Help: ARMv9 QEMU U-Boot stack collision with RMM reserved memory
38 views
Skip to first unread message
Yuvraj Sakshith
Jun 24, 2025, 1:43:25 PMJun 24
to Kernel Meetup Bangalore
Hi folks,
I am facing an issue while booting up a QEMU (8.2.2) virt machine with TF-A built with RME (Realm Management Extension) support.
From the logs,
NOTICE: Booting Trusted Firmware
NOTICE: BL1: v2.13.0(debug):711f42b
NOTICE: BL1: Built : 22:49:08, Jun 24 2025
INFO: BL1: RAM 0xe0ee000 - 0xe0f6000
INFO: BL1: Loading BL2
INFO: Loading image id=1 at address 0xe05b000
INFO: Image id=1 loaded: 0xe05b000 - 0xe0642b9
NOTICE: BL1: Booting BL2
INFO: Entry point address = 0xe05b000
INFO: SPSR = 0x3cd
NOTICE: BL2: v2.13.0(debug):711f42b
NOTICE: BL2: Built : 22:49:08, Jun 24 2025
INFO: BL2: Doing platform setup
INFO: Reserved RMM memory [0x40100000, 0x418fffff] in Device tree <--------------------
INFO: BL2: Loading image id 3
INFO: Loading image id=3 at address 0xe090000
INFO: Image id=3 loaded: 0xe090000 - 0xe0a3154
INFO: BL2: Loading image id 35
INFO: Loading image id=35 at address 0x40100000
INFO: Image id=35 loaded: 0x40100000 - 0x4017cfa0
INFO: BL2: Loading image id 5
INFO: Loading image id=5 at address 0x60000000
INFO: Image id=5 loaded: 0x60000000 - 0x6015ca20
NOTICE: BL2: Booting BL31
INFO: Entry point address = 0xe090000
INFO: SPSR = 0x3cd
INFO: GPT: Boot Configuration
INFO: PPS/T: 0x2/40
INFO: PGS/P: 0x0/12
INFO: L0GPTSZ/S: 0x0/30
INFO: PAS count: 6
INFO: L0 base: 0xeefe000
INFO: Enabling Granule Protection Checks
NOTICE: BL31: v2.13.0(debug):711f42b
NOTICE: BL31: Built : 22:49:09, Jun 24 2025
INFO: GICv3 without legacy support detected.
INFO: ARM GICv3 driver initialized in EL3
INFO: Maximum SPI INTID supported: 287
INFO: BL31: Initializing runtime services
INFO: RMM setup done.
INFO: BL31: Initializing RMM
INFO: RMM init start.
Booting RMM v.0.7.0(debug) tf-rmm-v0.7.0-35-gd1f4947 Built: Jun 24 2025 17:30
:53 with GCC 13.3.0
RMM-EL3 Interface v.0.6
Boot Manifest Interface v.0.5
RMI ABI revision v1.0
RSI ABI revision v1.0
INFO: RMM init end.
INFO: BL31: Preparing for EL3 exit to normal world
INFO: Entry point address = 0x60000000
INFO: SPSR = 0x3c9
NOTICE: BL1: v2.13.0(debug):711f42b
NOTICE: BL1: Built : 22:49:08, Jun 24 2025
INFO: BL1: RAM 0xe0ee000 - 0xe0f6000
INFO: BL1: Loading BL2
INFO: Loading image id=1 at address 0xe05b000
INFO: Image id=1 loaded: 0xe05b000 - 0xe0642b9
NOTICE: BL1: Booting BL2
INFO: Entry point address = 0xe05b000
INFO: SPSR = 0x3cd
NOTICE: BL2: v2.13.0(debug):711f42b
NOTICE: BL2: Built : 22:49:08, Jun 24 2025
INFO: BL2: Doing platform setup
INFO: Reserved RMM memory [0x40100000, 0x418fffff] in Device tree <--------------------
INFO: BL2: Loading image id 3
INFO: Loading image id=3 at address 0xe090000
INFO: Image id=3 loaded: 0xe090000 - 0xe0a3154
INFO: BL2: Loading image id 35
INFO: Loading image id=35 at address 0x40100000
INFO: Image id=35 loaded: 0x40100000 - 0x4017cfa0
INFO: BL2: Loading image id 5
INFO: Loading image id=5 at address 0x60000000
INFO: Image id=5 loaded: 0x60000000 - 0x6015ca20
NOTICE: BL2: Booting BL31
INFO: Entry point address = 0xe090000
INFO: SPSR = 0x3cd
INFO: GPT: Boot Configuration
INFO: PPS/T: 0x2/40
INFO: PGS/P: 0x0/12
INFO: L0GPTSZ/S: 0x0/30
INFO: PAS count: 6
INFO: L0 base: 0xeefe000
INFO: Enabling Granule Protection Checks
NOTICE: BL31: v2.13.0(debug):711f42b
NOTICE: BL31: Built : 22:49:09, Jun 24 2025
INFO: GICv3 without legacy support detected.
