Exceptions

; Copyright 2016 Castle Technology Ltd
;
; Licensed under the Apache License, Version 2.0 (the "License");
; you may not use this file except in compliance with the License.
; You may obtain a copy of the License at
;
;     http://www.apache.org/licenses/LICENSE-2.0
;
; Unless required by applicable law or agreed to in writing, software
; distributed under the License is distributed on an "AS IS" BASIS,
; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
; See the License for the specific language governing permissions and
; limitations under the License.
;
; > Exceptions

; +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
;
;       Exception veneers

;  Instruction fetch abort pre-veneer
;
PAbPreVeneer    ROUT
        ; Produce a register dump containing everything important that could be
        ; corrupted by a recursive abort, or hard to access from child routines:
        ; R0-R14, SPSR, IFAR, IFSR, AIFSR
        ; = 19 words
        STR     lr, [sp, #-20]!           ; Save space for PSR, etc.
        ADD     lr, sp, #20
        Push    "r0-r12,lr"               ; R0-R13
        ; Fill in SPSR & the available CP15 registers
        LDR     r4, =ZeroPage+CPUFeatures+((CPUFeature_CP15_IFAR:SHR:5):SHL:2)
        LDR     r4, [r4]
        MRS     r0, SPSR
        LDR     r8, [sp, #14*4]
        TST     r4, #1:SHL:(CPUFeature_CP15_IFAR:AND:31)
        ARM_read_IFAR r9,NE
        SUBEQ   r9, r8, #4      ; generate fake IFAR from LR (should be OK for everything except Jazelle)
        ASSERT  CPUFeature_CP15_IFAR:SHR:5 = CPUFeature_CP15_IFSR:SHR:5
        TST     r4, #1:SHL:(CPUFeature_CP15_IFSR:AND:31)
        ARM_read_IFSR r10,NE
        ASSERT  CPUFeature_CP15_IFAR:SHR:5 = CPUFeature_CP15_AIFSR:SHR:5
        TST     r4, #1:SHL:(CPUFeature_CP15_AIFSR:AND:31)
        ARM_read_AIFSR r11,NE
        STMDB   lr, {r0,r9-r11}

 [ AMB_LazyMapIn
        MOV     r0, r9                    ; aborting address
        MOV     r2, #1
        BL      AMB_LazyFixUp             ; can trash r0-r7, returns NE status if claimed and fixed up
        BEQ     %FT45
        PageTableSync
        SUB     r8, r8, #4
        STR     r8, [sp, #14*4]
        B       %FT60
45
 ]

        ; Try an AbortTrap memmap request
        ; extern _kernel_oserror *aborttrap_mem_access(void *buf,uint32_t addr,int len,int flags);
        IMPORT  aborttrap_mem_access
        MOV     r5, #0
        ; Validate the SVC stack
        BL      ValidateR13_svc
        BVS     %FT48
        ; Drop into SVC mode
        LDR     r3, [sp, #15*4]
        SetMode SVC32_mode,r1
        ; Preserve registers
        MRS     r10, SPSR
        MOV     r11, r14
        ; Set up for the AbortTrap call
        MOV     r1, r9
        MOV     r2, #1
        ; Work out the necessary permissions
        TST     r3, #&F
        LDRNE   r3, =((AbortTrap_MemMap_PrivX+AbortTrap_MemMap_PrivR)<<4)+AbortTrap_Reason_MemMap
        LDREQ   r3, =((AbortTrap_MemMap_UserX+AbortTrap_MemMap_UserR)<<4)+AbortTrap_Reason_MemMap
        ; Note that the buffer pointer (R0) is irrelevant for memmap requests
        BL      aborttrap_mem_access
        ; Restore registers
        MOV     r14, r11
        MSR     SPSR_cxsf, r10
        ; Back to abort
        SetMode ABT32_mode, v1
        CMP     r0, #1
        SUBLO   r8, r8, #4
        STRLO   r8, [sp, #14*4]
        BLO     %FT60
        LDRNE   r1, [r0]
        TSTNE   r1, #&80000000                  ; Serious error?
        MOVNE   r5, r0

