Fix ARMv7 MVA-based cache/TLB op abort handler to be re-entrant

Detail: s/VMSAv6 - The code in DAbPreVeneer that checks for aborting MVA-based cache/TLB ops is now re-entrant. This is to cope with the "strange but true" case where a data abort was being triggered by a load/store instruction that itself was in an unmapped page. Admin: Tested on rev C2 beagleboard. Fixes issue with StrongED crashing on load (see http://www.riscosopen.org/forum/forums/5/topics/453) Still need to work out why CPU was able to execute code from the unmapped page without triggering a prefetch abort (stale cache entries?) Version 5.35, 4.79.2.98.2.31. Tagged as 'Kernel-5_35-4_79_2_98_2_31'

Fix ARMv7 MVA-based cache/TLB op abort handler to be re-entrant
Detail: s/VMSAv6 - The code in DAbPreVeneer that checks for aborting MVA-based cache/TLB ops is now re-entrant. This is to cope with the "strange but true" case where a data abort was being triggered by a load/store instruction that itself was in an unmapped page. Admin: Tested on rev C2 beagleboard. Fixes issue with StrongED crashing on load (see http://www.riscosopen.org/forum/forums/5/topics/453) Still need to work out why CPU was able to execute code from the unmapped page without triggering a prefetch abort (stale cache entries?) Version 5.35, 4.79.2.98.2.31. Tagged as 'Kernel-5_35-4_79_2_98_2_31'
9aa05feb · Jeffrey Lee · 9e6b9350 · 9aa05feb · 9aa05feb · 9aa05feb
Commit 9aa05feb authored 14 years ago by Jeffrey Lee
Hide whitespace changes
Inline Side-by-side

Showing with 27 additions and 16 deletions

VersionASM VersionASM +5 -5

VersionNum VersionNum +7 -7

s/VMSAv6 s/VMSAv6 +15 -4

No files found.
--- a/VersionASM
+++ b/VersionASM
@@ -13,11 +13,11 @@
                        GBLS    Module_ComponentPath
 Module_MajorVersion     SETS    "5.35"
 Module_Version          SETA    535
-Module_MinorVersion     SETS    "4.79.2.98.2.30"
-Module_Date             SETS    "03 Jul 2010"
-Module_ApplicationDate  SETS    "03-Jul-10"
+Module_MinorVersion     SETS    "4.79.2.98.2.31"
+Module_Date             SETS    "02 Sep 2010"
+Module_ApplicationDate  SETS    "02-Sep-10"
 Module_ComponentName    SETS    "Kernel"
 Module_ComponentPath    SETS    "castle/RiscOS/Sources/Kernel"
-Module_FullVersion      SETS    "5.35 (4.79.2.98.2.30)"
-Module_HelpVersion      SETS    "5.35 (03 Jul 2010) 4.79.2.98.2.30"
+Module_FullVersion      SETS    "5.35 (4.79.2.98.2.31)"
+Module_HelpVersion      SETS    "5.35 (02 Sep 2010) 4.79.2.98.2.31"
                        END
--- a/VersionNum
+++ b/VersionNum
@@ -5,19 +5,19 @@
 *
 */
 #define Module_MajorVersion_CMHG        5.35
-#define Module_MinorVersion_CMHG        4.79.2.98.2.30
-#define Module_Date_CMHG                03 Jul 2010
+#define Module_MinorVersion_CMHG        4.79.2.98.2.31
+#define Module_Date_CMHG                02 Sep 2010

 #define Module_MajorVersion             "5.35"
 #define Module_Version                  535
-#define Module_MinorVersion             "4.79.2.98.2.30"
-#define Module_Date                     "03 Jul 2010"
+#define Module_MinorVersion             "4.79.2.98.2.31"
+#define Module_Date                     "02 Sep 2010"

-#define Module_ApplicationDate          "03-Jul-10"
+#define Module_ApplicationDate          "02-Sep-10"

 #define Module_ComponentName            "Kernel"
 #define Module_ComponentPath            "castle/RiscOS/Sources/Kernel"

-#define Module_FullVersion              "5.35 (4.79.2.98.2.30)"
-#define Module_HelpVersion              "5.35 (03 Jul 2010) 4.79.2.98.2.30"
+#define Module_FullVersion              "5.35 (4.79.2.98.2.31)"
+#define Module_HelpVersion              "5.35 (02 Sep 2010) 4.79.2.98.2.31"
 #define Module_LibraryVersionInfo       "5:35"
--- a/s/VMSAv6
+++ b/s/VMSAv6
@@ -516,10 +516,19 @@ DAbPreVeneer    ROUT
        ; MVA TLB ops have the form coproc=p15, CRn=c8, opc1=0, opc2=1
        ; Note that some non-MVA ops also follow the above rules - at the moment we make no attempt to filter those false-positives out
        ; This code is also written from the perspective of running on an ARMv7 CPU - behaviour under ARMv6 hasn't been checked!
-        MRS     r0, SPSR
-        TST     r0, #T32_bit
+        ; Also, as wrong as it seems, attempting to load the aborting instruction could trigger an abort (something wrong with the prefetch handler?)
+        ; So this code must protect DFAR, DFSR, spsr_abort, and lr_abort from being clobbered
+        MRS     r1, SPSR
+        TST     r1, #T32_bit
        BNE     %FT10                           ; We don't cope with Thumb ATM. Should really check for Jazelle too!
-        LDR     r0, [lr, #-8]                   ; Get aborting instruction
+        MOV     r2, lr                          ; LR is already saved on the stack, but we can't load from it because any recursive abort won't have a clue what address we're trying to access.
+        ; Protect DFAR, DFSR
+        ARM_read_FAR r3
+        ARM_read_FSR r4
+        LDR     r0, [r2, #-8]                   ; Get aborting instruction
+        MSR     SPSR_cxsf, r1                   ; un-clobber SPSR, FAR, FSR
+        ARM_write_FAR r3
+        ARM_write_FSR r4
        CMP     r0, #&F0000000
        BHS     %FT10                           ; Ignore cc=NV, which is MCR2 encoding
        BIC     r0, r0, #&F000000F              ; Mask out the uninteresting bits
@@ -529,7 +538,9 @@ DAbPreVeneer    ROUT
        CMP     r0,     #&00070000              ; CRn=c7?
        CMPNE   r0,     #&00080000              ; CRn=c8?
        BNE     %FT10                           ; It's not an MVA-based op
-        LDR     r0, [r13_abort], #17*4
+        MOV     lr_abort, r2                    ; un-clobber LR (doesn't need un-clobbering if it wasn't an MVA op)
+        LDMIA   r13_abort, {r0-r4}              ; Restore the regs we intentionally clobbered
+        ADD     r13_abort, r13_abort, #17*4
        SUBS    pc, lr_abort, #4                ; Resume execution at the next instruction
 10