Can arm64 cache be flushed from EL0?

Question

I'm reading an academic paper which states "The ARM architecture also includes instructions to evict cache lines. However, these instructions can only be used when the processor is in an elevated privilege mode."

Is that true? I've been searching the ARM documentation, and I don't see anything that suggests I can't do this from EL0 under "ARM Cortex-A Series Programmer’s Guide for ARMv8-A" chapter 11.5 http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.den0024a/BABJDBHI.html

Answer 1

That is configurable.

From the ARMv8 Architecture Reference Manual, page D3-1988:

EL0 accessibility to cache maintenance instructions

The SCTLR_EL1.UCI bit enables EL0 access for the DC CVAU, DC CVAC, DC CVAP, DC CIVAC, and IC IVAU instructions. When EL0 use of these instructions is disabled because SCTLR_EL1.UCI == 0, executing one of these instructions at EL0 generates a trap to EL1, that is reported using EC = 0x18.

For these instructions read access permission is required. When the value of SCTLR_EL1.UCI is 1:

• For the DC CVAU, DC CVAC, DC CVAP, and DC CIVAC instructions, if the instruction is executed at EL0 and the address specified in the argument cannot be read at EL0, a Permission fault is generated.
• For the IC IVAU instruction, if the instruction is executed at EL0 and the address specified in the argument cannot be read at EL0, it is IMPLEMENTATION DEFINED whether a Permission fault is generated.

Software can read the CTR_EL0 to discover the stride needed for cache maintenance instructions. The SCTLR_EL1.UCT bit enables EL0 access to the CTR_EL0. When EL0 access to the Cache Type register is disabled, a register access instruction executed at EL0 is trapped to EL1 using EC = 0x18.

Answer 2

The paper is indeed correct. If you read through section C5.3 of the ARMV8 reference manual(Found here https://static.docs.arm.com/ddi0487/ca/DDI0487C_a_armv8_arm.pdf) You can see that the cache maintance instructions are always accessable in at exception level EL1 through EL3.

User space programs run in EL0, while the kernel is either in EL1 or EL2 (EL2 is for hypervisors) and EL3 is for secure monitor code. Some cache maintenance instructions can be accessed from EL0 but this can be disabled or trapped depending on the exact instruction.