Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Chapter 15 Translation procedure

The following flowcharts are an illustration of the sequence of events from the beginning of a translation to its final outcome. They represent an abstracted translation flow to summarize the information in the rest of this specification.

The purpose is to indicate the end result of different types of transactions, in terms of transaction and translation success or error responses (including PCIe ATS errors and completion responses). Certain aspects are not intended to be depicted in detail, including but not limited to:

  • Atomic translation table update mechanism.

  • TLB conflict, configuration cache conflict (which might happen at an IMPLEMENTATION DEFINED point in the translation).

  • Speculative operations (which do not record errors or faults).

  • Attribute control.

  • Reporting of the events controlled by the SMMU_CR2.REC_CFG_ATS field.

15.1 Translation procedure charts

Outcome for ATS Translated  transac�on Terminate, abort Terminate, abort Terminate, abort Pass transac�on Terminate, abort
Request Deny, UR Deny, UR Deny, CA
Outcome for ATS Transla�on
Outcome for Terminate, abort Terminate, abort Pass transac�on Terminate, abort Terminate, abort Terminate, abort
Ordinary transac�on
To GPC
Y
Is GPC  enabled? N
N To GPC
Y
Y
space is Non-secure
(SEC_SID=10 || SEC_SID=1  && SIF=1) && InD=1 && PA  N
Is GPC  enabled?
NOTE:  F_UUT has IMPDEF priority and could be checked/ recorded later on – this placement is an example. Input address size is out of range (outside of OAS). GBPA a�ributes.
Apply
, or GPF.
0
Y
types of incoming transac�on StreamID. A�ributes if supported.
Shorthand, OT/TR/TT, for different  1 Invalid on bypass. Secure StreamID.
Addr  > OAS? N GBPA. Abort TR:  F_BAD_ATS_TREQ TT:  F_TRANSL_FORBIDDEN TT:  F_TRANSL_FORBIDDEN TR: F_BAD_ATS_TREQ
ATS Translated not allowed on Secure  Unpack/apply  ATS Transla�on Request not allowed on  Bad StreamID.
Y 1 0 1 If OT:  C_BAD_STREAMID
If OT:  F_STE_FETCH, or F_CFG_CONFLICT
transac�on TT=TRUE Unsupported upstream transac�on, F_UUT OT? N 0 EABT on STE fetch, cache lookup failure
SEC_SID ATSCHK SEC_SID
Incoming ATS Translated
Y Y 1 Y 0 N N
0
N 1 TT? N TR? N Y Y A
Incoming ATS  TR=TRUE Unsupported  transac�on? SMMUEN SID range OK? STE Fetch OK?
Transla�on Request
transac�on OT=TRUE
Incoming ordinary
SMMU Bypass Fetch &  check STE

