Intermediate table walk caches
The Cortex-A72 processor implements dedicated caches that store intermediate levels of translation table entries as part of a table walk.
Cached entries are associated with an ASID and a VMID where applicable for Non-secure EL1 translations.
Care is required when using the reserved ASID method for context switch. See the ARM® Architecture Reference Manual ARMv8 for more information.
The following example shows how to synchronize ASID and TTBR changes using a reserved ASID.
Example 5-1 Using a reserved ASID to synchronize ASID and TTBR changes
In this example, the operating system uses a particular reserved ASID value for the synchronization of the ASID and the Translation Table Base Register. You can use this approach only when the size of the mapping for any given Virtual Address is the same in the old and new translation tables. The example uses the value of 0.
The software uses the following sequences that must be executed from memory marked as global:
Change ASID to 0 ISB Change Translation Table Base Register ISB Change ASID to new value ISB
If the code relies on only leaf translation table entries that are cached, it can incorrectly assume that entries tagged with the reserved ASID are not required to be flushed. For example:
- Global leaf entries that remain valid or must be flushed for all ASIDs when modified
- Non-global leaf entries that are not used because the reserved ASID is not set outside the context switch code.
The incorrect assumption leads to the following failure:
- The context switch code sets the ASID to the reserved value.
- Speculative fetching reads and caches the first level page table entry, using the current TTBR, and tagging the entry with the reserved ASID. This is a pointer to a second level table.
- Context switch completes.
- Processing continues, and the process with the page tables terminates. The OS frees and reallocates the page table memory.
- A later context switch sets the ASID to the reserved value
- Speculative fetching makes use of the cached first level page table entry, because it is tagged with the reserved ASID, and uses it to fetch a second level page table entry. Because the memory is reallocated and reused, the entry contains random data that can appear to be a valid, global entry. This second level page table entry is cached.
- Context switch completes, and application execution continues.
- The application references the address range covered by the cached second level page table entry. Because the entry is marked as global, a match occurs and so data is fetched from a random address.