1. 29 May, 2024 1 commit
  2. 24 Apr, 2024 1 commit
  3. 20 Nov, 2023 3 commits
    • Jeffrey Lee's avatar
      Improve error handling in OS_Exit · 2054b8fe
      Jeffrey Lee authored
      The poor documentation of OS_Exit in the PRMs means there could be many
      pieces of software which are using it in a dangerous way. E.g. the
      famous issue of "OS_Exit generates a garbage error if the return code is
      out of range" that's documented in the OS StrongHelp manuals - where
      people (quite rightly) assumed that the OS would generate the "return
      code out of range" error, when in reality the OS has only ever used the
      error pointer that was supplied by the caller.
      
      Try and improve on things slightly by having OS_Exit sanity check the
      supplied error pointer before it tries to use it. This doesn't alter the
      cases where OS_Exit decides to silently ignore the supplied error
      pointer / return code (if R0 isn't word aligned, or historically, if R0
      wasn't word aligned and wasn't in the low 64MB of address space), it
      just alters the logic for what error pointer gets sent to
      OS_GenerateError when it does decide to raise an error.
      
      If the error pointer looks bad (it's below &4000 or not pointing to at
      least 8 bytes of readable memory) then it will get swapped out for one
      of the "return code out of range" errors which get used when you *Set
      Sys$ReturnCode.
      
      Version 6.70. Tagged as 'Kernel-6_70'
      2054b8fe
    • Jeffrey Lee's avatar
      Fix register corruption in OS_Exit · b1300179
      Jeffrey Lee authored
      Although it's never been officially documented, RISC OS has historically
      used the following values for R0-R2 when calling the exit environment
      handler:
      
      R0 = 0 (or some other "safe" value)
      R1 = R1 from OS_Exit
      R2 = Return code
      
      Some exit handlers were relying on this (e.g. Shared C Library /
      ANSILib). Changing OS_Exit to use TaskControl_ResetStacks was causing R1
      & R2 to be corrupt, with the result that non-zero, non-error-generating
      return codes from C programs were being lost and reset to zero.
      
      Document things more clearly and ensure R0-R2 have acceptable values so
      that software which relies on the old behaviour will work again.
      b1300179
    • Jeffrey Lee's avatar
      Add OS_Exit test code · a5ded1d7
      Jeffrey Lee authored
      OSExitArgs checks how OS_Exit handles its arguments, whether it passes
      the call on to the error or exit handler, and the register state on
      entry to those handlers.
      
      It will currently fail on this version of the kernel due to a register
      corruption bug introduced when OS_Exit was changed to use
      TaskControl_ResetStacks (the state of R0-R2 on entry to exit handlers
      has never been documented, and some handlers rely on R0-R2 being in a
      valid state to pass into another OS_Exit call, but TaskControl was
      corrupting R1-R2, preventing the return code from being passed on)
      a5ded1d7
  4. 21 Oct, 2023 1 commit
    • Phil Pemberton's avatar
      Add symbolic names for VIDC20 device-specific flags · 55f1c8fd
      Phil Pemberton authored
      Add VCO, TV, NTSC video flag to VDU VideoDevice descriptor for Bush IBX (and
      possibly others later). Allows the HAL to convey hardware settings to
      the VIDC20Driver at run time.
      Also add the Lazarus machine name to the list of machines for abort trap.
      
      Version 6.69. Tagged as 'Kernel-6_69'
      55f1c8fd
  5. 14 Oct, 2023 1 commit
    • Robert Sprowson's avatar
      Get configured language from ROM module position · a7a9f434
      Robert Sprowson authored
      There's no assured 1:1 relationship between ROM module and module chain
      position now some modules can be started early for keyboard detection (and
      even ignoring that, if you *Unplug something the module chain numbers all
      change), so take the configured language to mean the position in the system
      ROM.
      
      Version 6.68. Tagged as 'Kernel-6_68'
      a7a9f434
  6. 23 Aug, 2023 1 commit
    • Ben Avison's avatar
      Rewrite rules for export rom install · ac305846
      Ben Avison authored
      BuildSys 7.91 changes how top-level phony rules are overridden.
      In this component, the `export`, `install`, `install_rom` and `rom` targets
      are redefined after `AAsmModule` is included, so they will be affected.
      
