zephyr/arch/arc/core/fault.c

417 lines
10 KiB
C

/*
* Copyright (c) 2014 Wind River Systems, Inc.
*
* SPDX-License-Identifier: Apache-2.0
*/
/**
* @file
* @brief Common fault handler for ARCv2
*
* Common fault handler for ARCv2 processors.
*/
#include <zephyr/toolchain.h>
#include <zephyr/linker/sections.h>
#include <inttypes.h>
#include <zephyr/kernel.h>
#include <kernel_internal.h>
#include <zephyr/kernel_structs.h>
#include <zephyr/arch/common/exc_handle.h>
#include <zephyr/logging/log.h>
LOG_MODULE_DECLARE(os, CONFIG_KERNEL_LOG_LEVEL);
#ifdef CONFIG_USERSPACE
Z_EXC_DECLARE(z_arc_user_string_nlen);
static const struct z_exc_handle exceptions[] = {
Z_EXC_HANDLE(z_arc_user_string_nlen)
};
#endif
#if defined(CONFIG_MPU_STACK_GUARD)
/**
* @brief Assess occurrence of current thread's stack corruption
*
* This function performs an assessment whether a memory fault (on a given
* memory address) is the result of a stack overflow of the current thread.
*
* When called, we know at this point that we received an ARC
* protection violation, with any cause code, with the protection access
* error either "MPU" or "Secure MPU". In other words, an MPU fault of
* some kind. Need to determine whether this is a general MPU access
* exception or the specific case of a stack overflow.
*
* @param fault_addr memory address on which memory access violation
* has been reported.
* @param sp stack pointer when exception comes out
* @retval True if this appears to be a stack overflow
* @retval False if this does not appear to be a stack overflow
*/
static bool z_check_thread_stack_fail(const uint32_t fault_addr, uint32_t sp)
{
uint32_t guard_end, guard_start;
#if defined(CONFIG_MULTITHREADING)
const struct k_thread *thread = _current;
if (!thread) {
/* TODO: Under what circumstances could we get here ? */
return false;
}
#ifdef CONFIG_USERSPACE
if ((thread->base.user_options & K_USER) != 0) {
if ((z_arc_v2_aux_reg_read(_ARC_V2_ERSTATUS) &
_ARC_V2_STATUS32_U) != 0) {
/* Normal user mode context. There is no specific
* "guard" installed in this case, instead what's
* happening is that the stack pointer is crashing
* into the privilege mode stack buffer which
* immediately precededs it.
*/
guard_end = thread->stack_info.start;
guard_start = (uint32_t)thread->stack_obj;
} else {
/* Special case: handling a syscall on privilege stack.
* There is guard memory reserved immediately before
* it.
*/
guard_end = thread->arch.priv_stack_start;
guard_start = guard_end - Z_ARC_STACK_GUARD_SIZE;
}
} else
#endif /* CONFIG_USERSPACE */
{
/* Supervisor thread */
guard_end = thread->stack_info.start;
guard_start = guard_end - Z_ARC_STACK_GUARD_SIZE;
}
#endif /* CONFIG_MULTITHREADING */
/* treat any MPU exceptions within the guard region as a stack
* overflow.As some instrustions
* (like enter_s {r13-r26, fp, blink}) push a collection of
* registers on to the stack. In this situation, the fault_addr
* will less than guard_end, but sp will greater than guard_end.
*/
if (fault_addr < guard_end && fault_addr >= guard_start) {
return true;
}
return false;
}
#endif
#ifdef CONFIG_EXCEPTION_DEBUG
/* For EV_ProtV, the numbering/semantics of the parameter are consistent across
* several codes, although not all combination will be reported.
