On 16 January 2015 at 18:36, Peter Maydell <peter.mayd...@linaro.org> wrote: > On 21 October 2014 at 17:55, Greg Bellows <greg.bell...@linaro.org> wrote: >> -#define NB_MMU_MODES 2 >> +#define NB_MMU_MODES 4 > > So this turns out not to quite be what we want. > A QEMU MMU mode index basically defines a (vaddr -> paddr,permissions) > mapping. This is similar to the ARM ARM concept of a "translation > regime", with the differences that: > * the ARM ARM translation regimes may have split permissions, > for user and privileged code, so we need two mmu_idx values > for a translation regime that applies to both EL0 and EL1 > * stage 1 and stage 2 translations for a VA->IPA->PA lookup > for an EL1/EL0 hypervisor guest are two different translation > regimes, but for QEMU we can just cache the whole VA->PA > and use a single mmu_idx. [We only need to separately do > VA->IPA and IPA->VA for the "do this address translation" > system instructions, which don't need to touch the TLB; > a combined stage1+stage2 TLB is permitted by the architecture.] > > The translation regimes are: > > If EL3 is 64-bit: > * Secure EL3 > * Secure EL1 & EL0 > * NonSecure EL2 > * NonSecure EL1 & 0 stage 1 > * NonSecure EL1 & 0 stage 2 > If EL3 is 32-bit: > * Secure PL0 & PL1 > * NonSecure PL2 > * NonSecure PL1 & 0 stage 1 > * NonSecure PL1 & 0 stage 2 > (reminder: for 32 bit EL3, Secure PL1 is *EL3*, not EL1.) > > which we can give the following mmu indexes: > > 64 bit EL3: > 0 : NS EL0 stage 1+2 > 1 : NS EL1 stage 1+2 > 2 : NS EL2 > 3 : S EL3 > 4 : S EL0 > 5 : S EL1 > > 32 bit EL3: > 0 : NS EL0 (aka NS PL0) stage 1+2 > 1 : NS EL1 (aka NS PL1) stage 1+2 > 2 : NS EL2 (aka NS PL2) > 3 : S EL3 (aka S PL1) > 4 : S EL0 (aka S PL0) > > Notice how they end up being the same, except that with a > 64 bit EL3 we need an extra mmu index that 32 bit doesn't have. > They aren't simply "what is our current EL?", though as you > can see I've put them in an order that comes close. > > So the right answer for NB_MMU_MODES is 6 :-)
...except we would also kind of like to be able to cache NS stage 2 lookups, because otherwise every access we make to a stage 1 page table word (accessed by IPA) is going to require a full stage 2 page table walk. That would mean 7 MMU modes. Richard: do you have a feel for how expensive it is to have lots and lots of mmu modes? I might be able to merge "S EL1" with "NS EL1 stage 1+2" and ditto "S EL0" with "NS EL0 stage1 + 2" but we'd need to do more TLB flushing and it's not clear to me currently exactly where the extra flushes would have to go... -- PMM