1/*
2 * Copyright (c) 2018-2022, ARM Limited and Contributors. All rights reserved.
3 * Copyright (c) 2022, NVIDIA Corporation. All rights reserved.
4 *
5 * SPDX-License-Identifier: BSD-3-Clause
6 */
7
8
9#include <assert_macros.S>
10#include <asm_macros.S>
11#include <assert_macros.S>
12#include <bl31/ea_handle.h>
13#include <context.h>
14#include <lib/extensions/ras_arch.h>
15#include <cpu_macros.S>
16#include <context.h>
17
18	.globl	handle_lower_el_ea_esb
19	.globl  handle_lower_el_async_ea
20	.globl	enter_lower_el_sync_ea
21	.globl	enter_lower_el_async_ea
22
23
24/*
25 * Function to delegate External Aborts synchronized by ESB instruction at EL3
26 * vector entry. This function assumes GP registers x0-x29 have been saved, and
27 * are available for use. It delegates the handling of the EA to platform
28 * handler, and returns only upon successfully handling the EA; otherwise
29 * panics. On return from this function, the original exception handler is
30 * expected to resume.
31 */
32func handle_lower_el_ea_esb
33	mov	x0, #ERROR_EA_ESB
34	mrs	x1, DISR_EL1
35	b	ea_proceed
36endfunc handle_lower_el_ea_esb
37
38
39/*
40 * This function forms the tail end of Synchronous Exception entry from lower
41 * EL, and expects to handle Synchronous External Aborts from lower EL and CPU
42 * Implementation Defined Exceptions. If any other kind of exception is detected,
43 * then this function reports unhandled exception.
44 *
45 * Since it's part of exception vector, this function doesn't expect any GP
46 * registers to have been saved. It delegates the handling of the EA to platform
47 * handler, and upon successfully handling the EA, exits EL3; otherwise panics.
48 */
49func enter_lower_el_sync_ea
50	/*
51	 * Explicitly save x30 so as to free up a register and to enable
52	 * branching.
53	 */
54	str	x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
55
56	mrs	x30, esr_el3
57	ubfx	x30, x30, #ESR_EC_SHIFT, #ESR_EC_LENGTH
58
59	/* Check for I/D aborts from lower EL */
60	cmp	x30, #EC_IABORT_LOWER_EL
61	b.eq	1f
62
63	cmp	x30, #EC_DABORT_LOWER_EL
64	b.eq	1f
65
66	/* Save GP registers */
67	stp	x0, x1, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X0]
68	stp	x2, x3, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
69	stp	x4, x5, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X4]
70
71	/* Get the cpu_ops pointer */
72	bl	get_cpu_ops_ptr
73
74	/* Get the cpu_ops exception handler */
75	ldr	x0, [x0, #CPU_E_HANDLER_FUNC]
76
77	/*
78	 * If the reserved function pointer is NULL, this CPU does not have an
79	 * implementation defined exception handler function
80	 */
81	cbz	x0, 2f
82	mrs	x1, esr_el3
83	ubfx	x1, x1, #ESR_EC_SHIFT, #ESR_EC_LENGTH
84	blr	x0
85	b	2f
86
871:
88	/*
89	 * Save general purpose and ARMv8.3-PAuth registers (if enabled).
90	 * If Secure Cycle Counter is not disabled in MDCR_EL3 when
91	 * ARMv8.5-PMU is implemented, save PMCR_EL0 and disable Cycle Counter.
92	 * Also set the PSTATE to a known state.
