ARM Paging: Difference between revisions
Jump to navigation
Jump to search
| [unchecked revision] | [unchecked revision] |
Content added Content deleted
(Created ARM paging page) |
(Described more paging registers) |
||
| Line 1: | Line 1: | ||
{{In Progress}} |
{{In Progress}} |
||
== Introduction == |
|||
ARM CPUs are used in smaller applications than x86 CPUs, although the line is blurring. Due to the number of different ARM architectures, details of which can differ significantly, this page is aimed at ARMv7-A and ARMv8. ARMv7-M does not have the same concept of virtual memory - it does not have an MMU. The author understands that paging on ARMv5 and ARMv6 is similar to ARMv7, but ARMv4 is somewhat different. |
ARM CPUs are used in smaller applications than x86 CPUs, although the line is blurring. Due to the number of different ARM architectures, details of which can differ significantly, this page is aimed at ARMv7-A and ARMv8. ARMv7-M does not have the same concept of virtual memory - it does not have an MMU. The author understands that paging on ARMv5 and ARMv6 is similar to ARMv7, but ARMv4 is somewhat different. |
||
== ARMv7-A == |
|||
ARMv7-A supports two different paging modes. These are the short descriptor format and long descriptor format described in B3.5 and B3.6 respectively of the ARMv7 reference manual. |
ARMv7-A supports two different paging modes. These are the short descriptor format and long descriptor format described in B3.5 and B3.6 respectively of the ARMv7 reference manual. |
||
The long descriptor format is an ARM equivalent of the X86 [[PAE]] system. However, even the short descriptor format allows access to a 1TB physical address space, but only with a 16MB granularity. As is described in the ARM: |
The long descriptor format is an ARM equivalent of the X86 [[PAE]] system. However, even the short descriptor format allows access to a 1TB physical address space, but only with a 16MB granularity. As is described in the ARM: |
||
=== Overview === |
|||
==== Short Format ==== |
==== Short Format ==== |
||
* Up to two levels of address lookup |
* Up to two levels of address lookup |
||
| Line 24: | Line 25: | ||
Note that the Large Physicsl Address Extension is an optional feature. Furthermore, if an implementation supports LPAE, it also supports the ARM multiprocessing extensions. |
Note that the Large Physicsl Address Extension is an optional feature. Furthermore, if an implementation supports LPAE, it also supports the ARM multiprocessing extensions. |
||
The paging mode is controlled with the TTBCR (Translation Table Base Control Register). |
The paging mode is controlled with the TTBCR (Translation Table Base Control Register). |
||
=== Control Registers === |
|||
==== TTBCR ==== |
|||
{| class="wikitable" |
{| class="wikitable" |
||
|- |
|- |
||
| Line 114: | Line 117: | ||
* T1SZ - The size of the memory region addressed by TTBR1. 2^(32-T1SZ) is the size. |
* T1SZ - The size of the memory region addressed by TTBR1. 2^(32-T1SZ) is the size. |
||
* SH0 - like SH1, but for TTBR0. |
* SH0 - like SH1, but for TTBR0. |
||
* ORGN0 |
* ORGN0 - "" |
||
* IRGN0 |
* IRGN0 - "" |
||
* EPD0 |
* EPD0 - "" |
||
'''The following fields only apply when EAE is 0''' |
'''The following fields only apply when EAE is 0''' |
||
* PD1 - like EPD1. |
* PD1 - like EPD1. |
||
| Line 123: | Line 126: | ||
* T0SZ - like T1SZ. If EAE=0, this is field N. |
* T0SZ - like T1SZ. If EAE=0, this is field N. |
||
* N - Indicated the width of the base address in TTBR0. The base address is bits [31:14-N]. If N=0, the format is compatible with ARMv5 and ARMv6. This field also determines whether TTBR0 or TTBR1 is used for the page walk. |
* N - Indicated the width of the base address in TTBR0. The base address is bits [31:14-N]. If N=0, the format is compatible with ARMv5 and ARMv6. This field also determines whether TTBR0 or TTBR1 is used for the page walk. |
||
===== Accessing the TTBCR ===== |
|||
To access TTBCR, software reads or writes the CP15 registers with <opc1> set to 0, <CRn> set to c2, <CRm> set to c0, |
|||
and <opc2> set to 2. For example: |
|||
<source lang="asm"> |
|||
MRC p15, 0, <Rt>, c2, c0, 2 ; Read TTBCR into Rt |