Figure 15.1: Translation Procedure Chart 1

Figure 15.1

Outcome for ATS Translated  transac�on Terminate, abort Terminate, abort Terminate, abort Terminate, abort Pass transac�on Terminate, abort
CA UR UR UR
Request Deny,  Deny,  Deny,  Deny,
Outcome for ATS Transla�on
Outcome for Terminate, abort Terminate, abort Terminate, abort Pass transac�on Terminate, abort Terminate, abort N
Ordinary transac�on
Y
Is GPC  enabled? To GPC
To GPC F_TRANSL_FORBIDDEN
F_PERMISSION Y 01
Y
N
N
Is GPC  enabled? Y BAD_ATS_TREQF_ DPT check  OK? 11 PRIVCFG, NSCFG}
Effec�ve STE.EATS=00 if STE.Config=100 Perform STE.{INSTCFG,  overrides as applicable.
N This is the only error recorded for ATS TRs. F_TRANSL_FORBIDDEN
((SEC_SID=01 && SIF=1) ||  SEC_SID=10) && InD=1 && PA space is Non-secure 01 (Full ATS enabled)
00 (ATS disabled)
11 (Full ATS with DPT checks)
C_BAD_SUBSTREAMID
value used
STE.EATS
OT:  Stage 1 F_ADDR_SIZE
or TR:  Illegal on bypass, F_BAD_ATS_TREQ TT: Illegal on bypass, F_TRANSL_FORBIDDEN Effec�ve value of STE.EATS=00 if Reserved  Check for EATS=10 behaving as 00 if ATSCHK=0. plit-stage ATS)10 (S
OT: No Stage 1 for substream,
OT: Apply STE override a�ributes checks against configura�on.
, no event recorded.
Here, ATSCHK=1 (as ATSCHK=0 TT exited the
If OT:  C_BAD_STE Y Y N Y 00 (ATS disabled) flowchart early, above).  Therefore in this branch it
STE.V=0 disables stream  STE.V=1 but contents ILLEGAL. Silently terminated Y (effec�ve EATS=00) STE.Config[2:0] must be 111  (both S1 & S2 transla�on) for STE  to be valid with EATS=10. For a�ributes, see chapter 13.6  PCIe and ATS a�ribute/ permissions handling.
TR or TT? N SSID present? N Addr > OAS? Effec�ve  STE.EATS Other =10 && EATS ATSCHK=0
N 000 Y Y N Y Perform STE.{INSTCFG,  as applicable.
PRIVCFG, NSCFG} overrides
A STE valid, not  ILLEGAL? Y STE. Config 1xx S1+S2 Bypass? N TR? N TT? N a�ributes Check  SSID
OT & TR: Apply STE override
2
To Stage
Fetch &  check STE Stream Bypass ATS TR  and TT

Figure 15.2: Translation Procedure Chart 2

Figure 15.2

n/a
Outcome for ATS Translated  transac�on
Request Deny, CA
Outcome for ATS Transla�on  Complete, R=W=0
Outcome for Terminate, abort Terminate, abort
Ordinary transac�on
No Stage 1 for substream. OT: C_BAD_SUBSTREAMID S1 bypass address too large. OT: Stage 1 F_ADDR_SIZE Substreams disabled. OT: C_BAD_SUBSTREAMID Substream outside legal range. OT: C_BAD_SUBSTREAMID Substream 0 reserved. OT: F_STREAM_DISABLED Non-substream traffic disabled. OT: F_STREAM_DISABLED S1 bypass address too large. OT: F_ADDR_SIZE
Y 00 Y
Y Y N Y SSID=0 N STE.S1DSS Other STE.S1DSS 01 Addr > IAS?
10 10 N
CD table  entry 0  used
SSID present? N Addr > IAS? STE.CDMax >  0? Y SSID >  STE.CDMax N STE.S1DSS Other
N
S2 translates.
Stage 1 + Stage 2 bypass dealt  with above, so no-S1 implies
N Y Y
Check  SSID Y Got VA N 0? N B
S1 translates? SSID present? STE.CDMax >
To Stage  2 Skip  Stage 1
Check  Sub  stream ID

Figure 15.3: Translation Procedure Chart 3

Figure 15.3

n/a
Outcome for ATS Translated  transac�on
n/a
Request Deny, CA Deny, CA
Outcome for ATS Transla�on  Complete, R=W=0
Stall
Outcome for Terminate, abort Terminate, abort Terminate, abort
Ordinary transac�on
detect a different error.
1
0
STE.S2S
For Stage 1 + Stage 2 ATS (including Split-stage ATS, and with PRI at both levels), this case returns  ‘R=W=0’ to elicit a PPR from the endpoint.  The Hypervisor (HV) traps the PPR for VA and translates  it to determine that the CD fetch faulted.  The HV might make the page available and con�nue. However, if the guest used a genuinely bad CD IPA the nearest equivalent is an abort on CD read  (from IPA).  The guest can detect that ATS to a stream with a bad CD address seemed to succeed  (R=W=0) instead of Deny, CA.  In either case, device access is safely denied but the guest OS could
IPA.
STE.S2HA=0) failure, or GPF.
(CLASS=CD, Stage=2)
might be transient  OT:  F_TRANSLATION/F_ADDR_SIZE/ F_PERMISSION (/F_ACCESS, if  Stage 2 TTD fetch EABT, TLB lookup  F_TLB_CONFLICT (Stage=2)
due to S2 paging. Transla�on-related fault at Stage 2 for CD- OT:  F_WALK_EABT (CLASS=CD, Stage=2),
S2 fault
N
might respond by injecting  F_CD_FETCH to guest Non- Y
transla�on  read error?
Or, if it’s a genuinely bad address, HV
N
OK? Y
S2 translate
, or GPF.
-IPA. Invalid CD.
set OT: C_BAD_CD
OT: F_CD_FETCH, or F_CFG_CONFLICT
S2 translate for CD HTTU: If STE.S2HA=1, set  S2-TTD.AF=1 if not already  EABT on fetch, cache lookup failure
Y N N
B N Y CD valid? Y Walk  Stage 1
S2 translates? CD fetch OK?
Fetch CD

