blob: 962c3622e37640a46d808a51b788da86ff401b7c [file] [log] [blame]
Achin Gupta4f6ad662013-10-25 09:08:21 +01001/*
Manish Pandey067087f2023-12-08 20:13:29 +00002 * Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
Achin Gupta4f6ad662013-10-25 09:08:21 +01003 *
dp-armfa3cf0b2017-05-03 09:38:09 +01004 * SPDX-License-Identifier: BSD-3-Clause
Achin Gupta4f6ad662013-10-25 09:08:21 +01005 */
6
Antonio Nino Diaze0f90632018-12-14 00:18:21 +00007#include <platform_def.h>
8
Achin Gupta4f6ad662013-10-25 09:08:21 +01009#include <arch.h>
Dan Handley714a0d22014-04-09 13:13:04 +010010#include <asm_macros.S>
Antonio Nino Diaze0f90632018-12-14 00:18:21 +000011#include <bl31/ea_handle.h>
12#include <bl31/interrupt_mgmt.h>
Andre Przywarafa914d82022-11-21 17:04:10 +000013#include <bl31/sync_handle.h>
Antonio Nino Diaze0f90632018-12-14 00:18:21 +000014#include <common/runtime_svc.h>
Dan Handley2bd4ef22014-04-09 13:14:54 +010015#include <context.h>
Manish Pandeya4752e22023-10-11 11:52:24 +010016#include <cpu_macros.S>
Manish V Badarkhee07e8082020-07-23 12:43:25 +010017#include <el3_common_macros.S>
Antonio Nino Diaze0f90632018-12-14 00:18:21 +000018#include <lib/el3_runtime/cpu_data.h>
19#include <lib/smccc.h>
Achin Gupta4f6ad662013-10-25 09:08:21 +010020
21 .globl runtime_exceptions
Achin Gupta4f6ad662013-10-25 09:08:21 +010022
Dimitris Papastamos446f7f12017-11-30 14:53:53 +000023 .globl sync_exception_sp_el0
24 .globl irq_sp_el0
25 .globl fiq_sp_el0
26 .globl serror_sp_el0
27
28 .globl sync_exception_sp_elx
29 .globl irq_sp_elx
30 .globl fiq_sp_elx
31 .globl serror_sp_elx
32
33 .globl sync_exception_aarch64
34 .globl irq_aarch64
35 .globl fiq_aarch64
36 .globl serror_aarch64
37
38 .globl sync_exception_aarch32
39 .globl irq_aarch32
40 .globl fiq_aarch32
41 .globl serror_aarch32
42
Jeenu Viswambharan96c7df02017-11-30 12:54:15 +000043 /*
Manish Pandey66a056e2023-01-11 21:41:07 +000044 * Save LR and make x30 available as most of the routines in vector entry
45 * need a free register
46 */
47 .macro save_x30
48 str x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
49 .endm
50
Manish Pandey07952fb2023-05-25 13:46:14 +010051 .macro restore_x30
52 ldr x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
53 .endm
Madhukar Pappireddyfba25722020-07-24 03:27:12 -050054
Madhukar Pappireddyfba25722020-07-24 03:27:12 -050055 /*
Manish Pandey07952fb2023-05-25 13:46:14 +010056 * Macro that synchronizes errors (EA) and checks for pending SError.
57 * On detecting a pending SError it either reflects it back to lower
58 * EL (KFH) or handles it in EL3 (FFH) based on EA routing model.
Madhukar Pappireddyfba25722020-07-24 03:27:12 -050059 */
Manish Pandey07952fb2023-05-25 13:46:14 +010060 .macro sync_and_handle_pending_serror
Manish Pandey6b5721f2023-06-26 17:46:14 +010061 synchronize_errors
Manish Pandey07952fb2023-05-25 13:46:14 +010062 mrs x30, ISR_EL1
63 tbz x30, #ISR_A_SHIFT, 2f
Manish Pandeyf90a73c2023-10-10 15:42:19 +010064#if FFH_SUPPORT
Manish Pandey07952fb2023-05-25 13:46:14 +010065 mrs x30, scr_el3
66 tst x30, #SCR_EA_BIT
67 b.eq 1f
68 bl handle_pending_async_ea
69 b 2f
Madhukar Pappireddyfba25722020-07-24 03:27:12 -050070#endif
Manish Pandey07952fb2023-05-25 13:46:14 +0100711:
72 /* This function never returns, but need LR for decision making */
73 bl reflect_pending_async_ea_to_lower_el
742:
Manish Pandeyb3c61982023-01-06 13:38:03 +000075 .endm
Madhukar Pappireddyfba25722020-07-24 03:27:12 -050076
Douglas Raillard0980eed2016-11-09 17:48:27 +000077 /* ---------------------------------------------------------------------
78 * This macro handles Synchronous exceptions.
79 * Only SMC exceptions are supported.
80 * ---------------------------------------------------------------------
Achin Gupta9cf2bb72014-05-09 11:07:09 +010081 */
82 .macro handle_sync_exception
dp-arm3cac7862016-09-19 11:18:44 +010083#if ENABLE_RUNTIME_INSTRUMENTATION
dp-arm3cac7862016-09-19 11:18:44 +010084 /*
Douglas Raillard0980eed2016-11-09 17:48:27 +000085 * Read the timestamp value and store it in per-cpu data. The value
86 * will be extracted from per-cpu data by the C level SMC handler and
87 * saved to the PMF timestamp region.
