CA72 can't access ICC_IAR1_EL1 at EL1

I can access ICC_IAR1_EL1 at EL3 using SP_EL0, however, after I switch EL3 to EL1 non-secure, I can't read IIC_IAR1_EL1 anymore, which doesn't make sense. 

Can anybody help here? much appreciated.  

__func__011000 EC=MSR, MRS, or System instruction, that isn't reported using EC 0x00/0x01/0x07Unhandled exception 0x18(24) from CA72_0 to CA72_0
EXC number:0x00000018
EXC class: 0x00000018
FaultReg: 0x00000000
StatusPrg: 0x80000005
PC: 0x00000000 0xA0007F78
FaultReg: 0xD538CC00
StatusPrg: 0x00303019
Exception class is MSR_MRS
These report exceptions from MSR, MRS, or System instructions
Instruction syndrome MSR/MRS:
Op0: 0x00000000
Op2: 0x00000000
Op1: 0x00000000
CRn: 0x00000000
Rt : 0x00000000
CRm: 0x00000018
dir: 0x00000001

Parents
  • The ICC_IAR1_EL1 register description describes when accessing the register can trigger an exception (see near the end):

    Arm A-profile Architecture Registers

    Looking at the EL1 accessor:

    elsif PSTATE.EL == EL1 then 
    if HaveEL(EL3) && EL3SDDUndefPriority() && SCR_EL3.IRQ
    == '1' then
    UNDEFINED;
    elsif ICC_SRE_EL1.SRE ==
    '0' then
    AArch64.SystemAccessTrap(EL1,
    0x18);
    elsif EL2Enabled() && ICH_HCR_EL2.TALL1 == '1' then
    AArch64.SystemAccessTrap(EL2,
    0x18);
    elsif EL2Enabled() && HCR_EL2.IMO == '1' then
    X[t,
    64] = ICV_IAR1_EL1;
    elsif HaveEL(EL3) && SCR_EL3.IRQ == '1' then if EL3SDDUndef() then
    UNDEFINED
    ; else AArch64.SystemAccessTrap(EL3, 0x18);
    else X[t, 64] = ICC_IAR1_EL1;

    Given the exception is being taken to EL1, that looks like the second trap:

      elsif ICC_SRE_EL1.SRE == '0' then 
    AArch64.SystemAccessTrap(EL1,
    0x18);

    That is, the access traps due to ICC_SRE_EL1.SRE being cleared to 0.

    Something that has tripped me a couple of times is that ICC_SRE_EL1 is banked, meaning there are separate copies for Secure and Non-secure state.  Which you currently see/use is based on SCR_EL3.NS.  If you pre-initialised ICC_SRE_EL1.SRE while in EL3, you might have initialised the "wrong" copy (i.e. not the one for the Security state you entered EL1 in).  My suggestion would be to initialise both copies while in EL3.

Reply
  • The ICC_IAR1_EL1 register description describes when accessing the register can trigger an exception (see near the end):

    Arm A-profile Architecture Registers

    Looking at the EL1 accessor:

    elsif PSTATE.EL == EL1 then 
    if HaveEL(EL3) && EL3SDDUndefPriority() && SCR_EL3.IRQ
    == '1' then
    UNDEFINED;
    elsif ICC_SRE_EL1.SRE ==
    '0' then
    AArch64.SystemAccessTrap(EL1,
    0x18);
    elsif EL2Enabled() && ICH_HCR_EL2.TALL1 == '1' then
    AArch64.SystemAccessTrap(EL2,
    0x18);
    elsif EL2Enabled() && HCR_EL2.IMO == '1' then
    X[t,
    64] = ICV_IAR1_EL1;
    elsif HaveEL(EL3) && SCR_EL3.IRQ == '1' then if EL3SDDUndef() then
    UNDEFINED
    ; else AArch64.SystemAccessTrap(EL3, 0x18);
    else X[t, 64] = ICC_IAR1_EL1;

    Given the exception is being taken to EL1, that looks like the second trap:

      elsif ICC_SRE_EL1.SRE == '0' then 
    AArch64.SystemAccessTrap(EL1,
    0x18);

    That is, the access traps due to ICC_SRE_EL1.SRE being cleared to 0.

    Something that has tripped me a couple of times is that ICC_SRE_EL1 is banked, meaning there are separate copies for Secure and Non-secure state.  Which you currently see/use is based on SCR_EL3.NS.  If you pre-initialised ICC_SRE_EL1.SRE while in EL3, you might have initialised the "wrong" copy (i.e. not the one for the Security state you entered EL1 in).  My suggestion would be to initialise both copies while in EL3.

Children