93	 */
94	bl	prepare_el3_entry
95
96#if ENABLE_PAUTH
97	/* Load and program APIAKey firmware key */
98	bl	pauth_load_bl31_apiakey
99#endif
100
101	/* Setup exception class and syndrome arguments for platform handler */
102	mov	x0, #ERROR_EA_SYNC
103	mrs	x1, esr_el3
104	bl	delegate_sync_ea
105
106	/* el3_exit assumes SP_EL0 on entry */
107	msr	spsel, #MODE_SP_EL0
108	b	el3_exit
1092:
110	ldp	x0, x1, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X0]
111	ldp	x2, x3, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
112	ldp	x4, x5, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X4]
113
114	/* Synchronous exceptions other than the above are assumed to be EA */
115	ldr	x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
116	no_ret	report_unhandled_exception
117endfunc enter_lower_el_sync_ea
118
119
120/*
121 * This function handles SErrors from lower ELs.
122 *
123 * Since it's part of exception vector, this function doesn't expect any GP
124 * registers to have been saved. It delegates the handling of the EA to platform
125 * handler, and upon successfully handling the EA, exits EL3; otherwise panics.
126 */
127func enter_lower_el_async_ea
128	/*
129	 * Explicitly save x30 so as to free up a register and to enable
130	 * branching
131	 */
132	str	x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
133
134handle_lower_el_async_ea:
135	/*
136	 * Save general purpose and ARMv8.3-PAuth registers (if enabled).
137	 * If Secure Cycle Counter is not disabled in MDCR_EL3 when
138	 * ARMv8.5-PMU is implemented, save PMCR_EL0 and disable Cycle Counter.
139	 * Also set the PSTATE to a known state.
140	 */
141	bl	prepare_el3_entry
142
143#if ENABLE_PAUTH
144	/* Load and program APIAKey firmware key */
145	bl	pauth_load_bl31_apiakey
146#endif
147
148	/* Setup exception class and syndrome arguments for platform handler */
149	mov	x0, #ERROR_EA_ASYNC
150	mrs	x1, esr_el3
151	bl	delegate_async_ea
152
153	/* el3_exit assumes SP_EL0 on entry */
154	msr	spsel, #MODE_SP_EL0
155	b	el3_exit
156endfunc enter_lower_el_async_ea
157
158
159/*
160 * Prelude for Synchronous External Abort handling. This function assumes that
161 * all GP registers have been saved by the caller.
162 *
163 * x0: EA reason
164 * x1: EA syndrome
165 */
166func delegate_sync_ea
167#if RAS_EXTENSION
168	/*
169	 * Check for Uncontainable error type. If so, route to the platform
170	 * fatal error handler rather than the generic EA one.
171	 */
172	ubfx    x2, x1, #EABORT_SET_SHIFT, #EABORT_SET_WIDTH
173	cmp     x2, #ERROR_STATUS_SET_UC
174	b.ne    1f
175
176	/* Check fault status code */
177	ubfx    x3, x1, #EABORT_DFSC_SHIFT, #EABORT_DFSC_WIDTH
178	cmp     x3, #SYNC_EA_FSC
179	b.ne    1f
180
181	no_ret  plat_handle_uncontainable_ea
1821:
183#endif
184
185	b       ea_proceed
186endfunc delegate_sync_ea
187
188
189/*
190 * Prelude for Asynchronous External Abort handling. This function assumes that
191 * all GP registers have been saved by the caller.
192 *
193 * x0: EA reason
194 * x1: EA syndrome
195 */
196func delegate_async_ea
197#if RAS_EXTENSION
198	/* Check Exception Class to ensure SError, as this function should
199	 * only be invoked for SError. If that is not the case, which implies
200	 * either an HW error or programming error, panic.
201	 */
202	ubfx	x2, x1, #ESR_EC_SHIFT, #ESR_EC_LENGTH
203	cmp	x2, EC_SERROR
204	b.ne	do_panic
205	/*
206	 * Check for Implementation Defined Syndrome. If so, skip checking
207	 * Uncontainable error type from the syndrome as the format is unknown.