dp-arm3cac7862016-09-19 11:18:44 +010088 */
89 mrs x30, cntpct_el0
90 str x29, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X29]
91 mrs x29, tpidr_el3
92 str x30, [x29, #CPU_DATA_PMF_TS0_OFFSET]
93 ldr x29, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X29]
94#endif
95
Achin Gupta9cf2bb72014-05-09 11:07:09 +010096 mrs x30, esr_el3
97 ubfx x30, x30, #ESR_EC_SHIFT, #ESR_EC_LENGTH
98
Douglas Raillard0980eed2016-11-09 17:48:27 +000099 /* Handle SMC exceptions separately from other synchronous exceptions */
Achin Gupta9cf2bb72014-05-09 11:07:09 +0100100 cmp x30, #EC_AARCH32_SMC
101 b.eq smc_handler32
102
103 cmp x30, #EC_AARCH64_SMC
Andre Przywarafa914d82022-11-21 17:04:10 +0000104 b.eq sync_handler64
105
106 cmp x30, #EC_AARCH64_SYS
107 b.eq sync_handler64
Achin Gupta9cf2bb72014-05-09 11:07:09 +0100108
Manish Pandeya4752e22023-10-11 11:52:24 +0100109 cmp x30, #EC_IMP_DEF_EL3
110 b.eq imp_def_el3_handler
111
112 /* If FFH Support then try to handle lower EL EA exceptions. */
113#if FFH_SUPPORT
114 mrs x30, scr_el3
115 tst x30, #SCR_EA_BIT
116 b.eq 1f
Manish Pandeyc918c182023-01-11 21:53:02 +0000117 b handle_lower_el_sync_ea
Manish Pandeya4752e22023-10-11 11:52:24 +0100118#endif
1191:
120 /* Synchronous exceptions other than the above are unhandled */
121 b report_unhandled_exception
Achin Gupta9cf2bb72014-05-09 11:07:09 +0100122 .endm
123
Sandrine Bailleux9e6ad6c2016-05-24 16:56:03 +0100124vector_base runtime_exceptions
125
Douglas Raillard0980eed2016-11-09 17:48:27 +0000126 /* ---------------------------------------------------------------------
127 * Current EL with SP_EL0 : 0x0 - 0x200
128 * ---------------------------------------------------------------------
Achin Gupta4f6ad662013-10-25 09:08:21 +0100129 */
Sandrine Bailleux9e6ad6c2016-05-24 16:56:03 +0100130vector_entry sync_exception_sp_el0
Justin Chadwell83e04882019-08-20 11:01:52 +0100131#ifdef MONITOR_TRAPS
132 stp x29, x30, [sp, #-16]!
133
134 mrs x30, esr_el3
135 ubfx x30, x30, #ESR_EC_SHIFT, #ESR_EC_LENGTH
136
137 /* Check for BRK */
138 cmp x30, #EC_BRK
139 b.eq brk_handler
140
141 ldp x29, x30, [sp], #16
142#endif /* MONITOR_TRAPS */
143
Douglas Raillard0980eed2016-11-09 17:48:27 +0000144 /* We don't expect any synchronous exceptions from EL3 */
Julius Werner67ebde72017-07-27 14:59:34 -0700145 b report_unhandled_exception
Roberto Vargas95f30ab2018-04-17 11:31:43 +0100146end_vector_entry sync_exception_sp_el0
Achin Gupta4f6ad662013-10-25 09:08:21 +0100147
Sandrine Bailleux9e6ad6c2016-05-24 16:56:03 +0100148vector_entry irq_sp_el0
Douglas Raillard0980eed2016-11-09 17:48:27 +0000149 /*
150 * EL3 code is non-reentrant. Any asynchronous exception is a serious
151 * error. Loop infinitely.
152 */
Julius Werner67ebde72017-07-27 14:59:34 -0700153 b report_unhandled_interrupt
Roberto Vargas95f30ab2018-04-17 11:31:43 +0100154end_vector_entry irq_sp_el0
Achin Gupta4f6ad662013-10-25 09:08:21 +0100155
Sandrine Bailleux9e6ad6c2016-05-24 16:56:03 +0100156
157vector_entry fiq_sp_el0
Julius Werner67ebde72017-07-27 14:59:34 -0700158 b report_unhandled_interrupt
Roberto Vargas95f30ab2018-04-17 11:31:43 +0100159end_vector_entry fiq_sp_el0
Achin Gupta4f6ad662013-10-25 09:08:21 +0100160
Sandrine Bailleux9e6ad6c2016-05-24 16:56:03 +0100161
162vector_entry serror_sp_el0
Jeenu Viswambharan911fcc92018-07-06 16:50:06 +0100163 no_ret plat_handle_el3_ea
Roberto Vargas95f30ab2018-04-17 11:31:43 +0100164end_vector_entry serror_sp_el0
Achin Gupta4f6ad662013-10-25 09:08:21 +0100165
Douglas Raillard0980eed2016-11-09 17:48:27 +0000166 /* ---------------------------------------------------------------------
167 * Current EL with SP_ELx: 0x200 - 0x400
168 * ---------------------------------------------------------------------
Achin Gupta4f6ad662013-10-25 09:08:21 +0100169 */
Sandrine Bailleux9e6ad6c2016-05-24 16:56:03 +0100170vector_entry sync_exception_sp_elx
Douglas Raillard0980eed2016-11-09 17:48:27 +0000171 /*
172 * This exception will trigger if anything went wrong during a previous
173 * exception entry or exit or while handling an earlier unexpected
174 * synchronous exception. There is a high probability that SP_EL3 is
175 * corrupted.
