bl31/aarch64/ea_delegate.S

   1 /*
   2  * Copyright (c) 2018-2019, ARM Limited and Contributors. All rights reserved.
   3  *
   4  * SPDX-License-Identifier: BSD-3-Clause
   5  */
   6
   7
   8 #include <assert_macros.S>
   9 #include <asm_macros.S>
  10 #include <assert_macros.S>
  11 #include <bl31/ea_handle.h>
  12 #include <context.h>
  13 #include <lib/extensions/ras_arch.h>
  14
  15
  16         .globl  handle_lower_el_ea_esb
  17         .globl  enter_lower_el_sync_ea
  18         .globl  enter_lower_el_async_ea
  19
  20
  21 /*
  22  * Function to delegate External Aborts synchronized by ESB instruction at EL3
  23  * vector entry. This function assumes GP registers x0-x29 have been saved, and
  24  * are available for use. It delegates the handling of the EA to platform
  25  * handler, and returns only upon successfully handling the EA; otherwise
  26  * panics. On return from this function, the original exception handler is
  27  * expected to resume.
  28  */
  29 func handle_lower_el_ea_esb
  30         mov     x0, #ERROR_EA_ESB
  31         mrs     x1, DISR_EL1
  32         b       ea_proceed
  33 endfunc handle_lower_el_ea_esb
  34
  35
  36 /*
  37  * This function forms the tail end of Synchronous Exception entry from lower
  38  * EL, and expects to handle only Synchronous External Aborts from lower EL. If
  39  * any other kind of exception is detected, then this function reports unhandled
  40  * exception.
  41  *
  42  * Since it's part of exception vector, this function doesn't expect any GP
  43  * registers to have been saved. It delegates the handling of the EA to platform
  44  * handler, and upon successfully handling the EA, exits EL3; otherwise panics.
  45  */
  46 func enter_lower_el_sync_ea
  47         /*
  48          * Explicitly save x30 so as to free up a register and to enable
  49          * branching.
  50          */
  51         str     x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
  52
  53         mrs     x30, esr_el3
  54         ubfx    x30, x30, #ESR_EC_SHIFT, #ESR_EC_LENGTH
  55
  56         /* Check for I/D aborts from lower EL */
  57         cmp     x30, #EC_IABORT_LOWER_EL
  58         b.eq    1f
  59
  60         cmp     x30, #EC_DABORT_LOWER_EL
  61         b.ne    2f
  62
  63 1:
  64         /* Test for EA bit in the instruction syndrome */
  65         mrs     x30, esr_el3
  66         tbz     x30, #ESR_ISS_EABORT_EA_BIT, 2f
  67
  68         /* Save GP registers */
  69         bl      save_gp_registers
  70
  71         /*
  72          * If Secure Cycle Counter is not disabled in MDCR_EL3
  73          * when ARMv8.5-PMU is implemented, save PMCR_EL0 and
  74          * disable all event counters and cycle counter.
  75          */
  76         bl      save_pmcr_disable_pmu
  77
  78         /* Save ARMv8.3-PAuth registers and load firmware key */
  79 #if CTX_INCLUDE_PAUTH_REGS
  80         bl      pauth_context_save
  81 #endif
  82 #if ENABLE_PAUTH
  83         bl      pauth_load_bl_apiakey
  84 #endif
  85
  86         /* Setup exception class and syndrome arguments for platform handler */
  87         mov     x0, #ERROR_EA_SYNC
  88         mrs     x1, esr_el3
  89         adr     x30, el3_exit
  90         b       delegate_sync_ea
  91
  92 2:
  93         /* Synchronous exceptions other than the above are assumed to be EA */
  94         ldr     x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
  95         no_ret  report_unhandled_exception
  96 endfunc enter_lower_el_sync_ea
  97
  98
  99 /*
 100  * This function handles SErrors from lower ELs.
 101  *
 102  * Since it's part of exception vector, this function doesn't expect any GP
 103  * registers to have been saved. It delegates the handling of the EA to platform
 104  * handler, and upon successfully handling the EA, exits EL3; otherwise panics.
 105  */
 106 func enter_lower_el_async_ea
 107         /*
 108          * Explicitly save x30 so as to free up a register and to enable
 109          * branching
 110          */
 111         str     x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
 112
 113         /* Save GP registers */
 114         bl      save_gp_registers
 115
 116         /*
 117          * If Secure Cycle Counter is not disabled in MDCR_EL3
 118          * when ARMv8.5-PMU is implemented, save PMCR_EL0 and
 119          * disable all event counters and cycle counter.
 120          */
 121         bl      save_pmcr_disable_pmu
 122
 123         /* Save ARMv8.3-PAuth registers and load firmware key */
 124 #if CTX_INCLUDE_PAUTH_REGS
 125         bl      pauth_context_save
 126 #endif
 127 #if ENABLE_PAUTH
 128         bl      pauth_load_bl_apiakey
 129 #endif
 130
 131         /* Setup exception class and syndrome arguments for platform handler */
 132         mov     x0, #ERROR_EA_ASYNC
 133         mrs     x1, esr_el3
 134         adr     x30, el3_exit
 135         b       delegate_async_ea
 136 endfunc enter_lower_el_async_ea
 137
 138
 139 /*
 140  * Prelude for Synchronous External Abort handling. This function assumes that
 141  * all GP registers have been saved by the caller.
