├── r2frida ├── find-dex-in-mem.r2f └── find-oat-in-mem.r2f ├── install.sh ├── droid ├── README.md └── jadx-installer │ ├── jadxlogo.svg │ └── dwn_jadx.py ├── r2 └── fnd-native-on-apks.py ├── ida ├── findcrypt │ ├── README.md │ └── findcrypt.py ├── get_apis.py ├── ios │ └── ptrace_patch.py ├── def_arm32_functions.py ├── subroutine-finding.py ├── subroutine-finding-text.py ├── def_arm64_functions.py └── highlight_arm_system_insn.py └── README.md /r2frida/find-dex-in-mem.r2f: -------------------------------------------------------------------------------- 1 | \dc 2 | !sleep 5 3 | .\dm* 4 | pm @@ map.*~DEX -------------------------------------------------------------------------------- /r2frida/find-oat-in-mem.r2f: -------------------------------------------------------------------------------- 1 | \dc 2 | !sleep 5 3 | .\dm* 4 | (,s+0x1000,pm)()@@map.*~OAT -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- 1 | sudo apt install python-pip python3-pip 2 | sudo -H pip3 install r2pipe --upgrade 3 | sudo -H pip install r2pipe --upgrade 4 | -------------------------------------------------------------------------------- /droid/README.md: -------------------------------------------------------------------------------- 1 | 2 | - `dwn_jadx`: Download latest Jadx decompiler and install it at ~/tools/jadx/ 3 | ```sh 4 | > python3 dwn_jadx.py 5 | file: jadx-0.9.0-b1070-40f19cce.zip 6 | Extracting to: /home/edu/tools/jadx/ 7 | ``` -------------------------------------------------------------------------------- /r2/fnd-native-on-apks.py: -------------------------------------------------------------------------------- 1 | import r2pipe 2 | import sys 3 | 4 | r2 = r2pipe.open(sys.argv[1]) 5 | classes = r2.cmdj("icj") 6 | 7 | j = n = 0 8 | for i,c in enumerate(classes): 9 | mtds = c['methods'] 10 | if mtds != []: 11 | for m in mtds: 12 | j += 1 13 | for k,v in m.items(): 14 | if k == 'flags': 15 | if 'native' in v: 16 | _m = m['name'].replace('.method.',';->') 17 | print (_m) 18 | n += 1 19 | break 20 | r2.quit() 21 | 22 | sys.stderr.write(">> JNI [{} natives/{} methods/{} classes] <<\n".format(n,j,i)) 23 | -------------------------------------------------------------------------------- /ida/findcrypt/README.md: -------------------------------------------------------------------------------- 1 | # FindCrypt 2 | A Python implementation of IDA FindCrypt/FindCrypt2 plugin (see http://www.hexblog.com/?p=28). 3 | 4 | ## How to use 5 | Execute findcrypt.py on your IDA. Tested on IDA 7.0+ for macOS. 6 | 7 | ## Supported constants 8 | * zlib: zinflate_lengthStarts, zinflate_lengthExtraBits, zinflate_distanceStarts, zinflate_distanceExtraBits, zdeflate_lengthCodes 9 | * DES: DES_ip, DES_fp, DES_ei, DES_sbox[1-8], DES_p32i, DES_pc[1-2] 10 | * AES: Rijndael_sbox, Rijndael_inv_sbox, Rijndael_Te[0-4], Rijndael_Td[0-4] 11 | * Blowfish: Blowfish_P_array, Blowfish_S_boxes 12 | * CRC32: CRC32_m_tab_le, CRC32_m_tab_be 13 | * MD5: MD5_T, MD5_initstate 14 | * SHA1: SHA1_H 15 | * SHA224: SHA224_H 16 | * SHA256: SHA256_K, SHA256_H 17 | * SHA512: SHA512_K 18 | * RC5_RC6: RC5_RC6_PQ 19 | 20 | ## Todo 21 | 1. Add more constants - I always welcome your pull request :) 22 | 2. Performance improvement 23 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # re-scripts 2 | IDA, Ghidra and Radare2 scripts 3 | 4 | ## Radare2 scripts 5 | - Install Radare2 API: 6 | + `sudo pip3 install r2pipe` 7 | 8 | ### fnd-native-on-apks.py 9 | ```c 10 | [00:52 edu@de11 r2] > python3 fnd-native-on-apks.py classes.dex 11 | Lktnznvzk/B8JGragL;->e0BKigvZ(Ljava/lang/String;)V 12 | Lktnznvzk/B8JGragL;->kQlvThOX(I)Ljava/lang/String; 13 | Lktnznvzk/GQXHPoH2;->Ii4wCzIb(Landroid/content/Context;Lktnznvzk/CcHdfDwq;)V 14 | Lktnznvzk/GQXHPoH2;->dVZw9Ic4()V 15 | Lktnznvzk/WPhrgsA0;->m4oevkMk(Landroid/content/Context;Landroid/app/Instrumentation;)V 16 | Lktnznvzk/cfjzcnFw;->bl8u_2BW(Landroid/content/Context;)Ljava/lang/String; 17 | Lktnznvzk/cfjzcnFw;->iBC2p5jZ(Landroid/content/Context;)Z 18 | Lktnznvzk/cfjzcnFw;->mgu8vTph(Landroid/content/Context;)V 19 | Lktnznvzk/m6xY5gLT;->SzE3mfpa(Z)V 20 | Lktnznvzk/nmlzScff;->HRYjrbFM(Landroid/app/Activity;)V 21 | Lktnznvzk/nmlzScff;->Wp1IXxUR(Landroid/app/Activity;)V 22 | Lktnznvzk/nmlzScff;->ddKwoTnK(Landroid/app/Activity;)V 23 | Lktnznvzk/nmlzScff;->lAfxDkdQ()V 24 | Lktnznvzk/nmlzScff;->zwaFeGH7()V 25 | >> JNI [14 natives/54313 methods/7539 classes] << 26 | ``` 27 | -------------------------------------------------------------------------------- /ida/get_apis.py: -------------------------------------------------------------------------------- 1 | def get_apis(func_addr): 2 | calls = 0 3 | apis = [] 4 | flags = GetFunctionFlags(func_addr) 5 | # ignore library functions 6 | if flags & FUNC_LIB or flags & FUNC_THUNK: 7 | logging.debug("get_apis: Library code or thunk") 8 | return None 9 | # list of addresses 10 | dism_addr = list(FuncItems(func_addr)) 11 | for instr in dism_addr: 12 | tmp_api_address = "" 13 | if idaapi.is_call_insn(instr): 14 | # In theory an API address should only have one xrefs 15 | # The xrefs approach was used because I could not find how to 16 | # get the API name by address. 17 | for xref in XrefsFrom(instr, idaapi.XREF_FAR): 18 | if xref.to == None: 19 | calls += 1 20 | continue 21 | tmp_api_address = xref.to 22 | break 23 | # get next instr since api address could not be found 24 | if tmp_api_address == "": 25 | calls += 1 26 | continue 27 | api_flags = GetFunctionFlags(tmp_api_address) 28 | # check for lib code (api) 29 | if api_flags & idaapi.FUNC_LIB == True or api_flags & idaapi.FUNC_THUNK: 30 | tmp_api_name = NameEx(0, tmp_api_address) 31 | if tmp_api_name: 32 | apis.append(tmp_api_name) 33 | else: 34 | calls += 1 35 | return (calls, apis) -------------------------------------------------------------------------------- /droid/jadx-installer/jadxlogo.svg: -------------------------------------------------------------------------------- 1 | jadxlogoDXJA -------------------------------------------------------------------------------- /ida/ios/ptrace_patch.py: -------------------------------------------------------------------------------- 1 | import idaapi 2 | import idautils 3 | import idc 4 | 5 | num_imps = idaapi.get_import_module_qty() 6 | print("[+] Found % d import(s)" % num_imps) 7 | 8 | for i in xrange(0, num_imps): 9 | name = idaapi.get_import_module_name(i) 10 | if not name: 11 | print("[-] Failed to get import module name for #%d" % i) 12 | continue 13 | 14 | print("Walking-> %s" % name) 15 | idaapi.enum_import_names(i, imp_cb) 16 | 17 | 18 | possible_ptrace_dlsym_calls = [] 19 | 20 | def patch(addr): 21 | nop = [0x00, 0xBF] # IN LE 00 BF nop in thumb mode (iphone uses thumb code] 22 | addr = idc.next_head(addr) 23 | mnem = GetMnem(addr) 24 | dlsym_result_reg = None 25 | if mnem == "MOV": 26 | dlsym_result_reg = GetOpnd(addr, 0) 27 | print("\t\t %08x: MOV %s, %s" % (addr, GetOpnd(addr, 0), GetOpnd(addr,1))) 28 | 29 | while True: 30 | addr = idc.next_head(addr) 31 | mnem = GetMnem(addr) 32 | if mnem == "BLX" and GetOpnd(addr, 0) == dlsym_result_reg: 33 | print("\t\t\t %08x: BLX %s" % (addr, GetOpnd(addr, 0))) 34 | # patch the code. 35 | for i in xrange(len(nop)): 36 | PatchByte(addr + i, nop[i]) 37 | break 38 | 39 | 40 | def is_ptrace_called(addr): 41 | """ 42 | check if ptrace is called. 43 | looking for pattern dlsym, then check for PT_DENY_ATTACH = 0x1F. 44 | """ 45 | print("Analyzing address: %x" % addr) 46 | for i in xrange(0, 2): 47 | addr = idc.next_head(addr) 48 | mnem = GetMnem(addr) 49 | if mnem == "BLX" and "_dlsym" in GetOpnd(addr, 0): 50 | print("\t BLX mnemonic found at address: %x, operand: %s, count: %d" % (addr, GetOpnd(addr, 0), i)) 51 | possible_ptrace_dlsym_calls.append(addr) 52 | patch(addr) 53 | break 54 | 55 | 56 | # XREFS FOR PTRACE 57 | # source https://github.com/devttys0/ida/blob/master/scripts/wpsearch.py function xrefs() 58 | # Search for ptrace string 59 | for string in idautils.Strings(): 60 | if "ptrace" in str(string): 61 | print("PTRACE FOUND %x: len=%d type=%d " % (string.ea, string.length, string.strtype)) 62 | print("PTRACE referenced from:") 63 | for xref in idautils.XrefsTo(string.ea): 64 | print(hex(xref.frm)) 65 | is_ptrace_called(xref.frm) 66 | 67 | 68 | print("----------- Completed ---------------") -------------------------------------------------------------------------------- /ida/def_arm32_functions.py: -------------------------------------------------------------------------------- 1 | # (C) Copyright 2015/2016 Comsecuris UG 2 | import idaapi 3 | import idc 4 | import idautils 5 | 6 | def def_functions(s_start): 7 | 8 | num_added_functions = 0 9 | 10 | s_addr = s_start 11 | s_end = idc.GetSegmentAttr(s_start, SEGATTR_END) #idc.SegEnd(segm) 12 | print "0x%08x 0x%08x" % (s_start, s_end) 13 | 14 | while (s_addr < s_end): 15 | 16 | print "Testing address 0x%08x" % s_addr 17 | 18 | #optimization assumes that function chunks are consecutive (no "function-in-function" monkey business) 19 | if (idaapi.get_func(s_addr)): 20 | 21 | next_func = idc.NextFunction(s_addr) 22 | 23 | ea = s_addr 24 | for c in idautils.Chunks(s_addr): 25 | #only use chunks in lookahead that do not jump over the next function and that are not smaller than where we are atm. 26 | if (c[1] > ea) and (c[1] <= next_func): 27 | ea = c[1] 28 | if ea == s_addr: 29 | s_addr += 2 30 | else: 31 | s_addr = ea 32 | #s_addr += 4 33 | continue 34 | 35 | else: 36 | #This is not a good optimization, there WILL be data refs to function start addresses sometimes. 37 | ''' 38 | if sum(1 for _ in (CodeRefsTo(s_addr, 1))) != 0: 39 | s_addr += 4 40 | continue 41 | ''' 42 | #also add STMFD 43 | if ((idc.GetMnem(s_addr) == "STM") and ("SP!" in idc.GetOpnd(s_addr, 0)) and ("LR" in idc.GetOpnd(s_addr, 1))) or (((idc.GetMnem(s_addr) == "PUSH") or (idc.GetMnem(s_addr) == "PUSH.W") or (idc.GetMnem(s_addr) == "STR.W") ) and ("LR" in idc.GetOpnd(s_addr, 0))): 44 | print "Found function at 0x%08x" % s_addr 45 | idc.MakeFunction(s_addr) 46 | f = idaapi.get_func(s_addr) 47 | if (type(f) == type(None)): 48 | print "Failed to create function! Undefined instructions?" 49 | s_addr += 2 50 | else: 51 | num_added_functions += 1 52 | ea = -1 53 | for c in idautils.Chunks(s_addr): 54 | if c[1] > ea: 55 | ea = c[1] 56 | if ea != -1: 57 | s_addr = ea 58 | #failed? 59 | else: 60 | s_addr += 2 61 | else: 62 | s_addr += 2 63 | 64 | print "finished segment" 65 | return num_added_functions 66 | 67 | 68 | num_total_added_functions = 0 69 | for s in idautils.Segments(): 70 | s_start = s 71 | if idaapi.segtype(s_start) == idaapi.SEG_CODE: 72 | print "starting segment at 0x%08x" % s_start 73 | num_total_added_functions += def_functions(s) 74 | 75 | print "Added %d functions in total" % num_total_added_functions 76 | -------------------------------------------------------------------------------- /ida/subroutine-finding.py: -------------------------------------------------------------------------------- 1 | ''' 2 | Original source: https://exploiting.wordpress.com/2011/12/06/quickpost-idapython-script-to-identify-unrecognized-functions/ 3 | Modified by @enovella_ 4 | ''' 5 | 6 | import idc 7 | import struct 8 | import idautils 9 | 10 | def find_all( opcode_str ): 11 | ret = [] 12 | ea = idc.FindBinary(0, 1, opcode_str) 13 | while ea != idc.BADADDR: 14 | ret.append(ea) 15 | ea = idc.FindBinary(ea + 4, 1, opcode_str) 16 | return ret 17 | 18 | def define_functions(): 19 | # The function first searches for all user defined functions, reads 20 | # the opcodes and searches for that opcodes in the rest of the file. 21 | # 22 | # You can extend this by adding more disassembled instructions that 23 | # make you believe are function prologues. 24 | # 25 | # Obviously not any PUSH is a function start, this is only a filter 26 | # against erroneously defined functions. So if you define a function 27 | # that starts with other instruction (and you think there could be 28 | # other functions that start with that instruction), just add it here. 29 | prologues = ["STMFD", "push", "PUSH", "mov", "MOV", "STP", "stp", "ADRP", "adrp", "SUB", "sub", "STR","str", "LDRB"] 30 | 31 | print(">> Finding all signatures") 32 | start = idaapi.cvar.inf.minEA # idaapi.get_imagebase() 33 | end = idaapi.cvar.inf.maxEA 34 | opcodes = set() 35 | 36 | nr_fnc_in = len(list((Functions(start, end)))) 37 | 38 | 39 | for funcea in Functions(start, end): 40 | # Get the opcode 41 | start_opcode = idc.Dword(funcea) 42 | 43 | # Get the disassembled text 44 | dis_text = idc.GetDisasm(funcea) 45 | candidate = False 46 | 47 | # Filter possible errors on manually defined functions 48 | for prologue in prologues: 49 | if prologue in dis_text: 50 | print ("{:08x} {:6s} YES prologue: {}".format(funcea,prologue,dis_text)) 51 | candidate = True 52 | 53 | # If it passes the filter, add the opcode to the search list. 54 | if candidate: 55 | opcodes.add(start_opcode) 56 | 57 | print("# different opcodes: %x" % (len(opcodes))) 58 | 59 | while len(opcodes) > 0: 60 | # Search for this opcode in the rest of the file 61 | opcode_bin = opcodes.pop() 62 | opcode_str = "".join(x.encode("hex") for x in struct.pack("{:08x}".format(opcode_str,opcode_bin)) 64 | matches = find_all( opcode_str ) 65 | for matchea in matches: 66 | # If the opcode is found in a non-function 67 | if not idc.GetFunctionName(matchea): 68 | # Try to make code and function 69 | print ("{:08x} -> defining function".format(matchea)) 70 | idc.MakeCode(matchea) 71 | idc.MakeFunction(matchea) 72 | 73 | print ("#functions: {}".format(nr_fnc_in)) 74 | print(">> Done!") 75 | 76 | define_functions() 77 | -------------------------------------------------------------------------------- /ida/subroutine-finding-text.py: -------------------------------------------------------------------------------- 1 | ''' 2 | Original source: https://exploiting.wordpress.com/2011/12/06/quickpost-idapython-script-to-identify-unrecognized-functions/ 3 | Modified by @enovella_ 4 | ''' 5 | 6 | import idc 7 | import struct 8 | import idautils 9 | 10 | def find_all( opcode_str ): 11 | ret = [] 12 | ea = idc.FindBinary(0, 1, opcode_str) 13 | while ea != idc.BADADDR: 14 | ret.append(ea) 15 | ea = idc.FindBinary(ea + 4, 1, opcode_str) 16 | return ret 17 | 18 | def define_functions(): 19 | # The function first searches for all user defined functions, reads 20 | # the opcodes and searches for that opcodes in the rest of the file. 21 | # 22 | # You can extend this by adding more disassembled instructions that 23 | # make you believe are function prologues. 24 | # 25 | # Obviously not any PUSH is a function start, this is only a filter 26 | # against erroneously defined functions. So if you define a function 27 | # that starts with other instruction (and you think there could be 28 | # other functions that start with that instruction), just add it here. 29 | prologues = ["STMFD", "push", "PUSH", "mov", "MOV", "STP"] 30 | 31 | print(">> Finding all signatures") 32 | #start = idaapi.cvar.inf.minEA # idaapi.get_imagebase() 33 | #end = idaapi.cvar.inf.maxEA 34 | seg = SegByBase(SegByName(".text")) 35 | start, end = SegStart(seg), SegEnd(seg) 36 | 37 | print ("Start-end!") 38 | print ("{:08x}".format(start)) 39 | print ("{:08x}".format(end)) 40 | 41 | opcodes = set() 42 | 43 | nr_fnc_in = len(list((Functions(start, end)))) 44 | 45 | 46 | for funcea in Functions(start, end): 47 | # Get the opcode 48 | start_opcode = idc.Dword(funcea) 49 | 50 | # Get the disassembled text 51 | dis_text = idc.GetDisasm(funcea) 52 | candidate = False 53 | 54 | # Filter possible errors on manually defined functions 55 | for prologue in prologues: 56 | if prologue in dis_text: 57 | print ("{:08x} {:6s} YES prologue: {}".format(funcea,prologue,dis_text)) 58 | candidate = True 59 | 60 | # If it passes the filter, add the opcode to the search list. 61 | if candidate: 62 | opcodes.add(start_opcode) 63 | 64 | print("# different opcodes: %x" % (len(opcodes))) 65 | 66 | while len(opcodes) > 0: 67 | # Search for this opcode in the rest of the file 68 | opcode_bin = opcodes.pop() 69 | opcode_str = "".join(x.encode("hex") for x in struct.pack("{:08x}".format(opcode_str,opcode_bin)) 71 | matches = find_all( opcode_str ) 72 | for matchea in matches: 73 | # If the opcode is found in a non-function 74 | if not idc.GetFunctionName(matchea): 75 | # Try to make code and function 76 | print ("{:08x} -> defining function".format(matchea)) 77 | idc.MakeCode(matchea) 78 | idc.MakeFunction(matchea) 79 | 80 | print ("#functions: {}".format(nr_fnc_in)) 81 | print(">> Done!") 82 | 83 | define_functions() 84 | -------------------------------------------------------------------------------- /ida/findcrypt/findcrypt.py: -------------------------------------------------------------------------------- 1 | import struct 2 | import idc, idautils 3 | import ida_bytes 4 | from consts import * 5 | 6 | if idc.BADADDR == 0xFFFFFFFF: 7 | digits = 8 8 | else: 9 | digits = 16 10 | 11 | def convert_to_byte_array(const): 12 | byte_array = [] 13 | if const["size"] == "B": 14 | byte_array = const["array"] 15 | elif const["size"] == "L": 16 | for val in const["array"]: 17 | byte_array += map(lambda x:ord(x), struct.pack(" ea) and (c[1] <= next_func): 29 | ea = c[1] 30 | if ea == s_addr: 31 | s_addr += 2 32 | else: 33 | s_addr = ea 34 | #s_addr += 4 35 | continue 36 | 37 | else: 38 | #This is not a good optimization, there WILL be data refs to function start addresses sometimes. 