1df8f3188SJeenu Viswambharan/* 2*51997e3dSBoyan Karatotev * Copyright (c) 2018-2025, Arm Limited and Contributors. All rights reserved. 3df56e9d1SVarun Wadekar * Copyright (c) 2022, NVIDIA Corporation. All rights reserved. 4df8f3188SJeenu Viswambharan * 5df8f3188SJeenu Viswambharan * SPDX-License-Identifier: BSD-3-Clause 6df8f3188SJeenu Viswambharan */ 7df8f3188SJeenu Viswambharan 8df8f3188SJeenu Viswambharan 9d5a23af5SJeenu Viswambharan#include <assert_macros.S> 10df8f3188SJeenu Viswambharan#include <asm_macros.S> 11ee6ff1bbSJeenu Viswambharan#include <assert_macros.S> 1209d40e0eSAntonio Nino Diaz#include <bl31/ea_handle.h> 13df8f3188SJeenu Viswambharan#include <context.h> 1409d40e0eSAntonio Nino Diaz#include <lib/extensions/ras_arch.h> 1580942622Slaurenw-arm#include <cpu_macros.S> 1680942622Slaurenw-arm#include <context.h> 17df8f3188SJeenu Viswambharan 186f7de9a8SManish Pandey .globl handle_lower_el_sync_ea 19c2d32a5fSMadhukar Pappireddy .globl handle_lower_el_async_ea 20d04c04a4SManish Pandey .globl handle_pending_async_ea 21df8f3188SJeenu Viswambharan/* 226d22b089SManish Pandey * This function handles Synchronous External Aborts from lower EL. 23df8f3188SJeenu Viswambharan * 246f7de9a8SManish Pandey * It delegates the handling of the EA to platform handler, and upon successfully 256f7de9a8SManish Pandey * handling the EA, exits EL3; otherwise panics. 266f7de9a8SManish Pandey * 276f7de9a8SManish Pandey * This function assumes x30 has been saved. 28df8f3188SJeenu Viswambharan */ 296f7de9a8SManish Pandeyfunc handle_lower_el_sync_ea 30df8f3188SJeenu Viswambharan mrs x30, esr_el3 31df8f3188SJeenu Viswambharan ubfx x30, x30, #ESR_EC_SHIFT, #ESR_EC_LENGTH 32df8f3188SJeenu Viswambharan 33df8f3188SJeenu Viswambharan /* Check for I/D aborts from lower EL */ 34df8f3188SJeenu Viswambharan cmp x30, #EC_IABORT_LOWER_EL 35df8f3188SJeenu Viswambharan b.eq 1f 36df8f3188SJeenu Viswambharan 37df8f3188SJeenu Viswambharan cmp x30, #EC_DABORT_LOWER_EL 3880942622Slaurenw-arm b.eq 1f 3980942622Slaurenw-arm 406d22b089SManish Pandey /* EA other than above are unhandled exceptions */ 416d22b089SManish Pandey no_ret report_unhandled_exception 42df8f3188SJeenu Viswambharan1: 43e290a8fcSAlexei Fedorov /* 44ed108b56SAlexei Fedorov * Save general purpose and ARMv8.3-PAuth registers (if enabled). 451d6d6802SBoyan Karatotev * Also save PMCR_EL0 and set the PSTATE to a known state. 46e290a8fcSAlexei Fedorov */ 4797215e0fSDaniel Boulby bl prepare_el3_entry 48e290a8fcSAlexei Fedorov 49df8f3188SJeenu Viswambharan /* Setup exception class and syndrome arguments for platform handler */ 50df8f3188SJeenu Viswambharan mov x0, #ERROR_EA_SYNC 51df8f3188SJeenu Viswambharan mrs x1, esr_el3 52bb9549baSJan Dabros bl delegate_sync_ea 53df8f3188SJeenu Viswambharan 54bb9549baSJan Dabros /* el3_exit assumes SP_EL0 on entry */ 55bb9549baSJan Dabros msr spsel, #MODE_SP_EL0 56bb9549baSJan Dabros b el3_exit 576f7de9a8SManish Pandeyendfunc handle_lower_el_sync_ea 58df8f3188SJeenu Viswambharan 59df8f3188SJeenu Viswambharan 60df8f3188SJeenu Viswambharan/* 61df8f3188SJeenu Viswambharan * This function handles SErrors from lower ELs. 62df8f3188SJeenu Viswambharan * 636f7de9a8SManish Pandey * It delegates the handling of the EA to platform handler, and upon successfully 646f7de9a8SManish Pandey * handling the EA, exits EL3; otherwise panics. 656f7de9a8SManish Pandey * 666f7de9a8SManish Pandey * This function assumes x30 has been saved. 