Skip to content

GitLab

Commit b4cf3959 authored by Jeffrey Lee's avatar Jeffrey Lee
Browse files

Add SWI error pointer validation, SeriousErrorV hooks, and OS_ReadSysInfo 15 

Detail:
  Resources/UK/Messages, hdr/KernelWS, s/Kernel - On return from a SWI with V set, do some basic validity checks on the error pointer in order to try and catch buggy SWIs that return bad pointers or invalid error blocks. If a bad pointer is found we'll substitute it with a pointer to a different error block, which has the SWI number in the error message, to allow the user to identify the source of the problem. (There's also a chance we'll crash when investigating a bad pointer, but crashing here in the kernel is preferable to crashing elsewhere because R12 should still contain the SWI number)
  hdr/OSMisc - Define SeriousErrorV reason codes and extended ROM footer entry IDs
  hdr/Options - Remove HangWatch integration flag, obsolete now that SeriousErrorV is available
  s/ArthurSWIs - Keep defaultvectab up to date with vector allocations
  s/Middle - Update serious error handling to call SeriousErrorV at several key points. This allows for accurate crash dumps to be obtained, along with a mechanism to warn low-level components such as RTSupport that the privileged mode stacks are being flattened.
  s/Middle - Add OS_ReadSysInfo 15, for enumerating extended ROM footer entries
  s/PMF/osbyte - Update InitNewFX0Error to use the ROM footer entry ID defined in hdr/OSMisc
Admin:
  Tested on Pi 1B, 2B, 3B


Version 5.35, 4.79.2.313. Tagged as 'Kernel-5_35-4_79_2_313'
parent 6fe31841
Hide whitespace changes
Inline Side-by-side
Showing with 182 additions and 44 deletions
Resources/UK/Messages
View file @ b4cf3959
......@@ -166,6 +166,7 @@ UnConv:Unsupported conversion
BadKeyHandler:Bad key handler
BadGDriver:Bad graphics driver number
TooManyGDrivers:Too many graphics drivers
BadErrPtr:SWI &%0 returned a bad error pointer
600:ARM 600 Processor
610:ARM 610 Processor
......
VersionASM
View file @ b4cf3959
......@@ -13,11 +13,11 @@
GBLS Module_ComponentPath
Module_MajorVersion SETS "5.35"
Module_Version SETA 535
Module_MinorVersion SETS "4.79.2.312"
Module_MinorVersion SETS "4.79.2.313"
Module_Date SETS "05 Apr 2016"
Module_ApplicationDate SETS "05-Apr-16"
Module_ComponentName SETS "Kernel"
Module_ComponentPath SETS "castle/RiscOS/Sources/Kernel"
Module_FullVersion SETS "5.35 (4.79.2.312)"
Module_HelpVersion SETS "5.35 (05 Apr 2016) 4.79.2.312"
Module_FullVersion SETS "5.35 (4.79.2.313)"
Module_HelpVersion SETS "5.35 (05 Apr 2016) 4.79.2.313"
END
VersionNum
View file @ b4cf3959
......@@ -5,12 +5,12 @@
*
*/
#define Module_MajorVersion_CMHG 5.35
#define Module_MinorVersion_CMHG 4.79.2.312
#define Module_MinorVersion_CMHG 4.79.2.313
#define Module_Date_CMHG 05 Apr 2016
#define Module_MajorVersion "5.35"
#define Module_Version 535
#define Module_MinorVersion "4.79.2.312"
#define Module_MinorVersion "4.79.2.313"
#define Module_Date "05 Apr 2016"
#define Module_ApplicationDate "05-Apr-16"
......@@ -18,6 +18,6 @@
#define Module_ComponentName "Kernel"
#define Module_ComponentPath "castle/RiscOS/Sources/Kernel"
#define Module_FullVersion "5.35 (4.79.2.312)"
#define Module_HelpVersion "5.35 (05 Apr 2016) 4.79.2.312"
#define Module_FullVersion "5.35 (4.79.2.313)"
#define Module_HelpVersion "5.35 (05 Apr 2016) 4.79.2.313"
#define Module_LibraryVersionInfo "5:35"
hdr/KernelWS
View file @ b4cf3959
......@@ -1832,12 +1832,12 @@ SvcTable |#| &400
]
[ SupportARMT
[ ZeroPage = 0
SWIDespatch_Size * 32*4
SWIDespatch_Size * 38*4
|
SWIDespatch_Size * 33*4
SWIDespatch_Size * 39*4
]
|
SWIDespatch_Size * 30*4 ; can save 2 instructions if no Thumb
SWIDespatch_Size * 36*4 ; can save 2 instructions if no Thumb
]
SWIDespatch |#| SWIDespatch_Size
......