39 | ''' 40 | if sum(1 for _ in (CodeRefsTo(s_addr, 1))) != 0: 41 | s_addr += 4 42 | continue 43 | 44 | .text:00000000000130C4 SUB SP, SP, #0x80 45 | .text:00000000000130C8 STP X24, X23, [SP,#0x70+var_30] 46 | 47 | LOAD:0000000000015F20 STP X29, X30, [SP,#-0x10+var_s0]! 48 | LOAD:0000000000015F24 MOV X29, SP 49 | 50 | LOAD:00000000000178A4 STP X20, X19, [SP,#-0x10+var_10]! 51 | LOAD:00000000000178A8 STP X29, X30, [SP,#0x10+var_s0] 52 | 53 | LOAD:000000000001A1B0 MOV W8, #0x70 ; 'p' 54 | LOAD:000000000001A1B4 STR WZR, [X0] 55 | 56 | LOAD:000000000001C020 MOV X8, X1 57 | LOAD:000000000001C024 MOV X9, X0 58 | 59 | LOAD:000000000001D48C STP X24, X23, [SP,#-0x10+var_30]! 60 | LOAD:000000000001D490 STP X22, X21, [SP,#0x30+var_20] 61 | 62 | LOAD:000000000001F07C SUBS W8, W2, #1 63 | LOAD:000000000001F080 B.LT loc_1F0B0 64 | 65 | LOAD:00000000000000B0 ADRP X16, #off_A4060@PAGE 66 | LOAD:00000000000000B4 LDR X17, [X16,#off_A4060@PAGEOFF] 67 | 68 | LOAD:000000000000AAF8 000 28 00 40 39 LDRB W8, [X1] ; Load from Memory 69 | LOAD:000000000000AAFC 000 29 04 40 F9 LDR X9, [X1,#8] ; Load from Memory 70 | 71 | ''' 72 | if ((idc.GetMnem(s_addr) == "STP") and \ 73 | # ("X29" in idc.GetOpnd(s_addr, 0)) and \ 74 | # ("X30" in idc.GetOpnd(s_addr, 1)) and \ 75 | ("SP" in idc.GetOpnd(s_addr, 2))) \ 76 | or \ 77 | ((idc.GetMnem(s_addr) == "ADRP") and \ 78 | # ("X" in idc.GetOpnd(s_addr, 0)) and \ 79 | ("X" in idc.GetOpnd(s_addr, 0))) \ 80 | or \ 81 | ((idc.GetMnem(s_addr) == "LDRB")): # \ 82 | # or \ 83 | # (((idc.GetMnem(s_addr) == "PUSH") or (idc.GetMnem(s_addr) == "PUSH.W") or (idc.GetMnem(s_addr) == "STR.W") ) and \ 84 | # ("LR" in idc.GetOpnd(s_addr, 0))): 85 | 86 | print "Found function at 0x%08x" % s_addr 87 | idc.MakeFunction(s_addr) 88 | f = idaapi.get_func(s_addr) 89 | if (type(f) == type(None)): 90 | print "Failed to create function! Undefined instructions?" 91 | s_addr += 2 92 | else: 93 | num_added_functions += 1 94 | ea = -1 95 | for c in idautils.Chunks(s_addr): 96 | if c[1] > ea: 97 | ea = c[1] 98 | if ea != -1: 99 | s_addr = ea 100 | #failed? 101 | else: 102 | s_addr += 2 103 | else: 104 | s_addr += 2 105 | 106 | print "finished segment" 107 | return num_added_functions 108 | 109 | 110 | num_total_added_functions = 0 111 | for s in idautils.Segments(): 112 | s_start = s 113 | if idaapi.segtype(s_start) == idaapi.SEG_CODE: 114 | print "starting segment at 0x%08x" % s_start 115 | num_total_added_functions += def_functions(s) 116 | 117 | print "Added %d functions in total" % num_total_added_functions 118 | -------------------------------------------------------------------------------- /ida/highlight_arm_system_insn.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # 3 | # Script to highlight low-level instructions in ARM code. 4 | # Automatically comment coprocessor accesses (MRC*/MCR*) with documentation. 5 | # 6 | # Support up to ARMv7-A / ARMv8 processors. 7 | # 8 | # Author: Guillaume Delugré. 9 | # 10 | 11 | from idc import * 12 | from idautils import * 13 | 14 | global current_arch 15 | 16 | SYSTEM_INSN = ( 17 | # CPSR access 18 | "MSR", "MRS", "CPSIE", "CPSID", 19 | 20 | # CP access 21 | "MRC", "MRC2", "MRRC", "MRRC2", "MCR", "MCR2", "MCRR", "MCRR2", "LDC", "LDC2", "STC", "STC2", "CDP", "CDP2", 22 | 23 | # System (AArch64) 24 | "SYS", "SYSL", "IC", "DC", "AT", "TLBI", 25 | 26 | # Barriers, 27 | "DSB", "DMB", "ISB", "CLREX", 28 | 29 | # Misc 30 | "SRS", "VMRS", "VMSR", "DBG", "DCPS1", "DCPS2", "DCPS3", "DRPS", 31 | 32 | # Hints 33 | "YIELD", "WFE", "WFI", "SEV", "SEVL", "HINT" 34 | 35 | # Exceptions generating 36 | "BKPT", # AArch32 37 | "BRK", # AArch64 38 | "SVC", "SWI", "SMC", "SMI", "HVC", 39 | 40 | # Special modes 41 | "ENTERX", "LEAVEX", "BXJ" 42 | 43 | # Return from exception 44 | "RFE", # Aarch32 45 | "ERET", # Aarch64 46 | 47 | # Pointer authentication 48 | "PACDA", "PACDZA", "PACDB", "PACDZB", "PACGA", 49 | "PACIA", "PACIA1716", "PACIASP", "PACIAZ", "PACIZA", 50 | "PACIB", "PACIB1716", "PACIBSP", "PACIBZ", "PACIZB", 51 | "AUTDA", "AUTDZA", "AUTDB", "AUTDZB", 52 | "AUTIA", "AUTIA1716", "AUTIASP", "AUTIAZ", "AUTIZA", 53 | "AUTIB", "AUTIB1716", "AUTIBSP", "AUTIBZ", "AUTIZB", 54 | ) 55 | 56 | # 64 bits registers accessible from AArch32. 57 | # Extracted from the 00bet4 XML specifications for ARMv8.3. 58 | COPROC_REGISTERS_64 = { 59 | # MMU registers 60 | ( "p15", 0, "c2" ) : ( "TTBR0", "Translation Table Base Register 0" ), 61 | ( "p15", 1, "c2" ) : ( "TTBR1", "Translation Table Base Register 1" ), 62 | ( "p15", 6, "c2" ) : ( "VTTBR", "Virtualization Translation Table Base Register" ), 63 | ( "p15", 4, "c2" ) : ( "HTTBR", "Hyp Translation Table Base Register" ), 64 | ( "p15", 0, "c7" ) : ( "PAR", "Physical Address Register" ), 65 | 66 | # Counters 67 | ( "p15", 0, "c9" ) : ( "PMCCNTR", "Performance Monitors Cycle Count Register" ), 68 | ( "p15", 0, "c14" ) : ( "CNTPCT", "Counter-timer Physical Count register" ), 69 | ( "p15", 1, "c14" ) : ( "CNTVCT", "Counter-timer Virtual Count register" ), 70 | ( "p15", 2, "c14" ) : ( "CNTP_CVAL", "Counter-timer Physical Timer CompareValue register", 71 | "CNTHP_CVAL", "Counter-timer Hyp Physical CompareValue register" ), 72 | ( "p15", 3, "c14" ) : ( "CNTV_CVAL", "Counter-timer Virtual Timer CompareValue register", 73 | "CNTHV_CVAL", "Counter-timer Virtual Timer CompareValue register (EL2)" ), 74 | ( "p15", 4, "c14" ) : ( "CNTVOFF", "Counter-timer Virtual Offset register" ), 75 | ( "p15", 6, "c14" ) : ( "CNTHP_CVAL", "Counter-timer Hyp Physical CompareValue register" ), 76 | 77 | # CPU control/status registers. 78 | ( "p15", 0, "c15" ) : ( "CPUACTLR", "CPU Auxiliary Control Register" ), 79 | ( "p15", 1, "c15" ) : ( "CPUECTLR", "CPU Extended Control Register" ), 80 | ( "p15", 2, "c15" ) : ( "CPUMERRSR", "CPU Memory Error Syndrome Register" ), 81 | ( "p15", 3, "c15" ) : ( "L2MERRSR", "L2 Memory Error Syndrome Register" ), 82 | 83 | # Interrupts 84 | ( "p15", 0, "c12" ) : ( "ICC_SGI1R", "Interrupt Controller Software Generated Interrupt Group 1 Register" ), 85 | ( "p15", 1, "c12" ) : ( "ICC_ASGI1R", "Interrupt Controller Alias Software Generated Interrupt Group 1 Register" ), 86 | ( "p15", 2, "c12" ) : ( "ICC_SGI0R", "Interrupt Controller Software Generated Interrupt Group 0 Register" ), 87 | 88 | # Preload Engine operations 89 | ( "p15", 0, "c11" ) : ( "N/A", "Preload Engine Program New Channel operation" ), 90 | 91 | # Debug registers 92 | ( "p14", 0, "c1" ) : ( "DBGDRAR", "Debug ROM Address Register" ), 93 | ( "p14", 0, "c2" ) : ( "DBGDSAR", "Debug Self Address Register" ), 94 | } 95 | 96 | # Extracted from the 00bet4 XML specifications for ARMv8.3 and older manuals . 97 | COPROC_REGISTERS = { 98 | ( "p15", "c0", 0, "c0", 0 ) : ( "MIDR", "Main ID Register" ), 99 | ( "p15", "c0", 0, "c0", 1 ) : ( "CTR", "Cache Type Register" ), 100 | ( "p15", "c0", 0, "c0", 2 ) : ( "TCMTR", "TCM Type Register" ), 101 | ( "p15", "c0", 0, "c0", 3 ) : ( "TLBTR", "TLB Type Register" ), 102 | ( "p15", "c0", 0, "c0", 5 ) : ( "MPIDR", "Multiprocessor Affinity Register" ), 103 | ( "p15", "c0", 0, "c0", 6 ) : ( "REVIDR", "Revision ID Register" ), 104 | 105 | # Aliases 106 | ( "p15", "c0", 0, "c0", 4 ) : ( "MIDR", "Main ID Register" ), 107 | ( "p15", "c0", 0, "c0", 7 ) : ( "MIDR", "Main ID Register" ), 108 | 109 | # CPUID registers 110 | ( "p15", "c0", 0, "c1", 0 ) : ( "ID_PFR0", "Processor Feature Register 0" ), 111 | ( "p15", "c0", 0, "c1", 1 ) : ( "ID_PFR1", "Processor Feature Register 1" ), 112 | ( "p15", "c0", 0, "c1", 2 ) : ( "ID_DFR0", "Debug Feature Register 0" ), 113 | ( "p15", "c0", 0, "c1", 3 ) : ( "ID_AFR0", "Auxiliary Feature Register 0" ), 114 | ( "p15", "c0", 0, "c1", 4 ) : ( "ID_MMFR0", "Memory Model Feature Register 0" ), 115 | ( "p15", "c0", 0, "c1", 5 ) : ( "ID_MMFR1", "Memory Model Feature Register 1" ), 116 | ( "p15", "c0", 0, "c1", 6 ) : ( "ID_MMFR2", "Memory Model Feature Register 2" ), 117 | ( "p15", "c0", 0, "c1", 7 ) : ( "ID_MMFR3", "Memory Model Feature Register 3" ), 118 | ( "p15", "c0", 0, "c2", 6 ) : ( "ID_MMFR4", "Memory Model Feature Register 4" ), 119 | ( "p15", "c0", 0, "c2", 0 ) : ( "ID_ISAR0", "Instruction Set Attribute Register 0" ), 120 | ( "p15", "c0", 0, "c2", 1 ) : ( "ID_ISAR1", "Instruction Set Attribute Register 1" ), 121 | ( "p15", "c0", 0, "c2", 2 ) : ( "ID_ISAR2", "Instruction Set Attribute Register 2" ), 122 | ( "p15", "c0", 0, "c2", 3 ) : ( "ID_ISAR3", "Instruction Set Attribute Register 3" ), 123 | ( "p15", "c0", 0, "c2", 4 ) : ( "ID_ISAR4", "Instruction Set Attribute Register 4" ), 124 | ( "p15", "c0", 0, "c2", 5 ) : ( "ID_ISAR5", "Instruction Set Attribute Register 5" ), 125 | ( "p15", "c0", 0, "c2", 7 ) : ( "ID_ISAR6", "Instruction Set Attribute Register 6" ), 126 | 127 | ( "p15", "c0", 1, "c0", 0 ) : ( "CCSIDR", "Current Cache Size ID Register" ), 128 | ( "p15", "c0", 1, "c0", 2 ) : ( "CCSIDR2", "Current Cache Size ID Register 2" ), 129 | ( "p15", "c0", 1, "c0", 1 ) : ( "CLIDR", "Cache Level ID Register" ), 130 | ( "p15", "c0", 1, "c0", 7 ) : ( "AIDR", "Auxiliary ID Register" ), 131 | ( "p15", "c0", 2, "c0", 0 ) : ( "CSSELR", "Cache Size Selection Register" ), 132 | ( "p15", "c0", 4, "c0", 0 ) : ( "VPIDR", "Virtualization Processor ID Register" ), 133 | ( "p15", "c0", 4, "c0", 5 ) : ( "VMPIDR", "Virtualization Multiprocessor ID Register" ), 134 | 135 | # System control registers 136 | ( "p15", "c1", 0, "c0", 0 ) : ( "SCTLR", "System Control Register" ), 137 | ( "p15", "c1", 0, "c0", 1 ) : ( "ACTLR", "Auxiliary Control Register" ), 138 | ( "p15", "c1", 0, "c0", 3 ) : ( "ACTLR2", "Auxiliary Control Register 2" ), 139 | ( "p15", "c1", 0, "c0", 2 ) : ( "CPACR", "Architectural Feature Access Control Register" ), 140 | ( "p15", "c1", 0, "c1", 0 ) : ( "SCR", "Secure Configuration Register" ), 141 | ( "p15", "c1", 0, "c1", 1 ) : ( "SDER", "Secure Debug Enable Register" ), 142 | ( "p15", "c1", 0, "c3", 1 ) : ( "SDCR", "Secure Debug Control Register" ), 143 | ( "p15", "c1", 0, "c1", 2 ) : ( "NSACR", "Non-Secure Access Control Register" ), 144 | ( "p15", "c1", 4, "c0", 0 ) : ( "HSCTLR", "Hyp System Control Register" ), 145 | ( "p15", "c1", 4, "c0", 1 ) : ( "HACTLR", "Hyp Auxiliary Control Register" ), 146 | ( "p15", "c1", 4, "c0", 3 ) : ( "HACTLR2", "Hyp Auxiliary Control Register 2" ), 147 | ( "p15", "c1", 4, "c1", 0 ) : ( "HCR", "Hyp Configuration Register" ), 148 | ( "p15", "c1", 4, "c1", 4 ) : ( "HCR2", "Hyp Configuration Register 2" ), 149 | ( "p15", "c1", 4, "c1", 1 ) : ( "HDCR", "Hyp Debug Control Register" ), 150 | ( "p15", "c1", 4, "c1", 2 ) : ( "HCPTR", "Hyp Architectural Feature Trap Register" ), 151 | ( "p15", "c1", 4, "c1", 3 ) : ( "HSTR", "Hyp System Trap Register" ), 152 | ( "p15", "c1", 4, "c1", 7 ) : ( "HACR", "Hyp Auxiliary Configuration Register" ), 153 | 154 | # Translation Table Base Registers 155 | ( "p15", "c2", 0, "c0", 0 ) : ( "TTBR0", "Translation Table Base Register 0" ), 156 | ( "p15", "c2", 0, "c0", 1 ) : ( "TTBR1", "Translation Table Base Register 1" ), 157 | ( "p15", "c2", 4, "c0", 2 ) : ( "HTCR", "Hyp Translation Control Register" ), 158 | ( "p15", "c2", 4, "c1", 2 ) : ( "VTCR", "Virtualization Translation Control Register" ), 159 | ( "p15", "c2", 0, "c0", 2 ) : ( "TTBCR", "Translation Table Base Control Register" ), 160 | ( "p15", "c2", 0, "c0", 3 ) : ( "TTBCR2", "Translation Table Base Control Register 2" ), 161 | 162 | # Domain Access Control registers 163 | ( "p15", "c3", 0, "c0", 0 ) : ( "DACR", "Domain Access Control Register" ), 164 | 165 | # Fault Status registers 166 | ( "p15", "c5", 0, "c0", 0 ) : ( "DFSR", "Data Fault Status Register" ), 167 | ( "p15", "c5", 0, "c0", 1 ) : ( "IFSR", "Instruction Fault Status Register" ), 168 | ( "p15", "c5", 0, "c1", 0 ) : ( "ADFSR", "Auxiliary Data Fault Status Register" ), 169 | ( "p15", "c5", 0, "c1", 1 ) : ( "AIFSR", "Auxiliary Instruction Fault Status Register" ), 170 | ( "p15", "c5", 4, "c1", 0 ) : ( "HADFSR", "Hyp Auxiliary Data Fault Status Register" ), 171 | ( "p15", "c5", 4, "c1", 1 ) : ( "HAIFSR", "Hyp Auxiliary Instruction Fault Status Register" ), 172 | ( "p15", "c5", 4, "c2", 0 ) : ( "HSR", "Hyp Syndrome Register" ), 173 | 174 | # Fault Address registers 175 | ( "p15", "c6", 0, "c0", 0 ) : ( "DFAR", "Data Fault Address Register" ), 176 | ( "p15", "c6", 0, "c0", 1 ) : ( "N/A", "Watchpoint Fault Address" ), # ARM11 177 | ( "p15", "c6", 0, "c0", 2 ) : ( "IFAR", "Instruction Fault Address Register" ), 178 | ( "p15", "c6", 4, "c0", 0 ) : ( "HDFAR", "Hyp Data Fault Address Register" ), 179 | ( "p15", "c6", 4, "c0", 2 ) : ( "HIFAR", "Hyp Instruction Fault Address Register" ), 180 | ( "p15", "c6", 4, "c0", 4 ) : ( "HPFAR", "Hyp IPA Fault Address Register" ), 181 | 182 | # Cache maintenance registers 183 | ( "p15", "c7", 0, "c0", 4 ) : ( "NOP", "No Operation / Wait For Interrupt" ), 184 | ( "p15", "c7", 0, "c1", 0 ) : ( "ICIALLUIS", "Instruction Cache Invalidate All to PoU, Inner Shareable" ), 185 | ( "p15", "c7", 0, "c1", 6 ) : ( "BPIALLIS", "Branch Predictor Invalidate All, Inner Shareable" ), 186 | ( "p15", "c7", 0, "c4", 0 ) : ( "PAR", "Physical Address Register" ), 187 | ( "p15", "c7", 0, "c5", 0 ) : ( "ICIALLU", "Instruction Cache Invalidate All to PoU" ), 188 | ( "p15", "c7", 0, "c5", 1 ) : ( "ICIMVAU", "Instruction Cache line Invalidate by VA to PoU" ), 189 | ( "p15", "c7", 0, "c5", 2 ) : ( "N/A", "Invalidate all instruction caches by set/way" ), # ARM11 190 | ( "p15", "c7", 0, "c5", 4 ) : ( "CP15ISB", "Instruction Synchronization Barrier System instruction" ), 191 | ( "p15", "c7", 0, "c5", 6 ) : ( "BPIALL", "Branch Predictor Invalidate All" ), 192 | ( "p15", "c7", 0, "c5", 7 ) : ( "BPIMVA", "Branch Predictor Invalidate by VA" ), 193 | ( "p15", "c7", 0, "c6", 0 ) : ( "N/A", "Invalidate entire data cache" ), 194 | ( "p15", "c7", 0, "c6", 1 ) : ( "DCIMVAC", "Data Cache line Invalidate by VA to PoC" ), 195 | ( "p15", "c7", 0, "c6", 2 ) : ( "DCISW", "Data Cache line Invalidate by Set/Way" ), 196 | ( "p15", "c7", 0, "c7", 0 ) : ( "N/A", "Invalidate instruction cache and data cache" ), # ARM11 197 | ( "p15", "c7", 0, "c8", 0 ) : ( "ATS1CPR", "Address Translate Stage 1 Current state PL1 Read" ), 198 | ( "p15", "c7", 0, "c8", 1 ) : ( "ATS1CPW", "Address Translate Stage 1 Current state PL1 Write" ), 199 | ( "p15", "c7", 0, "c8", 2 ) : ( "ATS1CUR", "Address Translate Stage 1 Current state Unprivileged Read" ), 200 | ( "p15", "c7", 0, "c8", 3 ) : ( "ATS1CUW", "Address Translate Stage 1 Current state Unprivileged Write" ), 201 | ( "p15", "c7", 0, "c8", 4 ) : ( "ATS12NSOPR", "Address Translate Stages 1 and 2 Non-secure Only PL1 Read" ), 202 | ( "p15", "c7", 0, "c8", 5 ) : ( "ATS12NSOPW", "Address Translate Stages 1 and 2 Non-secure Only PL1 Write" ), 203 | ( "p15", "c7", 0, "c8", 6 ) : ( "ATS12NSOUR", "Address Translate Stages 1 and 2 Non-secure Only Unprivileged Read" ), 204 | ( "p15", "c7", 0, "c8", 7 ) : ( "ATS12NSOUW", "Address Translate Stages 1 and 2 Non-secure Only Unprivileged Write" ), 205 | ( "p15", "c7", 0, "c9", 0 ) : ( "ATS1CPRP", "Address Translate Stage 1 Current state PL1 Read PAN" ), 206 | ( "p15", "c7", 0, "c9", 1 ) : ( "ATS1CPWP", "Address Translate Stage 1 Current state PL1 Write PAN" ), 207 | ( "p15", "c7", 0, "c10", 0 ) : ( "N/A", "Clean entire data cache" ), # ARM11 208 | ( "p15", "c7", 0, "c10", 1 ) : ( "DCCMVAC", "Data Cache line Clean by VA to PoC" ), 209 | ( "p15", "c7", 0, "c10", 2 ) : ( "DCCSW", "Data Cache line Clean by Set/Way" ), 210 | ( "p15", "c7", 0, "c10", 3 ) : ( "N/A", "Test and clean data cache" ), # ARM9 211 | ( "p15", "c7", 0, "c10", 4 ) : ( "CP15DSB", "Data Synchronization Barrier System instruction" ), 212 | ( "p15", "c7", 0, "c10", 5 ) : ( "CP15DMB", "Data Memory Barrier System instruction" ), 213 | ( "p15", "c7", 0, "c10", 6 ) : ( "N/A", "Read Cache Dirty Status Register" ), # ARM11 214 | ( "p15", "c7", 0, "c11", 1 ) : ( "DCCMVAU", "Data Cache line Clean by VA to PoU" ), 215 | ( "p15", "c7", 0, "c12", 4 ) : ( "N/A", "Read Block Transfer Status Register" ), # ARM11 216 | ( "p15", "c7", 0, "c12", 5 ) : ( "N/A", "Stop Prefetch Range" ), # ARM11 217 | ( "p15", "c7", 0, "c13", 1 ) : ( "NOP", "No Operation / Prefetch Instruction Cache Line" ), 218 | ( "p15", "c7", 0, "c14", 0 ) : ( "N/A", "Clean and invalidate entire data cache" ), # ARM11 219 | ( "p15", "c7", 0, "c14", 1 ) : ( "DCCIMVAC", "Data Cache line Clean and Invalidate by VA to PoC" ), 220 | ( "p15", "c7", 0, "c14", 2 ) : ( "DCCISW", "Data Cache line Clean and Invalidate by Set/Way" ), 221 | ( "p15", "c7", 0, "c14", 3 ) : ( "N/A", "Test, clean, and invalidate data cache" ), # ARM9 222 | ( "p15", "c7", 4, "c8", 0 ) : ( "ATS1HR", "Address Translate Stage 1 Hyp mode Read" ), 223 | ( "p15", "c7", 4, "c8", 1 ) : ( "ATS1HW", "Stage 1 Hyp mode write" ), 224 | 225 | # TLB maintenance operations 226 | ( "p15", "c8", 0, "c3", 0 ) : ( "TLBIALLIS", "TLB Invalidate All, Inner Shareable" ), 227 | ( "p15", "c8", 0, "c3", 1 ) : ( "TLBIMVAIS", "TLB Invalidate by VA, Inner Shareable" ), 228 | ( "p15", "c8", 0, "c3", 2 ) : ( "TLBIASIDIS", "TLB Invalidate by ASID match, Inner Shareable" ), 229 | ( "p15", "c8", 0, "c3", 3 ) : ( "TLBIMVAAIS", "TLB Invalidate by VA, All ASID, Inner Shareable" ), 230 | ( "p15", "c8", 0, "c3", 5 ) : ( "TLBIMVALIS", "TLB Invalidate