      Version 6.67. Not tagged
      ac305846
  7. 19 Aug, 2023 1 commit
  8. 03 May, 2023 2 commits
    • Jeffrey Lee's avatar
      Fix HandleServiceEnumerateScreenModes returning mostly nonsense modes · acbb6106
      Jeffrey Lee authored
      A mistake in the interlace handling changes that were made in Kernel
      6.21 meant that when HandleServiceEnumerateScreenModes populates the
      buffer that's returned to the caller, all of the modes were getting
      treated as interlaced, resulting in most of them reporting a Y
      resolution that's twice what it should be. Attempting to use those mode
      entries (e.g. constructing a mode selector block and calling
      OS_ScreenMode 0 or OS_CheckModeValid) would then most likely fail.
      
      Fix the code to look at the correct VIDC list member when checking for
      interlace. This fixes things so that (when using legacy monitor types)
      the mode lists reported by Service_EnumerateScreenModes and the display
      manager are once again valid.
      
      Version 6.65. Tagged as 'Kernel-6_65'
      acbb6106
    • Jeffrey Lee's avatar
      Fix register corruption in HandleServiceEnumerateScreenModes · 801616a2
      Jeffrey Lee authored
      File this under "how did this ever work": the call to DoBasicVetMode was
      corrupting R5 if the VIDC list was accepted by the driver (and
      potentially corrupting it if it wasn't), which would then cause a crash
      or memory corruption if this wasn't the last pixel depth that we wanted
      to try for this X/Y/Hz combination.
      
      This wouldn't have affected most people since most machines will be
      using MDFs or EDID, but I'm not sure how this got missed during my
      initial testing of the feature (Service_EnumerateScreenModes
      implementation for legacy monitor types).
      
      Fixes issue reported on forums with *Desktop crashing in the kernel
      after shift-booting on Iyonix:
      
      https://www.riscosopen.org/forum/forums/5/topics/17705?page=4#posts-140181
      801616a2
  9. 30 Jan, 2023 3 commits
    • Jeffrey Lee's avatar
      Use HostApp makefile fragment · 7d2b43b5
      Jeffrey Lee authored
      Version 6.64. Not tagged
      7d2b43b5
    • Timothy E Baldwin's avatar
      Preserve R4 in DumpyTheRegisters · a6861edb
      Timothy E Baldwin authored
      R4 contains the offset to adjust the PC value to use in the error message,
      but was being corrupted by changes in Kernel 6.62 (commit 6baad1bc).
      
      Version 6.64. Tagged as 'Kernel-6_64'
      a6861edb
    • Timothy E Baldwin's avatar
      Fix aborttrap for ARMv3 · 91415538
      Timothy E Baldwin authored
      Was trying to use SYS mode to access user registers, which was introduced
      in ARMv4. Fix by using STM and LDM instead.
      
      Also support reading and writing registers for 26-bit modes.
      
      Tested on RPCEmu.
      
      Version 6.63. Not tagged
      91415538
  10. 14 Jan, 2023 13 commits
  11. 05 Jan, 2023 1 commit
  12. 01 Jun, 2022 2 commits
  13. 07 Aug, 2021 4 commits
    • Jeffrey Lee's avatar
      Fix AbortTrap's handling of LDA instruction for emulated AP1 · 322fd3a6
      Jeffrey Lee authored
      When AP1 memory is being emulated (long descriptor page tables are in
      use), the AbortTrap machinery is used to emulate usermode read access.
      This provides coverage for all read instructions except those that
      AbortTrap handles via MemMap requests - LDREX, LDA, LDAEX, LDF & LFM.
      
      LDREX & LDAEX request both read & write access, so are fine (the MemMap
      request will get passed through to the registered AbortTrap handlers).
      