67df8f3188SJeenu Viswambharan */ 686f7de9a8SManish Pandeyfunc handle_lower_el_async_ea 69df8f3188SJeenu Viswambharan 70e290a8fcSAlexei Fedorov /* 71ed108b56SAlexei Fedorov * Save general purpose and ARMv8.3-PAuth registers (if enabled). 721d6d6802SBoyan Karatotev * Also save PMCR_EL0 and set the PSTATE to a known state. 73e290a8fcSAlexei Fedorov */ 7497215e0fSDaniel Boulby bl prepare_el3_entry 75e290a8fcSAlexei Fedorov 76df8f3188SJeenu Viswambharan /* Setup exception class and syndrome arguments for platform handler */ 77df8f3188SJeenu Viswambharan mov x0, #ERROR_EA_ASYNC 78df8f3188SJeenu Viswambharan mrs x1, esr_el3 79bb9549baSJan Dabros bl delegate_async_ea 80bb9549baSJan Dabros 81bb9549baSJan Dabros /* el3_exit assumes SP_EL0 on entry */ 82bb9549baSJan Dabros msr spsel, #MODE_SP_EL0 83bb9549baSJan Dabros b el3_exit 846f7de9a8SManish Pandeyendfunc handle_lower_el_async_ea 85df8f3188SJeenu Viswambharan 86d04c04a4SManish Pandey/* 876d22b089SManish Pandey * Handler for async EA from lower EL synchronized at EL3 entry in FFH mode. 88d04c04a4SManish Pandey * 89d04c04a4SManish Pandey * This scenario may arise when there is an error (EA) in the system which is not 90d04c04a4SManish Pandey * yet signaled to PE while executing in lower EL. During entry into EL3, the errors 91d04c04a4SManish Pandey * are synchronized either implicitly or explicitly causing async EA to pend at EL3. 92d04c04a4SManish Pandey * 936d22b089SManish Pandey * On detecting the pending EA (via ISR_EL1.A), if the EA routing model is Firmware 946d22b089SManish Pandey * First handling (FFH, SCR_EL3.EA = 1) this handler first handles the pending EA 956d22b089SManish Pandey * and then handles the original exception. 96d04c04a4SManish Pandey * 97d04c04a4SManish Pandey * This function assumes x30 has been saved. 98d04c04a4SManish Pandey */ 99d04c04a4SManish Pandeyfunc handle_pending_async_ea 100d04c04a4SManish Pandey /* 101d04c04a4SManish Pandey * Prepare for nested handling of EA. Stash sysregs clobbered by nested 102d04c04a4SManish Pandey * exception and handler 103d04c04a4SManish Pandey */ 104d04c04a4SManish Pandey str x30, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_GPREG_LR] 105d04c04a4SManish Pandey mrs x30, esr_el3 106d04c04a4SManish Pandey str x30, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_ESR_EL3] 107d04c04a4SManish Pandey mrs x30, spsr_el3 108d04c04a4SManish Pandey str x30, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_SPSR_EL3] 109d04c04a4SManish Pandey mrs x30, elr_el3 110d04c04a4SManish Pandey str x30, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_ELR_EL3] 111d04c04a4SManish Pandey 112d04c04a4SManish Pandey mov x30, #1 113d04c04a4SManish Pandey str x30, [sp, #CTX_EL3STATE_OFFSET + CTX_NESTED_EA_FLAG] 114d04c04a4SManish Pandey /* 115d04c04a4SManish Pandey * Restore the original x30 saved as part of entering EL3. This is not 116d04c04a4SManish Pandey * required for the current function but for EL3 SError vector entry 117d04c04a4SManish Pandey * once PSTATE.A bit is unmasked. We restore x30 and then the same 118d04c04a4SManish Pandey * value is stored in EL3 SError vector entry. 