by VA, Last level, Inner Shareable" ), 231 | ( "p15", "c8", 0, "c3", 7 ) : ( "TLBIMVAALIS", "TLB Invalidate by VA, All ASID, Last level, Inner Shareable" ), 232 | ( "p15", "c8", 0, "c5", 0 ) : ( "ITLBIALL", "Instruction TLB Invalidate All" ), 233 | ( "p15", "c8", 0, "c5", 1 ) : ( "ITLBIMVA", "Instruction TLB Invalidate by VA" ), 234 | ( "p15", "c8", 0, "c5", 2 ) : ( "ITLBIASID", "Instruction TLB Invalidate by ASID match" ), 235 | ( "p15", "c8", 0, "c6", 0 ) : ( "DTLBIALL", "Data TLB Invalidate All" ), 236 | ( "p15", "c8", 0, "c6", 1 ) : ( "DTLBIMVA", "Data TLB Invalidate by VA" ), 237 | ( "p15", "c8", 0, "c6", 2 ) : ( "DTLBIASID", "Data TLB Invalidate by ASID match" ), 238 | ( "p15", "c8", 0, "c7", 0 ) : ( "TLBIALL", "TLB Invalidate All" ), 239 | ( "p15", "c8", 0, "c7", 1 ) : ( "TLBIMVA", "TLB Invalidate by VA" ), 240 | ( "p15", "c8", 0, "c7", 2 ) : ( "TLBIASID", "TLB Invalidate by ASID match" ), 241 | ( "p15", "c8", 0, "c7", 3 ) : ( "TLBIMVAA", "TLB Invalidate by VA, All ASID" ), 242 | ( "p15", "c8", 0, "c7", 5 ) : ( "TLBIMVAL", "TLB Invalidate by VA, Last level" ), 243 | ( "p15", "c8", 0, "c7", 7 ) : ( "TLBIMVAAL", "TLB Invalidate by VA, All ASID, Last level" ), 244 | ( "p15", "c8", 4, "c0", 1 ) : ( "TLBIIPAS2IS", "TLB Invalidate by Intermediate Physical Address, Stage 2, Inner Shareable" ), 245 | ( "p15", "c8", 4, "c0", 5 ) : ( "TLBIIPAS2LIS", "TLB Invalidate by Intermediate Physical Address, Stage 2, Last level, Inner Shareable" ), 246 | ( "p15", "c8", 4, "c3", 0 ) : ( "TLBIALLHIS", "TLB Invalidate All, Hyp mode, Inner Shareable" ), 247 | ( "p15", "c8", 4, "c3", 1 ) : ( "TLBIMVAHIS", "TLB Invalidate by VA, Hyp mode, Inner Shareable" ), 248 | ( "p15", "c8", 4, "c3", 4 ) : ( "TLBIALLNSNHIS", "TLB Invalidate All, Non-Secure Non-Hyp, Inner Shareable" ), 249 | ( "p15", "c8", 4, "c3", 5 ) : ( "TLBIMVALHIS", "TLB Invalidate by VA, Last level, Hyp mode, Inner Shareable" ), 250 | ( "p15", "c8", 4, "c4", 1 ) : ( "TLBIIPAS2", "TLB Invalidate by Intermediate Physical Address, Stage 2" ), 251 | ( "p15", "c8", 4, "c4", 5 ) : ( "TLBIIPAS2L", "TLB Invalidate by Intermediate Physical Address, Stage 2, Last level" ), 252 | ( "p15", "c8", 4, "c7", 0 ) : ( "TLBIALLH", "TLB Invalidate All, Hyp mode" ), 253 | ( "p15", "c8", 4, "c7", 1 ) : ( "TLBIMVAH", "TLB Invalidate by VA, Hyp mode" ), 254 | ( "p15", "c8", 4, "c7", 4 ) : ( "TLBIALLNSNH", "TLB Invalidate All, Non-Secure Non-Hyp" ), 255 | ( "p15", "c8", 4, "c7", 5 ) : ( "TLBIMVALH", "TLB Invalidate by VA, Last level, Hyp mode" ), 256 | 257 | ( "p15", "c9", 0, "c0", 0 ) : ( "N/A", "Data Cache Lockdown" ), # ARM11 258 | ( "p15", "c9", 0, "c0", 1 ) : ( "N/A", "Instruction Cache Lockdown" ), # ARM11 259 | ( "p15", "c9", 0, "c1", 0 ) : ( "N/A", "Data TCM Region" ), # ARM11 260 | ( "p15", "c9", 0, "c1", 1 ) : ( "N/A", "Instruction TCM Region" ), # ARM11 261 | ( "p15", "c9", 1, "c0", 2 ) : ( "L2CTLR", "L2 Control Register" ), 262 | ( "p15", "c9", 1, "c0", 3 ) : ( "L2ECTLR", "L2 Extended Control Register" ), 263 | 264 | # Performance monitor registers 265 | ( "p15", "c9", 0, "c12", 0 ) : ( "PMCR", "Performance Monitors Control Register" ), 266 | ( "p15", "c9", 0, "c12", 1) : ( "PMCNTENSET", "Performance Monitor Count Enable Set Register" ), 267 | ( "p15", "c9", 0, "c12", 2) : ( "PMCNTENCLR", "Performance Monitor Control Enable Clear Register" ), 268 | ( "p15", "c9", 0, "c12", 3 ) : ( "PMOVSR", "Performance Monitors Overflow Flag Status Register" ), 269 | ( "p15", "c9", 0, "c12", 4 ) : ( "PMSWINC", "Performance Monitors Software Increment register" ), 270 | ( "p15", "c9", 0, "c12", 5 ) : ( "PMSELR", "Performance Monitors Event Counter Selection Register" ), 271 | ( "p15", "c9", 0, "c12", 6 ) : ( "PMCEID0", "Performance Monitors Common Event Identification register 0" ), 272 | ( "p15", "c9", 0, "c12", 7 ) : ( "PMCEID1", "Performance Monitors Common Event Identification register 1" ), 273 | ( "p15", "c9", 0, "c13", 0 ) : ( "PMCCNTR", "Performance Monitors Cycle Count Register" ), 274 | ( "p15", "c9", 0, "c13", 1 ) : ( "PMXEVTYPER", "Performance Monitors Selected Event Type Register" ), 275 | ( "p15", "c9", 0, "c13", 2 ) : ( "PMXEVCNTR", "Performance Monitors Selected Event Count Register" ), 276 | ( "p15", "c9", 0, "c14", 0 ) : ( "PMUSERENR", "Performance Monitors User Enable Register" ), 277 | ( "p15", "c9", 0, "c14", 1 ) : ( "PMINTENSET", "Performance Monitors Interrupt Enable Set register" ), 278 | ( "p15", "c9", 0, "c14", 2 ) : ( "PMINTENCLR", "Performance Monitors Interrupt Enable Clear register" ), 279 | ( "p15", "c9", 0, "c14", 3 ) : ( "PMOVSSET", "Performance Monitors Overflow Flag Status Set register" ), 280 | ( "p15", "c9", 0, "c14", 4 ) : ( "PMCEID2", "Performance Monitors Common Event Identification register 2" ), 281 | ( "p15", "c9", 0, "c14", 5 ) : ( "PMCEID3", "Performance Monitors Common Event Identification register 3" ), 282 | ( "p15", "c14", 0, "c8", 0 ) : ( "PMEVCNTR0", "Performance Monitors Event Count Register 0" ), 283 | ( "p15", "c14", 0, "c8", 1 ) : ( "PMEVCNTR1", "Performance Monitors Event Count Register 1" ), 284 | ( "p15", "c14", 0, "c8", 2 ) : ( "PMEVCNTR2", "Performance Monitors Event Count Register 2" ), 285 | ( "p15", "c14", 0, "c8", 3 ) : ( "PMEVCNTR3", "Performance Monitors Event Count Register 3" ), 286 | ( "p15", "c14", 0, "c8", 4 ) : ( "PMEVCNTR4", "Performance Monitors Event Count Register 4" ), 287 | ( "p15", "c14", 0, "c8", 5 ) : ( "PMEVCNTR5", "Performance Monitors Event Count Register 5" ), 288 | ( "p15", "c14", 0, "c8", 6 ) : ( "PMEVCNTR6", "Performance Monitors Event Count Register 6" ), 289 | ( "p15", "c14", 0, "c8", 7 ) : ( "PMEVCNTR7", "Performance Monitors Event Count Register 7" ), 290 | ( "p15", "c14", 0, "c9", 0 ) : ( "PMEVCNTR8", "Performance Monitors Event Count Register 8" ), 291 | ( "p15", "c14", 0, "c9", 1 ) : ( "PMEVCNTR9", "Performance Monitors Event Count Register 9" ), 292 | ( "p15", "c14", 0, "c9", 2 ) : ( "PMEVCNTR10", "Performance Monitors Event Count Register 10" ), 293 | ( "p15", "c14", 0, "c9", 3 ) : ( "PMEVCNTR11", "Performance Monitors Event Count Register 11" ), 294 | ( "p15", "c14", 0, "c9", 4 ) : ( "PMEVCNTR12", "Performance Monitors Event Count Register 12" ), 295 | ( "p15", "c14", 0, "c9", 5 ) : ( "PMEVCNTR13", "Performance Monitors Event Count Register 13" ), 296 | ( "p15", "c14", 0, "c9", 6 ) : ( "PMEVCNTR14", "Performance Monitors Event Count Register 14" ), 297 | ( "p15", "c14", 0, "c9", 7 ) : ( "PMEVCNTR15", "Performance Monitors Event Count Register 15" ), 298 | ( "p15", "c14", 0, "c10", 0 ) : ( "PMEVCNTR16", "Performance Monitors Event Count Register 16" ), 299 | ( "p15", "c14", 0, "c10", 1 ) : ( "PMEVCNTR17", "Performance Monitors Event Count Register 17" ), 300 | ( "p15", "c14", 0, "c10", 2 ) : ( "PMEVCNTR18", "Performance Monitors Event Count Register 18" ), 301 | ( "p15", "c14", 0, "c10", 3 ) : ( "PMEVCNTR19", "Performance Monitors Event Count Register 19" ), 302 | ( "p15", "c14", 0, "c10", 4 ) : ( "PMEVCNTR20", "Performance Monitors Event Count Register 20" ), 303 | ( "p15", "c14", 0, "c10", 5 ) : ( "PMEVCNTR21", "Performance Monitors Event Count Register 21" ), 304 | ( "p15", "c14", 0, "c10", 6 ) : ( "PMEVCNTR22", "Performance Monitors Event Count Register 22" ), 305 | ( "p15", "c14", 0, "c10", 7 ) : ( "PMEVCNTR23", "Performance Monitors Event Count Register 23" ), 306 | ( "p15", "c14", 0, "c11", 0 ) : ( "PMEVCNTR24", "Performance Monitors Event Count Register 24" ), 307 | ( "p15", "c14", 0, "c11", 1 ) : ( "PMEVCNTR25", "Performance Monitors Event Count Register 25" ), 308 | ( "p15", "c14", 0, "c11", 2 ) : ( "PMEVCNTR26", "Performance Monitors Event Count Register 26" ), 309 | ( "p15", "c14", 0, "c11", 3 ) : ( "PMEVCNTR27", "Performance Monitors Event Count Register 27" ), 310 | ( "p15", "c14", 0, "c11", 4 ) : ( "PMEVCNTR28", "Performance Monitors Event Count Register 28" ), 311 | ( "p15", "c14", 0, "c11", 5 ) : ( "PMEVCNTR29", "Performance Monitors Event Count Register 29" ), 312 | ( "p15", "c14", 0, "c11", 6 ) : ( "PMEVCNTR30", "Performance Monitors Event Count Register 30" ), 313 | ( "p15", "c14", 0, "c12", 0 ) : ( "PMEVTYPER0", "Performance Monitors Event Type Register 0" ), 314 | ( "p15", "c14", 0, "c12", 1 ) : ( "PMEVTYPER1", "Performance Monitors Event Type Register 1" ), 315 | ( "p15", "c14", 0, "c12", 2 ) : ( "PMEVTYPER2", "Performance Monitors Event Type Register 2" ), 316 | ( "p15", "c14", 0, "c12", 3 ) : ( "PMEVTYPER3", "Performance Monitors Event Type Register 3" ), 317 | ( "p15", "c14", 0, "c12", 4 ) : ( "PMEVTYPER4", "Performance Monitors Event Type Register 4" ), 318 | ( "p15", "c14", 0, "c12", 5 ) : ( "PMEVTYPER5", "Performance Monitors Event Type Register 5" ), 319 | ( "p15", "c14", 0, "c12", 6 ) : ( "PMEVTYPER6", "Performance Monitors Event Type Register 6" ), 320 | ( "p15", "c14", 0, "c12", 7 ) : ( "PMEVTYPER7", "Performance Monitors Event Type Register 7" ), 321 | ( "p15", "c14", 0, "c13", 0 ) : ( "PMEVTYPER8", "Performance Monitors Event Type Register 8" ), 322 | ( "p15", "c14", 0, "c13", 1 ) : ( "PMEVTYPER9", "Performance Monitors Event Type Register 9" ), 323 | ( "p15", "c14", 0, "c13", 2 ) : ( "PMEVTYPER10", "Performance Monitors Event Type Register 10" ), 324 | ( "p15", "c14", 0, "c13", 3 ) : ( "PMEVTYPER11", "Performance Monitors Event Type Register 11" ), 325 | ( "p15", "c14", 0, "c13", 4 ) : ( "PMEVTYPER12", "Performance Monitors Event Type Register 12" ), 326 | ( "p15", "c14", 0, "c13", 5 ) : ( "PMEVTYPER13", "Performance Monitors Event Type Register 13" ), 327 | ( "p15", "c14", 0, "c13", 6 ) : ( "PMEVTYPER14", "Performance Monitors Event Type Register 14" ), 328 | ( "p15", "c14", 0, "c13", 7 ) : ( "PMEVTYPER15", "Performance Monitors Event Type Register 15" ), 329 | ( "p15", "c14", 0, "c14", 0 ) : ( "PMEVTYPER16", "Performance Monitors Event Type Register 16" ), 330 | ( "p15", "c14", 0, "c14", 1 ) : ( "PMEVTYPER17", "Performance Monitors Event Type Register 17" ), 331 | ( "p15", "c14", 0, "c14", 2 ) : ( "PMEVTYPER18", "Performance Monitors Event Type Register 18" ), 332 | ( "p15", "c14", 0, "c14", 3 ) : ( "PMEVTYPER19", "Performance Monitors Event Type Register 19" ), 333 | ( "p15", "c14", 0, "c14", 4 ) : ( "PMEVTYPER20", "Performance Monitors Event Type Register 20" ), 334 | ( "p15", "c14", 0, "c14", 5 ) : ( "PMEVTYPER21", "Performance Monitors Event Type Register 21" ), 335 | ( "p15", "c14", 0, "c14", 6 ) : ( "PMEVTYPER22", "Performance Monitors Event Type Register 22" ), 336 | ( "p15", "c14", 0, "c14", 7 ) : ( "PMEVTYPER23", "Performance Monitors Event Type Register 23" ), 337 | ( "p15", "c14", 0, "c15", 0 ) : ( "PMEVTYPER24", "Performance Monitors Event Type Register 24" ), 338 | ( "p15", "c14", 0, "c15", 1 ) : ( "PMEVTYPER25", "Performance Monitors Event Type Register 25" ), 339 | ( "p15", "c14", 0, "c15", 2 ) : ( "PMEVTYPER26", "Performance Monitors Event Type Register 26" ), 340 | ( "p15", "c14", 0, "c15", 3 ) : ( "PMEVTYPER27", "Performance Monitors Event Type Register 27" ), 341 | ( "p15", "c14", 0, "c15", 4 ) : ( "PMEVTYPER28", "Performance Monitors Event Type Register 28" ), 342 | ( "p15", "c14", 0, "c15", 5 ) : ( "PMEVTYPER29", "Performance Monitors Event Type Register 29" ), 343 | ( "p15", "c14", 0, "c15", 6 ) : ( "PMEVTYPER30", "Performance Monitors Event Type Register 30" ), 344 | ( "p15", "c14", 0, "c15", 7 ) : ( "PMCCFILTR", "Performance Monitors Cycle Count Filter Register" ), 345 | 346 | # Memory attribute registers 347 | ( "p15", "c10", 0, "c0", 0 ) : ( "N/A", "TLB Lockdown" ), # ARM11 348 | ( "p15", "c10", 0, "c2", 0 ) : ( "MAIR0", "Memory Attribute Indirection Register 0", "PRRR", "Primary Region Remap Register" ), 349 | ( "p15", "c10", 0, "c2", 1 ) : ( "MAIR1", "Memory Attribute Indirection Register 1", "NMRR", "Normal Memory Remap Register" ), 350 | ( "p15", "c10", 0, "c3", 0 ) : ( "AMAIR0", "Auxiliary Memory Attribute Indirection Register 0" ), 351 | ( "p15", "c10", 0, "c3", 1 ) : ( "AMAIR1", "Auxiliary Memory Attribute Indirection Register 1" ), 352 | ( "p15", "c10", 4, "c2", 0 ) : ( "HMAIR0", "Hyp Memory Attribute Indirection Register 0" ), 353 | ( "p15", "c10", 4, "c2", 1 ) : ( "HMAIR1", "Hyp Memory Attribute Indirection Register 1" ), 354 | ( "p15", "c10", 4, "c3", 0 ) : ( "HAMAIR0", "Hyp Auxiliary Memory Attribute Indirection Register 0" ), 355 | ( "p15", "c10", 4, "c3", 1 ) : ( "HAMAIR1", "Hyp Auxiliary Memory Attribute Indirection Register 1" ), 356 | 357 | # DMA registers (ARM11) 358 | ( "p15", "c11", 0, "c0", 0 ) : ( "N/A", "DMA Identification and Status (Present)" ), 359 | ( "p15", "c11", 0, "c0", 1 ) : ( "N/A", "DMA Identification and Status (Queued)" ), 360 | ( "p15", "c11", 0, "c0", 2 ) : ( "N/A", "DMA Identification and Status (Running)" ), 361 | ( "p15", "c11", 0, "c0", 3 ) : ( "N/A", "DMA Identification and Status (Interrupting)" ), 362 | ( "p15", "c11", 0, "c1", 0 ) : ( "N/A", "DMA User Accessibility" ), 363 | ( "p15", "c11", 0, "c2", 0 ) : ( "N/A", "DMA Channel Number" ), 364 | ( "p15", "c11", 0, "c3", 0 ) : ( "N/A", "DMA Enable (Stop)" ), 365 | ( "p15", "c11", 0, "c3", 1 ) : ( "N/A", "DMA Enable (Start)" ), 366 | ( "p15", "c11", 0, "c3", 2 ) : ( "N/A", "DMA Enable (Clear)" ), 367 | ( "p15", "c11", 0, "c4", 0 ) : ( "N/A", "DMA Control" ), 368 | ( "p15", "c11", 0, "c5", 0 ) : ( "N/A", "DMA Internal Start Address" ), 369 | ( "p15", "c11", 0, "c6", 0 ) : ( "N/A", "DMA External Start Address" ), 370 | ( "p15", "c11", 0, "c7", 0 ) : ( "N/A", "DMA Internal End Address" ), 371 | ( "p15", "c11", 0, "c8", 0 ) : ( "N/A", "DMA Channel Status" ), 372 | ( "p15", "c11", 0, "c15", 0) : ( "N/A", "DMA Context ID" ), 373 | 374 | # Reset management registers. 375 | ( "p15", "c12", 0, "c0", 0 ) : ( "VBAR", "Vector Base Address Register" ), 376 | ( "p15", "c12", 0, "c0", 1 ) : ( "RVBAR", "Reset Vector Base Address Register" , 377 | "MVBAR", "Monitor Vector Base Address Register" ), 378 | ( "p15", "c12", 0, "c0", 2 ) : ( "RMR", "Reset Management Register" ), 379 | ( "p15", "c12", 4, "c0", 2 ) : ( "HRMR", "Hyp Reset Management Register" ), 380 | 381 | ( "p15", "c12", 0, "c1", 0 ) : ( "ISR", "Interrupt Status Register" ), 382 | ( "p15", "c12", 4, "c0", 0 ) : ( "HVBAR", "Hyp Vector Base Address Register" ), 383 | 384 | ( "p15", "c13", 0, "c0", 0 ) : ( "FCSEIDR", "FCSE Process ID register" ), 385 | ( "p15", "c13", 0, "c0", 1 ) : ( "CONTEXTIDR", "Context ID Register" ), 386 | ( "p15", "c13", 0, "c0", 2 ) : ( "TPIDRURW", "PL0 Read/Write Software Thread ID Register" ), 387 | ( "p15", "c13", 0, "c0", 3 ) : ( "TPIDRURO", "PL0 Read-Only Software Thread ID Register" ), 388 | ( "p15", "c13", 0, "c0", 4 ) : ( "TPIDRPRW", "PL1 Software Thread ID Register" ), 389 | ( "p15", "c13", 4, "c0", 2 ) : ( "HTPIDR", "Hyp Software Thread ID Register" ), 390 | 391 | # Generic timer registers. 392 | ( "p15", "c14", 0, "c0", 0 ) : ( "CNTFRQ", "Counter-timer Frequency register" ), 393 | ( "p15", "c14", 0, "c1", 0 ) : ( "CNTKCTL", "Counter-timer Kernel Control register" ), 394 | ( "p15", "c14", 0, "c2", 0 ) : ( "CNTP_TVAL", "Counter-timer Physical Timer TimerValue register", 395 | "CNTHP_TVAL", "Counter-timer Hyp Physical Timer TimerValue register" ), 396 | ( "p15", "c14", 0, "c2", 1 ) : ( "CNTP_CTL", "Counter-timer Physical Timer Control register", 397 | "CNTHP_CTL", "Counter-timer Hyp Physical Timer Control register" ), 398 | ( "p15", "c14", 0, "c3", 0 ) : ( "CNTV_TVAL", "Counter-timer Virtual Timer TimerValue register", 399 | "CNTHV_TVAL", "Counter-timer Virtual Timer TimerValue register (EL2)" ), 400 | ( "p15", "c14", 0, "c3", 1 ) : ( "CNTV_CTL", "Counter-timer Virtual Timer Control register", 401 | "CNTHV_CTL", "Counter-timer Virtual Timer Control register (EL2)" ), 402 | ( "p15", "c14", 4, "c1", 0 ) : ( "CNTHCTL", "Counter-timer Hyp Control register" ), 403 | ( "p15", "c14", 4, "c2", 0 ) : ( "CNTHP_TVAL", "Counter-timer Hyp Physical Timer TimerValue register" ), 404 | ( "p15", "c14", 4, "c2", 1 ) : ( "CNTHP_CTL", "Counter-timer Hyp Physical Timer Control register" ), 405 | 406 | # Generic interrupt controller registers. 