | 82 | a User region (EL0) or Privileged region (EL1). See the ``MT_xxx`` definitions |
Sandrine Bailleux | 15530dd | 2019-02-08 15:26:36 +0100 | [diff] [blame] | 83 | in `xlat_tables_v2.h`_. Note that for the EL1&0 translation regime the Execute |
Antonio Nino Diaz | 8643a81 | 2018-06-21 14:39:16 +0100 | [diff] [blame] | 84 | Never attribute is set simultaneously for both EL1 and EL0. |
Antonio Nino Diaz | b5d6809 | 2017-05-23 11:49:22 +0100 | [diff] [blame] | 85 | |
Sandrine Bailleux | 8f23fa8 | 2017-09-28 21:58:12 +0100 | [diff] [blame] | 86 | The granularity controls the translation table level to go down to when mapping |
| 87 | the region. For example, assuming the MMU has been configured to use a 4KB |
| 88 | granule size, the library might map a 2MB memory region using either of the two |
| 89 | following options: |
| 90 | |
| 91 | - using a single level-2 translation table entry; |
| 92 | - using a level-2 intermediate entry to a level-3 translation table (which |
| 93 | contains 512 entries, each mapping 4KB). |
| 94 | |
| 95 | The first solution potentially requires less translation tables, hence |
| 96 | potentially less memory. However, if part of this 2MB region is later remapped |
| 97 | with different memory attributes, the library might need to split the existing |
| 98 | page tables to refine the mappings. If a single level-2 entry has been used |
| 99 | here, a level-3 table will need to be allocated on the fly and the level-2 |
| 100 | modified to point to this new level-3 table. This has a performance cost at |
| 101 | run-time. |
| 102 | |
| 103 | If the user knows upfront that such a remapping operation is likely to happen |
| 104 | then they might enforce a 4KB mapping granularity for this 2MB region from the |
| 105 | beginning; remapping some of these 4KB pages on the fly then becomes a |
| 106 | lightweight operation. |
| 107 | |
| 108 | The region's granularity is an optional field; if it is not specified the |
| 109 | library will choose the mapping granularity for this region as it sees fit (more |
| 110 | details can be found in `The memory mapping algorithm`_ section below). |
Antonio Nino Diaz | b5d6809 | 2017-05-23 11:49:22 +0100 | [diff] [blame] | 111 | |
| 112 | Translation Context |
| 113 | ~~~~~~~~~~~~~~~~~~~ |
| 114 | |
| 115 | The library can create or modify translation tables pertaining to a different |
| 116 | translation regime than the exception level the library code is executing at. |
| 117 | For example, the library might be used by EL3 software (for instance BL31) to |
| 118 | create translation tables pertaining to the S-EL1&0 translation regime. |
| 119 | |
| 120 | This flexibility comes from the use of *translation contexts*. A *translation |
| 121 | context* constitutes the superset of information used by the library to track |
| 122 | the status of a set of translation tables for a given translation regime. |
| 123 | |
| 124 | The library internally allocates a default translation context, which pertains |
| 125 | to the translation regime of the current exception level. Additional contexts |
| 126 | may be explicitly allocated and initialized using the |
| 127 | ``REGISTER_XLAT_CONTEXT()`` macro. Separate APIs are provided to act either on |
| 128 | the default translation context or on an alternative one. |
| 129 | |
| 130 | To register a translation context, the user must provide the library with the |
| 131 | following information: |
| 132 | |
| 133 | * A name. |
| 134 | |
| 135 | The resulting translation context variable will be called after this name, to |
| 136 | which ``_xlat_ctx`` is appended. For example, if the macro name parameter is |
| 137 | ``foo``, the context variable name will be ``foo_xlat_ctx``. |
| 138 | |
| 139 | * The maximum number of `mmap` regions to map. |
| 140 | |
| 141 | Should account for both static and dynamic regions, if applicable. |
| 142 | |
