summary:
sp (0000000012108d90) - 48 = 0x4000000012108d60 when exec stp instruction (62 bit become 1). Could anyone help to explain why this happen? Thanks.
the details in below:
We get a level 0 translation fault when exec the instruction below:
``` 10016e74: a9bd7bfd stp x29, x30, [sp, #-48]!```
we dump all the register in the exception handler:
```ESR=0x0000000096000044 EC=0x25 IL=0x1 ISS=0x44ELR=0x0000000010016e74 FAR=0x4000000012108d60 HPFAR=0x0000000009780a30
pc : [<0000000010016e74>] lr : [<0000000010008f5c>] pstate: 800003c9sp : 0000000012108d90x29: 0000000012108d90 x28: 00000000120d1aa8 x27: 0000000000000000 x26: 00000000000003c0 x25: 0000000000000000 x24: 00000000158050c8 x23: 0000000012108e90 x22: 00000002564eccaf x21: 0000000005725000 x20: 00000000120d1aa8 x19: 00000000120d4dd8 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000012208fc0 x13: ffff00000808592c x12: ffff0000095cbf10 x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 x8 : 00000000600001c5 x7 : ffff00000809f5c8 x6 : 0000000012108fa0 x5 : 0000000000000020 x4 : 0000000000000000 x3 : 0000000000000010 x2 : ffffffffffffffd0 x1 : 0000000012207100 x0 : 00000000120d4dd8 ```
From EC and ISS we know this is a level 0 translation fault.
sp is 0000000012108d90, but FAR is 0x4000000012108d60, which means 0x0000000012108d90 - 48 = 0x4000000012108d60. The 62 bit become 1.
Could anyone help to explain why this happen?
Thanks.
Which OS?
This is our private OS (a hypervisor), the exception is happened in EL2.
Is it possible a software(OS) bug? If so, in which situation will this happen? (sp (0000000012108d90) - 0x30 = 0x4000000012108d60 )