[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Question about Cortex-M exceptions and ES bit value
|
From: |
Peter Maydell |
|
Subject: |
Re: Question about Cortex-M exceptions and ES bit value |
|
Date: |
Wed, 14 Dec 2022 14:22:10 +0000 |
On Wed, 14 Dec 2022 at 13:11, Igor Kotrasinski/Security (PLT)
/SRPOL/Engineer/Samsung Electronics <i.kotrasinsk@samsung.com> wrote:
>
> Hi,
>
> I'm playing around with hacking in support for a custom Cortex-M board,
> and I noticed something strange in exception entry code. The
> av7m_exception_taken function has a bit like this:
>
> > if (arm_feature(env, ARM_FEATURE_V8)) {
> > ...
> > lr &= ~R_V7M_EXCRET_ES_MASK;
> > if (targets_secure || !arm_feature(env, ARM_FEATURE_M_SECURITY)) {
> > lr |= R_V7M_EXCRET_ES_MASK;
> > }
> > }
>
> Meaning that, if Cortex-M security extensions are NOT present, the ES
> bit is set. However, in the reference manual for Armv8-M the roughly
> equivalent ExceptionTaken() function does something like this:
>
> > assert(HaveSecurityExt() || !excIsSecure);
> > ...
> > if excIsSecure then
> > LR<2> = CONTROL_S.SPSEL;
> > LR<0> = '1';
> > else
> > LR<2> = CONTROL_NS.SPSEL;
> > LR<0> = '0';
>
> That looks to me like the ES bit (LR<0>) should NOT be set if security
> extensions are NOT present. Am I correct, is it a bug?
Yes, I think you're right, and the condition should just be
"if (targets_secure)". This matches with the v8M Arm ARM
documentation of the EXC_RETURN format, where bit 0 (ES)
is RES0 if the Security Extension is not implemented.
This doesn't cause any guest-visible bugs, because at
the moment both of the CPUs we model which are v8M
(Cortex-M55 and Cortex-M33) implement the Security Extension.
But we should fix it in case we add a v8M-no-Security-Extension
CPU option later.
thanks
-- PMM