48
        ; Pass on to PAbHan (i.e. OS_ChangeEnvironment), or raise an error
 [ AMB_LazyMapIn
        BL      AMB_MakeFullyHonest       ; PAbHan might not support recursive aborts
 ]

        ; Remember the details of this abort, for OS_ReadSysInfo 7
        ADD     r0, sp, #19*4
        LDMDB   r0, {r0-r4}                    ; LR, SPSR, IFAR, IFSR, AIFSR
        LDR     r6, =ZeroPage+Abort32_dumparea
        ADD     r7, r2, #4
        STMIA   r6, {r0-r1,r7}                 ; dump 32-bit PC, 32-bit PSR, IFAR+4

        ; Is there an error to raise?
        MOVS    r14, r5
        BNE     %FT70

        ; Restore SPSR & CP15 registers
        LDR     r5, =ZeroPage+CPUFeatures+((CPUFeature_CP15_IFAR:SHR:5):SHL:2)
        LDR     r5, [r5]
        MSR     SPSR_cxsf, r1
        TST     r5, #1:SHL:(CPUFeature_CP15_IFAR:AND:31)
        ARM_write_IFAR r2,NE
        ASSERT  CPUFeature_CP15_IFAR:SHR:5 = CPUFeature_CP15_IFSR:SHR:5
        TST     r5, #1:SHL:(CPUFeature_CP15_IFSR:AND:31)
        ARM_write_IFSR r3,NE
        ASSERT  CPUFeature_CP15_IFAR:SHR:5 = CPUFeature_CP15_AIFSR:SHR:5
        TST     r5, #1:SHL:(CPUFeature_CP15_AIFSR:AND:31)
        ARM_write_AIFSR r4,NE

        LDR     lr, =ZeroPage+PAbHan
        LDR     lr, [lr]
        STR     lr, [sp, #15*4]
        LDMIA   sp, {r0-r15}              ; The recovered R13 should discard the everything else from the stack
60
        LDR     r4, [sp, #15*4]
        MSR     SPSR_cxsf, r4
        LDMIA   sp, {r0-r13,r15}^         ; The recovered R13 should discard the everything else from the stack

70
        ; Raise error (in R14) using the same mechanism that ABORTP uses for
        ; unhandled prefetch aborts - i.e. call through to DumpyTheRegisters.
        ; To do that, we must shuffle things around into a (part-filled)
        ; standard 17 word register dump.
        ADD     r2, sp, #19*4
        LDR     r0, [sp, #14*4]    ; Grab PC
        LDR     r1, [sp, #15*4]    ; Grab SPSR
        STMFD   r2, {r0,r1}        ; Store at top of stack
        LDMIA   sp, {r0-r12}       ; Load all the other regs
        ADD     sp, sp, #19*4-17*4 ; Adjust SP to point at base of new dump
        STMIA   sp, {r0-r7}        ; Fill in R0-R7
        ADD     r0, sp, #8*4       ; R0 points to R8
        LDR     r1, [sp, #16*4]    ; R1 is SPSR again
        MOV     r4, #-1            ; R4 is magic value to stop error translation
        B       DumpyTheRegisters


DAbPreVeneer    ROUT

        ; Produce a register dump containing everything important that could be
        ; corrupted by a recursive abort, or hard to access from child routines:
        ; R0-R14, SPSR, DFAR, DFSR, ADFSR
        ; = 19 words
        STR     lr, [sp, #-20]!           ; Save space for PSR, etc.
        ADD     lr, sp, #20
        Push    "r0-r12,lr"               ; R0-R13
        ; Fill in SPSR & the available CP15 registers
        LDR     r5, =ZeroPage+CPUFeatures+((CPUFeature_CP15_ADFSR:SHR:5):SHL:2)
        LDR     r5, [r5]
        MRS     r0, SPSR
        ARM_read_FAR r1 ; DFAR
        ARM_read_FSR r2 ; DFSR
        TST     r5, #1:SHL:(CPUFeature_CP15_ADFSR:AND:31)
        ARM_read_ADFSR r3,NE
        STMDB   lr, {r0-r3}