| 143 | * The number of sub-translation tables to allocate. |
| 144 | |
| 145 | Number of translation tables to statically allocate for this context, |
| 146 | excluding the initial lookup level translation table, which is always |
| 147 | allocated. For example, if the initial lookup level is 1, this parameter would |
| 148 | specify the number of level-2 and level-3 translation tables to pre-allocate |
| 149 | for this context. |
| 150 | |
| 151 | * The size of the virtual address space. |
| 152 | |
| 153 | Size in bytes of the virtual address space to map using this context. This |
| 154 | will incidentally determine the number of entries in the initial lookup level |
| 155 | translation table : the library will allocate as many entries as is required |
| 156 | to map the entire virtual address space. |
| 157 | |
| 158 | * The size of the physical address space. |
| 159 | |
| 160 | Size in bytes of the physical address space to map using this context. |
| 161 | |
| 162 | The default translation context is internally initialized using information |
| 163 | coming (for the most part) from platform-specific defines: |
| 164 | |
| 165 | - name: hard-coded to ``tf`` ; hence the name of the default context variable is |
| 166 | ``tf_xlat_ctx``; |
| 167 | - number of `mmap` regions: ``MAX_MMAP_REGIONS``; |
| 168 | - number of sub-translation tables: ``MAX_XLAT_TABLES``; |
| 169 | - size of the virtual address space: ``PLAT_VIRT_ADDR_SPACE_SIZE``; |
| 170 | - size of the physical address space: ``PLAT_PHY_ADDR_SPACE_SIZE``. |
| 171 | |
| 172 | Please refer to the `Porting Guide`_ for more details about these macros. |
| 173 | |
| 174 | |
| 175 | Static and dynamic memory regions |
| 176 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 177 | |
| 178 | The library optionally supports dynamic memory mapping. This feature may be |
| 179 | enabled using the ``PLAT_XLAT_TABLES_DYNAMIC`` platform build flag. |
| 180 | |
| 181 | When dynamic memory mapping is enabled, the library categorises mmap regions as |
| 182 | *static* or *dynamic*. |
| 183 | |
| 184 | - *Static regions* are fixed for the lifetime of the system. They can only be |
| 185 | added early on, before the translation tables are created and populated. They |
| 186 | cannot be removed afterwards. |
| 187 | |
| 188 | - *Dynamic regions* can be added or removed any time. |
| 189 | |
| 190 | When the dynamic memory mapping feature is disabled, only static regions exist. |
| 191 | |
| 192 | The dynamic memory mapping feature may be used to map and unmap transient memory |
| 193 | areas. This is useful when the user needs to access some memory for a fixed |
| 194 | period of time, after which the memory may be discarded and reclaimed. For |
| 195 | example, a memory region that is only required at boot time while the system is |
| 196 | initializing, or to temporarily share a memory buffer between the normal world |
| 197 | and trusted world. Note that it is up to the caller to ensure that these regions |
| 198 | are not accessed concurrently while the regions are being added or removed. |
| 199 | |
| 200 | Although this feature provides some level of dynamic memory allocation, this |
| 201 | does not allow dynamically allocating an arbitrary amount of memory at an |
| 202 | arbitrary memory location. The user is still required to declare at compile-time |
| 203 | the limits of these allocations ; the library will deny any mapping request that |
| 204 | does not fit within this pre-allocated pool of memory. |
| 205 | |
| 206 | |
| 207 | Library APIs |
| 208 | ------------ |
| 209 | |
| 210 | The external APIs exposed by this library are declared and documented in the |
Sandrine Bailleux | 15530dd | 2019-02-08 15:26:36 +0100 | [diff] [blame] | 211 | `xlat_tables_v2.h`_ header file. This should be the reference point for |
Antonio Nino Diaz | b5d6809 | 2017-05-23 11:49:22 +0100 | [diff] [blame] | 212 | getting information about the usage of the different APIs this library |