hdr/OSMisc
View file @ b4cf3959
......@@ -80,4 +80,21 @@ ARMop_DMB_Read # 1 ; 20
ARMop_Cache_CleanInvalidateRange # 1 ; 21
ARMop_Max # 0
; SeriousErrorV reason codes (R2)
^ 0
SeriousErrorV_Collect # 1 ; ABT mode, IRQ disabled (maybe FIQ disabled too), R0=reg dump, R1=(untranslated) error block
SeriousErrorV_Recover # 1 ; SVC mode, IRQ disabled, R0=translated error block
SeriousErrorV_Report # 1 ; SVC mode, IRQ enabled, R0=translated error block
SeriousErrorV_CustomReport # 1 ; SVC mode, IRQ enabled, R0=translated error, R1=flags, R3=callback function, R4=callback R0
SeriousErrorV_CustomReport_Annotated * 1 ; 1 => Produce annotated text dump
; 0 => Produce raw binary dump
; Have more flags to control which items are included in the annotated dump?
; Extended ROM footer entries
^ 0
ExtROMFooter_BuildDate # 1
ExtROMFooter_CompressedROMHints # 1
ExtROMFooter_DebugSymbols # 1
END
hdr/Options
View file @ b4cf3959
......@@ -302,9 +302,6 @@ HiProcVecs SETL "$Machine"="Tungsten" :LOR: :LNOT: NoARMv6
GBLL DebugForcedReset ; debug forced hard resets
DebugForcedReset SETL {FALSE}
GBLL HangWatch ; Issue HangWatch_Dump on serious errors (data abort, etc.)
HangWatch SETL {FALSE}
GBLA FirstUnpluggableModule
FirstUnpluggableModule SETA 8 ; Podule, FileSwitch, ResourceFS, Messages, MessageTrans,
; TerritoryManager, UK. Moot now the keyboard and mouse aren't
......
s/ArthurSWIs
View file @ b4cf3959
......@@ -643,9 +643,9 @@ defaultvectab
& 0, 0, NaffVector ; &29
& 0, ZeroPage+VduDriverWorkSpace, MOSGraphicsV ; GraphicsV * &2a
& 0, 0, NaffVector ; UnthreadV * &2b
& 0, 0, NaffVector ; SeriousErrorV * &2c
; the spares
& 0, 0, NaffVector ; &2c
& 0, 0, NaffVector ; &2d
& 0, 0, NaffVector ; &2e
& 0, 0, NaffVector ; &2f
......
s/Kernel
View file @ b4cf3959
......@@ -556,7 +556,17 @@ SWIReturnWithCallBackFlag * {PC}-SWIRelocation
B callback_checking + SWIRelocation
! 0,"VSetReturn at ":CC:(:STR:({PC}-SWIRelocation))
50 TST r12, #Auto_Error_SWI_bit
50
; Attempt to detect bad error pointers - both to try and avoid crashing
; and to make bad pointers easier to debug
CMP r0, #&4000
BLO BadErrPtr + SWIRelocation
TST r0, #3
LDREQ r10, [r0] ; If we crash here, R12 will be the SWI number that returned the bad pointer (better than crashing later with no clue what SWI caused the problem)
TSTEQ r10, #&7f :SHL: 24 ; Check reserved bits in error number
BNE BadErrPtr + SWIRelocation
BadErrPtrReturn * {PC}-SWIRelocation
TST r12, #Auto_Error_SWI_bit
[ FixCallBacks
BNE callback_checking + SWIRelocation ; we need to do this for X errors even if the callback flags
; are all clear, so that the postpone flag can be set
......@@ -829,6 +839,31 @@ VSet_GenerateError ROUT
LDRB r11, [r10, #CallBack_Flag]
B SWIReturnWithCallBackFlag
; In: r10-r12 stacked
; r12 = SWI number
; lr has SPSR for SWI return
BadErrPtr ROUT
Push "r1-r4,lr"
SUB sp, sp, #12
MOV r1, sp
MOV r2, #12
BIC r0, r12, #Auto_Error_SWI_bit
SWI XOS_ConvertHex6 ; SWI argument is 00xxxxxx
MOV r4, r0 ; now strip leading 0s
02 LDRB r2, [r4], #1
CMP r2, #"0"
BEQ %BT02
SUB r4,r4,#1
ADR r0, ErrorBlock_BadErrPtr
BL TranslateError_UseR4
ADD sp, sp, #12
Pull "r1-r4,lr"
B BadErrPtrReturn
MakeErrorBlock BadErrPtr
LTORG
; ....................... default owner of ErrorV .............................