119d04c04a4SManish Pandey */ 120d04c04a4SManish Pandey ldr x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR] 121d04c04a4SManish Pandey 122d04c04a4SManish Pandey /* 123d04c04a4SManish Pandey * After clearing PSTATE.A bit pending SError will trigger at current EL. 124d04c04a4SManish Pandey * Put explicit synchronization event to ensure newly unmasked interrupt 125d04c04a4SManish Pandey * is taken immediately. 126d04c04a4SManish Pandey */ 127d04c04a4SManish Pandey unmask_async_ea 128d04c04a4SManish Pandey 129d04c04a4SManish Pandey /* Restore the original exception information along with zeroing the storage */ 130d04c04a4SManish Pandey ldr x30, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_ELR_EL3] 131d04c04a4SManish Pandey msr elr_el3, x30 132d04c04a4SManish Pandey str xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_ELR_EL3] 133d04c04a4SManish Pandey ldr x30, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_SPSR_EL3] 134d04c04a4SManish Pandey msr spsr_el3, x30 135d04c04a4SManish Pandey str xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_SPSR_EL3] 136d04c04a4SManish Pandey ldr x30, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_ESR_EL3] 137d04c04a4SManish Pandey msr esr_el3, x30 138d04c04a4SManish Pandey str xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_ESR_EL3] 139d04c04a4SManish Pandey 140d04c04a4SManish Pandey /* 141d04c04a4SManish Pandey * If the original exception corresponds to SError from lower El, eret back 142d04c04a4SManish Pandey * to lower EL, otherwise return to vector table for original exception handling. 143d04c04a4SManish Pandey */ 144d04c04a4SManish Pandey ubfx x30, x30, #ESR_EC_SHIFT, #ESR_EC_LENGTH 145d04c04a4SManish Pandey cmp x30, #EC_SERROR 146d04c04a4SManish Pandey ldr x30, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_GPREG_LR] 147d04c04a4SManish Pandey str xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_GPREG_LR] 148d04c04a4SManish Pandey b.eq 1f 149d04c04a4SManish Pandey ret 150d04c04a4SManish Pandey1: 1510bc3115fSJaiprakash Singh ldr x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR] 1520bc3115fSJaiprakash Singh str xzr, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR] 153d04c04a4SManish Pandey exception_return 154d04c04a4SManish Pandeyendfunc handle_pending_async_ea 155df8f3188SJeenu Viswambharan 156df8f3188SJeenu Viswambharan/* 157b56dc2a9SJeenu Viswambharan * Prelude for Synchronous External Abort handling. This function assumes that 158b56dc2a9SJeenu Viswambharan * all GP registers have been saved by the caller. 159b56dc2a9SJeenu Viswambharan * 160b56dc2a9SJeenu Viswambharan * x0: EA reason 161b56dc2a9SJeenu Viswambharan * x1: EA syndrome 162b56dc2a9SJeenu Viswambharan */ 163b56dc2a9SJeenu Viswambharanfunc delegate_sync_ea 164f87e54f7SManish Pandey#if ENABLE_FEAT_RAS 165b56dc2a9SJeenu Viswambharan /* 166b56dc2a9SJeenu Viswambharan * Check for Uncontainable error type. If so, route to the platform 167b56dc2a9SJeenu Viswambharan * fatal error handler rather than the generic EA one. 168b56dc2a9SJeenu Viswambharan */ 169b56dc2a9SJeenu Viswambharan ubfx x2, x1, #EABORT_SET_SHIFT, #EABORT_SET_WIDTH 170b56dc2a9SJeenu Viswambharan cmp x2, #ERROR_STATUS_SET_UC 171b56dc2a9SJeenu Viswambharan b.ne 1f 172b56dc2a9SJeenu Viswambharan 173b56dc2a9SJeenu Viswambharan /* Check fault status code */ 174b56dc2a9SJeenu Viswambharan ubfx x3, x1, #EABORT_DFSC_SHIFT, #EABORT_DFSC_WIDTH 175b56dc2a9SJeenu Viswambharan cmp x3, #SYNC_EA_FSC 176b56dc2a9SJeenu Viswambharan b.ne 1f 177b56dc2a9SJeenu Viswambharan 178b56dc2a9SJeenu Viswambharan no_ret plat_handle_uncontainable_ea 179b56dc2a9SJeenu Viswambharan1: 180b56dc2a9SJeenu Viswambharan#endif 181b56dc2a9SJeenu Viswambharan 182b56dc2a9SJeenu Viswambharan b ea_proceed 183b56dc2a9SJeenu Viswambharanendfunc delegate_sync_ea 184b56dc2a9SJeenu Viswambharan 185b56dc2a9SJeenu Viswambharan 186b56dc2a9SJeenu Viswambharan/* 187b56dc2a9SJeenu Viswambharan * Prelude for Asynchronous External Abort handling. This function assumes that 188b56dc2a9SJeenu Viswambharan * all GP registers have been saved by the caller. 