On 15 February 2017 at 13:34, Peter Maydell <peter.mayd...@linaro.org> wrote: > On 15 February 2017 at 12:46, Alex Bennée <alex.ben...@linaro.org> wrote: >> >> Peter Maydell <peter.mayd...@linaro.org> writes: >>> +/* Return the value of the ISCR RETTOBASE bit: >>> + * 1 if there is exactly one active exception >>> + * 0 if there is more than one active exception >>> + * UNKNOWN if there are no active exceptions (we choose 0) >>> + */ >> >> This doesn't match what the ARMv7M ARM says (for Handler mode): >> >> 0 There is an active exception other than the exception shown by IPSR. >> 1 There is no active exception other than any exception shown by IPSR. > > They're only different if the guest code has managed > to deactivate the IPSR exception without leaving the > exception handler. This is bogus guest code and will cause > an exception-return-integrity-check to fail when the guest > exits the handler. It's also pretty hard to do: the only > method is to clear the SHCSR bits for those few exceptions > which report their active state there. > > Otherwise "no active exceptions" => not in handler mode; > "more than 1 active exception" => IPSR exception and another; > "exactly one active exception" => the IPSR exception > > I would be unsurprised to find that the documentation of the > RETTOBASE bit was just phrased in a way that forgot about > the possible effect of the deactivated-your-own-exception > corner case. I'll investigate a bit more what's going on > here and whether eg the v8M ARM ARM nails down the behaviour > more precisely, though.
The v8M ARM ARM defines RETTOBASE as: Handler mode: 0: "there is more than one active exception" 1: "there is only one active exception" Thread mode: UNKNOWN The Cortex-M3 Devices Generic User Guide http://infocenter.arm.com/help/topic/com.arm.doc.dui0552a/Cihfaaha.html defines RETTOBASE as: 0 = there are preempted active exceptions to execute 1 = there are no active exceptions, or the currently-executing exception is the only active exception. (ie it doesn't have Thread mode giving an UNKNOWN value) I haven't actually checked real hardware behaviour, but I think we can fairly safely implement this as not checking the IPSR exception field. (We might as well go with the "reads 1 in handler mode" choice of UNKNOWN that the M3 documents, though.) thanks -- PMM