Jeenu Viswambharancaa84932014-02-06 10:36:15 +0000176 */
Julius Werner67ebde72017-07-27 14:59:34 -0700177 b report_unhandled_exception
Roberto Vargas95f30ab2018-04-17 11:31:43 +0100178end_vector_entry sync_exception_sp_elx
Achin Gupta4f6ad662013-10-25 09:08:21 +0100179
Sandrine Bailleux9e6ad6c2016-05-24 16:56:03 +0100180vector_entry irq_sp_elx
Julius Werner67ebde72017-07-27 14:59:34 -0700181 b report_unhandled_interrupt
Roberto Vargas95f30ab2018-04-17 11:31:43 +0100182end_vector_entry irq_sp_elx
Jeenu Viswambharana7934d62014-02-07 15:53:18 +0000183
Sandrine Bailleux9e6ad6c2016-05-24 16:56:03 +0100184vector_entry fiq_sp_elx
Julius Werner67ebde72017-07-27 14:59:34 -0700185 b report_unhandled_interrupt
Roberto Vargas95f30ab2018-04-17 11:31:43 +0100186end_vector_entry fiq_sp_elx
Jeenu Viswambharana7934d62014-02-07 15:53:18 +0000187
Sandrine Bailleux9e6ad6c2016-05-24 16:56:03 +0100188vector_entry serror_sp_elx
Manish Pandeyf90a73c2023-10-10 15:42:19 +0100189#if FFH_SUPPORT
Manish Pandeyb3c61982023-01-06 13:38:03 +0000190 /*
191 * This will trigger if the exception was taken due to SError in EL3 or
192 * because of pending asynchronous external aborts from lower EL that got
Manish Pandey07952fb2023-05-25 13:46:14 +0100193 * triggered due to implicit/explicit synchronization in EL3 (SCR_EL3.EA=1)
194 * during EL3 entry. For the former case we continue with "plat_handle_el3_ea".
195 * The later case will occur when PSTATE.A bit is cleared in
196 * "handle_pending_async_ea". This means we are doing a nested
197 * exception in EL3. Call the handler for async EA which will eret back to
198 * original el3 handler if it is nested exception. Also, unmask EA so that we
199 * catch any further EA arise when handling this nested exception at EL3.
Manish Pandeyb3c61982023-01-06 13:38:03 +0000200 */
Manish Pandey66a056e2023-01-11 21:41:07 +0000201 save_x30
Manish Pandey07952fb2023-05-25 13:46:14 +0100202 ldr x30, [sp, #CTX_EL3STATE_OFFSET + CTX_NESTED_EA_FLAG]
203 cbz x30, 1f
204 /*
205 * This is nested exception handling, clear the flag to avoid taking this
206 * path for further exceptions caused by EA handling
207 */
208 str xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_NESTED_EA_FLAG]
209 unmask_async_ea
Manish Pandeyb3c61982023-01-06 13:38:03 +0000210 b handle_lower_el_async_ea
2111:
Manish Pandey07952fb2023-05-25 13:46:14 +0100212 restore_x30
Madhukar Pappireddyfba25722020-07-24 03:27:12 -0500213#endif
Jeenu Viswambharan911fcc92018-07-06 16:50:06 +0100214 no_ret plat_handle_el3_ea
Manish Pandey07952fb2023-05-25 13:46:14 +0100215
Roberto Vargas95f30ab2018-04-17 11:31:43 +0100216end_vector_entry serror_sp_elx
Achin Gupta4f6ad662013-10-25 09:08:21 +0100217
Douglas Raillard0980eed2016-11-09 17:48:27 +0000218 /* ---------------------------------------------------------------------
Sandrine Bailleux046cd3f2014-08-06 11:27:23 +0100219 * Lower EL using AArch64 : 0x400 - 0x600
Douglas Raillard0980eed2016-11-09 17:48:27 +0000220 * ---------------------------------------------------------------------
Achin Gupta4f6ad662013-10-25 09:08:21 +0100221 */
Sandrine Bailleux9e6ad6c2016-05-24 16:56:03 +0100222vector_entry sync_exception_aarch64
Douglas Raillard0980eed2016-11-09 17:48:27 +0000223 /*
224 * This exception vector will be the entry point for SMCs and traps
225 * that are unhandled at lower ELs most commonly. SP_EL3 should point
226 * to a valid cpu context where the general purpose and system register
227 * state can be saved.
Jeenu Viswambharancaa84932014-02-06 10:36:15 +0000228 */
Manish Pandey66a056e2023-01-11 21:41:07 +0000229 save_x30
Manish V Badarkhee07e8082020-07-23 12:43:25 +0100230 apply_at_speculative_wa
Manish Pandey07952fb2023-05-25 13:46:14 +0100231 sync_and_handle_pending_serror
232 unmask_async_ea
Jeenu Viswambharancaa84932014-02-06 10:36:15 +0000233 handle_sync_exception
Roberto Vargas95f30ab2018-04-17 11:31:43 +0100234end_vector_entry sync_exception_aarch64
Achin Gupta4f6ad662013-10-25 09:08:21 +0100235
Sandrine Bailleux9e6ad6c2016-05-24 16:56:03 +0100236vector_entry irq_aarch64
Manish Pandey66a056e2023-01-11 21:41:07 +0000237 save_x30
Manish V Badarkhee07e8082020-07-23 12:43:25 +0100238 apply_at_speculative_wa
Manish Pandey07952fb2023-05-25 13:46:14 +0100239 sync_and_handle_pending_serror
240 unmask_async_ea
Manish Pandey62040f42023-07-20 14:08:38 +0100241 b handle_interrupt_exception
Roberto Vargas95f30ab2018-04-17 11:31:43 +0100242end_vector_entry irq_aarch64
Achin Gupta4f6ad662013-10-25 09:08:21 +0100243
Sandrine Bailleux9e6ad6c2016-05-24 16:56:03 +0100244vector_entry fiq_aarch64
Manish Pandey66a056e2023-01-11 21:41:07 +0000245 save_x30
Manish V Badarkhee07e8082020-07-23 12:43:25 +0100246 apply_at_speculative_wa
Manish Pandey07952fb2023-05-25 13:46:14 +0100247 sync_and_handle_pending_serror
248 unmask_async_ea
Manish Pandey62040f42023-07-20 14:08:38 +0100249 b handle_interrupt_exception
Roberto Vargas95f30ab2018-04-17 11:31:43 +0100250end_vector_entry fiq_aarch64
Achin Gupta4f6ad662013-10-25 09:08:21 +0100251
Manish Pandey07952fb2023-05-25 13:46:14 +0100252 /*
253 * Need to synchronize any outstanding SError since we can get a burst of errors.
254 * So reuse the sync mechanism to catch any further errors which are pending.
