7.1ARMV8-A草稿

在ARMv8-a构架中，设计的分层意识越来越明显了。不同的中断等级分为4层，由EL0-EL3。各自不同的层级承担着不同层级的权限以及设计目的。具体的内容还在学，刚开始理解得可能还是十分粗浅，知道的信息还并不全面，但慢慢地收集信息就成了一定的规模，主要还是在参考构架手册的内容。主要还是先当作草稿来看待，先定个大概的构型先，等见识多了有不同的看法的时候再重新做出评价与删改。

#define EL0 lowest Exception Level

#define EL1 privileged exception level

#define EL2 hypervision exception level

#define EL3 secure monitor exception level

#define usage_el0 user app

#define usage_el1 operating system

#define usage_el2 hypervision for non-secure code

#define usage_el3 secure grautee

#define HVC Hypervision Call

{

由TRAP解析,抓取低EL发出的指令到Hypervision中执行,以MRC指令读取系统寄存器为例子:

TRAP MRC PMCR为例：

.P7417(指令与协处理器)

MRC固定要用参数表：(MRC是指从General-purpose写值到System register)

coproc(协处理器) opc1 CRn CRm opc2

0b1111 0b000 0b1001 0b1100 0b000

这套参数编码对应于PMCR的名字以及System instruction encoding space:

{coproc(协处理器) opc1 CRn CRm opc2}

此时 COPROC[0]==1-->P15作为encoding space

而ARM构架中可以由CP15协处理器来控制cache\TCM和存储器管理,协处理器还可以用于指令扩展.

CP15是system control coprocessor专门协助处理MCR\MRC提供的具体寄存器(系统级)配置和控制CACHE\MMU\保护\等

其有16个32位寄存器作为内容,分别在用于标志指令状态位,执行指令执行控制(包括执行模式eg.cash\noncash protect\nonprotect等)

(现在找到的Trap Control在这里一定有它在这里的扩展,影响协处理器扩展在nosecure状态下转换EL执行的指令模式)

.Page 5395 TRAP EC VALUE

ESR_ELx value holds syndrome information for an exception taken to ELx:

ESR_ELx.EC Exception Class give imformation about 1.the casuse of the exception, 2. the encoding of the associated ISS

对于Trapped MCR/MRC 使用P15,EC=0x4对应于由低EL通过Trap抓取转跳到高EL执行的指令处理模式

.Page 9331

对于另一个例子MRC MPIDR,观察它在低EL下的行为:

EL1:

1.受当EL2Enabeld时:HSTR_EL2.TO,HSTR.T0决定了Trap的行为是否启动来按EL2执行指令

2.其他高EL情形下,直接读写

EL0:UNDEFINED EL0:UNDEFINED

.P9676 PMCR

在这里一些TRAP控制的确也在控制着TRAP的对协处理器解析指令的一部分影响

}

#define SMC Secure Monitor Call

{

/* .Page7587

* 除了TRAP的要素解析针对低EL层级做转换到高层级的指令,还有一种指令也是能跨越EL的局限。

* SMC.指令(协处理器/主处理器)的解析由在SCR_EL3的第7位控制是否工作.其原文是这样说的:

SMD, bit [7]

Secure Monitor Call disable. Disables SMC instructions at EL1 and above, from any Security state

and both Execution states, reported using an ESR_ELx.EC value of 0x00.

0b0 SMC instructions are enabled at EL3, EL2 and EL1.

0b1 SMC instructions are UNDEFINED

就其作用效果,该指令是能产生一个安全控制器的呼叫中断,但只在EL1或更高的EL等级下有效.无权限的软件只能走操作

系统规定的流程步骤操作,或者由另一部分执行在EL或更高EL的软件辅助.原文这样说:

The SMC instruction causes a Secure Monitor Call exception, but only if software execution is

at EL1 or higher. Unprivileged software can only cause a Secure Monitor Call exception by

methods defined by the operating system, or by another component of the software system

that executes at EL1 or higher

具体来说,转跳到怎样一个EL中断的安全等级是由寄存器控制的:

SCR.SCD HCR.TSC SEQ

0 0 EL3

\ 1 EL2 (相当与变成了Hypervision Call了)

else else UNDEFIEND or UNPREDICTABLE

而转跳到该EL等级下的中断所执行的指令操作可以紧跟一个0-15的编号分配,如"smc 7",虽然ARM并不推荐这样做

<imm4> Is a 4-bit unsigned immediate value, in the range 0 to 15, encoded in the "imm4" field. This is

ignored by the PE. The Secure Monitor Call exception handler (Secure Monitor code) can use this

value to determine what service is being requested, but Arm does not recommend this.

对于这样一个能够把一个线程的执行模拟/修饰位另一个线程的执行而不必需要数据(身份信息等.)同步匹配的指令,

构架采取一定的限制措施：

并发修改并执行指令可以达到采用非并发执行地等效执行结果,在同一个EL执行等级内.而对于SMC指令它是被这种并

发执行模式排除在外的指令.参考原文于:

The architecture limits the set of instructions that can be executed by one thread of execution as they are being

modified by another thread of execution without requiring explicit synchronization.

Concurrent modification and execution of instructions can lead to the resulting instruction performing any behavior

that can be achieved by executing any sequence of instructions that can be executed from the same Exception level,

except where the instruction before modification and the instruction after modification are:

• When executing the A32 instruction set, a B, BKPT, BL, HVC, ISB, NOP, SMC, or SVC instruction.

• When executing the T32 instruction set. a 16-bit B, BKPT, BLX, BX, NOP, or SVC instruction.

*/