407 | ( "p15", "c4", 0, "c6", 0 ) : ( "ICC_PMR", "Interrupt Controller Interrupt Priority Mask Register", 408 | "ICV_PMR", "Interrupt Controller Virtual Interrupt Priority Mask Register" ), 409 | ( "p15", "c12", 0, "c8", 0 ) : ( "ICC_IAR0", "Interrupt Controller Interrupt Acknowledge Register 0", 410 | "ICV_IAR0", "Interrupt Controller Virtual Interrupt Acknowledge Register 0" ), 411 | ( "p15", "c12", 0, "c8", 1 ) : ( "ICC_EOIR0", "Interrupt Controller End Of Interrupt Register 0", 412 | "ICV_EOIR0", "Interrupt Controller Virtual End Of Interrupt Register 0" ), 413 | ( "p15", "c12", 0, "c8", 2 ) : ( "ICC_HPPIR0", "Interrupt Controller Highest Priority Pending Interrupt Register 0", 414 | "ICV_HPPIR0", "Interrupt Controller Virtual Highest Priority Pending Interrupt Register 0" ), 415 | ( "p15", "c12", 0, "c8", 3 ) : ( "ICC_BPR0", "Interrupt Controller Binary Point Register 0", 416 | "ICV_BPR0", "Interrupt Controller Virtual Binary Point Register 0" ), 417 | ( "p15", "c12", 0, "c8", 4 ) : ( "ICC_AP0R0", "Interrupt Controller Active Priorities Group 0 Register 0", 418 | "ICV_AP0R0", "Interrupt Controller Virtual Active Priorities Group 0 Register 0" ), 419 | ( "p15", "c12", 0, "c8", 5 ) : ( "ICC_AP0R1", "Interrupt Controller Active Priorities Group 0 Register 1", 420 | "ICV_AP0R1", "Interrupt Controller Virtual Active Priorities Group 0 Register 1" ), 421 | ( "p15", "c12", 0, "c8", 6 ) : ( "ICC_AP0R2", "Interrupt Controller Active Priorities Group 0 Register 2", 422 | "ICV_AP0R2", "Interrupt Controller Virtual Active Priorities Group 0 Register 2" ), 423 | ( "p15", "c12", 0, "c8", 7 ) : ( "ICC_AP0R3", "Interrupt Controller Active Priorities Group 0 Register 3", 424 | "ICV_AP0R3", "Interrupt Controller Virtual Active Priorities Group 0 Register 3" ), 425 | ( "p15", "c12", 0, "c9", 0 ) : ( "ICC_AP1R0", "Interrupt Controller Active Priorities Group 1 Register 0", 426 | "ICV_AP1R0", "Interrupt Controller Virtual Active Priorities Group 1 Register 0" ), 427 | ( "p15", "c12", 0, "c9", 1 ) : ( "ICC_AP1R1", "Interrupt Controller Active Priorities Group 1 Register 1", 428 | "ICV_AP1R1", "Interrupt Controller Virtual Active Priorities Group 1 Register 1" ), 429 | ( "p15", "c12", 0, "c9", 2 ) : ( "ICC_AP1R2", "Interrupt Controller Active Priorities Group 1 Register 2", 430 | "ICV_AP1R2", "Interrupt Controller Virtual Active Priorities Group 1 Register 2" ), 431 | ( "p15", "c12", 0, "c9", 3 ) : ( "ICC_AP1R3", "Interrupt Controller Active Priorities Group 1 Register 3", 432 | "ICV_AP1R3", "Interrupt Controller Virtual Active Priorities Group 1 Register 3" ), 433 | ( "p15", "c12", 0, "c11", 1 ) : ( "ICC_DIR", "Interrupt Controller Deactivate Interrupt Register", 434 | "ICV_DIR", "Interrupt Controller Deactivate Virtual Interrupt Register" ), 435 | ( "p15", "c12", 0, "c11", 3 ) : ( "ICC_RPR", "Interrupt Controller Running Priority Register", 436 | "ICV_RPR", "Interrupt Controller Virtual Running Priority Register" ), 437 | ( "p15", "c12", 0, "c12", 0 ) : ( "ICC_IAR1", "Interrupt Controller Interrupt Acknowledge Register 1", 438 | "ICV_IAR1", "Interrupt Controller Virtual Interrupt Acknowledge Register 1" ), 439 | ( "p15", "c12", 0, "c12", 1 ) : ( "ICC_EOIR1", "Interrupt Controller End Of Interrupt Register 1", 440 | "ICV_EOIR1", "Interrupt Controller Virtual End Of Interrupt Register 1" ), 441 | ( "p15", "c12", 0, "c12", 2 ) : ( "ICC_HPPIR1", "Interrupt Controller Highest Priority Pending Interrupt Register 1", 442 | "ICV_HPPIR1", "Interrupt Controller Virtual Highest Priority Pending Interrupt Register 1" ), 443 | ( "p15", "c12", 0, "c12", 3 ) : ( "ICC_BPR1", "Interrupt Controller Binary Point Register 1", 444 | "ICV_BPR1", "Interrupt Controller Virtual Binary Point Register 1" ), 445 | ( "p15", "c12", 0, "c12", 4 ) : ( "ICC_CTLR", "Interrupt Controller Control Register", 446 | "ICV_CTLR", "Interrupt Controller Virtual Control Register" ), 447 | ( "p15", "c12", 0, "c12", 5 ) : ( "ICC_SRE", "Interrupt Controller System Register Enable register" ), 448 | ( "p15", "c12", 0, "c12", 6 ) : ( "ICC_IGRPEN0", "Interrupt Controller Interrupt Group 0 Enable register", 449 | "ICV_IGRPEN0", "Interrupt Controller Virtual Interrupt Group 0 Enable register" ), 450 | ( "p15", "c12", 0, "c12", 7 ) : ( "ICC_IGRPEN1", "Interrupt Controller Interrupt Group 1 Enable register", 451 | "ICV_IGRPEN1", "Interrupt Controller Virtual Interrupt Group 1 Enable register" ), 452 | ( "p15", "c12", 4, "c8", 0 ) : ( "ICH_AP0R0", "Interrupt Controller Hyp Active Priorities Group 0 Register 0" ), 453 | ( "p15", "c12", 4, "c8", 1 ) : ( "ICH_AP0R1", "Interrupt Controller Hyp Active Priorities Group 0 Register 1" ), 454 | ( "p15", "c12", 4, "c8", 2 ) : ( "ICH_AP0R2", "Interrupt Controller Hyp Active Priorities Group 0 Register 2" ), 455 | ( "p15", "c12", 4, "c8", 3 ) : ( "ICH_AP0R3", "Interrupt Controller Hyp Active Priorities Group 0 Register 3" ), 456 | ( "p15", "c12", 4, "c9", 0 ) : ( "ICH_AP1R0", "Interrupt Controller Hyp Active Priorities Group 1 Register 0" ), 457 | ( "p15", "c12", 4, "c9", 1 ) : ( "ICH_AP1R1", "Interrupt Controller Hyp Active Priorities Group 1 Register 1" ), 458 | ( "p15", "c12", 4, "c9", 2 ) : ( "ICH_AP1R2", "Interrupt Controller Hyp Active Priorities Group 1 Register 2" ), 459 | ( "p15", "c12", 4, "c9", 3 ) : ( "ICH_AP1R3", "Interrupt Controller Hyp Active Priorities Group 1 Register 3" ), 460 | ( "p15", "c12", 4, "c9", 5 ) : ( "ICC_HSRE", "Interrupt Controller Hyp System Register Enable register" ), 461 | ( "p15", "c12", 4, "c11", 0 ) : ( "ICH_HCR", "Interrupt Controller Hyp Control Register" ), 462 | ( "p15", "c12", 4, "c11", 1 ) : ( "ICH_VTR", "Interrupt Controller VGIC Type Register" ), 463 | ( "p15", "c12", 4, "c11", 2 ) : ( "ICH_MISR", "Interrupt Controller Maintenance Interrupt State Register" ), 464 | ( "p15", "c12", 4, "c11", 3 ) : ( "ICH_EISR", "Interrupt Controller End of Interrupt Status Register" ), 465 | ( "p15", "c12", 4, "c11", 5 ) : ( "ICH_ELRSR", "Interrupt Controller Empty List Register Status Register" ), 466 | ( "p15", "c12", 4, "c11", 7 ) : ( "ICH_VMCR", "Interrupt Controller Virtual Machine Control Register" ), 467 | ( "p15", "c12", 4, "c12", 0 ) : ( "ICH_LR0", "Interrupt Controller List Register 0" ), 468 | ( "p15", "c12", 4, "c12", 1 ) : ( "ICH_LR1", "Interrupt Controller List Register 1" ), 469 | ( "p15", "c12", 4, "c12", 2 ) : ( "ICH_LR2", "Interrupt Controller List Register 2" ), 470 | ( "p15", "c12", 4, "c12", 3 ) : ( "ICH_LR3", "Interrupt Controller List Register 3" ), 471 | ( "p15", "c12", 4, "c12", 4 ) : ( "ICH_LR4", "Interrupt Controller List Register 4" ), 472 | ( "p15", "c12", 4, "c12", 5 ) : ( "ICH_LR5", "Interrupt Controller List Register 5" ), 473 | ( "p15", "c12", 4, "c12", 6 ) : ( "ICH_LR6", "Interrupt Controller List Register 6" ), 474 | ( "p15", "c12", 4, "c12", 7 ) : ( "ICH_LR7", "Interrupt Controller List Register 7" ), 475 | ( "p15", "c12", 4, "c13", 0 ) : ( "ICH_LR8", "Interrupt Controller List Register 8" ), 476 | ( "p15", "c12", 4, "c13", 1 ) : ( "ICH_LR9", "Interrupt Controller List Register 9" ), 477 | ( "p15", "c12", 4, "c13", 2 ) : ( "ICH_LR10", "Interrupt Controller List Register 10" ), 478 | ( "p15", "c12", 4, "c13", 3 ) : ( "ICH_LR11", "Interrupt Controller List Register 11" ), 479 | ( "p15", "c12", 4, "c13", 4 ) : ( "ICH_LR12", "Interrupt Controller List Register 12" ), 480 | ( "p15", "c12", 4, "c13", 5 ) : ( "ICH_LR13", "Interrupt Controller List Register 13" ), 481 | ( "p15", "c12", 4, "c13", 6 ) : ( "ICH_LR14", "Interrupt Controller List Register 14" ), 482 | ( "p15", "c12", 4, "c13", 7 ) : ( "ICH_LR15", "Interrupt Controller List Register 15" ), 483 | ( "p15", "c12", 4, "c14", 0 ) : ( "ICH_LRC0", "Interrupt Controller List Register 0" ), 484 | ( "p15", "c12", 4, "c14", 1 ) : ( "ICH_LRC1", "Interrupt Controller List Register 1" ), 485 | ( "p15", "c12", 4, "c14", 2 ) : ( "ICH_LRC2", "Interrupt Controller List Register 2" ), 486 | ( "p15", "c12", 4, "c14", 3 ) : ( "ICH_LRC3", "Interrupt Controller List Register 3" ), 487 | ( "p15", "c12", 4, "c14", 4 ) : ( "ICH_LRC4", "Interrupt Controller List Register 4" ), 488 | ( "p15", "c12", 4, "c14", 5 ) : ( "ICH_LRC5", "Interrupt Controller List Register 5" ), 489 | ( "p15", "c12", 4, "c14", 6 ) : ( "ICH_LRC6", "Interrupt Controller List Register 6" ), 490 | ( "p15", "c12", 4, "c14", 7 ) : ( "ICH_LRC7", "Interrupt Controller List Register 7" ), 491 | ( "p15", "c12", 4, "c15", 0 ) : ( "ICH_LRC8", "Interrupt Controller List Register 8" ), 492 | ( "p15", "c12", 4, "c15", 1 ) : ( "ICH_LRC9", "Interrupt Controller List Register 9" ), 493 | ( "p15", "c12", 4, "c15", 2 ) : ( "ICH_LRC10", "Interrupt Controller List Register 10" ), 494 | ( "p15", "c12", 4, "c15", 3 ) : ( "ICH_LRC11", "Interrupt Controller List Register 11" ), 495 | ( "p15", "c12", 4, "c15", 4 ) : ( "ICH_LRC12", "Interrupt Controller List Register 12" ), 496 | ( "p15", "c12", 4, "c15", 5 ) : ( "ICH_LRC13", "Interrupt Controller List Register 13" ), 497 | ( "p15", "c12", 4, "c15", 6 ) : ( "ICH_LRC14", "Interrupt Controller List Register 14" ), 498 | ( "p15", "c12", 4, "c15", 7 ) : ( "ICH_LRC15", "Interrupt Controller List Register 15" ), 499 | ( "p15", "c12", 6, "c12", 4 ) : ( "ICC_MCTLR", "Interrupt Controller Monitor Control Register" ), 500 | ( "p15", "c12", 6, "c12", 5 ) : ( "ICC_MSRE", "Interrupt Controller Monitor System Register Enable register" ), 501 | ( "p15", "c12", 6, "c12", 7 ) : ( "ICC_MGRPEN1", "Interrupt Controller Monitor Interrupt Group 1 Enable register" ), 502 | 503 | ( "p15", "c15", 0, "c0", 0 ) : ( "IL1Data0", "Instruction L1 Data n Register" ), 504 | ( "p15", "c15", 0, "c0", 1 ) : ( "IL1Data1", "Instruction L1 Data n Register" ), 505 | ( "p15", "c15", 0, "c0", 2 ) : ( "IL1Data2", "Instruction L1 Data n Register" ), 506 | ( "p15", "c15", 0, "c1", 0 ) : ( "DL1Data0", "Data L1 Data n Register" ), 507 | ( "p15", "c15", 0, "c1", 1 ) : ( "DL1Data1", "Data L1 Data n Register" ), 508 | ( "p15", "c15", 0, "c1", 2 ) : ( "DL1Data2", "Data L1 Data n Register" ), 509 | ( "p15", "c15", 0, "c2", 0 ) : ( "N/A", "Data Memory Remap" ), # ARM11 510 | ( "p15", "c15", 0, "c2", 1 ) : ( "N/A", "Instruction Memory Remap" ), # ARM11 511 | ( "p15", "c15", 0, "c2", 2 ) : ( "N/A", "DMA Memory Remap" ), # ARM11 512 | ( "p15", "c15", 0, "c2", 3 ) : ( "N/A", "Peripheral Port Memory Remap" ), # ARM11 513 | ( "p15", "c15", 0, "c4", 0 ) : ( "RAMINDEX", "RAM Index Register" ), 514 | ( "p15", "c15", 0, "c12", 0 ) : ( "N/A", "Performance Monitor Control" ), #ARM11 515 | ( "p15", "c15", 0, "c12", 1 ) : ( "CCNT", "Cycle Counter" ), #ARM11 516 | ( "p15", "c15", 0, "c12", 2 ) : ( "PMN0", "Count 0" ), #ARM11 517 | ( "p15", "c15", 0, "c12", 3 ) : ( "PMN1", "Count 1" ), #ARM11 518 | ( "p15", "c15", 1, "c0", 0 ) : ( "L2ACTLR", "L2 Auxiliary Control Register" ), 519 | ( "p15", "c15", 1, "c0", 3 ) : ( "L2FPR", "L2 Prefetch Control Register" ), 520 | ( "p15", "c15", 3, "c0", 0 ) : ( "N/A", "Data Debug Cache" ), # ARM11 521 | ( "p15", "c15", 3, "c0", 1 ) : ( "N/A", "Instruction Debug Cache" ), # ARM11 522 | ( "p15", "c15", 3, "c2", 0 ) : ( "N/A", "Data Tag RAM Read Operation" ), # ARM11 523 | ( "p15", "c15", 3, "c2", 1 ) : ( "N/A", "Instruction Tag RAM Read Operation" ), # ARM11 524 | ( "p15", "c15", 4, "c0", 0 ) : ( "CBAR", "Configuration Base Address Register" ), 525 | ( "p15", "c15", 5, "c4", 0 ) : ( "N/A", "Data MicroTLB Index" ), # ARM11 526 | ( "p15", "c15", 5, "c4", 1 ) : ( "N/A", "Instruction MicroTLB Index" ), # ARM11 527 | ( "p15", "c15", 5, "c4", 2 ) : ( "N/A", "Read Main TLB Entry" ), # ARM11 528 | ( "p15", "c15", 5, "c4", 4 ) : ( "N/A", "Write Main TLB Entry" ), # ARM11 529 | ( "p15", "c15", 5, "c5", 0 ) : ( "N/A", "Data MicroTLB VA" ), # ARM11 530 | ( "p15", "c15", 5, "c5", 1 ) : ( "N/A", "Instruction MicroTLB VA" ), # ARM11 531 | ( "p15", "c15", 5, "c5", 2 ) : ( "N/A", "Main TLB VA" ), # ARM11 532 | ( "p15", "c15", 5, "c7", 0 ) : ( "N/A", "Data MicroTLB Attribute" ), # ARM11 533 | ( "p15", "c15", 5, "c7", 1 ) : ( "N/A", "Instruction MicroTLB Attribute" ), # ARM11 534 | ( "p15", "c15", 5, "c7", 2 ) : ( "N/A", "Main TLB Attribute" ), # ARM11 535 | ( "p15", "c15", 7, "c0", 0 ) : ( "N/A", "Cache Debug Control" ), # ARM11 536 | ( "p15", "c15", 7, "c1", 0 ) : ( "N/A", "TLB Debug Control" ), # ARM11 537 | 538 | # Preload Engine control registers 539 | ( "p15", "c11", 0, "c0", 0 ) : ( "PLEIDR", "Preload Engine ID Register" ), 540 | ( "p15", "c11", 0, "c0", 2 ) : ( "PLEASR", "Preload Engine Activity Status Register" ), 541 | ( "p15", "c11", 0, "c0", 4 ) : ( "PLEFSR", "Preload Engine FIFO Status Register" ), 542 | ( "p15", "c11", 0, "c1", 0 ) : ( "PLEUAR", "Preload Engine User Accessibility Register" ), 543 | ( "p15", "c11", 0, "c1", 1 ) : ( "PLEPCR", "Preload Engine Parameters Control Register" ), 544 | 545 | # Preload Engine operations 546 | ( "p15", "c11", 0, "c2", 1 ) : ( "PLEFF", "Preload Engine FIFO flush operation" ), 547 | ( "p15", "c11", 0, "c3", 0 ) : ( "PLEPC", "Preload Engine pause channel operation" ), 548 | ( "p15", "c11", 0, "c3", 1 ) : ( "PLERC", "Preload Engine resume channel operation" ), 549 | ( "p15", "c11", 0, "c3", 2 ) : ( "PLEKC", "Preload Engine kill channel operation" ), 550 | 551 | # Jazelle registers 552 | ( "p14", "c0", 7, "c0", 0 ) : ( "JIDR", "Jazelle ID Register" ), 553 | ( "p14", "c1", 7, "c0", 0 ) : ( "JOSCR", "Jazelle OS Control Register" ), 554 | ( "p14", "c2", 7, "c0", 0 ) : ( "JMCR", "Jazelle Main Configuration Register" ), 555 | 556 | # Debug registers 557 | ( "p15", "c4", 3, "c5", 0 ) : ( "DSPSR", "Debug Saved Program Status Register" ), 558 | ( "p15", "c4", 3, "c5", 1 ) : ( "DLR", "Debug Link Register" ), 559 | ( "p14", "c0", 0, "c0", 0 ) : ( "DBGDIDR", "Debug ID Register" ), 560 | ( "p14", "c0", 0, "c6", 0 ) : ( "DBGWFAR", "Debug Watchpoint Fault Address Register" ), 561 | ( "p14", "c0", 0, "c6", 2 ) : ( "DBGOSECCR", "Debug OS Lock Exception Catch Control Register" ), 562 | ( "p14", "c0", 0, "c7", 0 ) : ( "DBGVCR", "Debug Vector Catch Register" ), 563 | ( "p14", "c0", 0, "c0", 2 ) : ( "DBGDTRRXext", "Debug OS Lock Data Transfer Register, Receive, External View" ), 564 | ( "p14", "c0", 0, "c2", 0 ) : ( "DBGDCCINT", "DCC Interrupt Enable Register" ), 565 | ( "p14", "c0", 0, "c2", 2 ) : ( "DBGDSCRext", "Debug Status and Control Register, External View" ), 566 | ( "p14", "c0", 0, "c3", 2 ) : ( "DBGDTRTXext", "Debug OS Lock Data Transfer Register, Transmit" ), 567 | ( "p14", "c0", 0, "c0", 4 ) : ( "DBGBVR0", "Debug Breakpoint Value Register 0" ), 568 | ( "p14", "c0", 0, "c1", 4 ) : ( "DBGBVR1", "Debug Breakpoint Value Register 1" ), 569 | ( "p14", "c0", 0, "c2", 4 ) : ( "DBGBVR2", "Debug Breakpoint Value Register 2" ), 570 | ( "p14", "c0", 0, "c3", 4 ) : ( "DBGBVR3", "Debug Breakpoint Value Register 3" ), 571 | ( "p14", "c0", 0, "c4", 4 ) : ( "DBGBVR4", "Debug Breakpoint Value Register 4" ), 572 | ( "p14", "c0", 0, "c5", 4 ) : ( "DBGBVR5", "Debug Breakpoint Value Register 5" ), 573 | ( "p14", "c0", 0, "c6", 4 ) : ( "DBGBVR6", "Debug Breakpoint Value Register 6" ), 574 | ( "p14", "c0", 0, "c7", 4 ) : ( "DBGBVR7", "Debug Breakpoint Value Register 7" ), 575 | ( "p14", "c0", 0, "c8", 4 ) : ( "DBGBVR8", "Debug Breakpoint Value Register 8" ), 576 | ( "p14", "c0", 0, "c9", 4 ) : ( "DBGBVR9", "Debug Breakpoint Value Register 9" ), 577 | ( "p14", "c0", 0, "c10", 4 ) : ( "DBGBVR10", "Debug Breakpoint Value Register 10" ), 578 | ( "p14", "c0", 0, "c11", 4 ) : ( "DBGBVR11", "Debug Breakpoint Value Register 11" ), 579 | ( "p14", "c0", 0, "c12", 4 ) : ( "DBGBVR12", "Debug Breakpoint Value Register 12" ), 580 | ( "p14", "c0", 0, "c13", 4 ) : ( "DBGBVR13", "Debug Breakpoint Value Register 13" ), 581 | ( "p14", "c0", 0, "c14", 4 ) : ( "DBGBVR14", "Debug Breakpoint Value Register 14" ), 582 | ( "p14", "c0", 0, "c15", 4 ) : ( "DBGBVR15", "Debug Breakpoint Value Register 15" ), 583 | ( "p14", "c0", 0, "c0", 5 ) : ( "DBGBCR0", "Debug Breakpoint Control Register 0" ), 584 | ( "p14", "c0", 0, "c1", 5 ) : ( "DBGBCR1", "Debug Breakpoint Control Register 1" ), 585 | ( "p14", "c0", 0, "c2", 5 ) : ( "DBGBCR2", "Debug Breakpoint Control Register 2" ), 586 | ( "p14", "c0", 0, "c3", 5 ) : ( "DBGBCR3", "Debug Breakpoint Control Register 3" ), 587 | ( "p14", "c0", 0, "c4", 5 ) : ( "DBGBCR4", "Debug Breakpoint Control Register 4" ), 588 | ( "p14", "c0", 0, "c5", 5 ) : ( "DBGBCR5", "Debug Breakpoint Control Register 5" ), 589 | ( "p14", "c0", 0, "c6", 5 ) : ( "DBGBCR6", "Debug Breakpoint Control Register 6" ), 590 | ( "p14", "c0", 0, "c7", 5 ) : ( "DBGBCR7", "Debug Breakpoint Control Register 7" ), 591 | ( "p14", "c0", 0, "c8", 5 ) : ( "DBGBCR8", "Debug Breakpoint Control Register 8" ), 592 | ( "p14", "c0", 0, "c9", 5 ) : ( "DBGBCR9", "Debug Breakpoint Control Register 9" ), 593 | ( "p14", "c0", 0, "c10", 5 ) : ( "DBGBCR10", "Debug Breakpoint Control Register 10" ), 594 | ( "p14", "c0", 0, "c11", 5 ) : ( "DBGBCR11", "Debug Breakpoint Control Register 11" ), 595 | ( "p14", "c0", 0, "c12", 5 ) : ( "DBGBCR12", "Debug Breakpoint Control Register 12" ), 596 | ( "p14", "c0", 0, "c13", 5 ) : ( "DBGBCR13", "Debug Breakpoint Control Register 13" ), 597 | ( "p14", "c0", 0, "c14", 5 ) : ( "DBGBCR14", "Debug Breakpoint Control Register 14" ), 598 | ( "p14", "c0", 0, "c15", 5 ) : ( "DBGBCR15", "Debug Breakpoint Control Register 15" ), 599 | ( "p14", "c0", 0, "c0", 6 ) : ( "DBGWVR0", "Debug Watchpoint Value Register 0" ), 600 | ( "p14", "c0", 0, "c1", 6 ) : ( "DBGWVR1", "Debug Watchpoint Value Register 1" ), 601 | ( "p14", "c0", 0, "c2", 6 ) : ( "DBGWVR2", "Debug Watchpoint Value Register 2" ), 602 | ( "p14", "c0", 0, "c3", 6 ) : ( "DBGWVR3", "Debug Watchpoint Value Register 3" ), 603 | ( "p14", "c0", 0, "c4", 6 ) : ( "DBGWVR4", "Debug Watchpoint Value Register 4" ), 604 | ( "p14", "c0", 0, "c5", 6 ) : ( "DBGWVR5", "Debug Watchpoint Value Register 5" ), 605 | ( "p14", "c0", 0, "c6", 6 ) : ( "DBGWVR6", "Debug Watchpoint Value Register 6" ), 606 | ( "p14", "c0", 0, "c7", 6 ) : ( "DBGWVR7", "Debug Watchpoint Value Register 7" ), 607 | ( "p14", "c0", 0, "c8", 6 ) : ( "DBGWVR8", "Debug Watchpoint Value Register 8" ), 608 | ( "p14", "c0", 0, "c9", 6 ) : ( "DBGWVR9", "Debug Watchpoint Value Register 9" ), 609 | ( "p14", "c0", 0, "c10", 6 ) : ( "DBGWVR10", "Debug Watchpoint Value Register 10" ), 610 | ( "p14", "c0", 0, "c11", 6 ) : ( "DBGWVR11", "Debug Watchpoint Value Register 11" ), 611 | ( "p14", "c0", 0, "c12", 6 ) : ( "DBGWVR12", "Debug Watchpoint Value Register 12" ), 612 | ( "p14", "c0", 0, "c13", 6 ) : ( "DBGWVR13", "Debug Watchpoint Value Register 13" ), 613 | ( "p14", "c0", 0, "c14", 6 ) : ( "DBGWVR14", "Debug Watchpoint Value Register 14" ), 614 | ( "p14", "c0", 0, "c15", 6 ) : ( "DBGWVR15", "Debug Watchpoint Value Register 15" ), 615 | ( "p14", "c0", 