summary:
sp (0000000012108d90) - 48 = 0x4000000012108d60 when exec stp instruction (62 bit become 1). Could anyone help to explain why this happen? Thanks.
the details in below:
We get a level 0 translation fault when exec the instruction below:
``` 10016e74: a9bd7bfd stp x29, x30, [sp, #-48]!```
we dump all the register in the exception handler:
```ESR=0x0000000096000044 EC=0x25 IL=0x1 ISS=0x44ELR=0x0000000010016e74 FAR=0x4000000012108d60 HPFAR=0x0000000009780a30
pc : [<0000000010016e74>] lr : [<0000000010008f5c>] pstate: 800003c9sp : 0000000012108d90x29: 0000000012108d90 x28: 00000000120d1aa8 x27: 0000000000000000 x26: 00000000000003c0 x25: 0000000000000000 x24: 00000000158050c8 x23: 0000000012108e90 x22: 00000002564eccaf x21: 0000000005725000 x20: 00000000120d1aa8 x19: 00000000120d4dd8 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000012208fc0 x13: ffff00000808592c x12: ffff0000095cbf10 x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 x8 : 00000000600001c5 x7 : ffff00000809f5c8 x6 : 0000000012108fa0 x5 : 0000000000000020 x4 : 0000000000000000 x3 : 0000000000000010 x2 : ffffffffffffffd0 x1 : 0000000012207100 x0 : 00000000120d4dd8 ```
From EC and ISS we know this is a level 0 translation fault.
sp is 0000000012108d90, but FAR is 0x4000000012108d60, which means 0x0000000012108d90 - 48 = 0x4000000012108d60. The 62 bit become 1.
Could anyone help to explain why this happen?
Thanks.
This is our private OS (a hypervisor), the exception is happened in EL2.
Is it possible a software(OS) bug? If so, in which situation will this happen? (sp (0000000012108d90) - 0x30 = 0x4000000012108d60 )