AR# 52035


Zynq-7000 SoC, APU - Updating a translation entry to move a page mapping might erroneously cause an unexpected translation fault


Under certain conditions specific to the Cortex-A9 microarchitecture, a write operation that updates a cacheable translation table entry might cause both the old and the new translation entries to be temporarily invisible to translation table walks, thus erroneously causing a translation fault.


 Here are the requirements for this problem to occur:

  1. The processor has its Data Cache and MMU enabled.
  2. The TTB registers are set to work on Cacheable descriptors memory regions.
  3. The processor is updating an existing Cacheable translation table entry, and this write operation hits in the L1 Data Cache.
  4. A hardware translation table walk is attempted. The hardware translation table walk can be due to either an Instruction fetch, or to any other instruction execution that requires an address translation, including any load or store operation.
    This hardware translation walk must attempt to access the entry being updated in condition 2, and that access must hit in the L1 Data Cache.

In practice, the problem can occur when an OS is changing the mapping of a physical page. The OS might have an existing mapping to a physical page (the old mapping), but wants to move the mapping to a new page (the new mapping). To do this, the OS might:

  1. Write a new translation entry, without cancelling the old one. At this point the physical page is accessible using either the old mapping or the new mapping.
  2. Execute a DSB instruction followed by an ISB instruction pair, to ensure that the new translation entry is fully visible.
  3. Remove the old entry.

However, because of this issue, neither of the new or old mappings may be visible after the new entry is written, causing a Translation fault.

Minor. This issue causes a translation fault. There is a work-around for the issue.
Perform a clean and invalidate operation, refer to Workaround Details.
Configurations Affected:
Systems that use the CPUs.
Device Revision(s) Affected:All. No plan to fix. Refer to (Xilinx Answer 47916) - Zynq-7000 SoC Silicon Revision Differences Answer Record.

Work-around Details:

The recommended workaround is to perform a clean and invalidate operation on the cache line that contains the translation entry before updating the entry, to ensure that the write operation misses in the Data Cache. 

This workaround prevents the micro-architectural conditions required for the issue from happening. Interrupts must be temporarily disabled so that no interrupt can be taken between the maintenance operation and the translation entry update.

This avoids the possibility of the interrupt service routine bringing the cache line back in the cache.

Another possible workaround is to place the translation table entries in Non-Cacheable memory areas, but this workaround is likely to have a noticeable performance penalty.

Note that inserting a DSB instruction immediately after writing the new translation table entry significantly reduces the probability of hitting the erratum, but is not a complete workaround.

Revision History
March 2013 new.

Linked Answer Records

Master Answer Records

Answer Number Answer Title Version Found Version Resolved
47916 Zynq-7000 AP SoC Devices - Silicon Revision Differences N/A N/A
AR# 52035
Date 05/25/2018
Status Active
Type Design Advisory
People Also Viewed