| 213 | provides. This section just provides some extra details and clarifications. |
| 214 | |
| 215 | Although the ``mmap_region`` structure is a publicly visible type, it is not |
| 216 | recommended to populate these structures by hand. Instead, wherever APIs expect |
| 217 | function arguments of type ``mmap_region_t``, these should be constructed using |
| 218 | the ``MAP_REGION*()`` family of helper macros. This is to limit the risk of |
| 219 | compatibility breaks, should the ``mmap_region`` structure type evolve in the |
| 220 | future. |
| 221 | |
Sandrine Bailleux | 8f23fa8 | 2017-09-28 21:58:12 +0100 | [diff] [blame] | 222 | The ``MAP_REGION()`` and ``MAP_REGION_FLAT()`` macros do not allow specifying a |
| 223 | mapping granularity, which leaves the library implementation free to choose |
| 224 | it. However, in cases where a specific granularity is required, the |
| 225 | ``MAP_REGION2()`` macro might be used instead. |
| 226 | |
Antonio Nino Diaz | b5d6809 | 2017-05-23 11:49:22 +0100 | [diff] [blame] | 227 | As explained earlier in this document, when the dynamic mapping feature is |
| 228 | disabled, there is no notion of dynamic regions. Conceptually, there are only |
| 229 | static regions. For this reason (and to retain backward compatibility with the |
| 230 | version 1 of the library), the APIs that map static regions do not embed the |
| 231 | word *static* in their functions names (for example ``mmap_add_region()``), in |
| 232 | contrast with the dynamic regions APIs (for example |
| 233 | ``mmap_add_dynamic_region()``). |
| 234 | |
| 235 | Although the definition of static and dynamic regions is not based on the state |
| 236 | of the MMU, the two are still related in some way. Static regions can only be |
| 237 | added before ``init_xlat_tables()`` is called and ``init_xlat_tables()`` must be |
| 238 | called while the MMU is still off. As a result, static regions cannot be added |
| 239 | once the MMU has been enabled. Dynamic regions can be added with the MMU on or |
| 240 | off. In practice, the usual call flow would look like this: |
| 241 | |
| 242 | #. The MMU is initially off. |
| 243 | |
| 244 | #. Add some static regions, add some dynamic regions. |
| 245 | |
| 246 | #. Initialize translation tables based on the list of mmap regions (using one of |
| 247 | the ``init_xlat_tables*()`` APIs). |
| 248 | |
| 249 | #. At this point, it is no longer possible to add static regions. Dynamic |
| 250 | regions can still be added or removed. |
| 251 | |
| 252 | #. Enable the MMU. |
| 253 | |
| 254 | #. Dynamic regions can continue to be added or removed. |
| 255 | |
| 256 | Because static regions are added early on at boot time and are all in the |
| 257 | control of the platform initialization code, the ``mmap_add*()`` family of APIs |
| 258 | are not expected to fail. They do not return any error code. |
| 259 | |
| 260 | Nonetheless, these APIs will check upfront whether the region can be |
| 261 | successfully added before updating the translation context structure. If the |
| 262 | library detects that there is insufficient memory to meet the request, or that |
| 263 | the new region will overlap another one in an invalid way, or if any other |
| 264 | unexpected error is encountered, they will print an error message on the UART. |
| 265 | Additionally, when asserts are enabled (typically in debug builds), an assertion |
| 266 | will be triggered. Otherwise, the function call will just return straight away, |
| 267 | without adding the offending memory region. |
| 268 | |
| 269 | |
| 270 | Library limitations |
| 271 | ------------------- |
| 272 | |
| 273 | Dynamic regions are not allowed to overlap each other. Static regions are |
| 274 | allowed to overlap as long as one of them is fully contained inside the other |
| 275 | one. This is allowed for backwards compatibility with the previous behaviour in |