*
* These codes and parameters do not have associated* names in
* the technical manual, just switch on the values in Table 6-5
*/
static const char *get_protv_access_err(uint32_t parameter)
{
switch (parameter) {
case 0x1:
return "code protection scheme";
case 0x2:
return "stack checking scheme";
case 0x4:
return "MPU";
case 0x8:
return "MMU";
case 0x10:
return "NVM";
case 0x24:
return "Secure MPU";
case 0x44:
return "Secure MPU with SID mismatch";
default:
return "unknown";
}
}
static void dump_protv_exception(uint32_t cause, uint32_t parameter)
{
switch (cause) {
case 0x0:
LOG_ERR("Instruction fetch violation (%s)",
get_protv_access_err(parameter));
break;
case 0x1:
LOG_ERR("Memory read protection violation (%s)",
get_protv_access_err(parameter));
break;
case 0x2:
LOG_ERR("Memory write protection violation (%s)",
get_protv_access_err(parameter));
break;
case 0x3:
LOG_ERR("Memory read-modify-write violation (%s)",
get_protv_access_err(parameter));
break;
case 0x10:
LOG_ERR("Normal vector table in secure memory");
break;
case 0x11:
LOG_ERR("NS handler code located in S memory");
break;
case 0x12:
LOG_ERR("NSC Table Range Violation");
break;
default:
LOG_ERR("unknown");
break;
}
}
static void dump_machine_check_exception(uint32_t cause, uint32_t parameter)
{
switch (cause) {
case 0x0:
LOG_ERR("double fault");
break;
case 0x1:
LOG_ERR("overlapping TLB entries");
break;
case 0x2:
LOG_ERR("fatal TLB error");
break;
case 0x3:
LOG_ERR("fatal cache error");
break;
case 0x4:
LOG_ERR("internal memory error on instruction fetch");
break;
case 0x5:
LOG_ERR("internal memory error on data fetch");
break;
case 0x6:
LOG_ERR("illegal overlapping MPU entries");
if (parameter == 0x1) {
LOG_ERR(" - jump and branch target");
}
break;
case 0x10:
LOG_ERR("secure vector table not located in secure memory");
break;
case 0x11:
LOG_ERR("NSC jump table not located in secure memory");
break;
case 0x12:
LOG_ERR("secure handler code not located in secure memory");
break;
case 0x13:
LOG_ERR("NSC target address not located in secure memory");
break;
case 0x80:
LOG_ERR("uncorrectable ECC or parity error in vector memory");
break;
default:
LOG_ERR("unknown");
break;
}
}
static void dump_privilege_exception(uint32_t cause, uint32_t parameter)
{
switch (cause) {
case 0x0:
LOG_ERR("Privilege violation");
break;
case 0x1:
LOG_ERR("disabled extension");
break;
case 0x2:
LOG_ERR("action point hit");
break;
case 0x10:
switch (parameter) {
case 0x1:
LOG_ERR("N to S return using incorrect return mechanism");
break;
case 0x2:
LOG_ERR("N to S return with incorrect operating mode");
break;
case 0x3:
LOG_ERR("IRQ/exception return fetch from wrong mode");
break;
case 0x4:
LOG_ERR("attempt to halt secure processor in NS mode");
break;
case 0x20:
LOG_ERR("attempt to access secure resource from normal mode");
break;
case 0x40:
LOG_ERR("SID violation on resource access (APEX/UAUX/key NVM)");
break;
default:
LOG_ERR("unknown");
break;
}
break;
case 0x13:
switch (parameter) {
case 0x20:
LOG_ERR("attempt to access secure APEX feature from NS mode");
break;
case 0x40:
LOG_ERR("SID violation on access to APEX feature");
break;
default:
LOG_ERR("unknown");
break;
}
break;
default:
LOG_ERR("unknown");
break;
}
}
static void dump_exception_info(uint32_t vector, uint32_t cause, uint32_t parameter)
{