208	 */
209	tbnz	x1, #SERROR_IDS_BIT, 1f
210
211	/* AET only valid when DFSC is 0x11 */
212	ubfx	x2, x1, #EABORT_DFSC_SHIFT, #EABORT_DFSC_WIDTH
213	cmp	x2, #DFSC_SERROR
214	b.ne	1f
215
216	/*
217	 * Check for Uncontainable error type. If so, route to the platform
218	 * fatal error handler rather than the generic EA one.
219	 */
220	ubfx	x3, x1, #EABORT_AET_SHIFT, #EABORT_AET_WIDTH
221	cmp	x3, #ERROR_STATUS_UET_UC
222	b.ne	1f
223
224	no_ret	plat_handle_uncontainable_ea
2251:
226#endif
227
228	b	ea_proceed
229endfunc delegate_async_ea
230
231
232/*
233 * Delegate External Abort handling to platform's EA handler. This function
234 * assumes that all GP registers have been saved by the caller.
235 *
236 * x0: EA reason
237 * x1: EA syndrome
238 */
239func ea_proceed
240	/*
241	 * If the ESR loaded earlier is not zero, we were processing an EA
242	 * already, and this is a double fault.
243	 */
244	ldr	x5, [sp, #CTX_EL3STATE_OFFSET + CTX_ESR_EL3]
245	cbz	x5, 1f
246	no_ret	plat_handle_double_fault
247
2481:
249	/* Save EL3 state */
250	mrs	x2, spsr_el3
251	mrs	x3, elr_el3
252	stp	x2, x3, [sp, #CTX_EL3STATE_OFFSET + CTX_SPSR_EL3]
253
254	/*
255	 * Save ESR as handling might involve lower ELs, and returning back to
256	 * EL3 from there would trample the original ESR.
257	 */
258	mrs	x4, scr_el3
259	mrs	x5, esr_el3
260	stp	x4, x5, [sp, #CTX_EL3STATE_OFFSET + CTX_SCR_EL3]
261
262	/*
263	 * Setup rest of arguments, and call platform External Abort handler.
264	 *
265	 * x0: EA reason (already in place)
266	 * x1: Exception syndrome (already in place).
267	 * x2: Cookie (unused for now).
268	 * x3: Context pointer.
269	 * x4: Flags (security state from SCR for now).
270	 */
271	mov	x2, xzr
272	mov	x3, sp
273	ubfx	x4, x4, #0, #1
274
275	/* Switch to runtime stack */
276	ldr	x5, [sp, #CTX_EL3STATE_OFFSET + CTX_RUNTIME_SP]
277	msr	spsel, #MODE_SP_EL0
278	mov	sp, x5
279
280	mov	x29, x30
281#if ENABLE_ASSERTIONS
282	/* Stash the stack pointer */
283	mov	x28, sp
284#endif
285	bl	plat_ea_handler
286
287#if ENABLE_ASSERTIONS
288	/*
289	 * Error handling flows might involve long jumps; so upon returning from
290	 * the platform error handler, validate that the we've completely
291	 * unwound the stack.
292	 */
293	mov	x27, sp
294	cmp	x28, x27
295	ASM_ASSERT(eq)
296#endif
297
298	/* Make SP point to context */
299	msr	spsel, #MODE_SP_ELX
300
301	/* Restore EL3 state and ESR */
302	ldp	x1, x2, [sp, #CTX_EL3STATE_OFFSET + CTX_SPSR_EL3]
303	msr	spsr_el3, x1
304	msr	elr_el3, x2
305
306	/* Restore ESR_EL3 and SCR_EL3 */
307	ldp	x3, x4, [sp, #CTX_EL3STATE_OFFSET + CTX_SCR_EL3]
308	msr	scr_el3, x3
309	msr	esr_el3, x4
310
311#if ENABLE_ASSERTIONS
312	cmp	x4, xzr
313	ASM_ASSERT(ne)
314#endif
315
316	/* Clear ESR storage */
317	str	xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_ESR_EL3]
318
319	ret	x29
320endfunc ea_proceed
321