Problem about reading/writing memory in EL2

I am trying to read/write a memory in EL2, but it doesn't return what I want.

I use kzalloc to get initialized space, then use str to write a number (0x12345678) in this space.

Next, I use __pa() to get the physical address(PA) of this space. I found PA=VA-0x80000000. I will send this PA to EL2 for reading, so I put it into one register(r1)

Third step is call hvc, after calling hvc it is in EL2. I have created a branch in hyp_stub_vectors (in arch/arm/kernel/hyp-stub.S, I am sure this file will handler hvc ), and used ldr to read this memory space to get my number.

But it failed.

I guess possible reasons are

1. I got a wrong physical address with __pa(). But I have walked the aarch32 stage-1 translation and got the same address, actually this space is a block, so it's OK to delete an offset to get the physical address.
2. in EL2 it still has address translation. But I checked some related system register and found the MMU in EL2 is disable. Possibly I checked a wrong register?

My device is Raspberry Pi 3B+, Cortex-A53

The problem may be related to cache incoherence. Given that your EL2 is running with MMU disabled, it also has data cache disabled, as stated in this paper. This means that to access a memory location in EL2 you need to get the value into RAM.

To achieve this, you can use the dc civac, x0 instruction, with x0 being a virtual address of the variable. This will flush the cache line with your variable and write the value into RAM.

P.S. To verify whether your PA is correct, read the value at __va(__pa(addr)) and make sure that it's the same.