......@@ -927,6 +962,9 @@ ErrHandler ROUT
; +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
; check for CallBack possible
; r0 = SWI error ptr
; r11 = CallBack_Flag
; lr = PSR
callback_checking
......@@ -942,6 +980,7 @@ callback_checking
; Further checks: postpone callback if returning V set and R0->RAM
TST lr, #V_bit ; if no error then do callbacks
LDR r10, =ZeroPage
BEQ Do_CallBack
TST r11, #CBack_Postpone
[ FixCallBacks
......@@ -974,7 +1013,7 @@ back_to_user_irqs_already_off
Do_CallBack ; CallBack allowed:
[ FixCallBacks
; Entered in SVC32 mode with IRQs off, r10 = 0
; Entered in SVC32 mode with IRQs off, r10 = ZeroPage
TST r11, #CBack_Postpone
BICNE r11, r11, #CBack_Postpone
STRNEB r11, [r10, #CallBack_Flag]
......
s/Middle
View file @ b4cf3959
......@@ -671,7 +671,7 @@ DumpyTheRegisters ROUT
; R1 is PSR
; R14 points at error block
; In ABT32 or UND32
MOV R4, R14 ; put error address into unbanked register
MOV R7, R14 ; put error address into unbanked register
TST R1, #&0F
[ SASTMhatbroken
STMEQIA R0!,{R8-R12}
......@@ -693,7 +693,7 @@ DumpyTheRegisters ROUT
STR R14, [R0, #6*4]
BNE UNDEF2
MSR CPSR_c, #I32_bit+F32_bit+SVC32_mode ; into SVC mode so we have a stack
MSR CPSR_c, #I32_bit+F32_bit+ABT32_mode ; into ABT mode so we have a stack (try and preserve SVC stack for any exception dump that's produced)
Push "r0"
[ ZeroPage <> 0
LDR R2, =ZeroPage
......@@ -702,27 +702,22 @@ DumpyTheRegisters ROUT
CallHAL HAL_FIQDisableAll
Pull "r0"
UNDEF2
MSR CPSR_c, #I32_bit+F32_bit+SVC32_mode ; into SVC mode
[ HangWatch
; Preserve some registers for inclusion in the HangWatch dump
MOV R2, R13
MOV R3, R14
MRS R5, SPSR
]
MOV R14, R4 ; corrupt R14_SVC (but already saved if we were in SVC)
; ... and fall into
UNDEF1
[ HangWatch
LDR sp, =SVCSTK-SVCStackSize+512 ; HangWatch doesn't need much stack space, so use the low part, as it's the area that's least likely to contain something useful to the dump
SWI &59283 ; XHangWatch_Dump
]
; R0 points at R8 in register dump
; R7 points at error block
MSR CPSR_c, #I32_bit+F32_bit+ABT32_mode ; into ABT mode for exception dump
SUB R0, R0, #8*4 ; Make R0 sensible for vector
MOV R1, R7
MOV R2, #SeriousErrorV_Collect
MOV R10, #SeriousErrorV
BL CallVector
MSR CPSR_c, #I32_bit+F32_bit+SVC32_mode ; into SVC mode
LDR sp, =SVCSTK ; Flatten superstack
; Check that ExceptionDump is safe to use
Push "R14" ; Preserve error ptr
Push "R7" ; Preserve error ptr
LDR R4, =ZeroPage
MOV R3, R0
LDR R1, [R4, #ExceptionDump]
......@@ -742,11 +737,11 @@ UNDEF1
LDR R1, =ZeroPage+DUMPER
SWI XOS_ChangeEnvironment
05
Pull "R14"
Pull "R14" ; Restore error ptr
; Copy the dump from the stack to ExceptionDump
LDR R0, [R4, #ExceptionDump]
LDMDB R3, {R1-R2,R4-R9} ; R0-R7
LDMIA R3!, {R1-R2,R4-R9} ; R0-R7
STMIA R0!, {R1-R2,R4-R9}
LDMIA R3, {R1-R2,R4-R10} ; R8-R15, PSR
STMIA R0, {R1-R2,R4-R10}
......@@ -790,9 +785,30 @@ UNDEF1
LDRB r4, [r4, #ErrorSemaphore]
TEQ r4, #0
LDRNE R0, =GeneralMOSBuffer+128
MOVEQ R4, R0
MOVEQ R0, R10
BLEQ TranslateError_UseR4
BNE %FT20
MOV R4, R0
MOV R0, R10
BL TranslateError_UseR4
; If the exception dump processing takes too long then there's a good
; chance the error buffer MessageTrans gave us will get overwritten
; before we're able to call OS_GenerateError. Copy the error to the
; stack, then copy it back into a MessageTrans block before calling
; OS_GenerateError.
EORS R4, R0, R10 ; Did TranslateError work?