0, "c0", 7 ) : ( "DBGWCR0", "Debug Watchpoint Control Register 0" ), 616 | ( "p14", "c0", 0, "c1", 7 ) : ( "DBGWCR1", "Debug Watchpoint Control Register 1" ), 617 | ( "p14", "c0", 0, "c2", 7 ) : ( "DBGWCR2", "Debug Watchpoint Control Register 2" ), 618 | ( "p14", "c0", 0, "c3", 7 ) : ( "DBGWCR3", "Debug Watchpoint Control Register 3" ), 619 | ( "p14", "c0", 0, "c4", 7 ) : ( "DBGWCR4", "Debug Watchpoint Control Register 4" ), 620 | ( "p14", "c0", 0, "c5", 7 ) : ( "DBGWCR5", "Debug Watchpoint Control Register 5" ), 621 | ( "p14", "c0", 0, "c6", 7 ) : ( "DBGWCR6", "Debug Watchpoint Control Register 6" ), 622 | ( "p14", "c0", 0, "c7", 7 ) : ( "DBGWCR7", "Debug Watchpoint Control Register 7" ), 623 | ( "p14", "c0", 0, "c8", 7 ) : ( "DBGWCR8", "Debug Watchpoint Control Register 8" ), 624 | ( "p14", "c0", 0, "c9", 7 ) : ( "DBGWCR9", "Debug Watchpoint Control Register 9" ), 625 | ( "p14", "c0", 0, "c10", 7 ) : ( "DBGWCR10", "Debug Watchpoint Control Register 10" ), 626 | ( "p14", "c0", 0, "c11", 7 ) : ( "DBGWCR11", "Debug Watchpoint Control Register 11" ), 627 | ( "p14", "c0", 0, "c12", 7 ) : ( "DBGWCR12", "Debug Watchpoint Control Register 12" ), 628 | ( "p14", "c0", 0, "c13", 7 ) : ( "DBGWCR13", "Debug Watchpoint Control Register 13" ), 629 | ( "p14", "c0", 0, "c14", 7 ) : ( "DBGWCR14", "Debug Watchpoint Control Register 14" ), 630 | ( "p14", "c0", 0, "c15", 7 ) : ( "DBGWCR15", "Debug Watchpoint Control Register 15" ), 631 | ( "p14", "c1", 0, "c0", 1 ) : ( "DBGBXVR0", "Debug Breakpoint Extended Value Register 0" ), 632 | ( "p14", "c1", 0, "c1", 1 ) : ( "DBGBXVR1", "Debug Breakpoint Extended Value Register 1" ), 633 | ( "p14", "c1", 0, "c2", 1 ) : ( "DBGBXVR2", "Debug Breakpoint Extended Value Register 2" ), 634 | ( "p14", "c1", 0, "c3", 1 ) : ( "DBGBXVR3", "Debug Breakpoint Extended Value Register 3" ), 635 | ( "p14", "c1", 0, "c4", 1 ) : ( "DBGBXVR4", "Debug Breakpoint Extended Value Register 4" ), 636 | ( "p14", "c1", 0, "c5", 1 ) : ( "DBGBXVR5", "Debug Breakpoint Extended Value Register 5" ), 637 | ( "p14", "c1", 0, "c6", 1 ) : ( "DBGBXVR6", "Debug Breakpoint Extended Value Register 6" ), 638 | ( "p14", "c1", 0, "c7", 1 ) : ( "DBGBXVR7", "Debug Breakpoint Extended Value Register 7" ), 639 | ( "p14", "c1", 0, "c8", 1 ) : ( "DBGBXVR8", "Debug Breakpoint Extended Value Register 8" ), 640 | ( "p14", "c1", 0, "c9", 1 ) : ( "DBGBXVR9", "Debug Breakpoint Extended Value Register 9" ), 641 | ( "p14", "c1", 0, "c10", 1 ) : ( "DBGBXVR10", "Debug Breakpoint Extended Value Register 10" ), 642 | ( "p14", "c1", 0, "c11", 1 ) : ( "DBGBXVR11", "Debug Breakpoint Extended Value Register 11" ), 643 | ( "p14", "c1", 0, "c12", 1 ) : ( "DBGBXVR12", "Debug Breakpoint Extended Value Register 12" ), 644 | ( "p14", "c1", 0, "c13", 1 ) : ( "DBGBXVR13", "Debug Breakpoint Extended Value Register 13" ), 645 | ( "p14", "c1", 0, "c14", 1 ) : ( "DBGBXVR14", "Debug Breakpoint Extended Value Register 14" ), 646 | ( "p14", "c1", 0, "c15", 1 ) : ( "DBGBXVR15", "Debug Breakpoint Extended Value Register 15" ), 647 | ( "p14", "c1", 0, "c0", 4 ) : ( "DBGOSLAR", "Debug OS Lock Access Register" ), 648 | ( "p14", "c1", 0, "c1", 4 ) : ( "DBGOSLSR", "Debug OS Lock Status Register" ), 649 | ( "p14", "c1", 0, "c4", 4 ) : ( "DBGPRCR", "Debug Power Control Register" ), 650 | ( "p14", "c7", 0, "c14", 6 ) : ( "DBGAUTHSTATUS", "Debug Authentication Status register" ), 651 | ( "p14", "c7", 0, "c0", 7 ) : ( "DBGDEVID2", "Debug Device ID register 2" ), 652 | ( "p14", "c7", 0, "c1", 7 ) : ( "DBGDEVID1", "Debug Device ID register 1" ), 653 | ( "p14", "c7", 0, "c2", 7 ) : ( "DBGDEVID", "Debug Device ID register 0" ), 654 | ( "p14", "c7", 0, "c8", 6 ) : ( "DBGCLAIMSET", "Debug Claim Tag Set register" ), 655 | ( "p14", "c7", 0, "c9", 6 ) : ( "DBGCLAIMCLR", "Debug Claim Tag Clear register" ), 656 | ( "p14", "c0", 0, "c1", 0 ) : ( "DBGDSCRint", "Debug Status and Control Register, Internal View" ), 657 | ( "p14", "c0", 0, "c5", 0 ) : ( "DBGDTRRXint", "Debug Data Transfer Register, Receive", 658 | "DBGDTRTXint", "Debug Data Transfer Register, Transmit" ), 659 | ( "p14", "c1", 0, "c0", 0 ) : ( "DBGDRAR", "Debug ROM Address Register" ), 660 | ( "p14", "c1", 0, "c3", 4 ) : ( "DBGOSDLR", "Debug OS Double Lock Register" ), 661 | ( "p14", "c2", 0, "c0", 0 ) : ( "DBGDSAR", "Debug Self Address Register" ), 662 | } 663 | 664 | # Aarch64 system registers. 665 | # Extracted from the 00bet4 XML specifications for ARMv8.3. 666 | SYSTEM_REGISTERS = { 667 | # Special purpose registers. 668 | ( 0b011, 0b000, "c4", "c2", 0b010 ) : ( "CurrentEL", "Current Exception Level" ), 669 | ( 0b011, 0b011, "c4", "c2", 0b001 ) : ( "DAIF", "Interrupt Mask Bits" ), 670 | ( 0b011, 0b000, "c4", "c0", 0b001 ) : ( "ELR_EL1", "Exception Link Register (EL1)" ), 671 | ( 0b011, 0b100, "c4", "c0", 0b001 ) : ( "ELR_EL2", "Exception Link Register (EL2)" ), 672 | ( 0b011, 0b101, "c4", "c0", 0b001 ) : ( "ELR_EL12", "Exception Link Register (EL1)" ), 673 | ( 0b011, 0b110, "c4", "c0", 0b001 ) : ( "ELR_EL3", "Exception Link Register (EL3)" ), 674 | ( 0b011, 0b011, "c4", "c4", 0b001 ) : ( "FPSR", "Floating-point Status Register" ), 675 | ( 0b011, 0b011, "c4", "c4", 0b000 ) : ( "FPCR", "Floating-point Control Register" ), 676 | ( 0b011, 0b011, "c4", "c2", 0b000 ) : ( "NZCV", "Condition Flags" ), 677 | ( 0b011, 0b000, "c4", "c1", 0b000 ) : ( "SP_EL0", "Stack Pointer (EL0)" ), 678 | ( 0b011, 0b100, "c4", "c1", 0b000 ) : ( "SP_EL1", "Stack Pointer (EL1)" ), 679 | ( 0b011, 0b110, "c4", "c1", 0b000 ) : ( "SP_EL2", "Stack Pointer (EL2)" ), 680 | ( 0b011, 0b000, "c4", "c2", 0b000 ) : ( "SPSel", "Stack Pointer Select" ), 681 | ( 0b011, 0b100, "c4", "c3", 0b001 ) : ( "SPSR_abt", "Saved Program Status Register (Abort mode)" ), 682 | ( 0b011, 0b000, "c4", "c0", 0b000 ) : ( "SPSR_EL1", "Saved Program Status Register (EL1)" ), 683 | ( 0b011, 0b100, "c4", "c0", 0b000 ) : ( "SPSR_EL2", "Saved Program Status Register (EL2)" ), 684 | ( 0b011, 0b101, "c4", "c0", 0b000 ) : ( "SPSR_EL12", "Saved Program Status Register (EL1)" ), 685 | ( 0b011, 0b110, "c4", "c0", 0b000 ) : ( "SPSR_EL3", "Saved Program Status Register (EL3)" ), 686 | ( 0b011, 0b100, "c4", "c3", 0b011 ) : ( "SPSR_fiq", "Saved Program Status Register (FIQ mode)" ), 687 | ( 0b011, 0b100, "c4", "c3", 0b000 ) : ( "SPSR_irq", "Saved Program Status Register (IRQ mode)" ), 688 | ( 0b011, 0b100, "c4", "c3", 0b010 ) : ( "SPSR_und", "Saved Program Status Register (Undefined mode)" ), 689 | 690 | # General system control registers. 691 | ( 0b011, 0b000, "c1", "c0", 0b001 ) : ( "ACTLR_EL1", "Auxiliary Control Register (EL1)" ), 692 | ( 0b011, 0b100, "c1", "c0", 0b001 ) : ( "ACTLR_EL2", "Auxiliary Control Register (EL2)" ), 693 | ( 0b011, 0b110, "c1", "c0", 0b001 ) : ( "ACTLR_EL3", "Auxiliary Control Register (EL3)" ), 694 | ( 0b011, 0b000, "c4", "c2", 0b011 ) : ( "PAN", "Privileged Access Never" ), 695 | ( 0b011, 0b000, "c4", "c2", 0b100 ) : ( "UAO", "User Access Override" ), 696 | ( 0b011, 0b000, "c5", "c1", 0b000 ) : ( "AFSR0_EL1", "Auxiliary Fault Status Register 0 (EL1)" ), 697 | ( 0b011, 0b100, "c5", "c1", 0b000 ) : ( "AFSR0_EL2", "Auxiliary Fault Status Register 0 (EL2)" ), 698 | ( 0b011, 0b101, "c5", "c1", 0b000 ) : ( "AFSR0_EL12", "Auxiliary Fault Status Register 0 (EL1)" ), 699 | ( 0b011, 0b110, "c5", "c1", 0b000 ) : ( "AFSR0_EL3", "Auxiliary Fault Status Register 0 (EL3)" ), 700 | ( 0b011, 0b000, "c5", "c1", 0b001 ) : ( "AFSR1_EL1", "Auxiliary Fault Status Register 1 (EL1)" ), 701 | ( 0b011, 0b100, "c5", "c1", 0b001 ) : ( "AFSR1_EL2", "Auxiliary Fault Status Register 1 (EL2)" ), 702 | ( 0b011, 0b101, "c5", "c1", 0b001 ) : ( "AFSR1_EL12", "Auxiliary Fault Status Register 1 (EL1)" ), 703 | ( 0b011, 0b110, "c5", "c1", 0b001 ) : ( "AFSR1_EL3", "Auxiliary Fault Status Register 1 (EL3)" ), 704 | ( 0b011, 0b001, "c0", "c0", 0b111 ) : ( "AIDR_EL1", "Auxiliary ID Register" ), 705 | ( 0b011, 0b000, "c10", "c3", 0b000 ) : ( "AMAIR_EL1", "Auxiliary Memory Attribute Indirection Register (EL1)" ), 706 | ( 0b011, 0b100, "c10", "c3", 0b000 ) : ( "AMAIR_EL2", "Auxiliary Memory Attribute Indirection Register (EL2)" ), 707 | ( 0b011, 0b101, "c10", "c3", 0b000 ) : ( "AMAIR_EL12", "Auxiliary Memory Attribute Indirection Register (EL1)" ), 708 | ( 0b011, 0b110, "c10", "c3", 0b000 ) : ( "AMAIR_EL3", "Auxiliary Memory Attribute Indirection Register (EL3)" ), 709 | ( 0b011, 0b001, "c0", "c0", 0b000 ) : ( "CCSIDR_EL1", "Current Cache Size ID Register" ), 710 | ( 0b011, 0b001, "c0", "c0", 0b010 ) : ( "CCSIDR2_EL1", "Current Cache Size ID Register 2" ), 711 | ( 0b011, 0b001, "c0", "c0", 0b001 ) : ( "CLIDR_EL1", "Cache Level ID Register" ), 712 | ( 0b011, 0b000, "c13", "c0", 0b001 ) : ( "CONTEXTIDR_EL1", "Context ID Register (EL1)" ), 713 | ( 0b011, 0b100, "c13", "c0", 0b001 ) : ( "CONTEXTIDR_EL2", "Context ID Register (EL2)" ), 714 | ( 0b011, 0b101, "c13", "c0", 0b001 ) : ( "CONTEXTIDR_EL12", "Context ID Register (EL1)" ), 715 | ( 0b011, 0b000, "c1", "c0", 0b010 ) : ( "CPACR_EL1", "Architectural Feature Access Control Register (EL1)" ), 716 | ( 0b011, 0b101, "c1", "c0", 0b010 ) : ( "CPACR_EL12", "Architectural Feature Access Control Register (EL1)" ), 717 | ( 0b011, 0b100, "c1", "c1", 0b010 ) : ( "CPTR_EL2", "Architectural Feature Trap Register (EL2)" ), 718 | ( 0b011, 0b110, "c1", "c1", 0b010 ) : ( "CPTR_EL3", "Architectural Feature Trap Register (EL3)" ), 719 | ( 0b011, 0b010, "c0", "c0", 0b000 ) : ( "CSSELR_EL1", "Cache Size Selection Register" ), 720 | ( 0b011, 0b011, "c0", "c0", 0b001 ) : ( "CTR_EL0", "Cache Type Register" ), 721 | ( 0b011, 0b100, "c3", "c0", 0b000 ) : ( "DACR32_EL2", "Domain Access Control Register" ), 722 | ( 0b011, 0b011, "c0", "c0", 0b111 ) : ( "DCZID_EL0", "Data Cache Zero ID register" ), 723 | ( 0b011, 0b000, "c5", "c2", 0b000 ) : ( "ESR_EL1", "Exception Syndrome Register (EL1)" ), 724 | ( 0b011, 0b100, "c5", "c2", 0b000 ) : ( "ESR_EL2", "Exception Syndrome Register (EL2)" ), 725 | ( 0b011, 0b101, "c5", "c2", 0b000 ) : ( "ESR_EL12", "Exception Syndrome Register (EL1)" ), 726 | ( 0b011, 0b110, "c5", "c2", 0b000 ) : ( "ESR_EL3", "Exception Syndrome Register (EL3)" ), 727 | ( 0b011, 0b000, "c6", "c0", 0b000 ) : ( "FAR_EL1", "Fault Address Register (EL1)" ), 728 | ( 0b011, 0b100, "c6", "c0", 0b000 ) : ( "FAR_EL2", "Fault Address Register (EL2)" ), 729 | ( 0b011, 0b101, "c6", "c0", 0b000 ) : ( "FAR_EL12", "Fault Address Register (EL1)" ), 730 | ( 0b011, 0b110, "c6", "c0", 0b000 ) : ( "FAR_EL3", "Fault Address Register (EL3)" ), 731 | ( 0b011, 0b100, "c5", "c3", 0b000 ) : ( "FPEXC32_EL2", "Floating-Point Exception Control register" ), 732 | ( 0b011, 0b100, "c1", "c1", 0b111 ) : ( "HACR_EL2", "Hypervisor Auxiliary Control Register" ), 733 | ( 0b011, 0b100, "c1", "c1", 0b000 ) : ( "HCR_EL2", "Hypervisor Configuration Register" ), 734 | ( 0b011, 0b100, "c6", "c0", 0b100 ) : ( "HPFAR_EL2", "Hypervisor IPA Fault Address Register" ), 735 | ( 0b011, 0b100, "c1", "c1", 0b011 ) : ( "HSTR_EL2", "Hypervisor System Trap Register" ), 736 | ( 0b011, 0b000, "c0", "c5", 0b100 ) : ( "ID_AA64AFR0_EL1", "AArch64 Auxiliary Feature Register 0" ), 737 | ( 0b011, 0b000, "c0", "c5", 0b101 ) : ( "ID_AA64AFR1_EL1", "AArch64 Auxiliary Feature Register 1" ), 738 | ( 0b011, 0b000, "c0", "c5", 0b000 ) : ( "ID_AA64DFR0_EL1", "AArch64 Debug Feature Register 0" ), 739 | ( 0b011, 0b000, "c0", "c5", 0b001 ) : ( "ID_AA64DFR1_EL1", "AArch64 Debug Feature Register 1" ), 740 | ( 0b011, 0b000, "c0", "c6", 0b000 ) : ( "ID_AA64ISAR0_EL1", "AArch64 Instruction Set Attribute Register 0" ), 741 | ( 0b011, 0b000, "c0", "c6", 0b001 ) : ( "ID_AA64ISAR1_EL1", "AArch64 Instruction Set Attribute Register 1" ), 742 | ( 0b011, 0b000, "c0", "c7", 0b000 ) : ( "ID_AA64MMFR0_EL1", "AArch64 Memory Model Feature Register 0" ), 743 | ( 0b011, 0b000, "c0", "c7", 0b001 ) : ( "ID_AA64MMFR1_EL1", "AArch64 Memory Model Feature Register 1" ), 744 | ( 0b011, 0b000, "c0", "c7", 0b010 ) : ( "ID_AA64MMFR2_EL1", "AArch64 Memory Model Feature Register 2" ), 745 | ( 0b011, 0b000, "c0", "c4", 0b000 ) : ( "ID_AA64PFR0_EL1", "AArch64 Processor Feature Register 0" ), 746 | ( 0b011, 0b000, "c0", "c4", 0b001 ) : ( "ID_AA64PFR1_EL1", "AArch64 Processor Feature Register 1" ), 747 | ( 0b011, 0b000, "c0", "c1", 0b011 ) : ( "ID_AFR0_EL1", "AArch32 Auxiliary Feature Register 0" ), 748 | ( 0b011, 0b000, "c0", "c1", 0b010 ) : ( "ID_DFR0_EL1", "AArch32 Debug Feature Register 0" ), 749 | ( 0b011, 0b000, "c0", "c2", 0b000 ) : ( "ID_ISAR0_EL1", "AArch32 Instruction Set Attribute Register 0" ), 750 | ( 0b011, 0b000, "c0", "c2", 0b001 ) : ( "ID_ISAR1_EL1", "AArch32 Instruction Set Attribute Register 1" ), 751 | ( 0b011, 0b000, "c0", "c2", 0b010 ) : ( "ID_ISAR2_EL1", "AArch32 Instruction Set Attribute Register 2" ), 752 | ( 0b011, 0b000, "c0", "c2", 0b011 ) : ( "ID_ISAR3_EL1", "AArch32 Instruction Set Attribute Register 3" ), 753 | ( 0b011, 0b000, "c0", "c2", 0b100 ) : ( "ID_ISAR4_EL1", "AArch32 Instruction Set Attribute Register 4" ), 754 | ( 0b011, 0b000, "c0", "c2", 0b101 ) : ( "ID_ISAR5_EL1", "AArch32 Instruction Set Attribute Register 5" ), 755 | ( 0b011, 0b000, "c0", "c2", 0b111 ) : ( "ID_ISAR6_EL1", "AArch32 Instruction Set Attribute Register 6" ), 756 | ( 0b011, 0b000, "c0", "c1", 0b100 ) : ( "ID_MMFR0_EL1", "AArch32 Memory Model Feature Register 0" ), 757 | ( 0b011, 0b000, "c0", "c1", 0b101 ) : ( "ID_MMFR1_EL1", "AArch32 Memory Model Feature Register 1" ), 758 | ( 0b011, 0b000, "c0", "c1", 0b110 ) : ( "ID_MMFR2_EL1", "AArch32 Memory Model Feature Register 2" ), 759 | ( 0b011, 0b000, "c0", "c1", 0b111 ) : ( "ID_MMFR3_EL1", "AArch32 Memory Model Feature Register 3" ), 760 | ( 0b011, 0b000, "c0", "c2", 0b110 ) : ( "ID_MMFR4_EL1", "AArch32 Memory Model Feature Register 4" ), 761 | ( 0b011, 0b000, "c0", "c1", 0b000 ) : ( "ID_PFR0_EL1", "AArch32 Processor Feature Register 0" ), 762 | ( 0b011, 0b000, "c0", "c1", 0b001 ) : ( "ID_PFR1_EL1", "AArch32 Processor Feature Register 1" ), 763 | ( 0b011, 0b100, "c5", "c0", 0b001 ) : ( "IFSR32_EL2", "Instruction Fault Status Register (EL2)" ), 764 | ( 0b011, 0b000, "c12", "c1", 0b000 ) : ( "ISR_EL1", "Interrupt Status Register" ), 765 | ( 0b011, 0b000, "c10", "c2", 0b000 ) : ( "MAIR_EL1", "Memory Attribute Indirection Register (EL1)" ), 766 | ( 0b011, 0b100, "c10", "c2", 0b000 ) : ( "MAIR_EL2", "Memory Attribute Indirection Register (EL2)" ), 767 | ( 0b011, 0b101, "c10", "c2", 0b000 ) : ( "MAIR_EL12", "Memory Attribute Indirection Register (EL1)" ), 768 | ( 0b011, 0b110, "c10", "c2", 0b000 ) : ( "MAIR_EL3", "Memory Attribute Indirection Register (EL3)" ), 769 | ( 0b011, 0b000, "c0", "c0", 0b000 ) : ( "MIDR_EL1", "Main ID Register" ), 770 | ( 0b011, 0b000, "c0", "c0", 0b101 ) : ( "MPIDR_EL1", "Multiprocessor Affinity Register" ), 771 | ( 0b011, 0b000, "c0", "c3", 0b000 ) : ( "MVFR0_EL1", "AArch32 Media and VFP Feature Register 0" ), 772 | ( 0b011, 0b000, "c0", "c3", 0b001 ) : ( "MVFR1_EL1", "AArch32 Media and VFP Feature Register 1" ), 773 | ( 0b011, 0b000, "c0", "c3", 0b010 ) : ( "MVFR2_EL1", "AArch32 Media and VFP Feature Register 2" ), 774 | ( 0b011, 0b000, "c7", "c4", 0b000 ) : ( "PAR_EL1", "Physical Address Register" ), 775 | ( 0b011, 0b000, "c0", "c0", 0b110 ) : ( "REVIDR_EL1", "Revision ID Register" ), 776 | ( 0b011, 0b000, "c12", "c0", 0b010 ) : ( "RMR_EL1", "Reset Management Register (EL1)" ), 777 | ( 0b011, 0b100, "c12", "c0", 0b010 ) : ( "RMR_EL2", "Reset Management Register (EL2)" ), 778 | ( 0b011, 0b110, "c12", "c0", 0b010 ) : ( "RMR_EL3", "Reset Management Register (EL3)" ), 779 | ( 0b011, 0b000, "c12", "c0", 0b001 ) : ( "RVBAR_EL1", "Reset Vector Base Address Register (if EL2 and EL3 not implemented)" ), 780 | ( 0b011, 0b100, "c12", "c0", 0b001 ) : ( "RVBAR_EL2", "Reset Vector Base Address Register (if EL3 not implemented)" ), 781 | ( 0b011, 0b110, "c12", "c0", 0b001 ) : ( "RVBAR_EL3", "Reset Vector Base Address Register (if EL3 implemented)" ), 782 | ( 0b011, 0b110, "c1", "c1", 0b000 ) : ( "SCR_EL3", "Secure Configuration Register" ), 783 | ( 0b011, 0b110, "c1", "c1", 0b001 ) : ( "SDER_EL3", "AArch32 Secure Debug Enable Register" ), 784 | ( 0b011, 0b000, "c1", "c0", 0b000 ) : ( "SCTLR_EL1", "System Control Register (EL1)" ), 785 | ( 0b011, 0b100, "c1", "c0", 0b000 ) : ( "SCTLR_EL2", "System Control Register (EL2)" ), 786 | ( 0b011, 0b101, "c1", "c0", 0b000 ) : ( "SCTLR_EL12", "System Control Register (EL1)" ), 787 | ( 0b011, 0b110, "c1", "c0", 0b000 ) : ( "SCTLR_EL3", "System Control Register (EL3)" ), 788 | ( 0b011, 0b000, "c2", "c0", 0b010 ) : ( "TCR_EL1", "Translation Control Register (EL1)" ), 789 | ( 0b011, 0b100, "c2", "c0", 0b010 ) : ( "TCR_EL2", "Translation Control Register (EL2)" ), 790 | ( 0b011, 0b101, "c2", "c0", 0b010 ) : ( "TCR_EL12", "Translation Control Register (EL1)" ), 791 | ( 0b011, 0b110, "c2", "c0", 0b010 ) : ( "TCR_EL3", "Translation Control Register (EL3)" ), 792 | ( 0b011, 0b010, "c0", "c0", 0b000 ) : ( "TEECR32_EL1", "T32EE Configuration Register" ), # Not defined in 8.2 specifications. 793 | ( 0b011, 0b010, "c1", "c0", 0b000 ) : ( "TEEHBR32_EL1", "T32EE Handler Base Register" ), # Not defined in 8.2 specifications. 