Exception handling in a data processing apparatus having a secure domain and a less secure domain

The invention claimed is: 1. A data processing apparatus comprising: processing circuitry configured to perform data processing operations in at least a first domain and a second domain, wherein when operating in the first domain the processing circuitry has access to data which is inaccessible to the processing circuitry when operating in the second domain; exception control circuitry for controlling exception processing; and a plurality of registers configured to store data, the registers including a first subset of registers and a second subset of registers; wherein in response to an initial exception from background processing performed by the processing circuitry, the exception control circuitry is configured to perform state saving of data from the first subset of registers to memory before the processing circuitry performs an exception handling routine corresponding to the exception, wherein the exception control circuitry is configured to perform said state saving in hardware, and the processing circuitry executing the exception handling routine in software has responsibility for performing state saving of data from the second subset of registers to the memory; and in response to a first exception causing a transition from the first domain to the second domain, where the background processing was performed by the processing circuitry in the first domain, the exception control circuitry is configured to perform additional state saving of the data from the second subset of registers to the memory before the processing circuitry performs the exception handling routine in the second domain, wherein the exception control circuitry is separate from the processing circuitry and is configured to perform said additional state saving in hardware. 2. The data processing apparatus according to claim 1 , comprising said memory for storing data, the memory comprising a plurality of regions including a first region and a second region, wherein the first region is for storing data which is accessible by the processing circuitry when operating in the first domain and not accessible by the processing circuitry when operating in the second domain. 3. The data processing apparatus according to claim 1 , wherein in response to a tail-chained exception causing a transition from the first domain to the second domain, the exception control circuitry is configured to trigger the processing circuitry to perform the exception handling routine without performing the additional state saving, the tail-chained exception being processed after said first exception has been processed and before returning to the background processing. 4. The data processing apparatus according to claim 1 , wherein in response to said first exception, the exception control circuitry is configured to clear the first subset of registers and the second subset of registers before triggering the processing circuitry to perform the exception handling routine. 5. The data processing apparatus according to claim 1 , wherein said first exception comprises the initial exception. 6. The data processing apparatus according to claim 1 , wherein said first exception comprises a tail-chained exception processed after the initial exception has been processed and before returning to the background processing. 7. The data processing apparatus according to claim 1 , wherein in response to a tail-chained exception causing a transition from the second domain to the first domain, the exception control circuitry is configured to control the processing circuitry to trigger the exception handling routine without restoring the data saved in the additional state saving to the second subset of registers. 8. The data processing apparatus according to claim 1 , wherein on entry to a new exception causing a transition from the first domain to the second domain, the exception control circuitry is configured to determine, in dependence on a state saving status value, whether to perform the additional state saving before triggering the exception handling routine. 9. The data processing apparatus according to claim 8 , wherein the exception control circuitry is configured to set the state saving status value to a fixed value when entering the second domain, and to set the state saving status value to a variable value when entering the first domain. 10. The data processing apparatus according to claim 9 , wherein when returning from an exception in the second domain, the exception control circuitry is configured to check whether the state saving status value still has the fixed value, and to trigger an error if the state saving status value does not have the fixed value. 11. The data processing apparatus according to claim 8 , wherein the state saving status value has a variable value; and when returning from an exception in the second domain, the exception control circuitry is configured to control exception processing independently of the state saving status value. 12. The data processing apparatus according to claim 8 , wherein the state saving status value indicates whether the most recent transition between the domains when switching between tail-chained exceptions was from the second domain to the first domain. 13. The data processing apparatus according to claim 8 , wherein the registers include a link register for storing an exception return value for controlling return from the exception handling routine. 14. The data processing apparatus according to claim 13 , wherein: on entry to an exception, the exception control circuitry is configured to set the link register to a dummy exception return address which does not correspond to a valid instruction address; the exception handling routine includes a branch to the address that was set in the link register; and in response to the branch to the dummy exception return address indicated in the link register, the exception control circuitry is configured to perform state restoring processing for restoring the data saved in the state saving, before causing the processing circuitry to return to background processing. 15. The data processing apparatus according to claim 13 , wherein the state saving status value is indicated in part of the dummy exception return address. 16. The data processing apparatus according to claim 1 , wherein when a pre-empting exception having a higher priority than said first exception occurs while performing the additional state saving of the second subset of registers, the exception control circuitry is configured to complete the additional state saving before triggering the processing circuitry to process the exception handling routine of the pre-empting exception. 17. The data processing apparatus according to claim 16 , wherein on completing the additional state saving, the exception control circuitry is configured to set a state saving status value to indicate that the additional state saving has been performed. 18. The data processing apparatus according to claim 17 , wherein in response to a tail-chained exception causing a transition from the first domain to the second domain which is performed after the pre-empting exception, the exception control circuitry is configured to trigger the processing circuitry to perform the exception handling routine without performing the additional state saving if the state saving status value indicates that the additional state saving has previously been performed. 19. A data processing apparatus comprising: means for performing data processing operations in at least a first domain and a second domain,