        MyCLREX r0, r1                          ; Exclusive monitor is in unpredictable state "after taking a data abort", clear it here

        ; The next couple of bits want LR, SPSR & DFAR
        ADD     r8, sp, #14*4
        LDMIA   r8, {r8-r10}                    ; LR, SPSR, DFAR

  [ MEMM_Type = "VMSAv6"
        ; Fixup code for MVA-based cache/TLB ops, which can abort on ARMv7 if the specified MVA doesn't have a mapping.
        ; Must come before AMBControl, else things can go very wrong during OS_ChangeDynamicArea
        ; MVA cache ops have the form coproc=p15, CRn=c7, opc1=0, opc2=1
        ; MVA TLB ops have the form coproc=p15, CRn=c8, opc1=0, opc2=1
        ; Note that some non-MVA ops also follow the above rules - at the moment we make no attempt to filter those false-positives out
        ; This code is also written from the perspective of running on an ARMv7 CPU - behaviour under ARMv6 hasn't been checked!

        CMP     r8, #AplWorkMaxSize             ; Assume that MVA ops won't come from application space (extra safety to avoid recursive aborts breaking things)
        BLO     %FT10
        TST     r9, #T32_bit
        BNE     %FT10                           ; We don't cope with Thumb ATM. Should really check for Jazelle too!
        LDR     r0, [r8, #-8]                   ; Get aborting instruction
        CMP     r0, #&F0000000
        BHS     %FT10                           ; Ignore cc=NV, which is MCR2 encoding
        BIC     r0, r0, #&F000000F              ; Mask out the uninteresting bits
        BIC     r0, r0, #&0000F000
        EOR     r0, r0, #&0E000000              ; Desired value, minus CRn
        EOR     r0, r0, #&00000F30
        CMP     r0,     #&00070000              ; CRn=c7?
        CMPNE   r0,     #&00080000              ; CRn=c8?
        BNE     %FT10                           ; It's not an MVA-based op
        SUB     r8, r8, #4                      ; Resume execution at the next instruction
        STR     r8, [sp, #14*4]
        B       %FT70
10
  ]

  [ AMB_LazyMapIn
        MOV     r0, r10                         ; DFAR
        MOV     r2, #0
        LDR     r6, [sp, #17*4]                 ; DFSR
        BL      AMB_LazyFixUp                   ; can trash r0-r7, returns NE status if claimed and fixed up
        BEQ     %FT45
        PageTableSync
        SUB     r8, r8, #8
        STR     r8, [sp, #14*4]
        B       %FT70
45
  ]

        ; Try AbortTrap
        MOV     r5, #0
        BL      ValidateR13_svc
        BVS     %FT50
        MOV     r0, sp
        IMPORT  aborttrap_dataabort_veneer
        BL      aborttrap_dataabort_veneer
        CMP     r0, #1
        BLO     %FT70
        LDRNE   r1, [r0]
        TSTNE   r1, #&80000000                  ; Serious error?
        MOVNE   r5, r0
50
        ADD     r8, sp, #14*4
        LDMIA   r8, {r8-r10}                    ; LR, SPSR, DFAR

        ; Remember the details of this abort, for OS_ReadSysInfo 7

        LDR     r4, =ZeroPage+Abort32_dumparea
        STMIA   r4, {r8-r10}                    ; dump 32-bit PC, 32-bit PSR, fault address

        MOV     r2, #0                          ; we're going to call abort handler
        STR     r2, [r4, #CDASemaphore-Abort32_dumparea] ; so allow recovery if we were in CDA