794 | ( 0b011, 0b011, "c13", "c0", 0b010 ) : ( "TPIDR_EL0", "EL0 Read/Write Software Thread ID Register" ), 795 | ( 0b011, 0b000, "c13", "c0", 0b100 ) : ( "TPIDR_EL1", "EL1 Software Thread ID Register" ), 796 | ( 0b011, 0b100, "c13", "c0", 0b010 ) : ( "TPIDR_EL2", "EL2 Software Thread ID Register" ), 797 | ( 0b011, 0b110, "c13", "c0", 0b010 ) : ( "TPIDR_EL3", "EL3 Software Thread ID Register" ), 798 | ( 0b011, 0b011, "c13", "c0", 0b011 ) : ( "TPIDRRO_EL0", "EL0 Read-Only Software Thread ID Register" ), 799 | ( 0b011, 0b000, "c2", "c0", 0b000 ) : ( "TTBR0_EL1", "Translation Table Base Register 0 (EL1)" ), 800 | ( 0b011, 0b100, "c2", "c0", 0b000 ) : ( "TTBR0_EL2", "Translation Table Base Register 0 (EL2)" ), 801 | ( 0b011, 0b101, "c2", "c0", 0b000 ) : ( "TTBR0_EL12", "Translation Table Base Register 0 (EL1)" ), 802 | ( 0b011, 0b110, "c2", "c0", 0b000 ) : ( "TTBR0_EL3", "Translation Table Base Register 0 (EL3)" ), 803 | ( 0b011, 0b000, "c2", "c0", 0b001 ) : ( "TTBR1_EL1", "Translation Table Base Register 1 (EL1)" ), 804 | ( 0b011, 0b100, "c2", "c0", 0b001 ) : ( "TTBR1_EL2", "Translation Table Base Register 1 (EL2)" ), 805 | ( 0b011, 0b101, "c2", "c0", 0b001 ) : ( "TTBR1_EL12", "Translation Table Base Register 1 (EL1)" ), 806 | ( 0b011, 0b000, "c12", "c0", 0b000 ) : ( "VBAR_EL1", "Vector Base Address Register (EL1)" ), 807 | ( 0b011, 0b100, "c12", "c0", 0b000 ) : ( "VBAR_EL2", "Vector Base Address Register (EL2)" ), 808 | ( 0b011, 0b101, "c12", "c0", 0b000 ) : ( "VBAR_EL12", "Vector Base Address Register (EL1)" ), 809 | ( 0b011, 0b110, "c12", "c0", 0b000 ) : ( "VBAR_EL3", "Vector Base Address Register (EL3)" ), 810 | ( 0b011, 0b100, "c0", "c0", 0b101 ) : ( "VMPIDR_EL2", "Virtualization Multiprocessor ID Register" ), 811 | ( 0b011, 0b100, "c0", "c0", 0b000 ) : ( "VPIDR_EL2", "Virtualization Processor ID Register" ), 812 | ( 0b011, 0b100, "c2", "c1", 0b010 ) : ( "VTCR_EL2", "Virtualization Translation Control Register" ), 813 | ( 0b011, 0b100, "c2", "c1", 0b000 ) : ( "VTTBR_EL2", "Virtualization Translation Table Base Register" ), 814 | ( 0b011, 0b001, "c15", "c2", 0b000 ) : ( "CPUACTLR_EL1", "CPU Auxiliary Control Register (EL1)" ), 815 | ( 0b011, 0b001, "c15", "c2", 0b001 ) : ( "CPUECTLR_EL1", "CPU Extended Control Register (EL1)" ), 816 | ( 0b011, 0b001, "c15", "c2", 0b010 ) : ( "CPUMERRSR_EL1", "CPU Memory Error Syndrome Register" ), 817 | ( 0b011, 0b001, "c15", "c2", 0b011 ) : ( "L2MERRSR_EL1", "L2 Memory Error Syndrome Register" ), 818 | 819 | # Pointer authentication keys. 820 | ( 0b011, 0b000, "c2", "c1", 0b000 ) : ( "APIAKeyLo_EL1", "Pointer Authentication Key A for Instruction (bits[63:0]) " ), 821 | ( 0b011, 0b000, "c2", "c1", 0b001 ) : ( "APIAKeyHi_EL1", "Pointer Authentication Key A for Instruction (bits[127:64]) " ), 822 | ( 0b011, 0b000, "c2", "c1", 0b010 ) : ( "APIBKeyLo_EL1", "Pointer Authentication Key B for Instruction (bits[63:0]) " ), 823 | ( 0b011, 0b000, "c2", "c1", 0b011 ) : ( "APIBKeyHi_EL1", "Pointer Authentication Key B for Instruction (bits[127:64]) " ), 824 | ( 0b011, 0b000, "c2", "c2", 0b000 ) : ( "APDAKeyLo_EL1", "Pointer Authentication Key A for Data (bits[63:0]) " ), 825 | ( 0b011, 0b000, "c2", "c2", 0b001 ) : ( "APDAKeyHi_EL1", "Pointer Authentication Key A for Data (bits[127:64]) " ), 826 | ( 0b011, 0b000, "c2", "c2", 0b010 ) : ( "APDBKeyLo_EL1", "Pointer Authentication Key B for Data (bits[63:0]) " ), 827 | ( 0b011, 0b000, "c2", "c2", 0b011 ) : ( "APDBKeyHi_EL1", "Pointer Authentication Key B for Data (bits[127:64]) " ), 828 | ( 0b011, 0b000, "c2", "c3", 0b000 ) : ( "APGAKeyLo_EL1", "Pointer Authentication Key A for Code (bits[63:0]) " ), 829 | ( 0b011, 0b000, "c2", "c3", 0b001 ) : ( "APGAKeyHi_EL1", "Pointer Authentication Key A for Code (bits[127:64]) " ), 830 | 831 | # Debug registers. 832 | ( 0b011, 0b100, "c1", "c1", 0b001 ) : ( "MDCR_EL2", "Monitor Debug Configuration Register (EL2)" ), 833 | ( 0b011, 0b110, "c1", "c3", 0b001 ) : ( "MDCR_EL3", "Monitor Debug Configuration Register (EL3)" ), 834 | ( 0b011, 0b011, "c4", "c5", 0b000 ) : ( "DSPSR_EL0", "Debug Saved Program Status Register" ), 835 | ( 0b011, 0b011, "c4", "c5", 0b001 ) : ( "DLR_EL0", "Debug Link Register" ), 836 | ( 0b010, 0b000, "c0", "c0", 0b010 ) : ( "OSDTRRX_EL1", "OS Lock Data Transfer Register, Receive" ), 837 | ( 0b010, 0b000, "c0", "c3", 0b010 ) : ( "OSDTRTX_EL1", "OS Lock Data Transfer Register, Transmit" ), 838 | ( 0b010, 0b000, "c0", "c6", 0b010 ) : ( "OSECCR_EL1", "OS Lock Exception Catch Control Register" ), 839 | ( 0b010, 0b011, "c0", "c4", 0b000 ) : ( "DBGDTR_EL0", "Debug Data Transfer Register, half-duplex" ), 840 | ( 0b010, 0b011, "c0", "c5", 0b000 ) : ( "DBGDTRTX_EL0", "Debug Data Transfer Register, Transmit", 841 | "DBGDTRRX_EL0", "Debug Data Transfer Register, Receive" ), 842 | ( 0b010, 0b100, "c0", "c7", 0b000 ) : ( "DBGVCR32_EL2", "Debug Vector Catch Register" ), 843 | ( 0b010, 0b000, "c0", "c0", 0b100 ) : ( "DBGBVR0_EL1", "Debug Breakpoint Value Register 0" ), 844 | ( 0b010, 0b000, "c0", "c1", 0b100 ) : ( "DBGBVR1_EL1", "Debug Breakpoint Value Register 1" ), 845 | ( 0b010, 0b000, "c0", "c2", 0b100 ) : ( "DBGBVR2_EL1", "Debug Breakpoint Value Register 2" ), 846 | ( 0b010, 0b000, "c0", "c3", 0b100 ) : ( "DBGBVR3_EL1", "Debug Breakpoint Value Register 3" ), 847 | ( 0b010, 0b000, "c0", "c4", 0b100 ) : ( "DBGBVR4_EL1", "Debug Breakpoint Value Register 4" ), 848 | ( 0b010, 0b000, "c0", "c5", 0b100 ) : ( "DBGBVR5_EL1", "Debug Breakpoint Value Register 5" ), 849 | ( 0b010, 0b000, "c0", "c6", 0b100 ) : ( "DBGBVR6_EL1", "Debug Breakpoint Value Register 6" ), 850 | ( 0b010, 0b000, "c0", "c7", 0b100 ) : ( "DBGBVR7_EL1", "Debug Breakpoint Value Register 7" ), 851 | ( 0b010, 0b000, "c0", "c8", 0b100 ) : ( "DBGBVR8_EL1", "Debug Breakpoint Value Register 8" ), 852 | ( 0b010, 0b000, "c0", "c9", 0b100 ) : ( "DBGBVR9_EL1", "Debug Breakpoint Value Register 9" ), 853 | ( 0b010, 0b000, "c0", "c10", 0b100 ) : ( "DBGBVR10_EL1", "Debug Breakpoint Value Registers 10" ), 854 | ( 0b010, 0b000, "c0", "c11", 0b100 ) : ( "DBGBVR11_EL1", "Debug Breakpoint Value Registers 11" ), 855 | ( 0b010, 0b000, "c0", "c12", 0b100 ) : ( "DBGBVR12_EL1", "Debug Breakpoint Value Registers 12" ), 856 | ( 0b010, 0b000, "c0", "c13", 0b100 ) : ( "DBGBVR13_EL1", "Debug Breakpoint Value Registers 13" ), 857 | ( 0b010, 0b000, "c0", "c14", 0b100 ) : ( "DBGBVR14_EL1", "Debug Breakpoint Value Registers 14" ), 858 | ( 0b010, 0b000, "c0", "c15", 0b100 ) : ( "DBGBVR15_EL1", "Debug Breakpoint Value Registers 15" ), 859 | ( 0b010, 0b000, "c0", "c0", 0b101 ) : ( "DBGBCR0_EL1", "Debug Breakpoint Control Register 0" ), 860 | ( 0b010, 0b000, "c0", "c1", 0b101 ) : ( "DBGBCR1_EL1", "Debug Breakpoint Control Register 1" ), 861 | ( 0b010, 0b000, "c0", "c2", 0b101 ) : ( "DBGBCR2_EL1", "Debug Breakpoint Control Register 2" ), 862 | ( 0b010, 0b000, "c0", "c3", 0b101 ) : ( "DBGBCR3_EL1", "Debug Breakpoint Control Register 3" ), 863 | ( 0b010, 0b000, "c0", "c4", 0b101 ) : ( "DBGBCR4_EL1", "Debug Breakpoint Control Register 4" ), 864 | ( 0b010, 0b000, "c0", "c5", 0b101 ) : ( "DBGBCR5_EL1", "Debug Breakpoint Control Register 5" ), 865 | ( 0b010, 0b000, "c0", "c6", 0b101 ) : ( "DBGBCR6_EL1", "Debug Breakpoint Control Register 6" ), 866 | ( 0b010, 0b000, "c0", "c7", 0b101 ) : ( "DBGBCR7_EL1", "Debug Breakpoint Control Register 7" ), 867 | ( 0b010, 0b000, "c0", "c8", 0b101 ) : ( "DBGBCR8_EL1", "Debug Breakpoint Control Register 8" ), 868 | ( 0b010, 0b000, "c0", "c9", 0b101 ) : ( "DBGBCR9_EL1", "Debug Breakpoint Control Register 9" ), 869 | ( 0b010, 0b000, "c0", "c10", 0b101 ) : ( "DBGBCR10_EL1", "Debug Breakpoint Control Register 10" ), 870 | ( 0b010, 0b000, "c0", "c11", 0b101 ) : ( "DBGBCR11_EL1", "Debug Breakpoint Control Register 11" ), 871 | ( 0b010, 0b000, "c0", "c12", 0b101 ) : ( "DBGBCR12_EL1", "Debug Breakpoint Control Register 12" ), 872 | ( 0b010, 0b000, "c0", "c13", 0b101 ) : ( "DBGBCR13_EL1", "Debug Breakpoint Control Register 13" ), 873 | ( 0b010, 0b000, "c0", "c14", 0b101 ) : ( "DBGBCR14_EL1", "Debug Breakpoint Control Register 14" ), 874 | ( 0b010, 0b000, "c0", "c15", 0b101 ) : ( "DBGBCR15_EL1", "Debug Breakpoint Control Register 15" ), 875 | ( 0b010, 0b000, "c0", "c0", 0b110 ) : ( "DBGWVR0_EL1", "Debug Watchpoint Value Register 0" ), 876 | ( 0b010, 0b000, "c0", "c1", 0b110 ) : ( "DBGWVR1_EL1", "Debug Watchpoint Value Register 1" ), 877 | ( 0b010, 0b000, "c0", "c2", 0b110 ) : ( "DBGWVR2_EL1", "Debug Watchpoint Value Register 2" ), 878 | ( 0b010, 0b000, "c0", "c3", 0b110 ) : ( "DBGWVR3_EL1", "Debug Watchpoint Value Register 3" ), 879 | ( 0b010, 0b000, "c0", "c4", 0b110 ) : ( "DBGWVR4_EL1", "Debug Watchpoint Value Register 4" ), 880 | ( 0b010, 0b000, "c0", "c5", 0b110 ) : ( "DBGWVR5_EL1", "Debug Watchpoint Value Register 5" ), 881 | ( 0b010, 0b000, "c0", "c6", 0b110 ) : ( "DBGWVR6_EL1", "Debug Watchpoint Value Register 6" ), 882 | ( 0b010, 0b000, "c0", "c7", 0b110 ) : ( "DBGWVR7_EL1", "Debug Watchpoint Value Register 7" ), 883 | ( 0b010, 0b000, "c0", "c8", 0b110 ) : ( "DBGWVR8_EL1", "Debug Watchpoint Value Register 8" ), 884 | ( 0b010, 0b000, "c0", "c9", 0b110 ) : ( "DBGWVR9_EL1", "Debug Watchpoint Value Register 9" ), 885 | ( 0b010, 0b000, "c0", "c10", 0b110 ) : ( "DBGWVR10_EL1", "Debug Watchpoint Value Register 10" ), 886 | ( 0b010, 0b000, "c0", "c11", 0b110 ) : ( "DBGWVR11_EL1", "Debug Watchpoint Value Register 11" ), 887 | ( 0b010, 0b000, "c0", "c12", 0b110 ) : ( "DBGWVR12_EL1", "Debug Watchpoint Value Register 12" ), 888 | ( 0b010, 0b000, "c0", "c13", 0b110 ) : ( "DBGWVR13_EL1", "Debug Watchpoint Value Register 13" ), 889 | ( 0b010, 0b000, "c0", "c14", 0b110 ) : ( "DBGWVR14_EL1", "Debug Watchpoint Value Register 14" ), 890 | ( 0b010, 0b000, "c0", "c15", 0b110 ) : ( "DBGWVR15_EL1", "Debug Watchpoint Value Register 15" ), 891 | ( 0b010, 0b000, "c0", "c0", 0b111 ) : ( "DBGWCR0_EL1", "Debug Watchpoint Control Register 0" ), 892 | ( 0b010, 0b000, "c0", "c1", 0b111 ) : ( "DBGWCR1_EL1", "Debug Watchpoint Control Register 1" ), 893 | ( 0b010, 0b000, "c0", "c2", 0b111 ) : ( "DBGWCR2_EL1", "Debug Watchpoint Control Register 2" ), 894 | ( 0b010, 0b000, "c0", "c3", 0b111 ) : ( "DBGWCR3_EL1", "Debug Watchpoint Control Register 3" ), 895 | ( 0b010, 0b000, "c0", "c4", 0b111 ) : ( "DBGWCR4_EL1", "Debug Watchpoint Control Register 4" ), 896 | ( 0b010, 0b000, "c0", "c5", 0b111 ) : ( "DBGWCR5_EL1", "Debug Watchpoint Control Register 5" ), 897 | ( 0b010, 0b000, "c0", "c6", 0b111 ) : ( "DBGWCR6_EL1", "Debug Watchpoint Control Register 6" ), 898 | ( 0b010, 0b000, "c0", "c7", 0b111 ) : ( "DBGWCR7_EL1", "Debug Watchpoint Control Register 7" ), 899 | ( 0b010, 0b000, "c0", "c8", 0b111 ) : ( "DBGWCR8_EL1", "Debug Watchpoint Control Register 8" ), 900 | ( 0b010, 0b000, "c0", "c9", 0b111 ) : ( "DBGWCR9_EL1", "Debug Watchpoint Control Register 9" ), 901 | ( 0b010, 0b000, "c0", "c10", 0b111 ) : ( "DBGWCR10_EL1", "Debug Watchpoint Control Register 10" ), 902 | ( 0b010, 0b000, "c0", "c11", 0b111 ) : ( "DBGWCR11_EL1", "Debug Watchpoint Control Register 11" ), 903 | ( 0b010, 0b000, "c0", "c12", 0b111 ) : ( "DBGWCR12_EL1", "Debug Watchpoint Control Register 12" ), 904 | ( 0b010, 0b000, "c0", "c13", 0b111 ) : ( "DBGWCR13_EL1", "Debug Watchpoint Control Register 13" ), 905 | ( 0b010, 0b000, "c0", "c14", 0b111 ) : ( "DBGWCR14_EL1", "Debug Watchpoint Control Register 14" ), 906 | ( 0b010, 0b000, "c0", "c15", 0b111 ) : ( "DBGWCR15_EL1", "Debug Watchpoint Control Register 15" ), 907 | ( 0b010, 0b011, "c0", "c1", 0b000 ) : ( "MDCCSR_EL0", "Monitor DCC Status Register" ), 908 | ( 0b010, 0b000, "c0", "c2", 0b000 ) : ( "MDCCINT_EL1", "Monitor DCC Interrupt Enable Register" ), 909 | ( 0b010, 0b000, "c0", "c2", 0b010 ) : ( "MDSCR_EL1", "Monitor Debug System Control Register" ), 910 | ( 0b010, 0b000, "c1", "c0", 0b000 ) : ( "MDRAR_EL1", "Monitor Debug ROM Address Register" ), 911 | ( 0b010, 0b000, "c1", "c0", 0b100 ) : ( "OSLAR_EL1", "OS Lock Access Register" ), 912 | ( 0b010, 0b000, "c1", "c1", 0b100 ) : ( "OSLSR_EL1", "OS Lock Status Register" ), 913 | ( 0b010, 0b000, "c1", "c3", 0b100 ) : ( "OSDLR_EL1", "OS Double Lock Register" ), 914 | ( 0b010, 0b000, "c1", "c4", 0b100 ) : ( "DBGPRCR_EL1", "Debug Power Control Register" ), 915 | ( 0b010, 0b000, "c7", "c8", 0b110 ) : ( "DBGCLAIMSET_EL1", "Debug Claim Tag Set register" ), 916 | ( 0b010, 0b000, "c7", "c9", 0b110 ) : ( "DBGCLAIMCLR_EL1", "Debug Claim Tag Clear register" ), 917 | ( 0b010, 0b000, "c7", "c14", 0b110 ) : ( "DBGAUTHSTATUS_EL1", "Debug Authentication Status register" ), 918 | 919 | # Limited ordering regions. 920 | ( 0b011, 0b000, "c10", "c4", 0b011 ) : ( "LORC_EL1", "LORegion Control (EL1)" ), 921 | ( 0b011, 0b000, "c10", "c4", 0b000 ) : ( "LORSA_EL1", "LORegion Start Address (EL1)" ), 922 | ( 0b011, 0b000, "c10", "c4", 0b001 ) : ( "LOREA_EL1", "LORegion End Address (EL1)" ), 923 | ( 0b011, 0b000, "c10", "c4", 0b010 ) : ( "LORN_EL1", "LORegion Number (EL1)" ), 924 | ( 0b011, 0b000, "c10", "c4", 0b111 ) : ( "LORID_EL1", "LORegionID (EL1)" ), 925 | 926 | # Performance monitor registers. 927 | ( 0b011, 0b011, "c14", "c15", 0b111 ) : ( "PMCCFILTR_EL0", "Performance Monitors Cycle Count Filter Register" ), 928 | ( 0b011, 0b011, "c9", "c13", 0b000 ) : ( "PMCCNTR_EL0", "Performance Monitors Cycle Count Register" ), 929 | ( 0b011, 0b011, "c9", "c12", 0b110 ) : ( "PMCEID0_EL0", "Performance Monitors Common Event Identification register 0" ), 930 | ( 0b011, 0b011, "c9", "c12", 0b111 ) : ( "PMCEID1_EL0", "Performance Monitors Common Event Identification register 1" ), 931 | ( 0b011, 0b011, "c9", "c12", 0b010 ) : ( "PMCNTENCLR_EL0", "Performance Monitors Count Enable Clear register" ), 932 | ( 0b011, 0b011, "c9", "c12", 0b001 ) : ( "PMCNTENSET_EL0", "Performance Monitors Count Enable Set register" ), 933 | ( 0b011, 0b011, "c9", "c12", 0b000 ) : ( "PMCR_EL0", "Performance Monitors Control Register" ), 934 | ( 0b011, 0b011, "c14", "c8", 0b000 ) : ( "PMEVCNTR0_EL0", "Performance Monitors Event Count Register 0" ), 935 | ( 0b011, 0b011, "c14", "c8", 0b001 ) : ( "PMEVCNTR1_EL0", "Performance Monitors Event Count Register 1" ), 936 | ( 0b011, 0b011, "c14", "c8", 0b010 ) : ( "PMEVCNTR2_EL0", "Performance Monitors Event Count Register 2" ), 937 | ( 0b011, 0b011, "c14", "c8", 0b011 ) : ( "PMEVCNTR3_EL0", "Performance Monitors Event Count Register 3" ), 938 | ( 0b011, 0b011, "c14", "c8", 0b100 ) : ( "PMEVCNTR4_EL0", "Performance Monitors Event Count Register 4" ), 939 | ( 0b011, 0b011, "c14", "c8", 0b101 ) : ( "PMEVCNTR5_EL0", "Performance Monitors Event Count Register 5" ), 940 | ( 0b011, 0b011, "c14", "c8", 0b110 ) : ( "PMEVCNTR6_EL0", "Performance Monitors Event Count Register 6" ), 941 | ( 0b011, 0b011, "c14", "c8", 0b111 ) : ( "PMEVCNTR7_EL0", "Performance Monitors Event Count Register 7" ), 942 | ( 0b011, 0b011, "c14", "c9", 0b000 ) : ( "PMEVCNTR8_EL0", "Performance Monitors Event Count Register 8" ), 943 | ( 0b011, 0b011, "c14", "c9", 0b001 ) : ( "PMEVCNTR9_EL0", "Performance Monitors Event Count Register 9" ), 944 | ( 0b011, 0b011, "c14", "c9", 0b010 ) : ( "PMEVCNTR10_EL0", "Performance Monitors Event Count Register 10" ), 945 | ( 0b011, 0b011, "c14", "c9", 0b011 ) : ( "PMEVCNTR11_EL0", "Performance Monitors Event Count Register 11" ), 946 | ( 0b011, 0b011, "c14", "c9", 0b100 ) : ( "PMEVCNTR12_EL0", "Performance Monitors Event Count Register 12" ), 947 | ( 0b011, 0b011, "c14", "c9", 0b101 ) : ( "PMEVCNTR13_EL0", "Performance Monitors Event Count Register 13" ), 948 | ( 0b011, 0b011, "c14", "c9", 0b110 ) : ( "PMEVCNTR14_EL0", "Performance Monitors Event Count Register 14" ), 949 | ( 0b011, 0b011, "c14", "c9", 0b111 ) : ( "PMEVCNTR15_EL0", "Performance Monitors Event Count Register 15" ), 950 | ( 0b011, 0b011, "c14", "c10", 0b000 ) : ( "PMEVCNTR16_EL0", "Performance Monitors Event Count Register 16" ), 951 | ( 0b011, 0b011, "c14", "c10", 0b001 ) : ( "PMEVCNTR17_EL0", "Performance Monitors Event Count Register 17" ), 952 | ( 0b011, 0b011, "c14", "c10", 0b010 ) : ( "PMEVCNTR18_EL0", "Performance Monitors Event Count Register 18" ), 953 | ( 0b011, 0b011, "c14", "c10", 0b011 ) : ( "PMEVCNTR19_EL0", "Performance Monitors Event Count Register 19" ), 954 | ( 0b011, 0b011, "c14", "c10", 0b100 ) : ( "PMEVCNTR20_EL0", "Performance Monitors Event Count Register 20" ), 955 | ( 0b011, 0b011, "c14", "c10", 0b101 ) : ( "PMEVCNTR21_EL0", "Performance Monitors Event Count Register 21" ), 956 | ( 0b011, 0b011, "c14", "c10", 0b110 ) : ( "PMEVCNTR22_EL0", "Performance Monitors Event Count Register 22" ), 957 | ( 0b011, 0b011, "c14", "c10", 0b111 ) : ( "PMEVCNTR23_EL0", "Performance Monitors Event Count Register 23" ), 958 | ( 0b011, 0b011, "c14", "c11", 0b000 ) : ( "PMEVCNTR24_EL0", "Performance Monitors Event Count Register 24" ), 959 | ( 0b011, 0b011, "c14", "c11", 0b001 ) : ( "PMEVCNTR25_EL0", "Performance Monitors Event Count Register 25" ), 960 | ( 0b011, 0b011, "c14", "c11", 0b010 ) : ( "PMEVCNTR26_EL0", "Performance Monitors Event Count Register 26" ), 961 | ( 0b011, 0b011, "c14", "c11", 0b011 ) : ( "PMEVCNTR27_EL0", "Performance Monitors Event Count Register 27" ), 962 | ( 0b011, 0b011, "c14", "c11", 0b100 ) : ( "PMEVCNTR28_EL0", "Performance Monitors Event Count Register 28" ), 963 | ( 0b011, 0b011, "c14", "c11", 0b101 ) : ( "PMEVCNTR29_EL0", "Performance Monitors Event Count Register 29" ), 964 | ( 0b011, 0b011, "c14", "c11", 0b110 ) : ( "PMEVCNTR30_EL0", "Performance Monitors Event Count Register 30" ), 965 | ( 0b011, 0b011, "c14", "c12", 0b000 ) : ( "PMEVTYPER0_EL0", "Performance Monitors Event Type Register 0" ), 966 | ( 0b011, 0b011, "c14", "c12", 0b001 ) : ( "PMEVTYPER1_EL0", "Performance Monitors Event Type Register 