Figure 15.4: Translation Procedure Chart 4

Figure 15.4

n/a
Outcome for ATS Translated  transac�on
n/a n/a
Request Deny, CA Deny, CA Deny, CA Deny, CA
Outcome for ATS Transla�on  Complete, R=W=0 Complete, R=W=0 Complete, R=W=0
CD.A=0 and CD.S=1 have no  effect on a TR.  ATS does not  support RAZ/WI aborts.
RAZ/WI
Stall Stall Stall
Outcome for Terminate, abort Terminate, abort Terminate, abort Terminate, abort Terminate,  Terminate, abort Terminate, abort Terminate, abort
Ordinary transac�on
1 0 1 0
1
0
STE.S2S CD.A STE.S2S
0 a�empted.
, or GPF.
1 CD.S This flow depicts S2-TTD being updated
NOTE:  with AF=1, then later Dirty=1 (e.g. fetch S1-TTD  then later decide to update it – atomically).  If  S2 maps S1 read-only, could result in S2 having  AF=1 yet later an S2 fault when Dirty update is
update IPA. F_WALK_EABT
tage 2 is R/O for S1-TTD.S OT:  F_PERMISSION from  S2-TTD backing S1-TTD’s  (CLASS=TT, Stage=2) OT:   (CLASS=TT, Stage=2)
might be transient  due to S2 paging. Stage 2 fault: OT:  F_TRANSLATION, backing S1-TTD IPA. (CLASS=TT, Stage=2) F_TLB_CONFLICT (Stage=2) , or GPF. N
S2 fault F_ADDR_SIZE, F_PERMISSION, OT:  F_WALK_EABT (CLASS=TT, Stage=2),
(F_ACCESS if STE.S2HA=0) from S2-TTD  Stage 2 TTD fetch EABT, TLB lookup failure Y
Race condi�on, no abort when  it was read but now could  EABT when write a�empted read?
N EABT on TTD
Stage 1 fault: TTD of VA.
F_TLB_CONFLICT (Stage=1) (CLASS=IN, Stage=1) && SIF=1 && NS=1. for write N
Non- transla�on  read error? Y Stage 1 TTD fetch EABT, TLB lookup failure OT:  F_WALK_EABT (CLASS=TT, Stage=1),  OT:  F_TRANSLATION, F_ADDR_SIZE, (F_ACCESS if last-level TTD && CD.HA=0),  F_PERMISSION (affected by CD.HD=0) from S1- Or, F_PERMISSION due to SEC_SID=1 && InD=1  e-access Stage 2 TTD, but R S1-TTD write IPA. set S2 translate  OK? F_WALK_EABT
N OT:   (CLASS=TT, Stage=1)
S2 walk for  HTTU: If STE.S2HD=1 update  S2-TTD.Dirty=1 if not already
Y
OK? Y
S2 translate  Y
TTD
N
Y write?
S2 translates? Update S1-TTD EABT on
translated to PA
Input address out of range (considering  S1-TTD read  IPA. already set IPA Non- transla�on  read error? N
StreamWorld, CD.TxSZ, CD.TBI), or effec�ve EPD S2 walk for  HTTU: If STE.S2HA=1,  update S2-TTD.AF=1 if not  Atomic Y N
N
Fault Y
TTD
Walk  Stage 1 Transla�on Fault?   N Construct S1-TTD  address (IPA/PA) S2 translates? N Read S1-TTD from  PA Stage 1  OK and not  GPC fault? Y -level Last TTD? Y S1 HTTU required? N Got IPA C
N
Walk  Stage 1 TT