|||
MCR p15, 0, <Rt>, c2, c0, 2 ; Write RT to TTBCR |
|||
</source> |
|||
(ARMv7-A ARM, Section B4.1, page 1728)<br /> |
|||
Here RT denotes a register of your choice. |
|||
==== TTBR0 ==== |
|||
===== EAE=0 ===== |
|||
{| class="wikitable" |
|||
|- |
|||
! 31-x |
|||
!(x-1)-7 |
|||
! 6 |
|||
! 5 |
|||
! 4-3 |
|||
! 2 |
|||
! 1 |
|||
! 0 |
|||
|- |
|||
| TTB0A |
|||
| SBZP |
|||
| IRGN[0] |
|||
| NOS |
|||
| RGN |
|||
| IMP |
|||
| S |
|||
| C/IRGN[1] |
|||
|} |
|||
*TTB0A - Bits [31:x] of the TTB0 table base address. Must be 2^x aligned, as determined in the TTBCR. |
|||
* IRGN[0] - SBZP if Multiprocessor extensions are not present. Otherwise, bit zero of IRGN |
|||
* NOS - Not Outer Shareable. If 1, region is only inner shareable. Ignored when TTBR0.S == 0, SBZP if no distinction between outer or inner shareable. |
|||
* RGN - region bits. Outer cacheability attributes, see TTBCR.ORGN0. |
|||
* IMP - Implementation Defined |
|||
* S - Shareable. 0 - non-shareable, 1 - shareable. |
|||
* C - Cacheable. 0 - inner non-cacheable, 1 - inner cacheable. If Multiprocessor extensions are present, this is bit 1 of IRGN |
|||
* IRGN - inner region attributes. See TTBCR.IRGN0 |
|||
===== EAE = 1 ===== |
|||
{| class="wikitable" |
|||
|- |
|||
! 63-56 |
|||
! 55-48 |
|||
! 47-40 |
|||
! 39-x |
|||
! (x-1)-0 |
|||
|- |
|||
| SBZP |
|||
| ASID |
|||
| SBZP |
|||
| BADDR |
|||
| SBZP |
|||
|} |
|||
* ASID - Address Space Identifier |
|||
* BADDR - Bits [39:x] of base address of table. Must be 2^x aligned. |
|||
==== TTBR1 ==== |
|||
See [[#TTBR0]], except x is fixed to 14 when EAE=0. |
|||
==== Accessing the TTBRx register ==== |
|||
To access TTBR0 in an implementation that does not include the Large Physical Address Extension, or bits[31:0] |
|||
of TTBR0 in an implementation that includes the Large Physical Address Extension, software reads or writes the |
|||
CP15 registers with <opc1> set to 0, <CRn> set to c2, <CRm> set to c0, and <opc2> set to 0. For example: |
|||
<source lang="asm"> |
|||
MRC p15, 0, <Rt>, c2, c0, 0 ; Read 32-bit TTBR0 into Rt |
|||
MCR p15, 0, <Rt>, c2, c0, 0 ; Write Rt to 32-bit TTBR0 |
|||
</source> |
|||
In an implementation that includes the Large Physical Address Extension, to access all 64 bits of TTBR0, software |
|||
performs a 64-bit read or write of the CP15 registers with <CRm> set to c2 and <opc1> set to 0. For example: |
|||
<source lang = "asm"> |
|||
MRRC p15, 0, <Rt>, <Rt2>, c2 ; Read 64-bit TTBR0 into Rt (low word) and Rt2 (high word) |
|||
MCRR p15, 0, <Rt>, <Rt2>, c2 ; Write Rt (low word) and Rt2 (high word) to 64-bit TTBR0 |
|||
</source> |
|||
In these MRRC and MCRR instructions, Rt holds the least-significant word of TTBR0, and Rt2 holds the most-significant |
|||
word. |
|||
To access TTBR1 in an implementation that does not include the Large Physical Address Extension, or bits[31:0] |
|||
of TTBR1 in an implementation that includes the Large Physical Address Extension, software reads or writes the |
|||
CP15 registers with <opc1> set to 0, <CRn> set to c2, <CRm> set to c0, and <opc2> set to 1. For example: |
|||
<source lang="asm"> |
|||
MRC p15, 0, <Rt>, c2, c0, 1 ; Read 32-bit TTBR1 into Rt |
|||
MCR p15, 0, <Rt>, c2, c0, 1 ; Write Rt to 32-bit TTBR1 |
|||
</source> |
|||
In an implementation that includes the Large Physical Address Extension, to access all 64 bits of TTBR1, software |
|||
performs a 64-bit read or write of the CP15 registers with <CRm> set to c2 and <opc1> set to 1. For example: |
|||
<source lang="asm"> |
|||
MRRC p15, 1, <Rt>, <Rt2>, c2 ; Read 64-bit TTBR1 into Rt (low word) and Rt2 (high word) |
|||
MCRR p15, 1, <Rt>, <Rt2>, c2 ; Write Rt (low word) and Rt2 (high word) to 64-bit TTBR1 |
|||
</source> |
|||
In these MRRC and MCRR instructions, Rt holds the least-significant word of TTBR1, and Rt2 holds the most-significant |
|||
word. |
|||
== External References == |
|||
[http://www.embedded-bits.co.uk/2011/mmucode/ Turning on an ARM MMU] |
[http://www.embedded-bits.co.uk/2011/mmucode/ Turning on an ARM MMU] |
||
[[Category:ARM]] |
[[Category:ARM]] |
||
[[Category:Memory Management]] |
|||
Revision as of 14:04, 30 November 2017
This page is a work in progress.
