Memory System

This page documents Kermit memory system internals.

The OMAP35x Technical Reference Manual provides information about the SonicMX interconnect used in Kermit.

Terminology
Any device connected to the memory system, such as ARM cores, DMA controllers, LPDDR2... Modules can be initiators, targets or both. A module that can initiate read and write requests to the interconnect (e.g. ARM cores, DMA, ...). A module that can only respond to requests from the interconnect. Targets may also be able to generate out-of-band signals such as interrupts. The connection between a module's port and the interconnect. If a module has multiple ports (e.g. an Initiator and Target module), each port is connected to the interconnect by a different agent (e.g. one IA and one TA). Short for Target Agent. The agent connecting an Initiator module to the interconnect. Short for Initiator Agent. The agent connecting a Target module to the interconnect. Open-core Protocol, a standard point-to-point protocol allowing communication between a master and a slave port. A port that can generate OCP commands. Initiators always include at least one master port. A port that can respond to OCP commands. Targets always include one slave port. Logic device enabling connection between initiator and target modules connected to it. OCP signal associated to a device error-reporting scheme. This is opposed to an in-band error, which is associated to the protocol's error-reporting scheme.
 * Module
 * Initiator
 * Target
 * Agent
 * TA
 * IA
 * OCP
 * OCP Master Port
 * OCP Slave Port
 * Interconnect
 * Out-of-band error

There are three revisions of the memory system layout: one for Kermit1.0 ES1, one for Kermit1.0 ES2 (very close to ES3) and a last one used in Kermit1.0 ES3, ES4, and Kermit1.5 ES1.

In the following sections, you may see mentions of register names such as  and. Unless otherwise specified, a register prefixed with  is merely the ARM Secure variant of the register e.g.   is   for ARM Secure. Everything that applies to a register should apply to its Secure variant, except that the register is updated by Secure bus transactions, instead of Non-Secure bus transactions.

Control registers
There are several MMIO registers available to alter the behavior of the memory system, or query information about the memory system's state.

IA/TA registers
A common register group associated to every IA or TA of the memory system. The register group is 0x1000 bytes sized (but maybe not all room is used).

(List of physical address for all these interfaces can be found on Physical Memory page - names start with  - will be migrated here at some point)

Bus Errors
When a bus error occurs, an interrupt is delivered to ARM Secure (Interrupt ID 0x21=33) or Non-Secure (Interrupt ID 0x20=32). The OS considers all bus errors to be fatal. The interrupt handlers installed for these IDs perform a register dump then stop the system.

It appears that device-initiated bus errors (e.g. DMAC) are always routed to Non-Secure interrupt. There may be other rules to consider (e.g. some register to set whether a device is Secure/Non-Secure).

It is unknown whether or not CMeP can receive bus error interrupts or how CMeP fits in the memory system.

There are two kind of bus errors: Internal Bus error and Target Device error. An Internal Bus error occurs when the memory system fails to deliver a request to a target device - for example, trying to access non-existent memory. A Target Device error occurs when a device successfully receives a request but is unable to handle it - for example, accessing the non-existent part of a device's memory.

Bus Error Attribute
The bus error attribute is a 32-bit value that can be recovered in a per-device MMIO register along with the bus error address.

The attribute holds multiple informations: who (?which agent?) was the bus master when the error occurred, what bus command was ongoing, and when available the reason of the bus error.

Note that for some devices (Spad32K, Spad128K, Compati SRAM), the only valid attribute is, indicating an invalid address.

To decode the meaning of  and , shift them by 16 and 8 respectively to obtain a value between 0-63/0-7 and use the following tables:

Clear TA error
In old System Software versions (e.g. 0.920 - pre-ES3, so this may no longer be valid), there exists inside the bus error module a function named  which works the following way.

First, choose a bus/XBar that will serve as start point (MainXBar for ES2). Second, recursively build a list of all TAs connected to this start point. Repeat the process for all TAs that are busses or XBars. Third, walk the obtained tree. Check the  of all TAs. If an error is present, repeat the procedure recursively (if bus/XBar) then clear the error.

To detect an error, check if bit  is present in  To clear the error, simply write   to.

NOTE: old System Software versions do not have informations about IAs, but only TAs. This could explain the routine's name, but also means this procedure may also work/be needed on IA side.

Miscellaneous
The memory system is able to distinguish if a transaction is originating from ARM Secure state or Non-Secure state because ARM Cortex-A9 processors with Security Extensions have a bit indicating whether the access is Secure or Non-Secure added to all memory system transactions.

Attempting to perform a DMAC memcpy from Secure to Non-Secure LPDDR0 region results in a NS bus error. The current hypothesis is that all devices on the Kermit bus diagram that have an IA are treated as ARM NS.

On ES1 hardware, the bus registers are prefixed with  instead of. The meaning of both these acronyms is unknown.