189b56dc2a9SJeenu Viswambharan * 190b56dc2a9SJeenu Viswambharan * x0: EA reason 191b56dc2a9SJeenu Viswambharan * x1: EA syndrome 192b56dc2a9SJeenu Viswambharan */ 193b56dc2a9SJeenu Viswambharanfunc delegate_async_ea 194f87e54f7SManish Pandey#if ENABLE_FEAT_RAS 195d435238dSManish Pandey /* Check Exception Class to ensure SError, as this function should 196d435238dSManish Pandey * only be invoked for SError. If that is not the case, which implies 197d435238dSManish Pandey * either an HW error or programming error, panic. 198d435238dSManish Pandey */ 199d435238dSManish Pandey ubfx x2, x1, #ESR_EC_SHIFT, #ESR_EC_LENGTH 200d435238dSManish Pandey cmp x2, EC_SERROR 201bd62ce98SGovindraj Raja b.ne el3_panic 202b56dc2a9SJeenu Viswambharan /* 203b56dc2a9SJeenu Viswambharan * Check for Implementation Defined Syndrome. If so, skip checking 204b56dc2a9SJeenu Viswambharan * Uncontainable error type from the syndrome as the format is unknown. 205b56dc2a9SJeenu Viswambharan */ 206b56dc2a9SJeenu Viswambharan tbnz x1, #SERROR_IDS_BIT, 1f 207b56dc2a9SJeenu Viswambharan 208d435238dSManish Pandey /* AET only valid when DFSC is 0x11 */ 209d435238dSManish Pandey ubfx x2, x1, #EABORT_DFSC_SHIFT, #EABORT_DFSC_WIDTH 210d435238dSManish Pandey cmp x2, #DFSC_SERROR 211d435238dSManish Pandey b.ne 1f 212d435238dSManish Pandey 213b56dc2a9SJeenu Viswambharan /* 214b56dc2a9SJeenu Viswambharan * Check for Uncontainable error type. If so, route to the platform 215b56dc2a9SJeenu Viswambharan * fatal error handler rather than the generic EA one. 216b56dc2a9SJeenu Viswambharan */ 217d435238dSManish Pandey ubfx x3, x1, #EABORT_AET_SHIFT, #EABORT_AET_WIDTH 218d435238dSManish Pandey cmp x3, #ERROR_STATUS_UET_UC 219b56dc2a9SJeenu Viswambharan b.ne 1f 220b56dc2a9SJeenu Viswambharan 221b56dc2a9SJeenu Viswambharan no_ret plat_handle_uncontainable_ea 222b56dc2a9SJeenu Viswambharan1: 223b56dc2a9SJeenu Viswambharan#endif 224b56dc2a9SJeenu Viswambharan 225b56dc2a9SJeenu Viswambharan b ea_proceed 226b56dc2a9SJeenu Viswambharanendfunc delegate_async_ea 227b56dc2a9SJeenu Viswambharan 228b56dc2a9SJeenu Viswambharan 229b56dc2a9SJeenu Viswambharan/* 230df8f3188SJeenu Viswambharan * Delegate External Abort handling to platform's EA handler. This function 231df8f3188SJeenu Viswambharan * assumes that all GP registers have been saved by the caller. 232df8f3188SJeenu Viswambharan * 233df8f3188SJeenu Viswambharan * x0: EA reason 234df8f3188SJeenu Viswambharan * x1: EA syndrome 235df8f3188SJeenu Viswambharan */ 236df8f3188SJeenu Viswambharanfunc ea_proceed 237d5a23af5SJeenu Viswambharan /* 238c7220035SManish Pandey * If it is a double fault invoke platform handler. 239c7220035SManish Pandey * Double fault scenario would arise when platform is handling a fault in 240c7220035SManish Pandey * lower EL using plat_ea_handler() and another fault happens which would 241c7220035SManish Pandey * trap into EL3 as FFH_SUPPORT is enabled for the platform. 