Armv8 exception entry/vector/return

D1.10 Exception entry

On taking an exception to AArch64 state:
• The PE state is saved in the SPSR_ELx at the Exception level the exception is taken to. See Saved Program Status Registers (SPSRs) on page D1-1428.
• The preferred return address is saved in the ELR_ELx at the Exception level the exception is taken to. See Exception Link Registers (ELRs) on page D1-1433.
• All of PSTATE.{D, A, I, F} are set to 1. See Process state, PSTATE on page D1-1434.
• If the exception is a synchronous exception or an SError interrupt, information characterizing the reason for the exception is saved in the ESR_ELx at the Exception level the exception is taken to. See Use of the ESR_EL1, ESR_EL2, and ESR_EL3 on page D1-1448.
• Execution moves to the target Exception level, and starts at the address defined by the exception vector.
Which exception vector is used is also an indicator of whether the exception came from a lower Exception level or the current Exception level. See Exception vectors on page D1-1445.
• The stack pointer register selected is the dedicated stack pointer register for the target Exception level. See The stack pointer registers on page D1-1427

在对 AArch64 状态进行例外处理时：
• PE 状态保存在SPSR_ELx 中的异常级别，该异常被处理。请参见第 D1-1428 页上的已保存程序状态寄存器 (SPSR)。
• 首选返回地址保存在ELR_ELx 中的异常级别，异常被处理。看异常链接寄存器 (ELR)，第 D1-1433 页。
• 所有 PSTATE.{D, A, I, F} 都设置为 1。请参阅第 D1-1434 页上的进程状态，PSTATE。
• 如果异常是同步异常或 SError 中断，则说明原因的信息异常保存在 ESR_ELx 中的异常级别。请参阅使用D1-1448 页上的 ESR_EL1、ESR_EL2 和 ESR_EL3。
• 执行移至目标异常级别，并从异常向量定义的地址开始。使用哪个异常向量也是异常是否来自较低异常的指标级别或当前异常级别。请参阅第 D1-1445 页的异常向量。
• 所选堆栈指针寄存器是目标异常级别的专用堆栈指针寄存器。看堆栈指针寄存器在 D1-1427 页上。

其他解释：

ARMv8的四个异常级别只能通过异常获取/返回的方式在异常等级之间跳转。

• 将PSTATE寄存器内容保存到对应等级的SPSR_ELx中（保存PSTATE现场）
• 保存返回地址到对应等级的ELR_ELx寄存器中（保存返回地址）
• 将PSTATE中的DAIF设1，即关闭调试异常、SError、IRQ和FIQ
• 设置对应异常等级下的栈指针，自动切换SP到SP_ELx
• 切换到对应目标异常等级，跳转到异常向量表执行

以上都是处理器自动完成的，OS所需要做的事就是从中断向量表开始，根据发生的异常类型，跳转到合适的异常向量。

当异常处理完后，执行eret指令从异常返回。eret会从ELR_ELx中恢复PC指针并且从SPSR_ELx中恢复到PSTATE中。

=========================================================================

D1.10.1 Preferred exception return address

异常返回的地址，elr_elx值根据同步异常，异步异常，系统调用等场景不同硬件修改不同的值
For an exception taken to an Exception level using AArch64, the Exception Link Register for that Exception level,
ELR_ELx, holds the preferred exception return address. The preferred exception return address depends on the nature of the exception, as follows:
• For asynchronous exceptions, it is the address of the instruction following the instruction boundary at which the interrupt occurs. Therefore, it is the address of the first instruction that did not execute, or did not complete execution, as a result of taking the interrupt.
• For synchronous exceptions other than system calls, it is the address of the instruction that generates the exception
•For system calls, it is the address of the instruction that follows the system call instruction

When an exception is taken from an Exception level using AArch32 to an Exception level using AArch64, the top 32 bits of the modified ELR_ELx are 0

=========================================================================

异常向量表描述--D1.10.2 Exception vectors

When the PE takes an exception to an Exception level that is using AArch64, execution is forced to an address that is the exception vector for the exception. The exception vector exists in a vector table at the Exception level the exception is taken to.