INFO: ARM GICv3 driver initialized in EL3
INFO: Maximum SPI INTID supported: 287
INFO: BL31: Initializing runtime services
INFO: RMM setup done.
INFO: BL31: Initializing RMM
INFO: RMM init start.
Booting RMM v.0.7.0(debug) tf-rmm-v0.7.0-35-gd1f4947 Built: Jun 24 2025 17:30
:53 with GCC 13.3.0
RMM-EL3 Interface v.0.6
Boot Manifest Interface v.0.5
RMI ABI revision v1.0
RSI ABI revision v1.0
INFO: RMM init end.
INFO: BL31: Preparing for EL3 exit to normal world
INFO: Entry point address = 0x60000000
INFO: SPSR = 0x3c9
TF-A reserves 0x40100000 to 0x418fffff for RMM memory. Perhaps marking GPT as well.
While control is handed over to normal world image (BL33) that is U-Boot, the initial stack set up by the bootloader is 0x40200000 (found in u-boot/configs/qemu_arm64_defconfig => CONFIG_CUSTOM_SYS_INIT_SP_ADDR=0x40200000).
While U-Boot is setting itself up (in u-boot/arch/arm/lib/crt0_64.S:_main()), board_init_f_alloc_reserve() carves out a piece of this stack (perhaps?) for 'globals' as found in u-boot/common/init/board_init.c.
After this carving happens, the stack pointer effectively becomes 0x401fde70. Which is inside the region reserved for RMM. This subsequently causes a GPF. Here is ESR_EL2: 0x96000068.
Has anyone tried booting up a RME configured TF-A QEMU machine? If so, please let me know what can be done.
Any help would be appreciated :)
P.S.
Changing CONFIG_CUSTOM_SYS_INIT_SP_ADDR to something higher like 0x40300000 does not help either. If possible, please push me towards resources explaining how EL3 sets up GPT for the normal world during early boot.
Thanks!
Yuvraj
Kaiwan N Billimoria
Jun 24, 2025, 9:53:19 PMJun 24
to Yuvraj Sakshith, Kernel Meetup Bangalore
Hi Yuvraj,
I tried with ChatGPT 4o :-)
https://chatgpt.com/s/t_685b55d480fc81918b92028db318cac5
https://chatgpt.com/s/t_685b55d480fc81918b92028db318cac5
Perhaps it helps perhaps not... pl see (of course, do check carefully for hallucinations!)
--Thanks!Yuvraj
You received this message because you are subscribed to the Google Groups "Kernel Meetup Bangalore" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kernel-meetup-ban...@googlegroups.com.
To view this discussion, visit https://groups.google.com/d/msgid/kernel-meetup-bangalore/CAA_YcQFNiP_Q7m0uNb8hSjoMnBd%2Betno%3D%3DE7xWDZmBw0hJcXKg%40mail.gmail.com.
Aneesh Kumar
Jul 7, 2025, 12:33:03 AMJul 7
to Yuvraj Sakshith, Kernel Meetup Bangalore
On Tue, Jun 24, 2025 at 11:13 PM Yuvraj Sakshith <ysak...@gmail.com> wrote:
This gives the details of some of the code repo used.
Reply all
Reply to author
Forward
0 new messages