aarch64 curr_el_sp0_irq/_AArch64_Exception_interrupt_nest use Incorrect sp

Kinsey Moore kinsey.moore at oarcorp.com
Mon Oct 28 18:20:51 UTC 2024 

Thanks for bringing this up. I couldn’t find the exact wording you mentioned, but I think this is what you’re referring to in the current (K.a) revision of the ARM Architecture reference manual for ARMv8:

D1.3.2 Exception entry
When an exception is taken to an Exception level, ELx, that is using AArch64 state, all the following occur:
* The contents of PSTATE immediately before the exception was taken is written to SPSR_ELx.
* The preferred exception return address is written to ELR_ELx.
* The contents of PSTATE immediately after the exception is taken is as described in rule RWTXBY.
* For synchronous exceptions and SError interrupts, exception syndrome information is written to ESR_ELx.
* Execution starts from the exception vector at the target Exception level.
When an exception is taken to an Exception level, ELx, that is using AArch64 state, after recording the previous
values in SPSR_ELx, the following PSTATE bits are set:
* PSTATE.EL is set to the target Exception level.
* All of PSTATE.{D, A, I, F, SP, TCO, PM} are set to 1.
…

It’s likely that this is transparently working by accident since nested interrupts occur and any stack usage is unrolled/undone before any dispatching can occur. The one place where this might actually show up as an issue is when the thread stack pointer is corrupted/misaligned, but that would trigger a non-irq exception which follows a different code path and likely does not allow for nested interrupts. This has been written up as an issue on the RTEMS GitLab instance: https://gitlab.rtems.org/rtems/rtos/rtems/-/issues/5140

Thanks,
Kinsey

From: users <users-bounces at rtems.org> On Behalf Of lichx2 at sugon.com
Sent: Sunday, October 27, 2024 22:09
To: rtems-users at rtems.org
Subject: aarch64 curr_el_sp0_irq/_AArch64_Exception_interrupt_nest use Incorrect sp

Hi:
    curr_el_sp0_irq/_AArch64_Exception_interrupt_nest may use Incorrect sp.  ARM-ARM described "on exception entry to Elx, SP_ELx is automatically selected. so when curr_el_sp0_irq/_AArch64_Exception_interrupt_nest will use sp_el1(this is task sp not interrupt sp) . Use gdb to  verify curr_el_sp0_irq/_AArch64_Exception_interrupt_nest really use Incorrect sp.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rtems.org/pipermail/users/attachments/20241028/ac849496/attachment.htm>

More information about the users mailing list