MPU/MMU in ARM structure

JW Chen

Agenda
MPU Overview MMU Overview Detail of the ARM MMU Memory Configuration of Hermon

MPU overview

Background
Some Embedded systems use a multitasking operating or control system and must ensure that a running task does not disrupt the operation of other tasks. There are two methods to control access to system resource, unprotected and protected. A protected system relies on both hardware and software to protect the system resources. ARM provides several processors equipped with hardware that actively protects system resources, either through Memory Protection Unit(MPU) or a Memory Management Unit(MMU)

Protected Region
ARM MPU use regions as the primary construct for system protection. A region is a set of attributes associated with a area of memory The Rules for regions
Regions can overlap other regions Regions are assigned a priority number that is independent of the privilege assigned to the region When regions overlap, the attributes of the region with the highest priority number take precedence over the other regions. The priority only applies over the address within the areas that overlap. A regions starting address must be a multiple of its size. A regions size can be any power of two between 4KB and 4GB Accessing an area of main memory outside of a defined region results in an abort.The MPU generate a prefetch abort if the core was fetching an instruction or a data abort if the memory request was for data.

Background regions
Background regions : A low-priority region used to assign the same attributes to a large memory area Region 0 Region 0 Region 0 Task 3 shield several dormant memory areas Can Task 3 Task 3 Region from unwanted access while another part of the background region is active under2 a Task 2 Region 3 Task 2 Task different regions control
Task 1 Region 3 Task 1 Task 1

Initialize the MPU, caches and Write buffer

At least one data region and one instruction region need to be defined Steps are as follow:
1. Define the size and location of the instruction and data region using CP15:c6 2. Set the access permission for each region using CP25:c5 3. Set the cache and write buffer attributes for each region using CP15:c2 for cache and CP15:c3 for the write buffer 4. Enable the caches and the MPU using CP15:c1

MMU Overview

overview
The primary difference from MPU is the addition of hardware to support virtual memory In an MMU, tasks can run even if they are compiled and linked to run in regions with overlapping addresses in main memory. To permit tasks to have their own virtual memory map, the MMU hardware performs address relocation The area of virtual memory is called page, and the area of physical memory to by the translation process is called page frame

Address relocation

Translation Lookaside Buffer

The set of relocation registers that temporarily store the translations in an ARM MMU are really a fully associate cache of 64 relocation register. This cache is called Translation Lookaside Buffer(TLB) MMU uses pages tables in main memory to store the data describing the virtual memory maps used in the system. A Page table entry(PTE) in a page table contains: physical base address, access permission, cache and write buffer config to the page.

TLB

Define regions using pages

In MMU, regions are defined as groups of page tables and are controlled completely in software as sequential pages in virtual memory. The location and size of a region can be held in a software data structure while the actual translation data and attribute information is held in the page tables The page tables for a region will always be derived from sequential page table entries in the master L1 page table. The location of the L2 pages tables in physical memory dont need to be located sequentailly.

Stack Region3 Data Region2

Text Region1

Multitasking and the MMU

To switch between tasks the following steps are required:
Save the active task context and place the task in a dormant state Flush the caches; possibly clean the D-cache if using a writeback policy Flush the TLB to remove translations for the retiring task Configure the MMU to use new page tables translating the virtual memory execution Restore the context of the awakening task Resume execution of the restored task

Only running task has an active set of page tables To reduce the time which it takes to perform a context switch, a writethrough cache policy can be used (in the ARM9 family).