This page may thus be incomplete. Its content may be changed in the near future.
Introduction
ARM CPUs are used in smaller applications than x86 CPUs, although the line is blurring. Due to the number of different ARM architectures, details of which can differ significantly, this page is aimed at ARMv7-A and ARMv8. ARMv7-M does not have the same concept of virtual memory - it does not have an MMU. The author understands that paging on ARMv5 and ARMv6 is similar to ARMv7, but ARMv4 is somewhat different.
ARMv7-A
ARMv7-A supports two different paging modes. These are the short descriptor format and long descriptor format described in B3.5 and B3.6 respectively of the ARMv7 reference manual. The long descriptor format is an ARM equivalent of the X86 PAE system. However, even the short descriptor format allows access to a 1TB physical address space, but only with a 16MB granularity. As is described in the ARM:
Overview
Short Format
- Up to two levels of address lookup
- 32 bit input addresses
- Output addresses up to 40 bits
- Supports >32 bit Physical Addresses with supersections
- Support for No access, Client and Manager domains
- 32 bit table entries
Long Format
- Up to three levels of address lookup
- Input addresses of up to 40 bits, when used for stage 2 translations
- Output addresses of up to 40 bits
- 4KB assignment granularity across the entire PA range
- No support for domains, all memory regions are treated as in a Client domain
- 64-bit table entries
- Fixed 4KB table size, unless truncated by the size of the input address space
Note that the Large Physicsl Address Extension is an optional feature. Furthermore, if an implementation supports LPAE, it also supports the ARM multiprocessing extensions. The paging mode is controlled with the TTBCR (Translation Table Base Control Register).
Control Registers
TTBCR
| 31 | 30 | 29-28 | 27-26 | 25-24 | 23 | 22 | 21-19 | 18-16 | 15-14 | 13-12 | 11-10 | 9-8 | 7 | 6 | 5 | 4 | 3 | 2-0 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| EAE | IDF | SH1 | ORGN1 | IRGN1 | EPD1 | A1 | SBZP | T1SZ | SBZP | SH0 | ORGN0 | IRGN0 | EPD0 | SBZP | PD1 | PD0 | SBZP | T0SZ |
- EAE - Extended Address Enable. SBZP if LPAE is not supported
Following fields are SBZP if EAE=0
- IDF - Implementation Defined
- SH1 - Shareability attribute for memory associated with translation table walks using TTBR1.
| 00 | 01 | 10 | 11 |
|---|---|---|---|
| non-shareable | unpredictable | outer shareable | inner shareable |
- ORGN1 - Outer cacheability using TTBR1
| 00 | 01 | 10 | 11 |
|---|---|---|---|
| outer non-cacheable | outer write-back write-allocate cacheable | outer write-through cacheable | outer write-back no write-allocate cacheable |
- IRGN1 - Inner cacheablility using TTBR1
| 00 | 01 | 10 | 11 |
|---|---|---|---|
| inner non-cacheable | inner write-back write-allocate cacheable | inner write-through cacheable | inner write-back no write-allocate cacheable |
- EPD1 - Disable Page walks with TTBR1. If 0, table walks are performed. Otherwise, a translation fault is generated.
- A1 - defines whether TTBR0 or TTBR1 defines the ASID, for 0 and 1 respectively. The ASID is the Address Space Identifier.
- SBZP - Should Be Zero or Preserved. This is more commonly called RES0.
- T1SZ - The size of the memory region addressed by TTBR1. 2^(32-T1SZ) is the size.
- SH0 - like SH1, but for TTBR0.
- ORGN0 - ""
- IRGN0 - ""
- EPD0 - ""
The following fields only apply when EAE is 0
- PD1 - like EPD1.
- PD0 - like EPD0.
