I am running on Cortex-R82 FVP.
EL2: MPU disabled with background region also disabled. EL1: MPU enabled with multiple non-overlapping regions, background region disabled.
SCTLR_EL[2|1].WXN is set to 0.
Behavior: In EL1, when I write to a normal memory MPU region that has write and execute permissions enabled (around memory location 0x86400, if it matters), the write operation causes a fault. The issue disappears when the region is marked non-executable (prbar.XN bit is set).
My question is, if this is expected behavior or if it is an FVP parameter/bug? If it is expected, would be grateful if I could be pointed to the documentation that explains it further.
Thanks, that makes a bit more sense.
I'm more familiar with the A-profile, which has a rule that a region which has write-permission at EL0 can _never_ be executable at EL1.
From the A-profile spec (DDI0487, rev L.b), this is covered by R_VWLLR:
For stage 1 translations that support two Exception levels, if UnprivWrite is present, then PrivExecute is removed.
Adding to my post:
R-profile is a little different. When the MPU is disabled there is a special case:
“If the value of SCTLR_EL1.{M, BR} is {0, 1}, then for the Secure EL1&0 translation regime, any memory region that is writable at EL0 is also executable from EL1 if that address is marked as executable by the Background region.”
This is the issue, the Aarch64 memory model mentions: "A location with EL0 write permissions is never executable at EL1."
Thanks for the hint!