1" ), 967 | ( 0b011, 0b011, "c14", "c12", 0b010 ) : ( "PMEVTYPER2_EL0", "Performance Monitors Event Type Register 2" ), 968 | ( 0b011, 0b011, "c14", "c12", 0b011 ) : ( "PMEVTYPER3_EL0", "Performance Monitors Event Type Register 3" ), 969 | ( 0b011, 0b011, "c14", "c12", 0b100 ) : ( "PMEVTYPER4_EL0", "Performance Monitors Event Type Register 4" ), 970 | ( 0b011, 0b011, "c14", "c12", 0b101 ) : ( "PMEVTYPER5_EL0", "Performance Monitors Event Type Register 5" ), 971 | ( 0b011, 0b011, "c14", "c12", 0b110 ) : ( "PMEVTYPER6_EL0", "Performance Monitors Event Type Register 6" ), 972 | ( 0b011, 0b011, "c14", "c12", 0b111 ) : ( "PMEVTYPER7_EL0", "Performance Monitors Event Type Register 7" ), 973 | ( 0b011, 0b011, "c14", "c13", 0b000 ) : ( "PMEVTYPER8_EL0", "Performance Monitors Event Type Register 8" ), 974 | ( 0b011, 0b011, "c14", "c13", 0b001 ) : ( "PMEVTYPER9_EL0", "Performance Monitors Event Type Register 9" ), 975 | ( 0b011, 0b011, "c14", "c13", 0b010 ) : ( "PMEVTYPER10_EL0", "Performance Monitors Event Type Register 10" ), 976 | ( 0b011, 0b011, "c14", "c13", 0b011 ) : ( "PMEVTYPER11_EL0", "Performance Monitors Event Type Register 11" ), 977 | ( 0b011, 0b011, "c14", "c13", 0b100 ) : ( "PMEVTYPER12_EL0", "Performance Monitors Event Type Register 12" ), 978 | ( 0b011, 0b011, "c14", "c13", 0b101 ) : ( "PMEVTYPER13_EL0", "Performance Monitors Event Type Register 13" ), 979 | ( 0b011, 0b011, "c14", "c13", 0b110 ) : ( "PMEVTYPER14_EL0", "Performance Monitors Event Type Register 14" ), 980 | ( 0b011, 0b011, "c14", "c13", 0b111 ) : ( "PMEVTYPER15_EL0", "Performance Monitors Event Type Register 15" ), 981 | ( 0b011, 0b011, "c14", "c14", 0b000 ) : ( "PMEVTYPER16_EL0", "Performance Monitors Event Type Register 16" ), 982 | ( 0b011, 0b011, "c14", "c14", 0b001 ) : ( "PMEVTYPER17_EL0", "Performance Monitors Event Type Register 17" ), 983 | ( 0b011, 0b011, "c14", "c14", 0b010 ) : ( "PMEVTYPER18_EL0", "Performance Monitors Event Type Register 18" ), 984 | ( 0b011, 0b011, "c14", "c14", 0b011 ) : ( "PMEVTYPER19_EL0", "Performance Monitors Event Type Register 19" ), 985 | ( 0b011, 0b011, "c14", "c14", 0b100 ) : ( "PMEVTYPER20_EL0", "Performance Monitors Event Type Register 20" ), 986 | ( 0b011, 0b011, "c14", "c14", 0b101 ) : ( "PMEVTYPER21_EL0", "Performance Monitors Event Type Register 21" ), 987 | ( 0b011, 0b011, "c14", "c14", 0b110 ) : ( "PMEVTYPER22_EL0", "Performance Monitors Event Type Register 22" ), 988 | ( 0b011, 0b011, "c14", "c14", 0b111 ) : ( "PMEVTYPER23_EL0", "Performance Monitors Event Type Register 23" ), 989 | ( 0b011, 0b011, "c14", "c15", 0b000 ) : ( "PMEVTYPER24_EL0", "Performance Monitors Event Type Register 24" ), 990 | ( 0b011, 0b011, "c14", "c15", 0b001 ) : ( "PMEVTYPER25_EL0", "Performance Monitors Event Type Register 25" ), 991 | ( 0b011, 0b011, "c14", "c15", 0b010 ) : ( "PMEVTYPER26_EL0", "Performance Monitors Event Type Register 26" ), 992 | ( 0b011, 0b011, "c14", "c15", 0b011 ) : ( "PMEVTYPER27_EL0", "Performance Monitors Event Type Register 27" ), 993 | ( 0b011, 0b011, "c14", "c15", 0b100 ) : ( "PMEVTYPER28_EL0", "Performance Monitors Event Type Register 28" ), 994 | ( 0b011, 0b011, "c14", "c15", 0b101 ) : ( "PMEVTYPER29_EL0", "Performance Monitors Event Type Register 29" ), 995 | ( 0b011, 0b011, "c14", "c15", 0b110 ) : ( "PMEVTYPER30_EL0", "Performance Monitors Event Type Register 30" ), 996 | ( 0b011, 0b000, "c9", "c14", 0b010 ) : ( "PMINTENCLR_EL1", "Performance Monitors Interrupt Enable Clear register" ), 997 | ( 0b011, 0b000, "c9", "c14", 0b001 ) : ( "PMINTENSET_EL1", "Performance Monitors Interrupt Enable Set register" ), 998 | ( 0b011, 0b011, "c9", "c12", 0b011 ) : ( "PMOVSCLR_EL0", "Performance Monitors Overflow Flag Status Clear Register" ), 999 | ( 0b011, 0b011, "c9", "c14", 0b011 ) : ( "PMOVSSET_EL0", "Performance Monitors Overflow Flag Status Set register" ), 1000 | ( 0b011, 0b011, "c9", "c12", 0b101 ) : ( "PMSELR_EL0", "Performance Monitors Event Counter Selection Register" ), 1001 | ( 0b011, 0b011, "c9", "c12", 0b100 ) : ( "PMSWINC_EL0", "Performance Monitors Software Increment register" ), 1002 | ( 0b011, 0b011, "c9", "c14", 0b000 ) : ( "PMUSERENR_EL0", "Performance Monitors User Enable Register" ), 1003 | ( 0b011, 0b011, "c9", "c13", 0b010 ) : ( "PMXEVCNTR_EL0", "Performance Monitors Selected Event Count Register" ), 1004 | ( 0b011, 0b011, "c9", "c13", 0b001 ) : ( "PMXEVTYPER_EL0", "Performance Monitors Selected Event Type Register" ), 1005 | 1006 | # Generic Timer registers. 1007 | ( 0b011, 0b011, "c14", "c0", 0b000 ) : ( "CNTFRQ_EL0", "Counter-timer Frequency register" ), 1008 | ( 0b011, 0b100, "c14", "c1", 0b000 ) : ( "CNTHCTL_EL2", "Counter-timer Hypervisor Control register" ), 1009 | ( 0b011, 0b100, "c14", "c2", 0b001 ) : ( "CNTHP_CTL_EL2", "Counter-timer Hypervisor Physical Timer Control register" ), 1010 | ( 0b011, 0b100, "c14", "c2", 0b010 ) : ( "CNTHP_CVAL_EL2", "Counter-timer Hypervisor Physical Timer CompareValue register" ), 1011 | ( 0b011, 0b100, "c14", "c2", 0b000 ) : ( "CNTHP_TVAL_EL2", "Counter-timer Hypervisor Physical Timer TimerValue register" ), 1012 | ( 0b011, 0b100, "c14", "c3", 0b000 ) : ( "CNTHV_TVAL_EL2", "Counter-timer Virtual Timer TimerValue register (EL2)" ), 1013 | ( 0b011, 0b100, "c14", "c3", 0b001 ) : ( "CNTHV_CTL_EL2", "Counter-timer Virtual Timer Control register (EL2)" ), 1014 | ( 0b011, 0b100, "c14", "c3", 0b010 ) : ( "CNTHV_CVAL_EL2", "Counter-timer Virtual Timer CompareValue register (EL2)" ), 1015 | ( 0b011, 0b000, "c14", "c1", 0b000 ) : ( "CNTKCTL_EL1", "Counter-timer Hypervisor Control register" ), 1016 | ( 0b011, 0b101, "c14", "c1", 0b000 ) : ( "CNTKCTL_EL12", "Counter-timer Kernel Control register" ), 1017 | ( 0b011, 0b011, "c14", "c2", 0b001 ) : ( "CNTP_CTL_EL0", "Counter-timer Hypervisor Physical Timer Control register" ), 1018 | ( 0b011, 0b101, "c14", "c2", 0b001 ) : ( "CNTP_CTL_EL02", "Counter-timer Physical Timer Control register" ), 1019 | ( 0b011, 0b011, "c14", "c2", 0b010 ) : ( "CNTP_CVAL_EL0", "Counter-timer Physical Timer CompareValue register" ), 1020 | ( 0b011, 0b101, "c14", "c2", 0b010 ) : ( "CNTP_CVAL_EL02", "Counter-timer Physical Timer CompareValue register" ), 1021 | ( 0b011, 0b011, "c14", "c2", 0b000 ) : ( "CNTP_TVAL_EL0", "Counter-timer Physical Timer TimerValue register" ), 1022 | ( 0b011, 0b101, "c14", "c2", 0b000 ) : ( "CNTP_TVAL_EL02", "Counter-timer Physical Timer TimerValue register" ), 1023 | ( 0b011, 0b011, "c14", "c0", 0b001 ) : ( "CNTPCT_EL0", "Counter-timer Physical Count register" ), 1024 | ( 0b011, 0b111, "c14", "c2", 0b001 ) : ( "CNTPS_CTL_EL1", "Counter-timer Physical Secure Timer Control register" ), 1025 | ( 0b011, 0b111, "c14", "c2", 0b010 ) : ( "CNTPS_CVAL_EL1", "Counter-timer Physical Secure Timer CompareValue register" ), 1026 | ( 0b011, 0b111, "c14", "c2", 0b000 ) : ( "CNTPS_TVAL_EL1", "Counter-timer Physical Secure Timer TimerValue register" ), 1027 | ( 0b011, 0b011, "c14", "c3", 0b001 ) : ( "CNTV_CTL_EL0", "Counter-timer Virtual Timer Control register (EL2)" ), 1028 | ( 0b011, 0b101, "c14", "c3", 0b001 ) : ( "CNTV_CTL_EL02", "Counter-timer Virtual Timer Control register" ), 1029 | ( 0b011, 0b011, "c14", "c3", 0b010 ) : ( "CNTV_CVAL_EL0", "Counter-timer Virtual Timer CompareValue register" ), 1030 | ( 0b011, 0b101, "c14", "c3", 0b010 ) : ( "CNTV_CVAL_EL02", "Counter-timer Virtual Timer CompareValue register" ), 1031 | ( 0b011, 0b011, "c14", "c3", 0b000 ) : ( "CNTV_TVAL_EL0", "Counter-timer Virtual Timer TimerValue register" ), 1032 | ( 0b011, 0b101, "c14", "c3", 0b000 ) : ( "CNTV_TVAL_EL02", "Counter-timer Virtual Timer TimerValue register" ), 1033 | ( 0b011, 0b011, "c14", "c0", 0b010 ) : ( "CNTVCT_EL0", "Counter-timer Virtual Count register" ), 1034 | ( 0b011, 0b100, "c14", "c0", 0b011 ) : ( "CNTVOFF_EL2", "Counter-timer Virtual Offset register" ), 1035 | 1036 | # Generic Interrupt Controller CPU interface registers. 1037 | ( 0b011, 0b000, "c12", "c8", 0b100 ) : ( "ICC_AP0R0_EL1", "Interrupt Controller Active Priorities Group 0 Register 0" ), 1038 | ( 0b011, 0b000, "c12", "c8", 0b101 ) : ( "ICC_AP0R1_EL1", "Interrupt Controller Active Priorities Group 0 Register 1" ), 1039 | ( 0b011, 0b000, "c12", "c8", 0b110 ) : ( "ICC_AP0R2_EL1", "Interrupt Controller Active Priorities Group 0 Register 2" ), 1040 | ( 0b011, 0b000, "c12", "c8", 0b111 ) : ( "ICC_AP0R3_EL1", "Interrupt Controller Active Priorities Group 0 Register 3" ), 1041 | ( 0b011, 0b000, "c12", "c9", 0b000 ) : ( "ICC_AP1R0_EL1", "Interrupt Controller Active Priorities Group 1 Register 0" ), 1042 | ( 0b011, 0b000, "c12", "c9", 0b001 ) : ( "ICC_AP1R1_EL1", "Interrupt Controller Active Priorities Group 1 Register 1" ), 1043 | ( 0b011, 0b000, "c12", "c9", 0b010 ) : ( "ICC_AP1R2_EL1", "Interrupt Controller Active Priorities Group 1 Register 2" ), 1044 | ( 0b011, 0b000, "c12", "c9", 0b011 ) : ( "ICC_AP1R3_EL1", "Interrupt Controller Active Priorities Group 1 Register 3" ), 1045 | ( 0b011, 0b000, "c12", "c11", 0b110 ) : ( "ICC_ASGI1R_EL1", "Interrupt Controller Alias Software Generated Interrupt Group 1 Register" ), 1046 | ( 0b011, 0b000, "c12", "c8", 0b011 ) : ( "ICC_BPR0_EL1", "Interrupt Controller Binary Point Register 0" ), 1047 | ( 0b011, 0b000, "c12", "c12", 0b011 ) : ( "ICC_BPR1_EL1", "Interrupt Controller Binary Point Register 1" ), 1048 | ( 0b011, 0b000, "c12", "c12", 0b100 ) : ( "ICC_CTLR_EL1", "Interrupt Controller Virtual Control Register" ), 1049 | ( 0b011, 0b110, "c12", "c12", 0b100 ) : ( "ICC_CTLR_EL3", "Interrupt Controller Control Register (EL3)" ), 1050 | ( 0b011, 0b000, "c12", "c11", 0b001 ) : ( "ICC_DIR_EL1", "Interrupt Controller Deactivate Virtual Interrupt Register" ), 1051 | ( 0b011, 0b000, "c12", "c8", 0b001 ) : ( "ICC_EOIR0_EL1", "Interrupt Controller End Of Interrupt Register 0" ), 1052 | ( 0b011, 0b000, "c12", "c12", 0b001 ) : ( "ICC_EOIR1_EL1", "Interrupt Controller End Of Interrupt Register 1" ), 1053 | ( 0b011, 0b000, "c12", "c8", 0b010 ) : ( "ICC_HPPIR0_EL1", "Interrupt Controller Virtual Highest Priority Pending Interrupt Register 0" ), 1054 | ( 0b011, 0b000, "c12", "c12", 0b010 ) : ( "ICC_HPPIR1_EL1", "Interrupt Controller Virtual Highest Priority Pending Interrupt Register 1" ), 1055 | ( 0b011, 0b000, "c12", "c8", 0b000 ) : ( "ICC_IAR0_EL1", "Interrupt Controller Virtual Interrupt Acknowledge Register 0" ), 1056 | ( 0b011, 0b000, "c12", "c12", 0b000 ) : ( "ICC_IAR1_EL1", "Interrupt Controller Interrupt Acknowledge Register 1" ), 1057 | ( 0b011, 0b000, "c12", "c12", 0b110 ) : ( "ICC_IGRPEN0_EL1", "Interrupt Controller Virtual Interrupt Group 0 Enable register" ), 1058 | ( 0b011, 0b000, "c12", "c12", 0b111 ) : ( "ICC_IGRPEN1_EL1", "Interrupt Controller Interrupt Group 1 Enable register" ), 1059 | ( 0b011, 0b110, "c12", "c12", 0b111 ) : ( "ICC_IGRPEN1_EL3", "Interrupt Controller Interrupt Group 1 Enable register (EL3)" ), 1060 | ( 0b011, 0b000, "c4", "c6", 0b000 ) : ( "ICC_PMR_EL1", "Interrupt Controller Interrupt Priority Mask Register" ), 1061 | ( 0b011, 0b000, "c12", "c11", 0b011 ) : ( "ICC_RPR_EL1", "Interrupt Controller Running Priority Register" ), # Not defined in 8.2 specifications. 1062 | ( 0b011, 0b000, "c12", "c11", 0b000 ) : ( "ICC_SEIEN_EL1", "Interrupt Controller System Error Interrupt Enable Register" ), 1063 | ( 0b011, 0b000, "c12", "c11", 0b111 ) : ( "ICC_SGI0R_EL1", "Interrupt Controller Software Generated Interrupt Group 0 Register" ), 1064 | ( 0b011, 0b000, "c12", "c11", 0b101 ) : ( "ICC_SGI1R_EL1", "Interrupt Controller Software Generated Interrupt Group 1 Register" ), 1065 | ( 0b011, 0b000, "c12", "c12", 0b101 ) : ( "ICC_SRE_EL1", "Interrupt Controller System Register Enable register (EL1)" ), 1066 | ( 0b011, 0b100, "c12", "c9", 0b101 ) : ( "ICC_SRE_EL2", "Interrupt Controller System Register Enable register (EL2)" ), 1067 | ( 0b011, 0b110, "c12", "c12", 0b101 ) : ( "ICC_SRE_EL3", "Interrupt Controller System Register Enable register (EL3)" ), 1068 | ( 0b011, 0b100, "c12", "c8", 0b000 ) : ( "ICH_AP0R0_EL2", "Interrupt Controller Hyp Active Priorities Group 0 Register 0" ), 1069 | ( 0b011, 0b100, "c12", "c8", 0b001 ) : ( "ICH_AP0R1_EL2", "Interrupt Controller Hyp Active Priorities Group 0 Register 1" ), 1070 | ( 0b011, 0b100, "c12", "c8", 0b010 ) : ( "ICH_AP0R2_EL2", "Interrupt Controller Hyp Active Priorities Group 0 Register 2" ), 1071 | ( 0b011, 0b100, "c12", "c8", 0b011 ) : ( "ICH_AP0R3_EL2", "Interrupt Controller Hyp Active Priorities Group 0 Register 3" ), 1072 | ( 0b011, 0b100, "c12", "c9", 0b000 ) : ( "ICH_AP1R0_EL2", "Interrupt Controller Hyp Active Priorities Group 1 Register 0" ), 1073 | ( 0b011, 0b100, "c12", "c9", 0b001 ) : ( "ICH_AP1R1_EL2", "Interrupt Controller Hyp Active Priorities Group 1 Register 1" ), 1074 | ( 0b011, 0b100, "c12", "c9", 0b010 ) : ( "ICH_AP1R2_EL2", "Interrupt Controller Hyp Active Priorities Group 1 Register 2" ), 1075 | ( 0b011, 0b100, "c12", "c9", 0b011 ) : ( "ICH_AP1R3_EL2", "Interrupt Controller Hyp Active Priorities Group 1 Register 3" ), 1076 | ( 0b011, 0b100, "c12", "c11", 0b011 ) : ( "ICH_EISR_EL2", "Interrupt Controller End of Interrupt Status Register" ), 1077 | ( 0b011, 0b100, "c12", "c11", 0b101 ) : ( "ICH_ELSR_EL2", "Interrupt Controller Empty List Register Status Register" ), # Named ICH_ELRSR_EL2 in 8.2 specifications. 1078 | ( 0b011, 0b100, "c12", "c11", 0b000 ) : ( "ICH_HCR_EL2", "Interrupt Controller Hyp Control Register" ), 1079 | ( 0b011, 0b100, "c12", "c12", 0b000 ) : ( "ICH_LR0_EL2", "Interrupt Controller List Register 0" ), 1080 | ( 0b011, 0b100, "c12", "c12", 0b001 ) : ( "ICH_LR1_EL2", "Interrupt Controller List Register 1" ), 1081 | ( 0b011, 0b100, "c12", "c12", 0b010 ) : ( "ICH_LR2_EL2", "Interrupt Controller List Register 2" ), 1082 | ( 0b011, 0b100, "c12", "c12", 0b011 ) : ( "ICH_LR3_EL2", "Interrupt Controller List Register 3" ), 1083 | ( 0b011, 0b100, "c12", "c12", 0b100 ) : ( "ICH_LR4_EL2", "Interrupt Controller List Register 4" ), 1084 | ( 0b011, 0b100, "c12", "c12", 0b101 ) : ( "ICH_LR5_EL2", "Interrupt Controller List Register 5" ), 1085 | ( 0b011, 0b100, "c12", "c12", 0b110 ) : ( "ICH_LR6_EL2", "Interrupt Controller List Register 6" ), 1086 | ( 0b011, 0b100, "c12", "c12", 0b111 ) : ( "ICH_LR7_EL2", "Interrupt Controller List Register 7" ), 1087 | ( 0b011, 0b100, "c12", "c13", 0b000 ) : ( "ICH_LR8_EL2", "Interrupt Controller List Register 8" ), 1088 | ( 0b011, 0b100, "c12", "c13", 0b001 ) : ( "ICH_LR9_EL2", "Interrupt Controller List Register 9" ), 1089 | ( 0b011, 0b100, "c12", "c13", 0b010 ) : ( "ICH_LR10_EL2", "Interrupt Controller List Register 10" ), 1090 | ( 0b011, 0b100, "c12", "c13", 0b011 ) : ( "ICH_LR11_EL2", "Interrupt Controller List Register 11" ), 1091 | ( 0b011, 0b100, "c12", "c13", 0b100 ) : ( "ICH_LR12_EL2", "Interrupt Controller List Register 12" ), 1092 | ( 0b011, 0b100, "c12", "c13", 0b101 ) : ( "ICH_LR13_EL2", "Interrupt Controller List Register 13" ), 1093 | ( 0b011, 0b100, "c12", "c13", 0b110 ) : ( "ICH_LR14_EL2", "Interrupt Controller List Register 14" ), 1094 | ( 0b011, 0b100, "c12", "c13", 0b111 ) : ( "ICH_LR15_EL2", "Interrupt Controller List Register 15" ), 1095 | ( 0b011, 0b100, "c12", "c11", 0b010 ) : ( "ICH_MISR_EL2", "Interrupt Controller Maintenance Interrupt State Register" ), 1096 | ( 0b011, 0b100, "c12", "c11", 0b111 ) : ( "ICH_VMCR_EL2", "Interrupt Controller Virtual Machine Control Register" ), 1097 | ( 0b011, 0b100, "c12", "c9", 0b100 ) : ( "ICH_VSEIR_EL2", "Interrupt Controller Virtual System Error Interrupt Register" ), # Not defined in 8.2 specifications. 1098 | ( 0b011, 0b100, "c12", "c11", 0b001 ) : ( "ICH_VTR_EL2", "Interrupt Controller VGIC Type Register" ), 1099 | } 1100 | 1101 | # Aarch32 fields. 