You copied the Doc URL to your clipboard.

What happens if the attribute rules from the Arm architecture are not followed?

Information in this article applies to:

  • ARMv8-A

Problem/Question

What happens if the attribute rules from the Arm architecture are not followed?

Scenario

In the Arm Architecture Reference Manual (Arm ARM), there is description as follows:

… Arm architecture strongly recommends that the attributes that the TCR_ELx applies to the translation tables are the same as the attributes that are applied for explicit accesses to the memory that holds the translation tables.

If this rule is not followed in a System on Chip (SoC), what will happen?

Answer

If this rule is not followed in an SoC, there can be potential risks.

Imagine that a system has Cortex-A72 cores and the Cache Coherent Interconnect, CCI-500. The Translation Control Register (TCR) of the Cortex-A72 core defines a page table as non-shareable cacheable, while the memory attribute for explicit access to the page table area is defined as shareable cacheable. In this case, the TCR does not match with the attributes for explicit access to the page table. This mismatch does not follow the Arm architecture.

Sometimes, a core needs to run self-modifying code for a page table, for example, at address 0x550000. In the process of running self-modifying code, explicit memory access is used. There is a cache miss for that address. Therefore, the core first fetches the address 0x550000 from external memory, modifies the content, and stores it into the cache.

When loading address 0x55000 from external memory, the snoop filter of the CCI-500 records the address to indicate that the Cortex-A72 cache holds the content for address 0x550000. Later, when the snoop filter gets full, there must be a back-invalidation to address 0x550000. The back-invalidation instructs the Cortex-A72 core to perform the Clean and Invalidation operation. The Cortex-A72 core writes dirty data at address 0x550000 to external memory. During the process of writing that address to the external memory, there is a page table walk for 0x550000. The content for address 0x550000 is written externally, so there is a cache miss for that page table walk. Then, the page table walk for fetching this address is sent externally.

In this situation, both the write and read to address 0x550000 are in the CCI-500. The CCI-500 must perform hazard checking to make sure that address 0x550000 is written to the destination before 0x550000 is read. However, the memory type for the write is shareable, while the memory type for the read is non-shareable. If the memory attributes do not match each other, the CCI-500 does not perform the hazard checking. If the write process gets blocked in the write channel and the read arrives at the destination first, the page table gets wrong data and the program fails.

In summary, Arm cores, fabric, and systems are designed based on the Arm architecture. Arm recommends complying with the Arm architecture when designing products. Otherwise, unpredictable errors might occur.

Workaround

N/A

Example

N/A

Related Information

N/A

Was this page helpful? Yes No