Problems enabling MMU on ARM Cortex-A

Question

I'm trying to enable the MMU on an ARM Cortex-A9 (in QEMU). All my code and data is within the the first MB of memory, so I believe a single L1 "section" entry should be enough to set up an identity mapping covering all the memory I need. Here's the steps I go to:

Create an L1 entry at address 0x16000 with the value 0x00000c02 (documentation for the L1 entry format is in the ARM Architecture Reference Manual section B3.5 - only available as a PDF so I can't link directly). All other entries in the L1 table are zeroed.

Set TTRB0 to 0x16000 (I have checked that TTBCR.N is 0):

ldr r0, =masterTranslationTable
mcr p15, 0, r0, c2, c0, 0

Disable I- and D-cache, invalidate the TLB, set the Domain Access Control Register (DACR) to all-ones (which disables permissions checking for all domains):

  MRC p15, 0, r1, c1, c0, 0
  BIC r1, r1, #(0x1 << 12)     @ Disable Instruction cache
  BIC r1, r1, #(0x1 << 2)      @ Disable Data cache
  MCR p15, 0, r1, c1, c0, 0    
  mcr p15, 0, r1, c8, c7, 0    @ Invalidate TLB
  mov r0, #0xffffffff
  mcr p15, 0, r0, c3, c0, 0    @ Set DACR to all "manager" - no permissions checking

Enable the MMU:

  mrc p15, 0, r0, c1, c0, 0
  orr r0, r0, #1
  mcr p15, 0, r0, c1, c0, 0

But immediately after the MMU is enabled, I get a prefetch abort, and the debugger is unable to access any memory. Can anyone see what I am missing?

Answer 1

The translation table has to be aligned on a 16k boundary. Try 0x14000 or 0x18000.