| 276 | the version 1 of the library. |
| 277 | |
| 278 | |
| 279 | Implementation details |
| 280 | ---------------------- |
| 281 | |
| 282 | Code structure |
| 283 | ~~~~~~~~~~~~~~ |
| 284 | |
Antonio Nino Diaz | 2781808 | 2018-07-03 14:56:31 +0100 | [diff] [blame] | 285 | The library is divided into 4 modules: |
Antonio Nino Diaz | b5d6809 | 2017-05-23 11:49:22 +0100 | [diff] [blame] | 286 | |
Antonio Nino Diaz | 2781808 | 2018-07-03 14:56:31 +0100 | [diff] [blame] | 287 | - **Core module** |
Antonio Nino Diaz | b5d6809 | 2017-05-23 11:49:22 +0100 | [diff] [blame] | 288 | |
Antonio Nino Diaz | 2781808 | 2018-07-03 14:56:31 +0100 | [diff] [blame] | 289 | Provides the main functionality of the library, such as the initialization of |
| 290 | translation tables contexts and mapping/unmapping memory regions. This module |
| 291 | provides functions such as ``mmap_add_region_ctx`` that let the caller specify |
| 292 | the translation tables context affected by them. |
Antonio Nino Diaz | b5d6809 | 2017-05-23 11:49:22 +0100 | [diff] [blame] | 293 | |
Sandrine Bailleux | 15530dd | 2019-02-08 15:26:36 +0100 | [diff] [blame] | 294 | See `xlat_tables_core.c`_. |
Antonio Nino Diaz | b5d6809 | 2017-05-23 11:49:22 +0100 | [diff] [blame] | 295 | |
Antonio Nino Diaz | 2781808 | 2018-07-03 14:56:31 +0100 | [diff] [blame] | 296 | - **Active context module** |
Antonio Nino Diaz | b5d6809 | 2017-05-23 11:49:22 +0100 | [diff] [blame] | 297 | |
Antonio Nino Diaz | 2781808 | 2018-07-03 14:56:31 +0100 | [diff] [blame] | 298 | Instantiates the context that is used by the current BL image and provides |
| 299 | helpers to manipulate it, abstracting it from the rest of the code. |
| 300 | This module provides functions such as ``mmap_add_region``, that directly |
| 301 | affect the BL image using them. |
| 302 | |
Sandrine Bailleux | 15530dd | 2019-02-08 15:26:36 +0100 | [diff] [blame] | 303 | See `xlat_tables_context.c`_. |
Antonio Nino Diaz | 2781808 | 2018-07-03 14:56:31 +0100 | [diff] [blame] | 304 | |
| 305 | - **Utilities module** |
| 306 | |
| 307 | Provides additional functionality like debug print of the current state of the |
| 308 | translation tables and helpers to query memory attributes and to modify them. |
| 309 | |
Sandrine Bailleux | 15530dd | 2019-02-08 15:26:36 +0100 | [diff] [blame] | 310 | See `xlat_tables_utils.c`_. |
Antonio Nino Diaz | 2781808 | 2018-07-03 14:56:31 +0100 | [diff] [blame] | 311 | |
| 312 | - **Architectural module** |
| 313 | |
| 314 | Provides functions that are dependent on the current execution state |
| 315 | (AArch32/AArch64), such as the functions used for TLB invalidation, setup the |
| 316 | MMU, or calculate the Physical Address Space size. They do not need a |
| 317 | translation context to work on. |
| 318 | |
Sandrine Bailleux | 15530dd | 2019-02-08 15:26:36 +0100 | [diff] [blame] | 319 | See `aarch32/xlat_tables_arch.c`_ and `aarch64/xlat_tables_arch.c`_. |
Antonio Nino Diaz | b5d6809 | 2017-05-23 11:49:22 +0100 | [diff] [blame] | 320 | |
Sandrine Bailleux | 8f23fa8 | 2017-09-28 21:58:12 +0100 | [diff] [blame] | 321 | From mmap regions to translation tables |
Antonio Nino Diaz | 2781808 | 2018-07-03 14:56:31 +0100 | [diff] [blame] | 322 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
Sandrine Bailleux | 8f23fa8 | 2017-09-28 21:58:12 +0100 | [diff] [blame] | 323 | |
Antonio Nino Diaz | 2781808 | 2018-07-03 14:56:31 +0100 | [diff] [blame] | 324 | A translation context contains a list of ``mmap_region_t``, which holds the |
| 325 | information of all the regions that are mapped at any given time. Whenever there |
| 326 | is a request to map (resp. unmap) a memory region, it is added to (resp. removed |
| 327 | from) the ``mmap_region_t`` list. |
Antonio Nino Diaz | b5d6809 | 2017-05-23 11:49:22 +0100 | [diff] [blame] | 328 | |
| 329 | The mmap regions list is a conceptual way to represent the memory layout. At |