A vector table occupies a number of consecutive word-aligned addresses in memory, starting at the vector base address. 占据连续地址空间，从基地址开始

Each Exception level has an associated Vector Base Address Register (VBAR), that defines the exception base address for the table at that Exception level.
每个异常等级有对应的异常向量表基地址寄存器，

For exceptions taken to AArch64 state, the vector table provides the following information:
• Whether the exception is one of the following:
— Synchronous exception.
— SError.----异步异常
— IRQ.---------异步异常
— FIQ.------------异步异常
• Information about the Exception level that the exception came from, combined with information about the
stack pointer in use, and the state of the register file

所有的ATF ，uboot,linux，optee 都是基于此向量表进行定义。

内核异常向量表如下：arch/arm64/kernel/entry.S

** Exception vectors.*/.align    11
ENTRY(vectors)ventry    el1_sync_invalid        // Synchronous EL1tventry   el1_irq_invalid         // IRQ EL1tventry   el1_fiq_invalid         // FIQ EL1tventry   el1_error_invalid       // Error EL1t---------------current el with sp_el0,不需要实现ventry  el1_sync            // Synchronous EL1hventry   el1_irq             // IRQ EL1h  内核中断处理入口ventry el1_fiq_invalid         // FIQ EL1hventry   el1_error_invalid       // Error EL1h---------------current el with sp_el1，正常都使用ventry   el0_sync            // Synchronous 64-bit EL0ventry el0_irq             // IRQ 64-bit EL0ventry el0_fiq_invalid         // FIQ 64-bit EL0ventry el0_error_invalid       // Error 64-bit EL0------------------lower el 切换with target aarch64#ifdef CONFIG_COMPATventry   el0_sync_compat         // Synchronous 32-bit EL0ventry el0_irq_compat          // IRQ 32-bit EL0ventry el0_fiq_invalid_compat      // FIQ 32-bit EL0ventry el0_error_invalid_compat    // Error 32-bit EL0--------lower el 切换with target aarch32
#elseventry el0_sync_invalid        // Synchronous 32-bit EL0ventry el0_irq_invalid         // IRQ 32-bit EL0ventry el0_fiq_invalid         // FIQ 32-bit EL0ventry el0_error_invalid       // Error 32-bit EL0
#endif
END(vectors)

=======================================================================================================

D1.11 Exception return 异常返回机制

an exception return is always to the same Exception level or a lower Exception level. ------------异常返回到当前等级或者较低的等级
An exception return is used for:------------使用场景
• A return to a previously executing thread.------返回到一个之前执行的线程
• Entry to a new execution thread. For example:---------------进入一个新的执行线程
— The initialization of a hypervisor by a Secure monitor.-------通过 atf 初始化的一个hypervisor
— The initialization of an operating system by a hypervisor.------------通过hypervisor初始化的一个os
— Application entry from an operating system or hypervisor.-----------------通过os进入到的一个应用入口或hypervisor

In AArch64 state, an ERET instruction causes an exception return. On an ERET instruction:------------ERET 指令，触发硬件 ELR_ELX--->PC ,和spsr_elx---->pstate
• The PC is restored with the value held in the ELR_ELx.
• PSTATE is restored by using the contents of the SPSR_ELx

An ERET instruction also:---ERET 指令也会触发其他2个硬件行为
•

Sets the Event Register for the PE executing the ERET instruction

. See Mechanisms for entering a low-power state on page D1-1611.
• Resets the local exclusive monitor for the PE executing the ERET instruction. This removes the risk of errors that might be caused when a path to an exception return fails to include a CLREX instruction

比较好的armv8 spec 解读异常文章：
ARMV8 datasheet学习笔记4：AArch64系统级体系结构之编程模型（3）- 异常 - jasonactions - 博客园