AnsweredAssumed Answered

Linux in non-secure world, Missing prefetch aborts and page faults

Question asked by Harald Walter on Nov 13, 2015
Latest reply on Jun 29, 2018 by Ailton Lopes
Branched to a new discussion

Dear all,

 

I am running a Linux in the non-secure world with TrustZone enabled.

Let me first state out that this is already running on a i.MX6 Quad processor, however on the Dual Lite I have an issue during

kernel startup.

 

The startup fails after kernel was initialized properly and the kernel tries to jump to the

user-space the first time (init process, see function ret_to_user).

The address where the kernel wants to jump to is valid. I compared it with the memory areas of the process (via the mm pointer of

the process descriptor). After a scan of the MMU page table I can see that the memory is not mapped yet. In the reference system

on i.MX6 Quad I see that a prefetch aborts comes up that calls the page fault handler. After the page fault handler, the memory

area is mapped and ret_to_user is called again. This time no exception occurs when the kernel tries to jump to

the address of the init process and init takes place.

However in the i.MX6 DL the prefetch exception and the page fault handler are never called. If ret_to_user is called the second time it

hangs in the work_pending subroutine.

 

I can see that the do_page_fault handler is called during kernel startup several times, but out of the data abort exception. So it seems

to me that it works for data that is accessed but not for instructions.

 

If I disable the TrustZone by means of running everything in secure world the issue is gone.

In summary it seems to me that this issue is related to TrustZone AND DualLite but not Quad processors.

 

Now let me describe our system:

- We run a 3.14.51 Linux kernel

- The linux kernel runs on the second core, on the first core another operating system is running asynchronously (AMP).

- The boot manager is self-written. Within the boot manager the core where Linux runs is set to non-secure. The NSACR, and Secure Config

  Register is set like in a U-Boot. After this, the GIC is set to non secure and the switch to normal world takes place. Then the GIC

  distributor is enabled in the non-secure world. Interrupts are working in general.

- The boot manager takes also care about a lot of different ARM erratas regarding the L2 cache. Especially writes to the diagnostic

  control register cannot be done by the non-secure world anymore. Therefore it is done by the bootmanager before the switch to non-secure

  takes place.

Outcomes