Errors can occur from security violations. The errors can be due to read or write transactions. When an error occurs, the XMPU poisons the request, records the address and master ID of the first transaction that failed the check, flags the violation, and, optionally generates an interrupt. When a security violation occurs, there is an additional logging to indicate that the error was a security violation. Only one error and the first error is recorded for both read/write AXI channels. For simultaneous read and write errors, only the write error is recorded.
IMPORTANT: The following is required for the various XMPU instances if used in the Zynq UltraScale+ MPSoC to function properly. When using a Xilinx delivered tool flow, they are already setup by the first-stage boot loader (FSBL).
For the XMPU instances, DDR, and OCM memories, a poison attribute is used by programming the XMPU CTRL [PoisonCfg] bit to 0 and the XMPU POISON [ATTRIB] bit to 1.
When a violation occurs the base address is recorded and the AxUser  poison bit is set for the AXI transaction. For write transactions, the memory controller masks the write data and can assert a DECERR and/or interrupt. For read transactions, the memory controller returns zeros and can assert DECERR and/or interrupt.
The responses by DDR Memory Controller are configured by DDRC.POISONCFG register. The DECERR response by the OCM Memory Controller is controlled by the OCM_ERR_CTRL [PZ_ERR_RES] bit.
For the XMPU instance in the FPD interconnect, a poison address is used by programming the XMPU CTRL [PoisonCfg] bit to 1 and the POISON [ATTRIB] bit to 0. The poison address is fixed in the XMPU read-only POISON [BASE] bit field to point to XMPU_SINK at 0xFD4F_0000. When a violation occurs, the incoming base address is recorded and a new outgoing base [BASE] is applied to the AXI transaction. This addresses the FPD_XMPU_SINK unit where the offset address is recorded, a PSLVERR is returned and an interrupt is generated.