255 */
Sandrine Bailleux9e6ad6c2016-05-24 16:56:03 +0100256vector_entry serror_aarch64
Manish Pandeya4752e22023-10-11 11:52:24 +0100257#if FFH_SUPPORT
Manish Pandey66a056e2023-01-11 21:41:07 +0000258 save_x30
Manish V Badarkhee07e8082020-07-23 12:43:25 +0100259 apply_at_speculative_wa
Manish Pandey07952fb2023-05-25 13:46:14 +0100260 sync_and_handle_pending_serror
261 unmask_async_ea
Manish Pandeyc918c182023-01-11 21:53:02 +0000262 b handle_lower_el_async_ea
Manish Pandeya4752e22023-10-11 11:52:24 +0100263#else
264 b report_unhandled_exception
265#endif
Roberto Vargas95f30ab2018-04-17 11:31:43 +0100266end_vector_entry serror_aarch64
Achin Gupta4f6ad662013-10-25 09:08:21 +0100267
Douglas Raillard0980eed2016-11-09 17:48:27 +0000268 /* ---------------------------------------------------------------------
Sandrine Bailleux046cd3f2014-08-06 11:27:23 +0100269 * Lower EL using AArch32 : 0x600 - 0x800
Douglas Raillard0980eed2016-11-09 17:48:27 +0000270 * ---------------------------------------------------------------------
Achin Gupta4f6ad662013-10-25 09:08:21 +0100271 */
Sandrine Bailleux9e6ad6c2016-05-24 16:56:03 +0100272vector_entry sync_exception_aarch32
Douglas Raillard0980eed2016-11-09 17:48:27 +0000273 /*
274 * This exception vector will be the entry point for SMCs and traps
275 * that are unhandled at lower ELs most commonly. SP_EL3 should point
276 * to a valid cpu context where the general purpose and system register
277 * state can be saved.
Jeenu Viswambharancaa84932014-02-06 10:36:15 +0000278 */
Manish Pandey66a056e2023-01-11 21:41:07 +0000279 save_x30
Manish V Badarkhee07e8082020-07-23 12:43:25 +0100280 apply_at_speculative_wa
Manish Pandey07952fb2023-05-25 13:46:14 +0100281 sync_and_handle_pending_serror
282 unmask_async_ea
Jeenu Viswambharancaa84932014-02-06 10:36:15 +0000283 handle_sync_exception
Roberto Vargas95f30ab2018-04-17 11:31:43 +0100284end_vector_entry sync_exception_aarch32
Achin Gupta4f6ad662013-10-25 09:08:21 +0100285
Sandrine Bailleux9e6ad6c2016-05-24 16:56:03 +0100286vector_entry irq_aarch32
Manish Pandey66a056e2023-01-11 21:41:07 +0000287 save_x30
Manish V Badarkhee07e8082020-07-23 12:43:25 +0100288 apply_at_speculative_wa
Manish Pandey07952fb2023-05-25 13:46:14 +0100289 sync_and_handle_pending_serror
290 unmask_async_ea
Manish Pandey62040f42023-07-20 14:08:38 +0100291 b handle_interrupt_exception
Roberto Vargas95f30ab2018-04-17 11:31:43 +0100292end_vector_entry irq_aarch32
Achin Gupta4f6ad662013-10-25 09:08:21 +0100293
Sandrine Bailleux9e6ad6c2016-05-24 16:56:03 +0100294vector_entry fiq_aarch32
Manish Pandey66a056e2023-01-11 21:41:07 +0000295 save_x30
Manish V Badarkhee07e8082020-07-23 12:43:25 +0100296 apply_at_speculative_wa
Manish Pandey07952fb2023-05-25 13:46:14 +0100297 sync_and_handle_pending_serror
298 unmask_async_ea
Manish Pandey62040f42023-07-20 14:08:38 +0100299 b handle_interrupt_exception
Roberto Vargas95f30ab2018-04-17 11:31:43 +0100300end_vector_entry fiq_aarch32
Achin Gupta4f6ad662013-10-25 09:08:21 +0100301
Manish Pandey07952fb2023-05-25 13:46:14 +0100302 /*
303 * Need to synchronize any outstanding SError since we can get a burst of errors.
304 * So reuse the sync mechanism to catch any further errors which are pending.
305 */
Sandrine Bailleux9e6ad6c2016-05-24 16:56:03 +0100306vector_entry serror_aarch32
Manish Pandeya4752e22023-10-11 11:52:24 +0100307#if FFH_SUPPORT
Manish Pandey66a056e2023-01-11 21:41:07 +0000308 save_x30
Manish V Badarkhee07e8082020-07-23 12:43:25 +0100309 apply_at_speculative_wa
Manish Pandey07952fb2023-05-25 13:46:14 +0100310 sync_and_handle_pending_serror
311 unmask_async_ea
Manish Pandeyc918c182023-01-11 21:53:02 +0000312 b handle_lower_el_async_ea
Manish Pandeya4752e22023-10-11 11:52:24 +0100313#else
314 b report_unhandled_exception
315#endif
Roberto Vargas95f30ab2018-04-17 11:31:43 +0100316end_vector_entry serror_aarch32
Jeenu Viswambharana7934d62014-02-07 15:53:18 +0000317
Justin Chadwell83e04882019-08-20 11:01:52 +0100318#ifdef MONITOR_TRAPS
319 .section .rodata.brk_string, "aS"
320brk_location:
321 .asciz "Error at instruction 0x"
322brk_message:
323 .asciz "Unexpected BRK instruction with value 0x"
324#endif /* MONITOR_TRAPS */
325
Antonio Nino Diaz35c8cfc2018-04-23 15:43:29 +0100326 /* ---------------------------------------------------------------------
Jeenu Viswambharancaa84932014-02-06 10:36:15 +0000327 * The following code handles secure monitor calls.