242d5a23af5SJeenu Viswambharan */ 243c7220035SManish Pandey ldr x5, [sp, #CTX_EL3STATE_OFFSET + CTX_DOUBLE_FAULT_ESR] 244d5a23af5SJeenu Viswambharan cbz x5, 1f 245d5a23af5SJeenu Viswambharan no_ret plat_handle_double_fault 246d5a23af5SJeenu Viswambharan 247d5a23af5SJeenu Viswambharan1: 248c7220035SManish Pandey /* Save EL3 state as handling might involve lower ELs */ 249df8f3188SJeenu Viswambharan mrs x2, spsr_el3 250df8f3188SJeenu Viswambharan mrs x3, elr_el3 251df8f3188SJeenu Viswambharan stp x2, x3, [sp, #CTX_EL3STATE_OFFSET + CTX_SPSR_EL3] 252df8f3188SJeenu Viswambharan 253df8f3188SJeenu Viswambharan /* 254c7220035SManish Pandey * Save CTX_DOUBLE_FAULT_ESR, so that if another fault happens in lower EL, we 255c7220035SManish Pandey * catch it as DoubleFault in next invocation of ea_proceed() along with 256c7220035SManish Pandey * preserving original ESR_EL3. 257df8f3188SJeenu Viswambharan */ 258df8f3188SJeenu Viswambharan mrs x5, esr_el3 259c7220035SManish Pandey str x5, [sp, #CTX_EL3STATE_OFFSET + CTX_DOUBLE_FAULT_ESR] 260df8f3188SJeenu Viswambharan 261df8f3188SJeenu Viswambharan /* 262df8f3188SJeenu Viswambharan * Setup rest of arguments, and call platform External Abort handler. 263df8f3188SJeenu Viswambharan * 264df8f3188SJeenu Viswambharan * x0: EA reason (already in place) 265df8f3188SJeenu Viswambharan * x1: Exception syndrome (already in place). 266df8f3188SJeenu Viswambharan * x2: Cookie (unused for now). 267df8f3188SJeenu Viswambharan * x3: Context pointer. 268df8f3188SJeenu Viswambharan * x4: Flags (security state from SCR for now). 269df8f3188SJeenu Viswambharan */ 270df8f3188SJeenu Viswambharan mov x2, xzr 271df8f3188SJeenu Viswambharan mov x3, sp 272df8f3188SJeenu Viswambharan ubfx x4, x4, #0, #1 273df8f3188SJeenu Viswambharan 274df8f3188SJeenu Viswambharan /* Switch to runtime stack */ 275df8f3188SJeenu Viswambharan ldr x5, [sp, #CTX_EL3STATE_OFFSET + CTX_RUNTIME_SP] 276ed108b56SAlexei Fedorov msr spsel, #MODE_SP_EL0 277df8f3188SJeenu Viswambharan mov sp, x5 278df8f3188SJeenu Viswambharan 279df8f3188SJeenu Viswambharan mov x29, x30 280ee6ff1bbSJeenu Viswambharan#if ENABLE_ASSERTIONS 281ee6ff1bbSJeenu Viswambharan /* Stash the stack pointer */ 282ee6ff1bbSJeenu Viswambharan mov x28, sp 283ee6ff1bbSJeenu Viswambharan#endif 284df8f3188SJeenu Viswambharan bl plat_ea_handler 285df8f3188SJeenu Viswambharan 286ee6ff1bbSJeenu Viswambharan#if ENABLE_ASSERTIONS 287ee6ff1bbSJeenu Viswambharan /* 288ee6ff1bbSJeenu Viswambharan * Error handling flows might involve long jumps; so upon returning from 289ee6ff1bbSJeenu Viswambharan * the platform error handler, validate that the we've completely 290ee6ff1bbSJeenu Viswambharan * unwound the stack. 291ee6ff1bbSJeenu Viswambharan */ 292ee6ff1bbSJeenu Viswambharan mov x27, sp 293ee6ff1bbSJeenu Viswambharan cmp x28, x27 294ee6ff1bbSJeenu Viswambharan ASM_ASSERT(eq) 295ee6ff1bbSJeenu Viswambharan#endif 296ee6ff1bbSJeenu Viswambharan 297df8f3188SJeenu Viswambharan /* Make SP point to context */ 298ed108b56SAlexei Fedorov msr spsel, #MODE_SP_ELX 299df8f3188SJeenu Viswambharan 300c7220035SManish Pandey /* Clear Double Fault storage */ 301c7220035SManish Pandey str xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_DOUBLE_FAULT_ESR] 302c7220035SManish Pandey 303d5a23af5SJeenu Viswambharan ret x29 304df8f3188SJeenu Viswambharanendfunc ea_proceed 305