        ; Pass on to DAbHan (i.e. OS_ChangeEnvironment), or raise an error
  [ AMB_LazyMapIn
        BL      AMB_MakeFullyHonest             ; DAbHan might not support recursive aborts
  ]
        ; Is there an error to raise?
        MOVS    r14, r5
        BNE     %FT60

        ; Restore SPSR & CP15 registers
        ADD     r0, sp, #19*4
        LDMDB   r0, {r0-r3}
        LDR     r5, =ZeroPage+CPUFeatures+((CPUFeature_CP15_DFAR_DFSR_writable:SHR:5):SHL:2)
        LDMIA   r5, {r5,r6}
        MSR     SPSR_cxsf, r0
        TST     r5, #1:SHL:(CPUFeature_CP15_DFAR_DFSR_writable:AND:31)
        ARM_write_FAR r1,NE ; DFAR
        ARM_write_FSR r2,NE ; DFSR
        ASSERT  (CPUFeature_CP15_DFAR_DFSR_writable:SHR:5)+1 = CPUFeature_CP15_ADFSR:SHR:5
        TST     r6, #1:SHL:(CPUFeature_CP15_ADFSR:AND:31)
        ARM_write_ADFSR r3,NE

        LDR     lr, =ZeroPage+DAbHan
        LDR     lr, [lr]
        STR     lr, [sp, #15*4]
        LDMIA   sp, {r0-r15}                    ; The recovered R13 should discard the everything else from the stack

60
        ; Raise error (in R14) using the same mechanism that ABORTD uses for
        ; unhandled data aborts - i.e. call through to DumpyTheRegisters.
        ; To do that, we must shuffle things around into a (part-filled)
        ; standard 17 word register dump.
        ADD     r2, sp, #19*4
        LDR     r0, [sp, #14*4]    ; Grab PC
        LDR     r1, [sp, #15*4]    ; Grab SPSR
        STMFD   r2, {r0,r1}        ; Store at top of stack
        LDMIA   sp, {r0-r12}       ; Load all the other regs
        ADD     sp, sp, #19*4-17*4 ; Adjust SP to point at base of new dump
        STMIA   sp, {r0-r7}        ; Fill in R0-R7
        ADD     r0, sp, #8*4       ; R0 points to R8
        LDR     r1, [sp, #16*4]    ; R1 is SPSR again
        MOV     r4, #-1            ; R4 is magic value to stop error translation
        B       DumpyTheRegisters

70
        LDR     r4, [sp, #15*4]
        MSR     SPSR_cxsf, r4
        LDMIA   sp, {r0-r13,r15}^         ; The recovered R13 should discard the everything else from the stack

; In: ABT32 mode
; Out: R0-R3 corrupt
;      VC if R13_svc is valid (at least up to next page boundary), VS if not
ValidateR13_svc ROUT
        Entry
        SetMode SVC32_mode, r0
        ; Check stack space against MB-aligned base addr
        MOV     r0, r13, LSL #12
        CMP     r0, #4096<<12
        BLO     %FT90
        ; Check SP alignment
        TST     r13, #3
        BNE     %FT90
        ; Check the page tables to make sure it's pointing to suitable memory
        SUB     r0, r13, #1
        SetMode ABT32_mode,r1
        MOV     r0, r0, LSR #Log2PageSize
        MOV     r0, r0, LSL #Log2PageSize
        PTOp    LoadAndDecodeL2Entry
        ; Decode the permissions
        CMP     r2, #-1
        LDRNE   r1, =ZeroPage
        LDRNE   r0, [r1, #MMU_PPLAccess]
        ANDNE   r2, r2, #DynAreaFlags_APBits
        LDRNE   r0, [r0, r2, LSL #2]
        MOVEQ   r0, #0
        ; Must have privileged read+write access
        AND     r0, r0, #CMA_Partially_PrivR+CMA_Partially_PrivW
        CMP     r0, #CMA_Partially_PrivR+CMA_Partially_PrivW
        SETV    NE
        EXIT
90
        SetMode ABT32_mode, r0
        SETV
        EXIT

        END