      LDF & LFM are irrelevant, since they only exist on ARM7500FE (on other
      machines FPEmulator will translate them to regular LDR/LDM, which are
      handled correctly)
      
      LDA however, will generate a plain "memmap with usermode read" request.
      When AbortTrap looks at the permissions of emulated AP1 it doesn't take
      into account the fact that the usermode read permission is being
      emulated, so it thinks that everything is fine and claims the memmap
      was successful, causing the abort handler to retry the instruction
      without making any changes, resulting in an infinite abort loop.
      
      Deal with this by detecting the above situation and also requesting
      usermode execute access. This will avoid the kernel (and hopefully the
      registered AbortTrap handlers) from thinking that the emulated AP1 is
      acceptable, without adversely affecting the behaviour of other
      instructions or access privileges. If no handler is present or the
      memmap request is denied, the abort will get passed on to the next stage
      of the abort handler (i.e. you'll get a standard data abort from trying
      to LDA from arbitrary emulated AP1 memory)
      
      The new test program (Dev/AbortTrap/attest_ap1) will check that this
      edge case is dealt with correctly.
      
      Tested on Pi 4, for both long & short page tables
      
      Version 6.59. Tagged as 'Kernel-6_59'
      322fd3a6
    • Jeffrey Lee's avatar
      Add safety checks to s.CPUFeatures · e2e5a722
      Jeffrey Lee authored
      To avoid CallASWI's CPUFeatures implementation getting dangerously out
      of sync with the kernel, add extra asserts to both sets of sources to
      check try and make sure both sets of sources get updated when new flags
      are added.
      e2e5a722
    • Jeffrey Lee's avatar
      Allocate OS_PlatformFeatures 0 bit 22 · 305dc195
      Jeffrey Lee authored
      Pyromaniac doesn't allow low-level control or examination of the memory
      map; allocate an OS_PlatformFeatures bit to allow software to directly
      detect this limitation instead of having to rely on the affected SWIs
      erroring.
      
      https://www.riscosopen.org/forum/forums/3/topics/16609
      305dc195
    • Jeffrey Lee's avatar
      Fix a couple of comment typos · e565ad40
      Jeffrey Lee authored
      e565ad40
  14. 28 Jul, 2021 6 commits
    • Jeffrey Lee's avatar
      Make OS_Memory 24 report Abortable DAs · b98ccef2
      Jeffrey Lee authored
      Version 6.58. Tagged as 'Kernel-6_58'
      b98ccef2
    • Jeffrey Lee's avatar
      Add AP 1 emulation for long descriptor page tables · f93d930d
      Jeffrey Lee authored
      The long descriptor page table format doesn't support RISC OS access
      privilege 1 (user RX, privileged RWX). Previously we were downgrading
      this to AP 0 (user RWX, privielged RWX), which obviously weakens the
      security of the memory. However now that we have an AbortTrap
      implementation, we can map the memory as "user none, privileged RWX" and
      provide user read support via AbortTrap's instruction decode & execute
      logic.
      
      There's no support for executing usermode code from the memory, but the
      compatibility issues caused by that are likely to be minimal.
      f93d930d
    • Jeffrey Lee's avatar
      AbortTrap prefetch abort support · 84c73735
      Jeffrey Lee authored
      Also make lazy task swapping aborts to use IFAR where possible, to
      ensure any Thumb-2/Jazelle instructions which cross page boundaries are
      handled correctly.
      84c73735
    • Jeffrey Lee's avatar
      Fix OS_ReadSysInfo 7 to record prefetch abort details · 5266c864
      Jeffrey Lee authored
      OS_ReadSysInfo 7 is meant to record the details of the last data or
      prefetch abort that was passed to the environment handlers. This was
      implemented in Ursula, but the code for recording the prefetch abort
      details got lost somewhere during the 32 bit conversion process. Restore
      it.
      5266c864
    • Jeffrey Lee's avatar
      Add abortable DA support · fccd5e2f
      Jeffrey Lee authored
      This implementation should be compatible with RISCOS Ltd's
      implementation.
      fccd5e2f
    • Jeffrey Lee's avatar
      Use decgen cache files · 5b6c1710
      Jeffrey Lee authored
      Sadly we need one file per combination of action files, but by adding
      these pre-generated cache files to git we can speed up building the
      kernel from clean by a significant amount.
      5b6c1710