Virtual memory from a user task context

Detail of the ARM MMU

Page tables
There is a single level 1 master page table (also known as section page table )contains two types of page table entry(PTE) Master L1 page table divides the 4GB address space into 1MB sections, hence L1 page table contain 4096 page table entries If the L1 table is acting as a directory, the PTE contains a pointer to either an L2 coarse or L2 fine page table that represent 1MB of virtual memory If the L1 master table is translating a 1MB section, then the PTE contains the base address of the 1MB page frame in physical memory A coarse L2 page table has 256 entries consuming 1KB of main memory A coarse page table support a 4KB or 64KB pages If the coarse table translates a 64KB page, an identical PTE must be repeated in the page table 16 times for each 64KB page A fine L2 page table has 1024 entries consuming 4KB of main memory A fine page table support a 1KB, 4KB or 64KB pages If the fine table translates a 4KB page,the same PTE must be repeated 4 times If the fine table translates a 64KB page,the same PTE must be repeated 64 times

Page table used by the MMU

Name Type Memory consumed by page table(KB) 16 4 1 Page sizes supported(KB) 1024 1,4 or 64 4 or 64 Number of page table entries 4096 1024 256

Master/section Fine Coarse

Level 1 Level 2 Level 2

Level 1 Page table entries format

Point to a 1MB section of memory

Point to the base address of a level 2 coarse page table

Point to the base address of a level 2 fine page table

Generate a memory page fault

Level 2 Page table entries format

define the attributes for a 64 KB page frame

define the attributes for a 4 KB page frame

define the attributes for a 1 KB page frame

Generate a page fault abort exception when accessed

Translation Lookaside Buffer(TLB)

Support two types of commands: flush the TLB or lock translation in TLB During a memory access, the MMU compares a portion of the virtual address to all the values cached in the TLB If the TLB doesnt contain a valid translation, it is a TLB miss The MMU automatically handles TLB misses in HW by searching the page tables in main memory for valid translations and loading them into one of the 64 lines in the TLB. The search for valid translation in the page tables is known as a page table walk.

Single-step Page table walk

Two-Step Page Table walk

Domain and Memory Access Permission

Domains control basic access to virtual memory by isolating one area of memory from another when sharing a common virtual map There are 16 different domains that can be assigned to 1MB sections of virtual memory and are assigned to a section by setting the domain bit field in the master L1 PTE
Format of the domain access control register CP15:c3

Fast Context Switch Extension(FCSE)

Enable multiple independent tasks to run in a fixed overlapping area of memory without the need to clean or flush the cache, or flush the TLB during a context switch. Key feature: elimination of the need to flush the cache and TLB FCSE uses a special relocation register that contains a value known as the process ID The address in the virtual memory before first translationVirtual Address(VA) The address after first translation Modified Virtual Address(MVA) When using FCSE, all MVAs are active Each task must execute in the fixed virtual address range from 0x00000000 to 0x1FFFFFFF and must located in a different 32MB area of MVM The system shares all memory address above 0x2000000 and use domain to protect tasks from each other Relocation formula : MVA = VA + (0x2000000*process ID)

Steps to perform a context switch when using FCSE

1.Save the active task context and place the task in a dormant state 2.Write the awakening tasks process ID to CP15:c13:c0 3.set the current tasks domain to no access, and the awakening tasks domain to client access, by writing to CP15:c3:c0(as below) 4.Restore the context of the awakening tasks 5.Resume execution of the restored task

Hints for using the FCSE

A task has a fixed 32MB maximum limit on size The memory manager must use fixed 32MB partitions with a fixed starting address that is multiple of 32MB Unless you want to manage an exception vector table for each task, place the exception vector table at virtual address 0xffff0000, using the V bit in CP15 register 1 Must define and use an active domain control system The core fetches the two instructions following a change in process ID from the previous process space, if execution is taking place in the first 32MB block. If you use domains to control task access, the running task also appears as an alias at VA+(0x2000000*process ID) in virtual memory If you use domains to protect tasks from each other, you are limited to a maximum of 16 concurrent tasks, unless you are willing to modify the domain fields in the level 1 page table and flush the TLB on a context switch

Memory Configuration of Hermon

Internal Memory of Xscale Processor

Flash memory
4MB flash, 64 blocks of 64KB each 512KB partition

Internal Memory of Xscale Processor

SRAM
384KB internal SRAM 6 banks of 64KB

Memory map in Hermon

Ref. to RS-Hermon B0 Digital Baseband Processor Internal Architecture Specification CH17.1 System Memory Map