1102 | COPROC_FIELDS = { 1103 | "FPSCR" : { 1104 | 0 : ( "IOC", "Invalid Operation exception" ), 1105 | 1 : ( "DZC", "Division by Zero exception" ), 1106 | 2 : ( "OFC", "Overflow exception" ), 1107 | 3 : ( "UFC", "Underflow exception" ), 1108 | 4 : ( "IXC", "Inexact exception" ), 1109 | 7 : ( "IDC", "Input Denormal exception" ), 1110 | 19 : ( "FZ16", "Flush-to-zero mode on half-precision instructions" ), 1111 | # 22-23: RMode 1112 | 24 : ( "FZ", "Flush-to-zero mode" ), 1113 | 25 : ( "DN", "Default NaN mode" ), 1114 | 26 : ( "AHP", "Alternative Half-Precision" ), 1115 | 27 : ( "QC", "Saturation" ), 1116 | 28 : ( "V", "Overflow flag" ), 1117 | 29 : ( "C", "Carry flag" ), 1118 | 30 : ( "Z", "Zero flag" ), 1119 | 31 : ( "N", "Negative flag" ) 1120 | }, 1121 | "HCR" : { 1122 | 0 : ( "VM", "Virtualization MMU enable" ), 1123 | 1 : ( "SWIO", "Set/Way Invalidation Override" ), 1124 | 2 : ( "PTW", "Protected Table Walk" ), 1125 | 3 : ( "FMO", "FIQ Mask Override" ), 1126 | 4 : ( "IMO", "IRQ Mask Override" ), 1127 | 5 : ( "AMO", "Asynchronous Abort Mask Override" ), 1128 | 6 : ( "VE", "Virtual FIQ exception" ), 1129 | 7 : ( "VI", "Virtual IRQ exception" ), 1130 | 8 : ( "VA", "Virtual Asynchronous Abort exception" ), 1131 | 9 : ( "FB", "Force Broadcast" ), 1132 | 10 : ( "BSU_0", "Barrier Shareability Upgrade" ), 1133 | 11 : ( "BSU_1", "Barrier Shareability Upgrade" ), 1134 | 12 : ( "DC", "Default cacheable" ), 1135 | 13 : ( "TWI", "Trap WFI" ), 1136 | 14 : ( "TWE", "Trap WFE" ), 1137 | 15 : ( "TID0", "Trap ID Group 0" ), 1138 | 16 : ( "TID1", "Trap ID Group 1" ), 1139 | 17 : ( "TID2", "Trap ID Group 2" ), 1140 | 18 : ( "TID3", "Trap ID Group 3" ), 1141 | 19 : ( "TSC", "Trap SMC instruction" ), 1142 | 20 : ( "TIDCP", "Trap Implementation Dependent functionality" ), 1143 | 21 : ( "TAC", "Trap ACTLR accesses" ), 1144 | 22 : ( "TSW", "Trap Data/Unified Cache maintenance operations by Set/Way" ), 1145 | 23 : ( "TPC", "Trap Data/Unified Cache maintenance operations to Point of Coherency" ), 1146 | 24 : ( "TPU", "Trap Cache maintenance instructions to Point of Unification" ), 1147 | 25 : ( "TTLB", "Trap TLB maintenance instructions" ), 1148 | 26 : ( "TVM", "Trap Virtual Memory controls" ), 1149 | 27 : ( "TGE", "Trap General Exceptions" ), 1150 | 29 : ( "HCD", "Hypervisor Call Disable" ), 1151 | 30 : ( "TRVM", "Trap Read of Virtual Memory controls" ) 1152 | }, 1153 | "HCR2" : { 1154 | 0 : ( "CD", "Stage 2 Data cache disable" ), 1155 | 1 : ( "ID", "Stage 2 Instruction cache disable" ), 1156 | 4 : ( "TERR", "Trap Error record accesses" ), 1157 | 5 : ( "TEA", "Route synchronous External Abort exceptions to EL2" ), 1158 | 6 : ( "MIOCNCE", "Mismatched Inner/Outer Cacheable Non-Coherency Enable" ) 1159 | }, 1160 | "SCR" : { 1161 | 0 : ( "NS", "Non-secure" ), 1162 | 1 : ( "IRQ", "IRQ handler" ), 1163 | 2 : ( "FIQ", "FIQ handler" ), 1164 | 3 : ( "EA", "External Abort handler" ), 1165 | 4 : ( "FW", "Can mask Non-secure FIQ" ), 1166 | 5 : ( "AW", "Can mask Non-secure external aborts" ), 1167 | 6 : ( "nET", "Not Early Termination" ), 1168 | 7 : ( "SCD", "Secure Monitor Call disable" ), 1169 | 8 : ( "HCE", "Hypervisor Call instruction enable" ), 1170 | 9 : ( "SIF", "Secure instruction fetch" ), 1171 | 12 : ( "TWI", "Traps WFI instructions to Monitor mode" ), 1172 | 13 : ( "TWE", "Traps WFE instructions to Monitor mode" ), 1173 | 15 : ( "TERR", "Trap Error record accesses" ) 1174 | }, 1175 | "SCTLR" : { 1176 | 0 : ( "M", "MMU Enable" ), 1177 | 1 : ( "A", "Alignment" ), 1178 | 2 : ( "C", "Cache Enable" ), 1179 | 3 : ( "nTLSMD", "No Trap Load Multiple and Store Multiple to Device-nGRE/Device-nGnRE/Device-nGnRnE memory" ), 1180 | 4 : ( "LSMAOE", "Load Multiple and Store Multiple Atomicity and Ordering Enable" ), 1181 | 5 : ( "CP15BEN", "System instruction memory barrier enable" ), 1182 | 7 : ( "ITD", "IT Disable" ), 1183 | 8 : ( "SETEND", "SETEND instruction disable" ), 1184 | 10 : ( "SW", "SWP/SWPB Enable" ), 1185 | 11 : ( "Z", "Branch Prediction Enable" ), 1186 | 12 : ( "I", "Instruction cache Enable" ), 1187 | 13 : ( "V", "High exception vectors" ), 1188 | 14 : ( "RR", "Round-robin cache" ), 1189 | 16 : ( "nTWI", "Traps EL0 execution of WFI instructions to Undefined mode" ), 1190 | 17 : ( "HA", "Hardware Access Enable" ), 1191 | 18 : ( "nTWE", "Traps EL0 execution of WFE instructions to Undefined mode" ), 1192 | 19 : ( "WXN", "Write permission implies XN" ), 1193 | 20 : ( "UWXN", "Unprivileged write permission implies PL1 XN" ), 1194 | 21 : ( "FI", "Fast Interrupts configuration" ), 1195 | 23 : ( "SPAN", "Set Privileged Access Never" ), 1196 | 24 : ( "VE", "Interrupt Vectors Enable" ), 1197 | 25 : ( "EE", "Exception Endianness" ), 1198 | 27 : ( "NMFI", "Non-maskable Fast Interrupts" ), 1199 | 28 : ( "TRE", "TEX Remap Enable" ), 1200 | 29 : ( "AFE", "Access Flag Enable" ), 1201 | 30 : ( "TE", "Thumb Exception Enable" ) 1202 | }, 1203 | "HSCTLR" : { 1204 | 0 : ( "M", "MMU Enable" ), 1205 | 1 : ( "A", "Alignment" ), 1206 | 2 : ( "C", "Cache Enable" ), 1207 | 3 : ( "SA", "Stack alignment check" ), 1208 | 12 : ( "I", "Instruction cache Enable" ), 1209 | 19 : ( "WXN", "Write permission implies XN" ), 1210 | 25 : ( "EE", "Exception Endianness" ), 1211 | 30 : ( "TE", "Thumb Exception Enable" ) 1212 | }, 1213 | "NSACR" : { 1214 | 10 : ( "CP10", "CP10 access in the NS state" ), 1215 | 11 : ( "CP11", "CP11 access in the NS state" ), 1216 | 14 : ( "NSD32DIS", "Disable the NS use of D16-D31 of the VFP register file" ), 1217 | 15 : ( "NSASEDIS", "Disable NS Advanced SIMD Extension functionality" ), 1218 | 16 : ( "PLE", "NS access to the Preload Engine resources" ), 1219 | 17 : ( "TL", "Lockable TLB entries can be allocated in NS state" ), 1220 | 18 : ( "NS_SMP", "SMP bit of the Auxiliary Control Register is writable in NS state" ), 1221 | }, 1222 | } 1223 | 1224 | # Aarch64 fields. 1225 | SYSREG_FIELDS = { 1226 | "DAIF" : { 1227 | 6 : ( "F", "FIQ mask" ), 1228 | 7 : ( "I", "IRQ mask" ), 1229 | 8 : ( "A", "SError interrupt mask" ), 1230 | 9 : ( "D", "Process state D mask" ) 1231 | }, 1232 | "FPCR" : { 1233 | 8 : ( "IOE", "Invalid Operation exception trap enable" ), 1234 | 9 : ( "DZE", "Division by Zero exception trap enable" ), 1235 | 10 : ( "OFE", "Overflow exception trap enable" ), 1236 | 11 : ( "UFE", "Underflow exception trap enable" ), 1237 | 12 : ( "IXE", "Inexact exception trap enable" ), 1238 | 15 : ( "IDE", "Input Denormal exception trap enable" ), 1239 | 19 : ( "FZ16", "Flush-to-zero mode on half-precision instructions" ), 1240 | # 22-23 : RMode 1241 | 24 : ( "FZ", "Flush-to-zero-mode" ), 1242 | 25 : ( "DN", "Default NaN mode" ), 1243 | 26 : ( "AHP", "Alternative Half-Precision" ) 1244 | }, 1245 | "FPSR" : { 1246 | 0 : ( "IOC", "Invalid Operation exception" ), 1247 | 1 : ( "DZC", "Division by Zero exception" ), 1248 | 2 : ( "OFC", "Overflow exception" ), 1249 | 3 : ( "UFC", "Underflow exception" ), 1250 | 4 : ( "IXC", "Inexact exception" ), 1251 | 7 : ( "IDC", "Input Denormal exception" ), 1252 | 27 : ( "QC", "Saturation" ), 1253 | 28 : ( "V", "Overflow flag" ), 1254 | 29 : ( "C", "Carry flag" ), 1255 | 30 : ( "Z", "Zero flag" ), 1256 | 31 : ( "N", "Negative flag" ) 1257 | }, 1258 | "HCR_EL2" : { 1259 | 0 : ( "VM", "Virtualization MMU enable" ), 1260 | 1 : ( "SWIO", "Set/Way Invalidation Override" ), 1261 | 2 : ( "PTW", "Protected Table Walk" ), 1262 | 3 : ( "FMO", "FIQ Mask Override" ), 1263 | 4 : ( "IMO", "IRQ Mask Override" ), 1264 | 5 : ( "AMO", "Asynchronous Abort Mask Override" ), 1265 | 6 : ( "VE", "Virtual FIQ exception" ), 1266 | 7 : ( "VI", "Virtual IRQ exception" ), 1267 | 8 : ( "VA", "Virtual Asynchronous Abort exception" ), 1268 | 9 : ( "FB", "Force Broadcast" ), 1269 | 10 : ( "BSU_0", "Barrier Shareability Upgrade" ), 1270 | 11 : ( "BSU_1", "Barrier Shareability Upgrade" ), 1271 | 12 : ( "DC", "Default cacheable" ), 1272 | 13 : ( "TWI", "Trap WFI" ), 1273 | 14 : ( "TWE", "Trap WFE" ), 1274 | 15 : ( "TID0", "Trap ID Group 0" ), 1275 | 16 : ( "TID1", "Trap ID Group 1" ), 1276 | 17 : ( "TID2", "Trap ID Group 2" ), 1277 | 18 : ( "TID3", "Trap ID Group 3" ), 1278 | 19 : ( "TSC", "Trap SMC instruction" ), 1279 | 20 : ( "TIDCP", "Trap Implementation Dependent functionality" ), 1280 | 21 : ( "TAC", "Trap ACTLR accesses" ), 1281 | 22 : ( "TSW", "Trap Data/Unified Cache maintenance operations by Set/Way" ), 1282 | 23 : ( "TPC", "Trap Data/Unified Cache maintenance operations to Point of Coherency" ), 1283 | 24 : ( "TPU", "Trap Cache maintenance instructions to Point of Unification" ), 1284 | 25 : ( "TTLB", "Trap TLB maintenance instructions" ), 1285 | 26 : ( "TVM", "Trap Virtual Memory controls" ), 1286 | 27 : ( "TGE", "Trap General Exceptions" ), 1287 | 29 : ( "HCD", "Hypervisor Call Disable" ), 1288 | 30 : ( "TRVM", "Trap Read of Virtual Memory controls" ), 1289 | 31 : ( "RW", "Lower level is AArch64" ), 1290 | 32 : ( "CD", "Stage 2 Data cache disable" ), 1291 | 33 : ( "ID", "Stage 2 Instruction cache disable" ), 1292 | 34 : ( "E2H", "EL2 Host" ), 1293 | 35 : ( "TLOR", "Trap LOR registers" ), 1294 | 36 : ( "TERR", "Trap Error record accesses" ), 1295 | 37 : ( "TEA", "Route synchronous External Abort exceptions to EL2" ), 1296 | 38 : ( "MIOCNCE", "Mismatched Inner/Outer Cacheable Non-Coherency Enable" ) 1297 | }, 1298 | "SCR_EL3" : { 1299 | 0 : ( "NS", "Non-secure" ), 1300 | 1 : ( "IRQ", "IRQ handler" ), 1301 | 2 : ( "FIQ", "FIQ handler" ), 1302 | 3 : ( "EA", "External Abort handler" ), 1303 | 7 : ( "SMD", "Secure Monitor Call disable" ), 1304 | 8 : ( "HCE", "Hypervisor Call instruction enable" ), 1305 | 9 : ( "SIF", "Secure instruction fetch" ), 1306 | 10 : ( "RW", "Lower level is AArch64" ), 1307 | 11 : ( "ST", "Traps Secure EL1 accesses to the Counter-timer Physical Secure timer registers to EL3, from AArch64 state only." ), 1308 | 12 : ( "TWI", "Traps WFI instructions to Monitor mode" ), 1309 | 13 : ( "TWE", "Traps WFE instructions to Monitor mode" ), 1310 | 14 : ( "TLOR", "Traps LOR registers" ), 1311 | 15 : ( "TERR", "Trap Error record accesses" ) 1312 | }, 1313 | "SCTLR_EL1" : { 1314 | 0 : ( "M", "MMU Enable" ), 1315 | 1 : ( "A", "Alignment" ), 1316 | 2 : ( "C", "Cache Enable" ), 1317 | 3 : ( "SA", "Stack alignment check" ), 1318 | 4 : ( "SA0", "Stack alignment check for EL0" ), 1319 | 5 : ( "CP15BEN", "System instruction memory barrier enable" ), 1320 | 6 : ( "THEE", "T32EE enable" ), 1321 | 7 : ( "ITD", "IT Disable" ), 1322 | 8 : ( "SED", "SETEND instruction disable" ), 1323 | 9 : ( "UMA", "User Mask Access" ), 1324 | 12 : ( "I", "Instruction cache Enable" ), 1325 | 14 : ( "DZE", "Access to DC ZVA instruction at EL0" ), 1326 | 15 : ( "UCT", "Access to CTR_EL0 to EL0" ), 1327 | 16 : ( "nTWI", "Traps EL0 execution of WFI instructions to Undefined mode" ), 1328 | 18 : ( "nTWE", "Traps EL0 execution of WFE instructions to Undefined mode" ), 1329 | 19 : ( "WXN", "Write permission implies XN" ), 1330 | 24 : ( "E0E", "Endianess of explicit data accesses at EL0" ), 1331 | 25 : ( "EE", "Exception Endianness" ), 1332 | 26 : ( "UCI", "Enable EL0 access to DC CVAU, DC CIVAC, DC CVAC and DC IVAU instructions" ), 1333 | }, 1334 | "SCTLR_EL2" : { 1335 | 0 : ( "M", "MMU Enable" ), 1336 | 1 : ( "A", "Alignment" ), 1337 | 2 : ( "C", "Cache Enable" ), 1338 | 3 : ( "SA", "Stack alignment check" ), 1339 | 12 : ( "I", "Instruction cache Enable" ), 1340 | 19 : ( "WXN", "Write permission implies XN" ), 1341 | 25 : ( "EE", "Exception Endianness" ), 1342 | }, 1343 | "SCTLR_EL3" : { 1344 | 0 : ( "M", "MMU Enable" ), 1345 | 1 : ( "A", "Alignment" ), 1346 | 2 : ( "C", "Cache Enable" ), 1347 | 3 : ( "SA", "Stack alignment check" ), 1348 | 12 : ( "I", "Instruction cache Enable" ), 1349 | 19 : ( "WXN", "Write permission implies XN" ), 1350 | 25 : ( "EE", "Exception Endianness" ), 1351 | }, 1352 | } 1353 | 1354 | ARM_MODES = { 1355 | 0b10000 : "User", 1356 | 0b10001 : "FIQ", 1357 | 0b10010 : "IRQ", 1358 | 0b10011 : "Supervisor", 1359 | 0b10110 : "Monitor", 1360 | 0b10111 : "Abort", 1361 | 0b11011 : "Undefined", 1362 | 0b11111 : "System" 1363 | } 1364 | 1365 | PSTATE_OPS = { 1366 | 0b101 : "SPSel", 1367 | 0b110 : "DAIFSet", 1368 | 0b111 : "DAIFClr" 1369 | } 1370 | 1371 | def extract_bits(bitmap, value): 1372 | return [ bitmap[b] for b in bitmap if value & (1 << b) ] 1373 | 1374 | def is_system_insn(ea): 1375 | mnem = GetMnem(ea) 1376 | if len(mnem) > 0: 1377 | if mnem in SYSTEM_INSN: 1378 | return True 1379 | if mnem[0:3] == "LDM" and GetOpnd(ea, 1)[-1:] == "^": 1380 | return True 1381 | if mnem[0:4] in ("SUBS", "MOVS") and GetOpnd(ea, 0) == "PC" and GetOpnd(ea, 1) == "LR": 1382 | return True 1383 | return False 1384 | 1385 | def backtrack_fields(ea, reg, fields): 1386 | while True: 1387 | ea -= ItemSize(ea) 1388 | prev_mnem = GetMnem(ea)[0:3] 1389 | if prev_mnem in ("LDR", "MOV", "ORR", "BIC") and GetOpnd(ea, 0) == reg: 1390 | if prev_mnem == "LDR" and GetOpnd(ea, 1)[0] == "=": 1391 | bits = extract_bits(fields, Dword(GetOperandValue(ea, 1))) 1392 | MakeComm(ea, "Set bits %s" % ", ".join([abbrev for (abbrev,name) in bits])) 1393 | break 1394 | elif prev_mnem == "MOV" and GetOpnd(ea, 1)[0] == "#": 1395 | bits = extract_bits(fields, GetOperandValue(ea, 1)) 1396 | MakeComm(ea, "Set bits %s" % ", ".join([abbrev for (abbrev,name) in bits])) 1397 | break 1398 | elif prev_mnem == "ORR" and GetOpnd(ea, 2)[0] == "#": 1399 | bits = extract_bits(fields, GetOperandValue(ea, 2)) 1400 | MakeComm(ea, "Set bit %s" % ", ".join([name for (abbrev,name) in bits])) 1401 | elif prev_mnem == "BIC" and GetOpnd(ea, 2)[0] == "#": 1402 | bits = extract_bits(fields, GetOperandValue(ea, 2)) 1403 | MakeComm(ea, "Clear bit %s" % ", ".join([name for (abbrev,name) in bits])) 1404 | else: 1405 | break 1406 | else: 1407 | break 1408 | 1409 | def track_fields(ea, reg, fields): 1410 | while True: 1411 | ea += ItemSize(ea) 1412 | next_mnem = GetMnem(ea)[0:3] 1413 | if next_mnem in ("TST", "TEQ") and GetOpnd(ea, 0) == reg and GetOpnd(ea, 1)[0] == "#": 1414 | bits = extract_bits(fields, GetOperandValue(ea, 1)) 1415 | MakeComm(ea, "Test bit %s" % ", ".join([name for (abbrev,name) in bits])) 1416 | elif next_mnem == "AND" and GetOpnd(ea, 1) == reg and GetOpnd(ea, 2)[0] == "#": 1417 | bits = extract_bits(fields, GetOperandValue(ea, 2)) 1418 | MakeComm(ea, "Test bit %s" % ", ".join([name for (abbrev,name) in bits])) 1419 | elif next_mnem == "LSL" and GetDisasm(ea)[3] == "S" and GetOpnd(ea, 1) == reg and GetOpnd(ea, 2)[0] == "#": 1420 | bits = extract_bits(fields, 1 << (31 - GetOperandValue(ea, 2))) 1421 | MakeComm(ea, "Test bit %s" % ", ".join([name for (abbrev,name) in bits])) 1422 | else: 1423 | break 1424 | 1425 | def identify_register(ea, access, sig, known_regs, cpu_reg = None, known_fields = {}): 1426 | desc = known_regs.get(sig, None) 1427 | if desc: 1428 | cmt = ("[%s] " + "\n or ".join(["%s (%s)"] * (len(desc) / 2))) % ((access,) + desc) 1429 | MakeComm(ea, cmt) 1430 | print(cmt) 1431 | 1432 | # Try to resolve fields during a write operation. 1433 | fields = known_fields.get(desc[0], None) 1434 | if fields and len(desc) == 2: 1435 | if access == '>': 1436 | backtrack_fields(ea, cpu_reg, fields) 1437 | else: 1438 | track_fields(ea, cpu_reg, fields) 1439 | else: 1440 | print("Cannot identify system register.") 1441 | MakeComm(ea, "[%s] Unknown system register." % access) 1442 | 1443 | def markup_coproc_reg64_insn(ea): 1444 | if GetMnem(ea)[1] == "R": 1445 | access = '<' 1446 | else: 1447 | access = '>' 1448 | op1 = GetOperandValue(ea, 0) 1449 | cp = "p%d" % DecodeInstruction(ea).Op1.specflag1 1450 | reg1, reg2, crm = GetOpnd(ea, 1).split(',') 1451 | 1452 | sig = ( cp, op1, crm ) 1453 | identify_register(ea, access, sig, COPROC_REGISTERS_64) 1454 | 1455 | def markup_coproc_insn(ea): 1456 | if GetMnem(ea)[1] == "R": 1457 | access = '<' 1458 | else: 1459 | access = '>' 1460 | op1, op2 = GetOperandValue(ea, 0), GetOperandValue(ea, 2) 1461 | reg, crn, crm = GetOpnd(ea, 1).split(',') 1462 | cp = "p%d" % DecodeInstruction(ea).Op1.specflag1 1463 | 1464 | sig = ( cp, crn, op1, crm, op2 ) 1465 | identify_register(ea, access, sig, COPROC_REGISTERS, reg, COPROC_FIELDS) 1466 | 1467 | def markup_aarch64_sys_insn(ea): 1468 | if GetMnem(ea)[1] == "R": 1469 | reg_pos = 0 1470 | access = '<' 1471 | else: 1472 | reg_pos = 4 1473 | access = '>' 1474 | base_args = (reg_pos + 1) % 5 1475 | op0 = 2 + ((Dword(ea) >> 19) & 1) 1476 | op1, op2 = GetOperandValue(ea, base_args), GetOperandValue(ea, base_args + 3) 1477 | crn, crm = GetOpnd(ea, base_args + 1), GetOpnd(ea, base_args + 2) 1478 | reg = GetOpnd(ea, reg_pos) 1479 | 1480 | sig = ( op0, op1, crn, crm, op2 ) 1481 | identify_register(ea, access, sig, SYSTEM_REGISTERS, reg, SYSREG_FIELDS) 1482 | 1483 | def markup_psr_insn(ea): 1484 | if GetOpnd(ea,1)[0] == "#": # immediate 1485 | psr = GetOperandValue(ea, 1) 1486 | mode = ARM_MODES.get(psr & 0b11111, "Unknown") 1487 | e = (psr & (1 << 9)) and 'E' or '-' 1488 | a = (psr & (1 << 8)) and 'A' or '-' 1489 | i = (psr & (1 << 7)) and 'I' or '-' 1490 | f = (psr & (1 << 6)) and 'F' or '-' 1491 | t = (psr & (1 << 5)) and 'T' or '-' 1492 | MakeComm(ea, "Set CPSR [%c%c%c%c%c], Mode: %s" % (e,a,i,f,t,mode)) 1493 | 1494 | def markup_pstate_insn(ea): 1495 | if GetOpnd(ea,0)[0] == "#" and GetOpnd(ea,1)[0] == "#": 1496 | op = PSTATE_OPS.get(GetOperandValue(ea, 0), "Unknown") 1497 | value = GetOperandValue(ea, 1) 1498 | if op == "SPSel": 1499 | MakeComm(ea, "Select PSTATE.SP = SP_EL%c" % ('0', 'x')[value & 1]) 1500 | elif op[0:4] == "DAIF": 1501 | d = (value & (1 << 3)) and 'D' or '-' 1502 | a = (value & (1 << 2)) and 'A' or '-' 1503 | i = (value & (1 << 1)) and 'I' or '-' 1504 | f = (value & (1 << 0)) and 'F' or '-' 1505 | MakeComm(ea, "%s PSTATE.DAIF [%c%c%c%c]" % (op[4:7], d,a,i,f)) 1506 | 1507 | def markup_system_insn(ea): 1508 | mnem = GetMnem(ea) 1509 | if mnem[0:4] in ("MRRC", "MCRR"): 1510 | markup_coproc_reg64_insn(ea) 1511 | elif mnem[0:3] in ("MRC", "MCR"): 1512 | markup_coproc_insn(ea) 1513 | elif current_arch == 'aarch32' and mnem[0:3] == "MSR": 1514 | markup_psr_insn(ea) 1515 | elif current_arch == 'aarch64' and mnem[0:3] == "MSR" and not GetOpnd(ea, 2): 1516 | markup_pstate_insn(ea) 1517 | elif current_arch == 'aarch64' and mnem[0:3] in ("MSR", "MRS"): 1518 | markup_aarch64_sys_insn(ea) 1519 | SetColor(ea, CIC_ITEM, 0x7300E5) # black themes: 0x00000000) # Black background, adjust to your own theme 1520 | 1521 | def current_arch_size(): 1522 | _, t, _ = ParseType("void *", 0) 1523 | return SizeOf(t) * 8 1524 | 1525 | def run_script(): 1526 | for addr in Heads(): 1527 | if is_system_insn(addr): 1528 | print("Found system instruction %s at %08x" % ( GetMnem(addr), addr )) 1529 | markup_system_insn(addr) 1530 | 1531 | # 1532 | # Check we are running this script on an ARM architecture. 1533 | # 1534 | if GetLongPrm(INF_PROCNAME) != 'ARM': 1535 | Warning("This script can only work with ARM and AArch64 architectures.") 1536 | else: 1537 | current_arch = 'aarch64' if current_arch_size() == 64 else 'aarch32' 1538 | run_script() 1539 | --------------------------------------------------------------------------------