ARMv8 Learning - SP_EL0 and SP_ELx

In AArch64 state, SP corresponds to the following four physical registers (only one of the following can be corresponding at a time):

• SP_EL0 and SP_EL1

• SP_EL2

• SP_EL3

How to use it?

1. If the program runs at EL0, then SP_EL0 is used

2. If the program runs at other Exception levels, you can use SP_EL0 and SP_ELx corresponding to the current Exception level.

3. By default, after entering the exception, the SP_ELx corresponding to the current Exception level is used. That is, if an exception occurs in EL1, it will automatically switch to SP_EL1 after jumping to the exception handling entry of EL1. At this time, SP corresponds to SP_EL1. Of course, you can force SP to switch to SP_EL0 by operating PSTATE.SP in the exception

4. Even if it is not in the exception handler, you can force SP to SP_EL0 or SP_ELx by operating PSTATE.SP

5. For example, if the program is running in EL1 and the SP used is SP_EL0, and an exception occurs that enters EL1, after jumping to the exception handling entry, SP will automatically switch to SP_EL1. After the exception returns, SP will automatically switch back to the original SP_EL0.

6. Suffixes t and h:

　　t indicates that SP_EL0 is used

　　h indicates that SP_ELx is used

verify

The following DS5 simulation experiment verifies the above statement.

After the system is reset, it is in EL3 by default and is in secure mode.

Line 73, switch SP to SP_EL0, and then set the value of SP to 0x77. The register status at this time is as follows:

Line 77, switch SP to SP_EL3, and then set SP to 0x88. The register status at this time is as follows:

Line 81, switch SP back to SP_EL0, the register status at this time is as follows:

At line 83, accessing ICC_SRE_EL2 will trigger a sync exception, because EL2 does not exist in secure mode. After the exception is triggered, it will enter the "Current EL with SP0" branch of EL3, because SP_EL0 is used when the exception occurs. The following is the register information after entering the exception handler:

It can be seen that the value of SPSel is 1 and the value of Mode is EL3h, which means that SP is using SP_ELx. The value of SPSR_EL3 is 0x3CC, and the meaning of SPSR is as follows:

The value of M[3:0] is 0xC, which means the following: AArch64, EL3, SP_EL0

The following is the exception handling function:

 1 //

 2 // Current EL with SP0

 3 //

 4 el3_vectors:

 5 c0sync3:

 6 mrs x0, elr_el3

 7 add x0, x0, #4

 8 msr elr_el3, x0

 9 

10 mov x0, #0x1

11 msr spsel, x0

12 eret

The function of lines 6 to 8 is to jump to the next instruction of the instruction that triggered the exception when the exception returns. When line 12 is executed, the value of ELR_EL3 will be set to PC, and the value of SPSR_EL3 will be set to PSTATE, so SP will switch back to SP_EL0:

The function of line 85 is to switch SP to SP_EL3. The register contents at this time are as follows:

Immediately after line 86, the exception is triggered again:

At this point, it will jump to the "Current EL with SPx" branch of EL3 for execution:

 1 //

 2 // Current EL with SPx

 3 //

 4.balign 0x80

 5 cxsync3:

 6 mrs x0, elr_el3

 7 add x0, x0, #4

 8 msr elr_el3, x0

 9 

10 mov x0, #0x0

11 msr spsel, x0

12 eret

Line 12, after the exception is returned, the register contents are as follows:

over.