| 330 | some point, the library has to convert this information into actual translation |
| 331 | tables to program into the MMU. |
| 332 | |
| 333 | Before the ``init_xlat_tables()`` API is called, the library only acts on the |
| 334 | mmap regions list. Adding a static or dynamic region at this point through one |
| 335 | of the ``mmap_add*()`` APIs does not affect the translation tables in any way, |
| 336 | they only get registered in the internal mmap region list. It is only when the |
| 337 | user calls the ``init_xlat_tables()`` that the translation tables are populated |
| 338 | in memory based on the list of mmap regions registered so far. This is an |
| 339 | optimization that allows creation of the initial set of translation tables in |
| 340 | one go, rather than having to edit them every time while the MMU is disabled. |
| 341 | |
| 342 | After the ``init_xlat_tables()`` API has been called, only dynamic regions can |
| 343 | be added. Changes to the translation tables (as well as the mmap regions list) |
| 344 | will take effect immediately. |
| 345 | |
Sandrine Bailleux | 8f23fa8 | 2017-09-28 21:58:12 +0100 | [diff] [blame] | 346 | The memory mapping algorithm |
Antonio Nino Diaz | 2781808 | 2018-07-03 14:56:31 +0100 | [diff] [blame] | 347 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
Sandrine Bailleux | 8f23fa8 | 2017-09-28 21:58:12 +0100 | [diff] [blame] | 348 | |
Antonio Nino Diaz | b5d6809 | 2017-05-23 11:49:22 +0100 | [diff] [blame] | 349 | The mapping function is implemented as a recursive algorithm. It is however |
Dan Handley | 610e7e1 | 2018-03-01 18:44:00 +0000 | [diff] [blame] | 350 | bound by the level of depth of the translation tables (the Armv8-A architecture |
Antonio Nino Diaz | b5d6809 | 2017-05-23 11:49:22 +0100 | [diff] [blame] | 351 | allows up to 4 lookup levels). |
| 352 | |
Sandrine Bailleux | 8f23fa8 | 2017-09-28 21:58:12 +0100 | [diff] [blame] | 353 | By default [#granularity-ref]_, the algorithm will attempt to minimize the |
| 354 | number of translation tables created to satisfy the user's request. It will |
| 355 | favour mapping a region using the biggest possible blocks, only creating a |
| 356 | sub-table if it is strictly necessary. This is to reduce the memory footprint of |
| 357 | the firmware. |
Antonio Nino Diaz | b5d6809 | 2017-05-23 11:49:22 +0100 | [diff] [blame] | 358 | |
| 359 | The most common reason for needing a sub-table is when a specific mapping |
| 360 | requires a finer granularity. Misaligned regions also require a finer |
| 361 | granularity than what the user may had originally expected, using a lot more |
| 362 | memory than expected. The reason is that all levels of translation are |
| 363 | restricted to address translations of the same granularity as the size of the |
| 364 | blocks of that level. For example, for a 4 KiB page size, a level 2 block entry |
| 365 | can only translate up to a granularity of 2 MiB. If the Physical Address is not |
| 366 | aligned to 2 MiB then additional level 3 tables are also needed. |
| 367 | |
| 368 | Note that not every translation level allows any type of descriptor. Depending |
| 369 | on the page size, levels 0 and 1 of translation may only allow table |
| 370 | descriptors. If a block entry could be able to describe a translation, but that |
| 371 | level does not allow block descriptors, a table descriptor will have to be used |
| 372 | instead, as well as additional tables at the next level. |
| 373 | |
| 374 | |Alignment Example| |
| 375 | |
| 376 | The mmap regions are sorted in a way that simplifies the code that maps |
| 377 | them. Even though this ordering is only strictly needed for overlapping static |
| 378 | regions, it must also be applied for dynamic regions to maintain a consistent |
| 379 | order of all regions at all times. As each new region is mapped, existing |