 142  *
 143  * x0: EA reason
 144  * x1: EA syndrome
 145  */
 146 func delegate_sync_ea
 147 #if RAS_EXTENSION
 148         /*
 149          * Check for Uncontainable error type. If so, route to the platform
 150          * fatal error handler rather than the generic EA one.
 151          */
 152         ubfx    x2, x1, #EABORT_SET_SHIFT, #EABORT_SET_WIDTH
 153         cmp     x2, #ERROR_STATUS_SET_UC
 154         b.ne    1f
 155
 156         /* Check fault status code */
 157         ubfx    x3, x1, #EABORT_DFSC_SHIFT, #EABORT_DFSC_WIDTH
 158         cmp     x3, #SYNC_EA_FSC
 159         b.ne    1f
 160
 161         no_ret  plat_handle_uncontainable_ea
 162 1:
 163 #endif
 164
 165         b       ea_proceed
 166 endfunc delegate_sync_ea
 167
 168
 169 /*
 170  * Prelude for Asynchronous External Abort handling. This function assumes that
 171  * all GP registers have been saved by the caller.
 172  *
 173  * x0: EA reason
 174  * x1: EA syndrome
 175  */
 176 func delegate_async_ea
 177 #if RAS_EXTENSION
 178         /*
 179          * Check for Implementation Defined Syndrome. If so, skip checking
 180          * Uncontainable error type from the syndrome as the format is unknown.
 181          */
 182         tbnz    x1, #SERROR_IDS_BIT, 1f
 183
 184         /*
 185          * Check for Uncontainable error type. If so, route to the platform
 186          * fatal error handler rather than the generic EA one.
 187          */
 188         ubfx    x2, x1, #EABORT_AET_SHIFT, #EABORT_AET_WIDTH
 189         cmp     x2, #ERROR_STATUS_UET_UC
 190         b.ne    1f
 191
 192         /* Check DFSC for SError type */
 193         ubfx    x3, x1, #EABORT_DFSC_SHIFT, #EABORT_DFSC_WIDTH
 194         cmp     x3, #DFSC_SERROR
 195         b.ne    1f
 196
 197         no_ret  plat_handle_uncontainable_ea
 198 1:
 199 #endif
 200
 201         b       ea_proceed
 202 endfunc delegate_async_ea
 203
 204
 205 /*
 206  * Delegate External Abort handling to platform's EA handler. This function
 207  * assumes that all GP registers have been saved by the caller.
 208  *
 209  * x0: EA reason
 210  * x1: EA syndrome
 211  */
 212 func ea_proceed
 213         /*
 214          * If the ESR loaded earlier is not zero, we were processing an EA
 215          * already, and this is a double fault.
 216          */
 217         ldr     x5, [sp, #CTX_EL3STATE_OFFSET + CTX_ESR_EL3]
 218         cbz     x5, 1f
 219         no_ret  plat_handle_double_fault
 220
 221 1:
 222         /* Save EL3 state */
 223         mrs     x2, spsr_el3
 224         mrs     x3, elr_el3
 225         stp     x2, x3, [sp, #CTX_EL3STATE_OFFSET + CTX_SPSR_EL3]
 226
 227         /*
 228          * Save ESR as handling might involve lower ELs, and returning back to
 229          * EL3 from there would trample the original ESR.
 230          */
 231         mrs     x4, scr_el3
 232         mrs     x5, esr_el3
 233         stp     x4, x5, [sp, #CTX_EL3STATE_OFFSET + CTX_SCR_EL3]
 234
 235         /*
 236          * Setup rest of arguments, and call platform External Abort handler.
 237          *
 238          * x0: EA reason (already in place)
 239          * x1: Exception syndrome (already in place).
 240          * x2: Cookie (unused for now).
 241          * x3: Context pointer.
 242          * x4: Flags (security state from SCR for now).
 243          */
 244         mov     x2, xzr
 245         mov     x3, sp
 246         ubfx    x4, x4, #0, #1
 247
 248         /* Switch to runtime stack */
 249         ldr     x5, [sp, #CTX_EL3STATE_OFFSET + CTX_RUNTIME_SP]
 250         msr     spsel, #0
 251         mov     sp, x5
 252
 253         mov     x29, x30
 254 #if ENABLE_ASSERTIONS
 255         /* Stash the stack pointer */
 256         mov     x28, sp
 257 #endif
 258         bl      plat_ea_handler
 259
 260 #if ENABLE_ASSERTIONS
 261         /*
 262          * Error handling flows might involve long jumps; so upon returning from
 263          * the platform error handler, validate that the we've completely
 264          * unwound the stack.
 265          */
 266         mov     x27, sp
 267         cmp     x28, x27
 268         ASM_ASSERT(eq)
 269 #endif
 270
 271         /* Make SP point to context */
 272         msr     spsel, #1
 273
 274         /* Restore EL3 state and ESR */
 275         ldp     x1, x2, [sp, #CTX_EL3STATE_OFFSET + CTX_SPSR_EL3]
 276         msr     spsr_el3, x1
 277         msr     elr_el3, x2
 278
 279         /* Restore ESR_EL3 and SCR_EL3 */
 280         ldp     x3, x4, [sp, #CTX_EL3STATE_OFFSET + CTX_SCR_EL3]
 281         msr     scr_el3, x3
 282         msr     esr_el3, x4
 283
 284 #if ENABLE_ASSERTIONS
 285         cmp     x4, xzr
 286         ASM_ASSERT(ne)
 287 #endif
 288
 289         /* Clear ESR storage */
 290         str     xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_ESR_EL3]
 291
 292         ret     x29
 293 endfunc ea_proceed