TrustZone monitor mode and IFAR, IFSR, DFAR, DFSR

Question

The ARM TrustZone monitor mode can trap aborts in monitor mode. The monitor mode always executes in the secure world or context. How can we know what address and reason caused a fault in the normal world when it traps to the monitor mode instruction abort and data fault vectors?

The IFSR, IFAR, DFSR and DFAR are banked CP15 registers.

Answer 1

It is worth noting that only external aborts can be configured to be taken in monitor mode, so MMU access faults will not be trapped.

As for the main question: the state of all Secure/Non-secure banked registers while in monitor mode is controlled by the state of the cp15 Secure Configuration Register NS bit: when it is set, you access Non-secure versions, and when it is clear you access Secure versions.

The following is some inline gcc code which allows any secure world mode to inspect these CP15 registers.

    #define MODE_MONITOR 0x16
    unsigned int mode;
    unsigned int world;
    unsigned int dfar;
    unsigned int dfsr;
    unsigned int ifar;
    unsigned int ifsr;

    asm (" mrs %0, cpsr\n"                 /* Save mode. */
         " mrc p15, 0, %1, c1, c1, 0\n"
         " orr  %1, %1, #1\n"              /* Set NS bit in SCR. */
         " cpsid aif, %6\n"                /* To monitor mode... */
         " mcr p15, 0, %1, c1, c1, 0\n"
         " mrc p15, 0, %2, c6, c0, 0\n"
         " mrc p15, 0, %3, c5, c0, 0\n"
         " mrc p15, 0, %4, c6, c0, 2\n"
         " mrc p15, 0, %5, c5, c0, 1\n"
         " bic  %1, %1, #1\n"              /* Clear NS bit in SCR. */
         " mcr  p15, 0, %1, c1, c1, 0\n"
         " isb\n"
         " msr cpsr, %0\n"
         : "=&r" (mode), "=&r" (world),
           "=r"(dfar), "=r"(dfsr),
           "=r"(ifar), "=r"(ifsr)
         : "I" (MODE_MONITOR));
    printf("DFAR: %.8x dfsr: %.8x IFAR: %.8x ifsr: %.8x\n",
           dfar, dfsr, ifar, ifsr);