Douglas Raillard0980eed2016-11-09 17:48:27 +0000328 * Depending upon the execution state from where the SMC has been
329 * invoked, it frees some general purpose registers to perform the
330 * remaining tasks. They involve finding the runtime service handler
331 * that is the target of the SMC & switching to runtime stacks (SP_EL0)
332 * before calling the handler.
Jeenu Viswambharancaa84932014-02-06 10:36:15 +0000333 *
Douglas Raillard0980eed2016-11-09 17:48:27 +0000334 * Note that x30 has been explicitly saved and can be used here
335 * ---------------------------------------------------------------------
Jeenu Viswambharancaa84932014-02-06 10:36:15 +0000336 */
Andre Przywarafa914d82022-11-21 17:04:10 +0000337func sync_exception_handler
Jeenu Viswambharancaa84932014-02-06 10:36:15 +0000338smc_handler32:
339 /* Check whether aarch32 issued an SMC64 */
340 tbnz x0, #FUNCID_CC_SHIFT, smc_prohibited
341
Andre Przywarafa914d82022-11-21 17:04:10 +0000342sync_handler64:
Antonio Nino Diaz594811b2019-01-31 11:58:00 +0000343 /* NOTE: The code below must preserve x0-x4 */
344
Alexei Fedorov503bbf32019-08-13 15:17:53 +0100345 /*
Alexei Fedorovf41355c2019-09-13 14:11:59 +0100346 * Save general purpose and ARMv8.3-PAuth registers (if enabled).
Boyan Karatoteved85cf72022-12-06 09:03:42 +0000347 * Also save PMCR_EL0 and set the PSTATE to a known state.
Alexei Fedorov503bbf32019-08-13 15:17:53 +0100348 */
Daniel Boulby95fb1aa2022-01-19 11:20:05 +0000349 bl prepare_el3_entry
Alexei Fedorov503bbf32019-08-13 15:17:53 +0100350
Antonio Nino Diaz25cda672019-02-19 11:53:51 +0000351#if ENABLE_PAUTH
Alexei Fedorovf41355c2019-09-13 14:11:59 +0100352 /* Load and program APIAKey firmware key */
353 bl pauth_load_bl31_apiakey
Antonio Nino Diaz25cda672019-02-19 11:53:51 +0000354#endif
Antonio Nino Diaz594811b2019-01-31 11:58:00 +0000355
Douglas Raillard0980eed2016-11-09 17:48:27 +0000356 /*
357 * Populate the parameters for the SMC handler.
358 * We already have x0-x4 in place. x5 will point to a cookie (not used
359 * now). x6 will point to the context structure (SP_EL3) and x7 will
Dimitris Papastamos04159512018-01-22 11:53:04 +0000360 * contain flags we need to pass to the handler.
Jeenu Viswambharancaa84932014-02-06 10:36:15 +0000361 */
Jeenu Viswambharancaa84932014-02-06 10:36:15 +0000362 mov x5, xzr
363 mov x6, sp
364
Douglas Raillard0980eed2016-11-09 17:48:27 +0000365 /*
Antonio Nino Diaz35c8cfc2018-04-23 15:43:29 +0100366 * Restore the saved C runtime stack value which will become the new
367 * SP_EL0 i.e. EL3 runtime stack. It was saved in the 'cpu_context'
368 * structure prior to the last ERET from EL3.
Jeenu Viswambharancaa84932014-02-06 10:36:15 +0000369 */
Antonio Nino Diaz35c8cfc2018-04-23 15:43:29 +0100370 ldr x12, [x6, #CTX_EL3STATE_OFFSET + CTX_RUNTIME_SP]
371
372 /* Switch to SP_EL0 */
Alexei Fedorovf41355c2019-09-13 14:11:59 +0100373 msr spsel, #MODE_SP_EL0
Jeenu Viswambharancaa84932014-02-06 10:36:15 +0000374
Douglas Raillard0980eed2016-11-09 17:48:27 +0000375 /*
Manish Pandey70bbdbd2022-12-07 13:04:20 +0000376 * Save the SPSR_EL3 and ELR_EL3 in case there is a world
Douglas Raillard0980eed2016-11-09 17:48:27 +0000377 * switch during SMC handling.
378 * TODO: Revisit if all system registers can be saved later.
Jeenu Viswambharancaa84932014-02-06 10:36:15 +0000379 */
380 mrs x16, spsr_el3
381 mrs x17, elr_el3
Jeenu Viswambharancaa84932014-02-06 10:36:15 +0000382 stp x16, x17, [x6, #CTX_EL3STATE_OFFSET + CTX_SPSR_EL3]
Manish Pandey70bbdbd2022-12-07 13:04:20 +0000383
384 /* Load SCR_EL3 */
385 mrs x18, scr_el3
Jeenu Viswambharancaa84932014-02-06 10:36:15 +0000386
Andre Przywarafa914d82022-11-21 17:04:10 +0000387 /* check for system register traps */
388 mrs x16, esr_el3
389 ubfx x17, x16, #ESR_EC_SHIFT, #ESR_EC_LENGTH
390 cmp x17, #EC_AARCH64_SYS
391 b.eq sysreg_handler64
392
Zelalem Aweke4d666ac2021-07-08 17:13:09 -0500393 /* Clear flag register */
394 mov x7, xzr
395
396#if ENABLE_RME
397 /* Copy SCR_EL3.NSE bit to the flag to indicate caller's security */
Elizabeth Ho4fc00d22023-07-18 14:10:25 +0100398 ubfx x7, x18, #SCR_NSE_SHIFT, #1
Zelalem Aweke4d666ac2021-07-08 17:13:09 -0500399
400 /*
401 * Shift copied SCR_EL3.NSE bit by 5 to create space for
Olivier Deprez33dd8452022-10-11 15:38:27 +0200402 * SCR_EL3.NS bit. Bit 5 of the flag corresponds to
Zelalem Aweke4d666ac2021-07-08 17:13:09 -0500403 * the SCR_EL3.NSE bit.
