On Thu, 2 Jul 2020 at 01:49, Raghu K raghu.ncstate@icloud.com wrote:
This is interesting. It appears that there is no way on entry to EL3 to guarantee that the out-of-context(el2 and el1) translation regimes are in a consistent state and on every entry into EL3, we have to conservatively assume that it is in an inconsistent state. This is because of the situation Andrew mentioned(interrupts to EL3 can occur at any time).
If this is the case, on EL3 entry:
- For EL1, we will need to save SCTLR_EL1, set SCTLR_EL1.M = 1,.EPDx = 0
TCR_EL1.EPDx have to be set to *1* (you want to *disable* PTWs).
- Set whatever bits we need to for EL2 and S2 translations to not
succeed(What are these?)
Why would you *ever* touch these?
A S2 translation doesn't happen independently of a S1 translation. It is always the continuation of a S1 translation (and a disabled S1 MMU counts as a translation). There is no AT S2 instruction either, so EL3 has no purpose touching HCR_EL2 at all.
As for disabling EL2 S1 translation, what purpose does it serve? Affected cores do not have a secure EL2, so there is no reason for EL3 to touch SCTLR_EL2 either. Things would be different if you had S-EL2 and had to context-switch it.
- DSB, to ensure no speculative AT can be issued until completion of
DSB, so any AT that occurs will not fill the TLB with bad translations.
I really don't get what you're aiming at with this DSB, as I don't think AT is at all influenced by a DSB, at least not from an architectural perspective.
On exit(right before ERET), we need to restore the registers saved on entry, and have the ERET followed by a DSB so that there can be no speculative execution of AT instructions.
Again, I don't understand this DSB.
M.