Figure 15.5: Translation Procedure Chart 5

Figure 15.5

n/a
Outcome for ATS Translated  transac�on Terminate, abort Terminate, abort Terminate, abort Pass transc�on (apply  a�rs as appropriate) Terminate, abort Pass transac�on (Combine in S2 a�rs)
n/a
PA=VA, U=0,   from
Outcome for ATS Transla�on  Request R=W=1 from S1 table walk Deny, CA Complete, R=W=0 Deny, CA S1+S2; return IPA appropriate) Deny, CA
Complete,  Complete, perms & PA  Complete, perms Complete (apply a�rs as  Complete, perms & PA  from (S1+)S2 table walk
(apply   (apply
Stall
S1 a�rs)
Outcome for Ordinary transac�on Terminate, abort Pass transac�on Terminate, abort Terminate, abort Terminate, abort Pass transc�on (apply  a�rs as appropriate) Terminate, abort Pass transac�on (S1+)S2 a�rs)
1 0
STE.S2S
15.
might be transient
due to S2 paging.
To GPC
N S2 fault
Is GPC  enabled? Y same as input (since EATS=10 means only Stage 1 is translated using ATS).   , or  N
If S1DSS=01 causes Stage 1 to be skipped when EATS=10, the output address is the  However, this carries on to Stage 2 to check permissions/a�ributes.  See Chapter  Y
GPC fault?
GPF. F_WALK_EABT
Stage 2 fault:
F_PERMISSION TR with EATS=10: F_TLB_CONFLICT (Stage=2) OT/TT:  F_TRANSLATION, F_ADDR_SIZE, F_PERMISSION, (affected by STE.S2HD=0) from S2-TTD of IPA (Stage=2, CLASS=IN) OT/TT:   (WALK=TTD, Stage=2)
Stage 2 for permissions.
Store Input address as IPA to  return in result, con�nue to  Stage 2 TTD fetch EABT, TLB lookup failure OT/TT:  F_WALK_EABT (CLASS=IN, Stage=2),  (F_ACCESS if STE.S2HA=0), F_PERMISSION
To GPC
Y Y
TTD (i.e. GOTO Read S2-TTD)
N Atomic:  May “load-exclusive, test/
For regular EATS=01 ATS, Stage 1 has been skipped due to S1DSS=01 and Stage 2 does not translate. EATS=01 &&  STE.Config[1]=0 N EATS=10? N To GPC TR with EATS=10: manipulate, store-exclusive” in some systems  or “read, test/manipulate, far CAS” or similar;  if the TTD has changed in between, re-read  N N
Y
N are combined S1+S2 permissions)
Y Is GPC  enabled? Y Store IPA to return in final result, con�nue to  Stage 2 for permissions (result’s permissions  Input address out of range  (considering STE.S2T0SZ) Y Non- transla�on  read error? Update S2-TTD EABT on S2- TTD Is GPC  enabled? Y Y Is GPC  enabled?
Skip  Stage 1 TR?
N Y N Y Fault N Atomic N Y
C N S2 trans? Y TR &&  EATS=10? N Transla�on Fault?   N Construct S2-TTD  address (PA) Read S2-TTD from  PA TTD OK and  not GPC fault? Y Last TTD? Y S2 HTTU required? N TR &&  EATS=10? N Got PA
space is Non-secure
(SEC_SID=10 || SEC_SID=1  && SIF=1) && InD=1 && PA
N
2
To Stage
Walk  Stage 2 TT

Figure 15.6: Translation Procedure Chart 6

Figure 15.6

15.2 Notes on translation procedure charts

For every fault or termination that an ordinary transaction might experience, an ATS Translation Request has an equivalent defined response.

Similarly, an ATS Translated transaction might experience a subset of the fault or termination reasons.

Generally, situations that represent a configuration error result in a Completer Abort (CA) response to the endpoint, situations that represent an explicit prevention or disable of ATS service result in an Unsupported Request (UR) response, and Translation-related failures result in a successful Translation Completion having R == W == 0 (that is, no access for this address).

See section 3.9.1.2 Responses to ATS Translation Requests .