if (vector >= 0x10 && vector <= 0xFF) {
LOG_ERR("interrupt %u", vector);
return;
}
/* Names are exactly as they appear in Designware ARCv2 ISA
* Programmer's reference manual for easy searching
*/
switch (vector) {
case ARC_EV_RESET:
LOG_ERR("Reset");
break;
case ARC_EV_MEM_ERROR:
LOG_ERR("Memory Error");
break;
case ARC_EV_INS_ERROR:
LOG_ERR("Instruction Error");
break;
case ARC_EV_MACHINE_CHECK:
LOG_ERR("EV_MachineCheck");
dump_machine_check_exception(cause, parameter);
break;
case ARC_EV_TLB_MISS_I:
LOG_ERR("EV_TLBMissI");
break;
case ARC_EV_TLB_MISS_D:
LOG_ERR("EV_TLBMissD");
break;
case ARC_EV_PROT_V:
LOG_ERR("EV_ProtV");
dump_protv_exception(cause, parameter);
break;
case ARC_EV_PRIVILEGE_V:
LOG_ERR("EV_PrivilegeV");
dump_privilege_exception(cause, parameter);
break;
case ARC_EV_SWI:
LOG_ERR("EV_SWI");
break;
case ARC_EV_TRAP:
LOG_ERR("EV_Trap");
break;
case ARC_EV_EXTENSION:
LOG_ERR("EV_Extension");
break;
case ARC_EV_DIV_ZERO:
LOG_ERR("EV_DivZero");
break;
case ARC_EV_DC_ERROR:
LOG_ERR("EV_DCError");
break;
case ARC_EV_MISALIGNED:
LOG_ERR("EV_Misaligned");
break;
case ARC_EV_VEC_UNIT:
LOG_ERR("EV_VecUnit");
break;
default:
LOG_ERR("unknown");
break;
}
}
#endif /* CONFIG_EXCEPTION_DEBUG */
/*
* @brief Fault handler
*
* This routine is called when fatal error conditions are detected by hardware
* and is responsible only for reporting the error. Once reported, it then
* invokes the user provided routine k_sys_fatal_error_handler() which is
* responsible for implementing the error handling policy.
*/
void _Fault(z_arch_esf_t *esf, uint32_t old_sp)
{
uint32_t vector, cause, parameter;
uint32_t exc_addr = z_arc_v2_aux_reg_read(_ARC_V2_EFA);
uint32_t ecr = z_arc_v2_aux_reg_read(_ARC_V2_ECR);
#ifdef CONFIG_USERSPACE
for (int i = 0; i < ARRAY_SIZE(exceptions); i++) {
uint32_t start = (uint32_t)exceptions[i].start;
uint32_t end = (uint32_t)exceptions[i].end;
if (esf->pc >= start && esf->pc < end) {
esf->pc = (uint32_t)(exceptions[i].fixup);
return;
}
}
#endif
vector = Z_ARC_V2_ECR_VECTOR(ecr);
cause = Z_ARC_V2_ECR_CODE(ecr);
parameter = Z_ARC_V2_ECR_PARAMETER(ecr);
/* exception raised by kernel */
if (vector == ARC_EV_TRAP && parameter == _TRAP_S_CALL_RUNTIME_EXCEPT) {
/*
* in user mode software-triggered system fatal exceptions only allow
* K_ERR_KERNEL_OOPS and K_ERR_STACK_CHK_FAIL
*/
#ifdef CONFIG_USERSPACE
if ((esf->status32 & _ARC_V2_STATUS32_U) &&
esf->r0 != K_ERR_STACK_CHK_FAIL) {
esf->r0 = K_ERR_KERNEL_OOPS;
}
#endif
z_arc_fatal_error(esf->r0, esf);
return;
}
LOG_ERR("***** Exception vector: 0x%x, cause code: 0x%x, parameter 0x%x",
vector, cause, parameter);
LOG_ERR("Address 0x%x", exc_addr);
#ifdef CONFIG_EXCEPTION_DEBUG
dump_exception_info(vector, cause, parameter);
#endif
#ifdef CONFIG_ARC_STACK_CHECKING
/* Vector 6 = EV_ProV. Regardless of cause, parameter 2 means stack
* check violation
* stack check and mpu violation can come out together, then
* parameter = 0x2 | [0x4 | 0x8 | 0x1]
*/
if (vector == ARC_EV_PROT_V && parameter & 0x2) {
z_arc_fatal_error(K_ERR_STACK_CHK_FAIL, esf);
return;
}
#endif
#ifdef CONFIG_MPU_STACK_GUARD
if (vector == ARC_EV_PROT_V && ((parameter == 0x4) ||
(parameter == 0x24))) {
if (z_check_thread_stack_fail(exc_addr, old_sp)) {
z_arc_fatal_error(K_ERR_STACK_CHK_FAIL, esf);
return;
}
}
#endif
z_arc_fatal_error(K_ERR_CPU_EXCEPTION, esf);
}