404 */
405 lsl x7, x7, #5
406#endif /* ENABLE_RME */
407
Jeenu Viswambharancaa84932014-02-06 10:36:15 +0000408 /* Copy SCR_EL3.NS bit to the flag to indicate caller's security */
409 bfi x7, x18, #0, #1
410
Jayanth Dodderi Chidanand3e474f72023-03-09 13:56:03 +0000411 mov sp, x12
412
413 /*
414 * Per SMCCC documentation, bits [23:17] must be zero for Fast
415 * SMCs. Other values are reserved for future use. Ensure that
416 * these bits are zeroes, if not report as unknown SMC.
417 */
418 tbz x0, #FUNCID_TYPE_SHIFT, 2f /* Skip check if its a Yield Call*/
419 tst x0, #(FUNCID_FC_RESERVED_MASK << FUNCID_FC_RESERVED_SHIFT)
420 b.ne smc_unknown
421
Olivier Deprez33dd8452022-10-11 15:38:27 +0200422 /*
423 * Per SMCCCv1.3 a caller can set the SVE hint bit in the SMC FID
424 * passed through x0. Copy the SVE hint bit to flags and mask the
425 * bit in smc_fid passed to the standard service dispatcher.
426 * A service/dispatcher can retrieve the SVE hint bit state from
427 * flags using the appropriate helper.
428 */
Jayanth Dodderi Chidanand3e474f72023-03-09 13:56:03 +00004292:
Olivier Deprez62cc1092023-05-24 17:42:00 +0200430 and x16, x0, #(FUNCID_SVE_HINT_MASK << FUNCID_SVE_HINT_SHIFT)
431 orr x7, x7, x16
Olivier Deprez33dd8452022-10-11 15:38:27 +0200432 bic x0, x0, #(FUNCID_SVE_HINT_MASK << FUNCID_SVE_HINT_SHIFT)
433
Madhukar Pappireddyd87233a2019-05-08 15:41:41 -0500434 /* Get the unique owning entity number */
435 ubfx x16, x0, #FUNCID_OEN_SHIFT, #FUNCID_OEN_WIDTH
436 ubfx x15, x0, #FUNCID_TYPE_SHIFT, #FUNCID_TYPE_WIDTH
437 orr x16, x16, x15, lsl #FUNCID_OEN_WIDTH
438
439 /* Load descriptor index from array of indices */
Madhukar Pappireddyf4e6ea62020-01-27 15:32:15 -0600440 adrp x14, rt_svc_descs_indices
441 add x14, x14, :lo12:rt_svc_descs_indices
Madhukar Pappireddyd87233a2019-05-08 15:41:41 -0500442 ldrb w15, [x14, x16]
443
444 /* Any index greater than 127 is invalid. Check bit 7. */
445 tbnz w15, 7, smc_unknown
446
Douglas Raillard0980eed2016-11-09 17:48:27 +0000447 /*
Madhukar Pappireddyd87233a2019-05-08 15:41:41 -0500448 * Get the descriptor using the index
449 * x11 = (base + off), w15 = index
450 *
451 * handler = (base + off) + (index << log2(size))
452 */
453 adr x11, (__RT_SVC_DESCS_START__ + RT_SVC_DESC_HANDLE)
454 lsl w10, w15, #RT_SVC_SIZE_LOG2
455 ldr x15, [x11, w10, uxtw]
456
457 /*
Douglas Raillard0980eed2016-11-09 17:48:27 +0000458 * Call the Secure Monitor Call handler and then drop directly into
459 * el3_exit() which will program any remaining architectural state
460 * prior to issuing the ERET to the desired lower EL.
Jeenu Viswambharancaa84932014-02-06 10:36:15 +0000461 */
462#if DEBUG
463 cbz x15, rt_svc_fw_critical_error
464#endif
465 blr x15
466
Andre Przywarafa914d82022-11-21 17:04:10 +0000467 b el3_exit
468
469sysreg_handler64:
470 mov x0, x16 /* ESR_EL3, containing syndrome information */
471 mov x1, x6 /* lower EL's context */
472 mov x19, x6 /* save context pointer for after the call */
473 mov sp, x12 /* EL3 runtime stack, as loaded above */
474
475 /* int handle_sysreg_trap(uint64_t esr_el3, cpu_context_t *ctx); */
476 bl handle_sysreg_trap
477 /*
478 * returns:
Manish Pandey067087f2023-12-08 20:13:29 +0000479 * -1: unhandled trap, UNDEF injection into lower EL
Andre Przywarafa914d82022-11-21 17:04:10 +0000480 * 0: handled trap, return to the trapping instruction (repeating it)
481 * 1: handled trap, return to the next instruction
482 */
483
484 tst w0, w0
Manish Pandey067087f2023-12-08 20:13:29 +0000485 b.mi 2f /* negative: undefined exception injection */
Andre Przywarafa914d82022-11-21 17:04:10 +0000486
Manish Pandey067087f2023-12-08 20:13:29 +0000487 b.eq 1f /* zero: do not change ELR_EL3 */
488 /* positive: advance the PC to continue after the instruction */
Andre Przywarafa914d82022-11-21 17:04:10 +0000489 ldr x1, [x19, #CTX_EL3STATE_OFFSET + CTX_ELR_EL3]
490 add x1, x1, #4
491 str x1, [x19, #CTX_EL3STATE_OFFSET + CTX_ELR_EL3]
4921:
Yatharth Kochar6c0566c2015-10-02 17:56:48 +0100493 b el3_exit
Manish Pandey067087f2023-12-08 20:13:29 +00004942:
495 /*
496 * UNDEF injection to lower EL, the support is only provided for lower
497 * EL in AArch64 mode, for AArch32 mode it will do elx_panic as before.