| 380 | entries in the translation tables are checked to ensure consistency. Please |
| 381 | refer to the comments in the source code of the core module for more details |
| 382 | about the sorting algorithm in use. |
| 383 | |
Sandrine Bailleux | 8f23fa8 | 2017-09-28 21:58:12 +0100 | [diff] [blame] | 384 | .. [#granularity-ref] That is, when mmap regions do not enforce their mapping |
| 385 | granularity. |
| 386 | |
| 387 | TLB maintenance operations |
Antonio Nino Diaz | 2781808 | 2018-07-03 14:56:31 +0100 | [diff] [blame] | 388 | ~~~~~~~~~~~~~~~~~~~~~~~~~~ |
Sandrine Bailleux | 8f23fa8 | 2017-09-28 21:58:12 +0100 | [diff] [blame] | 389 | |
Antonio Nino Diaz | b5d6809 | 2017-05-23 11:49:22 +0100 | [diff] [blame] | 390 | The library takes care of performing TLB maintenance operations when required. |
| 391 | For example, when the user requests removing a dynamic region, the library |
| 392 | invalidates all TLB entries associated to that region to ensure that these |
| 393 | changes are visible to subsequent execution, including speculative execution, |
| 394 | that uses the changed translation table entries. |
| 395 | |
| 396 | A counter-example is the initialization of translation tables. In this case, |
Dan Handley | 610e7e1 | 2018-03-01 18:44:00 +0000 | [diff] [blame] | 397 | explicit TLB maintenance is not required. The Armv8-A architecture guarantees |
Antonio Nino Diaz | b5d6809 | 2017-05-23 11:49:22 +0100 | [diff] [blame] | 398 | that all TLBs are disabled from reset and their contents have no effect on |
| 399 | address translation at reset [#tlb-reset-ref]_. Therefore, the TLBs invalidation |
| 400 | is deferred to the ``enable_mmu*()`` family of functions, just before the MMU is |
| 401 | turned on. |
| 402 | |
| 403 | TLB invalidation is not required when adding dynamic regions either. Dynamic |
| 404 | regions are not allowed to overlap existing memory region. Therefore, if the |
| 405 | dynamic mapping request is deemed legitimate, it automatically concerns memory |
| 406 | that was not mapped in this translation regime and the library will have |
| 407 | initialized its corresponding translation table entry to an invalid |
| 408 | descriptor. Given that the TLBs are not architecturally permitted to hold any |
| 409 | invalid translation table entry [#tlb-no-invalid-entry]_, this means that this |
| 410 | mapping cannot be cached in the TLBs. |
| 411 | |
Antonio Nino Diaz | 2781808 | 2018-07-03 14:56:31 +0100 | [diff] [blame] | 412 | .. [#tlb-reset-ref] See section D4.9 `Translation Lookaside Buffers (TLBs)`, subsection `TLB behavior at reset` in Armv8-A, rev C.a. |
| 413 | .. [#tlb-no-invalid-entry] See section D4.10.1 `General TLB maintenance requirements` in Armv8-A, rev C.a. |
Antonio Nino Diaz | b5d6809 | 2017-05-23 11:49:22 +0100 | [diff] [blame] | 414 | |
| 415 | -------------- |
| 416 | |
Dan Handley | 610e7e1 | 2018-03-01 18:44:00 +0000 | [diff] [blame] | 417 | *Copyright (c) 2017-2018, Arm Limited and Contributors. All rights reserved.* |
Antonio Nino Diaz | b5d6809 | 2017-05-23 11:49:22 +0100 | [diff] [blame] | 418 | |
Sandrine Bailleux | 15530dd | 2019-02-08 15:26:36 +0100 | [diff] [blame] | 419 | .. _lib/xlat_tables_v2: ../lib/xlat_tables_v2 |
| 420 | .. _lib/xlat_tables: ../lib/xlat_tables |
| 421 | .. _xlat_tables_v2.h: ../include/lib/xlat_tables/xlat_tables_v2.h |
| 422 | .. _xlat_tables_context.c: ../lib/xlat_tables_v2/xlat_tables_context.c |
| 423 | .. _xlat_tables_core.c: ../lib/xlat_tables_v2/xlat_tables_core.c |
| 424 | .. _xlat_tables_utils.c: ../lib/xlat_tables_v2/xlat_tables_utils.c |
| 425 | .. _aarch32/xlat_tables_arch.c: ../lib/xlat_tables_v2/aarch32/xlat_tables_arch.c |
| 426 | .. _aarch64/xlat_tables_arch.c: ../lib/xlat_tables_v2/aarch64/xlat_tables_arch.c |
Antonio Nino Diaz | b5d6809 | 2017-05-23 11:49:22 +0100 | [diff] [blame] | 427 | .. _Porting Guide: porting-guide.rst |
| 428 | .. |Alignment Example| image:: ./diagrams/xlat_align.png?raw=true |