BEQ %FT20
SUB SP, SP, #256
MOV R4, SP
MOV R5, #4
LDR R6, [R0]
STR R6, [R4]
11
LDRB R6, [R0, R5]
CMP R6, #0
STRB R6, [R4, R5]
ADD R5, R5, #1
BNE %BT11
MOV R0, R4
20
|
LDR R0, =GeneralMOSBuffer+128
]
......@@ -813,10 +829,39 @@ UNDEF1
[ ZeroPage = 0
STR R1, [R1, #IRQsema]
|
MOV R2, #0
STR R2, [R1, #IRQsema]
MOV R3, #0
STR R3, [R1, #IRQsema]
]
LDR r13_irq, =IRQSTK
; Trigger exception dump processing
ORR R3, R2, #SVC32_mode
MSR CPSR_c, R3
; Let everyone know that the stacks have been reset
MOV R2, #SeriousErrorV_Recover
MOV R10, #SeriousErrorV
BL CallVector
; Now enable IRQs and trigger exception dump processing
MSR CPSR_c, #SVC32_mode
MOV R2, #SeriousErrorV_Report
MOV R10, #SeriousErrorV
BL CallVector
[ International
; Try and copy error block from stack back to MessageTrans
LDR R3, =ZeroPage
LDRB R3, [R3, #ErrorSemaphore]
TEQ R3, #0
BNE %FT30
CMP R4, #0 ; Check if original TranslateError call worked (if not, no error block to copy)
BEQ %FT30
SWI XMessageTrans_CopyError
; If TranslateError worked, assume MessageTrans_CopyError worked too
ADD SP, SP, #256
30
]
SWI OS_GenerateError
LTORG
......@@ -928,7 +973,8 @@ Branch0_FromTrampoline
LDR R0, [R0, #ExceptionDump]
ADD R0, R0, #8*4
BL UNDEF1
ADR R7, ErrorBlock_BranchThrough0
B UNDEF1
MakeErrorBlock BranchThrough0
[ :LNOT: No26bitCode
......@@ -1248,7 +1294,7 @@ dhte
; Out r0 = sysinfo for r0in
ReadSysInfo_Code ROUT
CMP r0,#15 ;R0 > 14, so illegal value
CMP r0,#16 ;R0 > 15, so illegal value
ADDLO PC, PC, R0,LSL #2
B ReadSysInfo_InvalidReason
......@@ -1267,6 +1313,7 @@ ReadSysInfo_Code ROUT
B %FT120
B %FT130
B %FT140
B %FT150
ReadSysInfo_InvalidReason
ADR r0, ErrorBlock_BadReadSysInfo
......@@ -2028,7 +2075,7 @@ osri6_maxvalue * (.-4-osri6_table) :SHR: 2
BNE %FT95
; Build date string hasn't been generated yet. Generate it.
Push "r0-r3,lr"
MOV R0, #0
MOV R0, #ExtROMFooter_BuildDate
BL ExtendedROMFooter_FindTag
CMP R0, #0 ; Found it?
STREQ R0, [R13]
......@@ -2162,6 +2209,41 @@ RSI_DebugRX
Pull "r1-r3,sb,lr"
ExitSWIHandler
; OS_ReadSysInfo 15 - Enumerate extended ROM footer entries
;
; On entry:
; r0 = 15 (reason code 15)
; r1 = location to start (from previous call) or 0 to begin
;
; On exit:
; r1 = data pointer, or 0 if end
; r2 = entry ID (corrupt if r1 == 0)
; r3 = entry length (corrupt if r1 == 0)
150
Push "lr"
BL ExtendedROMFooter_Find
CMP r0, #-1
BEQ %FT158
MOV lr, r0 ; Footer end
CMP r1, #0
LDREQ r1, [lr]
MOVEQ r1, r1, LSL #16
SUBEQ r1, lr, r1, LSR #16 ; Footer start
LDRNEB r3, [r1, #-1]
ADDNE r1, r1, r3 ; If not starting enumeration, advance by length of previous entry
CMP r1, lr
BEQ %FT158
LDRB r2, [r1], #1
LDRB r3, [r1], #1
B %FT159
158
MOV r1, #0
159
MOV r0, #15
Pull "lr"
ExitSWIHandler
;
; Extended ROM footer functions
;
......@@ -2180,6 +2262,8 @@ RSI_DebugRX
; 0 ROM build date, stored as 5-byte time (length = 5)
; 1 Compressed ROM softload hint (length = 8). First word is negative
; checksum of uncompressed image, second word is OS header offset.
; 2 Debug symbols offset (length = 4). Byte offset from the start of the ROM
; to the debug symbols.
;
ExtendedROMFooter_Find ROUT
......
s/PMF/osbyte
View file @ b4cf3959
......@@ -251,7 +251,7 @@ Osbyte00 ROUT
[ UseNewFX0Error
InitNewFX0Error ROUT
Push "r0-r4,lr"
MOV r0, #0
MOV r0, #ExtROMFooter_BuildDate
BL ExtendedROMFooter_FindTag
CMP r0, #0
BEQ %FT10
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment