xref: /rk3399_ARM-atf/bl31/aarch64/ea_delegate.S (revision 2d3b44e3073e8d6ec49dde45ec353d6f41290917) 
1/*
2 * Copyright (c) 2018-2022, ARM Limited and Contributors. All rights reserved.
3 * Copyright (c) 2022, NVIDIA Corporation. All rights reserved.
4 *
5 * SPDX-License-Identifier: BSD-3-Clause
6 */
7
8
9#include <assert_macros.S>
10#include <asm_macros.S>
11#include <assert_macros.S>
12#include <bl31/ea_handle.h>
13#include <context.h>
14#include <lib/extensions/ras_arch.h>
15#include <cpu_macros.S>
16#include <context.h>
17
18	.globl	handle_lower_el_sync_ea
19	.globl	handle_lower_el_async_ea
20	.globl	handle_pending_async_ea
21/*
22 * This function handles Synchronous External Aborts from lower EL.
23 *
24 * It delegates the handling of the EA to platform handler, and upon successfully
25 * handling the EA, exits EL3; otherwise panics.
26 *
27 * This function assumes x30 has been saved.
28 */
29func handle_lower_el_sync_ea
30	mrs	x30, esr_el3
31	ubfx	x30, x30, #ESR_EC_SHIFT, #ESR_EC_LENGTH
32
33	/* Check for I/D aborts from lower EL */
34	cmp	x30, #EC_IABORT_LOWER_EL
35	b.eq	1f
36
37	cmp	x30, #EC_DABORT_LOWER_EL
38	b.eq	1f
39
40	/* EA other than above are unhandled exceptions */
41	no_ret	report_unhandled_exception
421:
43	/*
44	 * Save general purpose and ARMv8.3-PAuth registers (if enabled).
45	 * Also save PMCR_EL0 and set the PSTATE to a known state.
46	 */
47	bl	prepare_el3_entry
48
49#if ENABLE_PAUTH
50	/* Load and program APIAKey firmware key */
51	bl	pauth_load_bl31_apiakey
52#endif
53
54	/* Setup exception class and syndrome arguments for platform handler */
55	mov	x0, #ERROR_EA_SYNC
56	mrs	x1, esr_el3
57	bl	delegate_sync_ea
58
59	/* el3_exit assumes SP_EL0 on entry */
60	msr	spsel, #MODE_SP_EL0
61	b	el3_exit
62endfunc handle_lower_el_sync_ea
63
64
65/*
66 * This function handles SErrors from lower ELs.
67 *
68 * It delegates the handling of the EA to platform handler, and upon successfully
69 * handling the EA, exits EL3; otherwise panics.
70 *
71 * This function assumes x30 has been saved.
72 */
73func handle_lower_el_async_ea
74
75	/*
76	 * Save general purpose and ARMv8.3-PAuth registers (if enabled).
77	 * Also save PMCR_EL0 and set the PSTATE to a known state.
78	 */
79	bl	prepare_el3_entry
80
81#if ENABLE_PAUTH
82	/* Load and program APIAKey firmware key */
83	bl	pauth_load_bl31_apiakey
84#endif
85
86	/* Setup exception class and syndrome arguments for platform handler */
87	mov	x0, #ERROR_EA_ASYNC
88	mrs	x1, esr_el3
89	bl	delegate_async_ea
90
91	/* el3_exit assumes SP_EL0 on entry */
92	msr	spsel, #MODE_SP_EL0
93	b	el3_exit
94endfunc handle_lower_el_async_ea
95
96/*
97 * Handler for async EA from lower EL synchronized at EL3 entry in FFH mode.
98 *
99 * This scenario may arise when there is an error (EA) in the system which is not
100 * yet signaled to PE while executing in lower EL. During entry into EL3, the errors
101 * are synchronized either implicitly or explicitly causing async EA to pend at EL3.
102 *
103 * On detecting the pending EA (via ISR_EL1.A), if the EA routing model is Firmware
104 * First handling (FFH, SCR_EL3.EA = 1) this handler first handles the pending EA
105 * and then handles the original exception.
106 *
107 * This function assumes x30 has been saved.
108 */
109func handle_pending_async_ea
110	/*
111	 * Prepare for nested handling of EA. Stash sysregs clobbered by nested
112	 * exception and handler
113	 */
114	str	x30, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_GPREG_LR]
115	mrs	x30, esr_el3
116	str	x30, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_ESR_EL3]
117	mrs	x30, spsr_el3
118	str	x30, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_SPSR_EL3]
119	mrs	x30, elr_el3
120	str	x30, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_ELR_EL3]
121
122	mov	x30, #1
123	str	x30, [sp, #CTX_EL3STATE_OFFSET + CTX_NESTED_EA_FLAG]
124	/*
125	 * Restore the original x30 saved as part of entering EL3. This is not
126	 * required for the current function but for EL3 SError vector entry
127	 * once PSTATE.A bit is unmasked. We restore x30 and then the same
128	 * value is stored in EL3 SError vector entry.
129	 */
130	ldr	x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
131
132	/*
133	 * After clearing PSTATE.A bit pending SError will trigger at current EL.
134	 * Put explicit synchronization event to ensure newly unmasked interrupt
135	 * is taken immediately.
136	 */
137	unmask_async_ea
138
139	/* Restore the original exception information along with zeroing the storage */
140	ldr	x30, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_ELR_EL3]
141	msr	elr_el3, x30
142	str	xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_ELR_EL3]
143	ldr	x30, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_SPSR_EL3]
144	msr	spsr_el3, x30
145	str	xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_SPSR_EL3]
146	ldr	x30, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_ESR_EL3]
147	msr	esr_el3, x30
148	str	xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_ESR_EL3]
149
150	/*
151	 * If the original exception corresponds to SError from lower El, eret back
152	 * to lower EL, otherwise return to vector table for original exception handling.
153	 */
154	ubfx	x30, x30, #ESR_EC_SHIFT, #ESR_EC_LENGTH
155	cmp	x30, #EC_SERROR
156	ldr	x30, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_GPREG_LR]
157	str	xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_GPREG_LR]
158	b.eq	1f
159	ret
1601:
161	ldr	x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
162	str	xzr, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
163	exception_return
164endfunc handle_pending_async_ea
165
166/*
167 * Prelude for Synchronous External Abort handling. This function assumes that
168 * all GP registers have been saved by the caller.
169 *
170 * x0: EA reason
171 * x1: EA syndrome
172 */
173func delegate_sync_ea
174#if ENABLE_FEAT_RAS
175	/*
176	 * Check for Uncontainable error type. If so, route to the platform
177	 * fatal error handler rather than the generic EA one.
178	 */
179	ubfx    x2, x1, #EABORT_SET_SHIFT, #EABORT_SET_WIDTH
180	cmp     x2, #ERROR_STATUS_SET_UC
181	b.ne    1f
182
183	/* Check fault status code */
184	ubfx    x3, x1, #EABORT_DFSC_SHIFT, #EABORT_DFSC_WIDTH
185	cmp     x3, #SYNC_EA_FSC
186	b.ne    1f
187
188	no_ret  plat_handle_uncontainable_ea
1891:
190#endif
191
192	b       ea_proceed
193endfunc delegate_sync_ea
194
195
196/*
197 * Prelude for Asynchronous External Abort handling. This function assumes that
198 * all GP registers have been saved by the caller.
199 *
200 * x0: EA reason
201 * x1: EA syndrome
202 */
203func delegate_async_ea
204#if ENABLE_FEAT_RAS
205	/* Check Exception Class to ensure SError, as this function should
206	 * only be invoked for SError. If that is not the case, which implies
207	 * either an HW error or programming error, panic.
208	 */
209	ubfx	x2, x1, #ESR_EC_SHIFT, #ESR_EC_LENGTH
210	cmp	x2, EC_SERROR
211	b.ne	el3_panic
212	/*
213	 * Check for Implementation Defined Syndrome. If so, skip checking
214	 * Uncontainable error type from the syndrome as the format is unknown.
215	 */
216	tbnz	x1, #SERROR_IDS_BIT, 1f
217
218	/* AET only valid when DFSC is 0x11 */
219	ubfx	x2, x1, #EABORT_DFSC_SHIFT, #EABORT_DFSC_WIDTH
220	cmp	x2, #DFSC_SERROR
221	b.ne	1f
222
223	/*
224	 * Check for Uncontainable error type. If so, route to the platform
225	 * fatal error handler rather than the generic EA one.
226	 */
227	ubfx	x3, x1, #EABORT_AET_SHIFT, #EABORT_AET_WIDTH
228	cmp	x3, #ERROR_STATUS_UET_UC
229	b.ne	1f
230
231	no_ret	plat_handle_uncontainable_ea
2321:
233#endif
234
235	b	ea_proceed
236endfunc delegate_async_ea
237
238
239/*
240 * Delegate External Abort handling to platform's EA handler. This function
241 * assumes that all GP registers have been saved by the caller.
242 *
243 * x0: EA reason
244 * x1: EA syndrome
245 */
246func ea_proceed
247	/*
248	 * If it is a double fault invoke platform handler.
249	 * Double fault scenario would arise when platform is handling a fault in
250	 * lower EL using plat_ea_handler() and another fault happens which would
251	 * trap into EL3 as FFH_SUPPORT is enabled for the platform.
252	 */
253	ldr	x5, [sp, #CTX_EL3STATE_OFFSET + CTX_DOUBLE_FAULT_ESR]
254	cbz	x5, 1f
255	no_ret	plat_handle_double_fault
256
2571:
258	/* Save EL3 state as handling might involve lower ELs */
259	mrs	x2, spsr_el3
260	mrs	x3, elr_el3
261	stp	x2, x3, [sp, #CTX_EL3STATE_OFFSET + CTX_SPSR_EL3]
262	mrs	x4, scr_el3
263	str	x4, [sp, #CTX_EL3STATE_OFFSET + CTX_SCR_EL3]
264
265	/*
266	 * Save CTX_DOUBLE_FAULT_ESR, so that if another fault happens in lower EL, we
267	 * catch it as DoubleFault in next invocation of ea_proceed() along with
268	 * preserving original ESR_EL3.
269	 */
270	mrs	x5, esr_el3
271	str	x5, [sp, #CTX_EL3STATE_OFFSET + CTX_DOUBLE_FAULT_ESR]
272
273	/*
274	 * Setup rest of arguments, and call platform External Abort handler.
275	 *
276	 * x0: EA reason (already in place)
277	 * x1: Exception syndrome (already in place).
278	 * x2: Cookie (unused for now).
279	 * x3: Context pointer.
280	 * x4: Flags (security state from SCR for now).
281	 */
282	mov	x2, xzr
283	mov	x3, sp
284	ubfx	x4, x4, #0, #1
285
286	/* Switch to runtime stack */
287	ldr	x5, [sp, #CTX_EL3STATE_OFFSET + CTX_RUNTIME_SP]
288	msr	spsel, #MODE_SP_EL0
289	mov	sp, x5
290
291	mov	x29, x30
292#if ENABLE_ASSERTIONS
293	/* Stash the stack pointer */
294	mov	x28, sp
295#endif
296	bl	plat_ea_handler
297
298#if ENABLE_ASSERTIONS
299	/*
300	 * Error handling flows might involve long jumps; so upon returning from
301	 * the platform error handler, validate that the we've completely
302	 * unwound the stack.
303	 */
304	mov	x27, sp
305	cmp	x28, x27
306	ASM_ASSERT(eq)
307#endif
308
309	/* Make SP point to context */
310	msr	spsel, #MODE_SP_ELX
311
312	/* Clear Double Fault storage */
313	str	xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_DOUBLE_FAULT_ESR]
314
315	/* Restore EL3 state */
316	ldp	x1, x2, [sp, #CTX_EL3STATE_OFFSET + CTX_SPSR_EL3]
317	msr	spsr_el3, x1
318	msr	elr_el3, x2
319	ldr	x3, [sp, #CTX_EL3STATE_OFFSET + CTX_SCR_EL3]
320	msr	scr_el3, x3
321
322	ret	x29
323endfunc ea_proceed
324