Hello, everyone
I'm new to this community.
I'd like to ask many questions and want to help someone.
Now I have some difficulties in understanding aarch64's watchpoint exception handling scheme.
I found I can decide which exception level whachpoint exception can be generated in from ARMv8 Reference manual
( plz refer to Table D2-15 Summary of watchpoint HMC, SSC, and PAC encodings in the manual)
I ,also, found I can decide Which exception level the generated exception is thrown to by setting MDCR_EL2 register
According to a description from ARMv8 Ref. Manual below, when MDSCR_EL2.TDE field is 1, all the non-secure debug exception are thrown to EL2.
=====================================================================
If EL2 is implemented, the routing of debug exceptions taken from Non-secure state depends on
MDCR_EL2.TDE:
1 Debug exceptions taken from Non-secure state are routed to EL2.
0 Debug exceptions behave as follows:
• Debug exceptions taken from Non-secure EL1 and EL0 are routed to Non-secure EL1.
• Software Breakpoint Instruction exceptions taken from EL2 are routed to EL2.
• All other debug exceptions are disabled from EL2 using AArch64.
According to TAble D2-15, I can let watchpoint exception can be generated at EL2 and EL1 by controlling a DBGWCR register
But which exception level a generated exception is routed to is decided by MDCR_EL2.TDE field.
By the way, manual said All other debug exceptions are disabled from EL2 using AArch64 when MDCR_EL2.TDE is 0.
Then, Is a exception taken from EL2 ignored, when MDCR_EL2 is 0?
Actually, I found watchpoint exception taken from EL1 is routed to EL2 when MDSCR_EL2.TDE is 1.
I also found watchpoint exception take from EL2 is not routed neither EL2 nor EL1.
Is is true?
I want an exception from taken from an exception level to be routed to the exception level.
For example, an WP exception from EL1 can be routed to EL1 and one from EL2 can be routed to EL2.
Is it possible?
second question.
I found when MDCR_EL2.TDE is 1, Debug exception is generated and routed to EL2 by not only watchpoint exception but also accessing to debug register such as DBGWCR at EL1
Can I change this rule?
I mean I want to only watchpoint exception from EL1 to be routed to EL2.
Is is possible?
Debug exceptions always have a target exception level. If MDCR_EL2.TDE is set, it is EL2 and debug exceptions will go to EL2. If MDCR_EL2.TDE is clear, it is EL1 and debug exceptions will be taken to EL1. Because exceptions are never taken to a lower Exception level, this means debug exceptions at EL2 will be ignored when the target exception level is EL1.
So what you ask isn't possible without modifying MDCR_EL2.TDE on entry/exit from EL2.
However, in AArch64 debug exceptions won't be taken from the target exception level either, unless both MDSCR_EL1.KDE = 1 and PSTATE.D = 0. The first you can think of as a big switch to decide whether to enable debug exceptions within the kernel (normally you don't want this), the second is a fine-grained switch to protect exception entry and exit. You can achieve the same behavior as KDE with the DBGWCR controls -- if you know which exception level you're executing at -- but you can't for single step, which is the primary reason for having this control.
The reason for two controls is that the instructions that set/clear PSTATE.D can be left in production code when KDE is disabled, so you don't need separate builds for debugging. But you could also switch MDCR_EL2.TDE during these entry and exit sections to achieve what you describe.
The second part of the question is about the link between TDE and TDA (the latter is the control to trap debug register accesses to EL2). Because watchpoint and breakpoint hardware can be quite expensive, this is a single shared resource, rather than a set per exception level. So as well as moving the target exception level, TDE also effectively moves the "owner" of the debug resources. So what you describe for the second question is not possible either.
Sorry for not having more positive answers!
Dear Mr. Williams
Thank you for your kind explanation
Your talk is really helpful for me to understand a mechanism of debug exception routing.