This field can take different meanings
- T0SZ - like T1SZ. If EAE=0, this is field N.
- N - Indicated the width of the base address in TTBR0. The base address is bits [31:14-N]. If N=0, the format is compatible with ARMv5 and ARMv6. This field also determines whether TTBR0 or TTBR1 is used for the page walk.
Accessing the TTBCR
To access TTBCR, software reads or writes the CP15 registers with <opc1> set to 0, <CRn> set to c2, <CRm> set to c0, and <opc2> set to 2. For example:
MRC p15, 0, <Rt>, c2, c0, 2 ; Read TTBCR into Rt
MCR p15, 0, <Rt>, c2, c0, 2 ; Write RT to TTBCR
(ARMv7-A ARM, Section B4.1, page 1728)
Here RT denotes a register of your choice.
TTBR0
EAE=0
| 31-x | (x-1)-7 | 6 | 5 | 4-3 | 2 | 1 | 0 |
|---|---|---|---|---|---|---|---|
| TTB0A | SBZP | IRGN[0] | NOS | RGN | IMP | S | C/IRGN[1] |
- TTB0A - Bits [31:x] of the TTB0 table base address. Must be 2^x aligned, as determined in the TTBCR.
- IRGN[0] - SBZP if Multiprocessor extensions are not present. Otherwise, bit zero of IRGN
- NOS - Not Outer Shareable. If 1, region is only inner shareable. Ignored when TTBR0.S == 0, SBZP if no distinction between outer or inner shareable.
- RGN - region bits. Outer cacheability attributes, see TTBCR.ORGN0.
- IMP - Implementation Defined
- S - Shareable. 0 - non-shareable, 1 - shareable.
- C - Cacheable. 0 - inner non-cacheable, 1 - inner cacheable. If Multiprocessor extensions are present, this is bit 1 of IRGN
- IRGN - inner region attributes. See TTBCR.IRGN0
EAE = 1
| 63-56 | 55-48 | 47-40 | 39-x | (x-1)-0 |
|---|---|---|---|---|
| SBZP | ASID | SBZP | BADDR | SBZP |
- ASID - Address Space Identifier
- BADDR - Bits [39:x] of base address of table. Must be 2^x aligned.
TTBR1
See #TTBR0, except x is fixed to 14 when EAE=0.
Accessing the TTBRx register
To access TTBR0 in an implementation that does not include the Large Physical Address Extension, or bits[31:0] of TTBR0 in an implementation that includes the Large Physical Address Extension, software reads or writes the CP15 registers with <opc1> set to 0, <CRn> set to c2, <CRm> set to c0, and <opc2> set to 0. For example:
MRC p15, 0, <Rt>, c2, c0, 0 ; Read 32-bit TTBR0 into Rt
MCR p15, 0, <Rt>, c2, c0, 0 ; Write Rt to 32-bit TTBR0
In an implementation that includes the Large Physical Address Extension, to access all 64 bits of TTBR0, software performs a 64-bit read or write of the CP15 registers with <CRm> set to c2 and <opc1> set to 0. For example:
MRRC p15, 0, <Rt>, <Rt2>, c2 ; Read 64-bit TTBR0 into Rt (low word) and Rt2 (high word)
MCRR p15, 0, <Rt>, <Rt2>, c2 ; Write Rt (low word) and Rt2 (high word) to 64-bit TTBR0
In these MRRC and MCRR instructions, Rt holds the least-significant word of TTBR0, and Rt2 holds the most-significant word.
To access TTBR1 in an implementation that does not include the Large Physical Address Extension, or bits[31:0] of TTBR1 in an implementation that includes the Large Physical Address Extension, software reads or writes the CP15 registers with <opc1> set to 0, <CRn> set to c2, <CRm> set to c0, and <opc2> set to 1. For example:
MRC p15, 0, <Rt>, c2, c0, 1 ; Read 32-bit TTBR1 into Rt
MCR p15, 0, <Rt>, c2, c0, 1 ; Write Rt to 32-bit TTBR1
In an implementation that includes the Large Physical Address Extension, to access all 64 bits of TTBR1, software performs a 64-bit read or write of the CP15 registers with <CRm> set to c2 and <opc1> set to 1. For example:
MRRC p15, 1, <Rt>, <Rt2>, c2 ; Read 64-bit TTBR1 into Rt (low word) and Rt2 (high word)
MCRR p15, 1, <Rt>, <Rt2>, c2 ; Write Rt (low word) and Rt2 (high word) to 64-bit TTBR1
In these MRRC and MCRR instructions, Rt holds the least-significant word of TTBR1, and Rt2 holds the most-significant word.