498 */
499 mrs x0, spsr_el3
500 tst x0, #(SPSR_M_MASK << SPSR_M_SHIFT)
501 b.ne elx_panic
502 /* Pass context pointer as an argument to inject_undef64 */
503 mov x0, x19
504 bl inject_undef64
505 b el3_exit
Achin Gupta4f6ad662013-10-25 09:08:21 +0100506
Jeenu Viswambharancaa84932014-02-06 10:36:15 +0000507smc_unknown:
508 /*
Madhukar Pappireddyd87233a2019-05-08 15:41:41 -0500509 * Unknown SMC call. Populate return value with SMC_UNK and call
510 * el3_exit() which will restore the remaining architectural state
511 * i.e., SYS, GP and PAuth registers(if any) prior to issuing the ERET
Jayanth Dodderi Chidanand3e474f72023-03-09 13:56:03 +0000512 * to the desired lower EL.
Jeenu Viswambharancaa84932014-02-06 10:36:15 +0000513 */
Antonio Nino Diaze4794b72018-02-14 14:22:29 +0000514 mov x0, #SMC_UNK
Madhukar Pappireddyd87233a2019-05-08 15:41:41 -0500515 str x0, [x6, #CTX_GPREGS_OFFSET + CTX_GPREG_X0]
516 b el3_exit
Jeenu Viswambharancaa84932014-02-06 10:36:15 +0000517
518smc_prohibited:
Manish V Badarkhee07e8082020-07-23 12:43:25 +0100519 restore_ptw_el1_sys_regs
520 ldp x28, x29, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X28]
Soby Mathew6c5192a2014-04-30 15:36:37 +0100521 ldr x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
Antonio Nino Diaze4794b72018-02-14 14:22:29 +0000522 mov x0, #SMC_UNK
Anthony Steinhauser0f7e6012020-01-07 15:44:06 -0800523 exception_return
Jeenu Viswambharancaa84932014-02-06 10:36:15 +0000524
Alexei Fedorovf41355c2019-09-13 14:11:59 +0100525#if DEBUG
Jeenu Viswambharancaa84932014-02-06 10:36:15 +0000526rt_svc_fw_critical_error:
Douglas Raillard0980eed2016-11-09 17:48:27 +0000527 /* Switch to SP_ELx */
Alexei Fedorovf41355c2019-09-13 14:11:59 +0100528 msr spsel, #MODE_SP_ELX
Jeenu Viswambharan68aef102016-11-30 15:21:11 +0000529 no_ret report_unhandled_exception
Alexei Fedorovf41355c2019-09-13 14:11:59 +0100530#endif
Andre Przywarafa914d82022-11-21 17:04:10 +0000531endfunc sync_exception_handler
Justin Chadwell83e04882019-08-20 11:01:52 +0100532
533 /* ---------------------------------------------------------------------
Manish Pandey62040f42023-07-20 14:08:38 +0100534 * This function handles FIQ or IRQ interrupts i.e. EL3, S-EL1 and NS
535 * interrupts.
536 *
537 * Note that x30 has been explicitly saved and can be used here
538 * ---------------------------------------------------------------------
539 */
540func handle_interrupt_exception
541 /*
542 * Save general purpose and ARMv8.3-PAuth registers (if enabled).
543 * Also save PMCR_EL0 and set the PSTATE to a known state.
544 */
545 bl prepare_el3_entry
546
547#if ENABLE_PAUTH
548 /* Load and program APIAKey firmware key */
549 bl pauth_load_bl31_apiakey
550#endif
551
552 /* Save the EL3 system registers needed to return from this exception */
553 mrs x0, spsr_el3
554 mrs x1, elr_el3
555 stp x0, x1, [sp, #CTX_EL3STATE_OFFSET + CTX_SPSR_EL3]
556
557 /* Switch to the runtime stack i.e. SP_EL0 */
558 ldr x2, [sp, #CTX_EL3STATE_OFFSET + CTX_RUNTIME_SP]
559 mov x20, sp
560 msr spsel, #MODE_SP_EL0
561 mov sp, x2
562
563 /*
564 * Find out whether this is a valid interrupt type.
565 * If the interrupt controller reports a spurious interrupt then return
566 * to where we came from.
567 */
568 bl plat_ic_get_pending_interrupt_type
569 cmp x0, #INTR_TYPE_INVAL
570 b.eq interrupt_exit
571
572 /*
573 * Get the registered handler for this interrupt type.
574 * A NULL return value could be 'cause of the following conditions:
575 *
576 * a. An interrupt of a type was routed correctly but a handler for its
577 * type was not registered.
578 *
579 * b. An interrupt of a type was not routed correctly so a handler for
580 * its type was not registered.
581 *
582 * c. An interrupt of a type was routed correctly to EL3, but was
583 * deasserted before its pending state could be read. Another
584 * interrupt of a different type pended at the same time and its
585 * type was reported as pending instead. However, a handler for this
586 * type was not registered.
587 *
588 * a. and b. can only happen due to a programming error. The
589 * occurrence of c. could be beyond the control of Trusted Firmware.
590 * It makes sense to return from this exception instead of reporting an
591 * error.
592 */
593 bl get_interrupt_type_handler
594 cbz x0, interrupt_exit
595 mov x21, x0
596
597 mov x0, #INTR_ID_UNAVAILABLE
598
599 /* Set the current security state in the 'flags' parameter */
600 mrs x2, scr_el3
601 ubfx x1, x2, #0, #1
602
603 /* Restore the reference to the 'handle' i.e. SP_EL3 */
604 mov x2, x20
605
606 /* x3 will point to a cookie (not used now) */
607 mov x3, xzr
608
609 /* Call the interrupt type handler */
610 blr x21
611
612interrupt_exit:
613 /* Return from exception, possibly in a different security state */
614 b el3_exit
615endfunc handle_interrupt_exception
616
Manish Pandeya4752e22023-10-11 11:52:24 +0100617func imp_def_el3_handler
618 /* Save GP registers */
619 stp x0, x1, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X0]
620 stp x2, x3, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
621 stp x4, x5, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X4]
622
623 /* Get the cpu_ops pointer */
624 bl get_cpu_ops_ptr
625
626 /* Get the cpu_ops exception handler */
627 ldr x0, [x0, #CPU_E_HANDLER_FUNC]
628
629 /*
630 * If the reserved function pointer is NULL, this CPU does not have an
631 * implementation defined exception handler function
632 */
633 cbz x0, el3_handler_exit
634 mrs x1, esr_el3
635 ubfx x1, x1, #ESR_EC_SHIFT, #ESR_EC_LENGTH
636 blr x0
637el3_handler_exit:
638 ldp x0, x1, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X0]
639 ldp x2, x3, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
640 ldp x4, x5, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X4]
641 restore_x30
642 no_ret report_unhandled_exception
643endfunc imp_def_el3_handler
644
645/*
646 * Handler for async EA from lower EL synchronized at EL3 entry in KFH mode.
647 *
648 * This scenario may arise when there is an error (EA) in the system which is not
649 * yet signaled to PE while executing in lower EL. During entry into EL3, the errors
650 * are synchronized either implicitly or explicitly causing async EA to pend at EL3.
651 *
652 * On detecting the pending EA (via ISR_EL1.A) and if the EA routing model is
653 * KFH (SCR_EL3.EA = 1) this handler reflects ther error back to lower EL.
654 *
655 * This function assumes x30 has been saved.
656 */
657func reflect_pending_async_ea_to_lower_el
658 /*
659 * As the original exception was not handled we need to ensure that we return
660 * back to the instruction which caused the exception. To acheive that, eret
661 * to "elr-4" (Label "subtract_elr_el3") for SMC or simply eret otherwise
662 * (Label "skip_smc_check").
663 *
664 * LIMITATION: It could be that async EA is masked at the target exception level
665 * or the priority of async EA wrt to the EL3/secure interrupt is lower, which
666 * causes back and forth between lower EL and EL3. In case of back and forth between
667 * lower EL and EL3, we can track the loop count in "CTX_NESTED_EA_FLAG" and leverage
668 * previous ELR in "CTX_SAVED_ELR_EL3" to detect this cycle and further panic
669 * to indicate a problem here (Label "check_loop_ctr"). If we are in this cycle, loop
670 * counter retains its value but if we do a normal el3_exit this flag gets cleared.
671 * However, setting SCR_EL3.IESB = 1, should give priority to SError handling
672 * as per AArch64.TakeException pseudo code in Arm ARM.
673 *
674 * TODO: In future if EL3 gets a capability to inject a virtual SError to lower
675 * ELs, we can remove the el3_panic and handle the original exception first and
676 * inject SError to lower EL before ereting back.
677 */
678 stp x28, x29, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X28]
679 ldr x29, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_ELR_EL3]
680 mrs x28, elr_el3
681 cmp x29, x28
682 b.eq check_loop_ctr
683 str x28, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_ELR_EL3]
684 /* Zero the loop counter */
685 str xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_NESTED_EA_FLAG]
686 b skip_loop_ctr
687check_loop_ctr:
688 ldr x29, [sp, #CTX_EL3STATE_OFFSET + CTX_NESTED_EA_FLAG]
689 add x29, x29, #1
690 str x29, [sp, #CTX_EL3STATE_OFFSET + CTX_NESTED_EA_FLAG]
691 cmp x29, #ASYNC_EA_REPLAY_COUNTER
692 b.ge el3_panic
693skip_loop_ctr:
694 /*
695 * Logic to distinguish if we came from SMC or any other exception.
696 * Use offsets in vector entry to get which exception we are handling.
697 * In each vector entry of size 0x200, address "0x0-0x80" is for sync
698 * exception and "0x80-0x200" is for async exceptions.
699 * Use vector base address (vbar_el3) and exception offset (LR) to
700 * calculate whether the address we came from is any of the following
701 * "0x0-0x80", "0x200-0x280", "0x400-0x480" or "0x600-0x680"
702 */
703 mrs x29, vbar_el3
704 sub x30, x30, x29
705 and x30, x30, #0x1ff
706 cmp x30, #0x80
707 b.ge skip_smc_check
708 /* Its a synchronous exception, Now check if it is SMC or not? */
709 mrs x30, esr_el3
710 ubfx x30, x30, #ESR_EC_SHIFT, #ESR_EC_LENGTH
711 cmp x30, #EC_AARCH32_SMC
712 b.eq subtract_elr_el3
713 cmp x30, #EC_AARCH64_SMC
714 b.eq subtract_elr_el3
715 b skip_smc_check
716subtract_elr_el3:
717 sub x28, x28, #4
718skip_smc_check:
719 msr elr_el3, x28
720 ldp x28, x29, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X28]
721 ldr x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
722 exception_return
723endfunc reflect_pending_async_ea_to_lower_el
724
Manish Pandey62040f42023-07-20 14:08:38 +0100725 /* ---------------------------------------------------------------------
Justin Chadwell83e04882019-08-20 11:01:52 +0100726 * The following code handles exceptions caused by BRK instructions.
727 * Following a BRK instruction, the only real valid cause of action is
728 * to print some information and panic, as the code that caused it is
729 * likely in an inconsistent internal state.
730 *
731 * This is initially intended to be used in conjunction with
732 * __builtin_trap.
733 * ---------------------------------------------------------------------
734 */
735#ifdef MONITOR_TRAPS
736func brk_handler
737 /* Extract the ISS */
738 mrs x10, esr_el3
739 ubfx x10, x10, #ESR_ISS_SHIFT, #ESR_ISS_LENGTH
740
741 /* Ensure the console is initialized */
742 bl plat_crash_console_init
743
744 adr x4, brk_location
745 bl asm_print_str
746 mrs x4, elr_el3
747 bl asm_print_hex
748 bl asm_print_newline
749
750 adr x4, brk_message
751 bl asm_print_str
752 mov x4, x10
753 mov x5, #28
754 bl asm_print_hex_bits
755 bl asm_print_newline
756
757 no_ret plat_panic_handler
758endfunc brk_handler
759#endif /* MONITOR_TRAPS */