This ensures constructs like `if (gd & gd->...) { ... }` work when
accessing the global data pointer. Without this change, it was possible for
a very early trap to cause _exit_trap to directly or indirectly (through
printf) to read arbitrary memory. This could cause a second trap,
preventing show_regs from being printed.
printf (and specifically puts) uses gd to determine what function to print
with. These functions in turn use gd to find the serial device, etc.
However, before accessing gd, puts first checks to see if it is non-NULL.
This indicates an existing (perhaps undocumented) assumption that either gd
is NULL or it is completely valid.
Before this patch, gd either points to unexpected data (because it retains
the value it did from the prior-stage) or points to uninitialized data
(because it has not yet been initialized by board_init_f_init_reserve)
until the hart has acquired available_harts_lock. This can cause two
problems, depending on the value of gd->flags. If GD_FLG_SERIAL_READY is
unset, then some garbage data will be printed to stdout, but there will not
be a second trap. However, if GD_FLG_SERIAL_READY is set, then puts will
try to print with serial_puts, which will likely cause a second trap.
After this patch, gd is zero up until either a hart has set it in
wait_for_gd_init, or until it is set by arch_init_gd. This prevents its
usage before its data is initialized because both handle_trap and puts
ensure that gd is nonzero before using it. After gd has been set, it is OK
to access it because its data has been cleared (and so flags is valid).
XIP cannot use locks because flash is not writable. This leaves it
vulnerable to the same class of bugs regarding already-pending IPIs as
before this series. Fixing that would require finding another method of
synchronization, which is outside the scope of this series.
Fixes: 7c6ca03eae ("riscv: additional crash information")
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Rick Chen <rick@andestech.com>
The gp register is used to store U-Boot's global data pointer. We should
not assume that an UEFI application leaves the gp register unchanged as
the UEFI specifications does not define who is the owner of the gp and tp
registers.
So the following sequence should be followed in the trap handler:
* save the caller's gp register
* restore the global data pointer
* serve interrupts or print crash dump and reset
* restore the caller's gp register
Cc: Abner Chang <abner.chang@hpe.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Rick Chen <rick@andestech.com>
If an exception occurs, the relocated program counter and return address
are required for an analysis.
With this patch you get:
=> exception undefined
Unhandled exception: Illegal instruction
EPC: 0000000080595908 RA: 000000008059c0c6 TVAL: 000000008030c01e
EPC: 0000000080007908 RA: 000000008000e0c6 reloc adjusted
We can use the relocated addresses to find the involved functions in
u.boot.map:
.text.do_undefined
0x0000000080007908 0x8 cmd/built-in.o
.text.cmd_process
0x000000008000dfcc 0x11a common/built-in.o
0x000000008000dfcc cmd_process
If an exception occurs in an UEFI binary additionally the load addresses of
the UEFI binaries are needed. With this patch:
=> setenv efi_selftest exception
=> bootefi selftest
Unhandled exception: Illegal instruction
EPC: 000000008042e18a RA: 000000008042e18a TVAL: 000000008030c01e
EPC: 000000007fea018a RA: 000000007fea018a reloc adjusted
UEFI image [0x0000000000000000:0xffffffffffffffff] '/\selftest'
UEFI image [0x000000008042e000:0x000000008042e43f] pc=0x18a '/bug.efi'
The value pc=0x18a matches the position of the illegal instruction in
efi_selftest_miniapp_exception.efi (loaded as /bug.efi);
asm volatile (".word 0xffffffff\n");
00000180 93 85 C5 11 1C 64 22 85 82 97 FF FF FF FF 1C 64
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Sean Anderson <seanga2@gmail.com>
Tested-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Rick Chen <rick@andestech.com>
When debugging, it can be helpful to see more information about an
unhandled exception. This patch adds an option to view the registers at
the time of the trap, similar to the linux output on a kernel panic.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Rick Chen <rick@andestech.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.
Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>
These functions do not use driver model but are fairly widely used in
U-Boot. But it is not clear that they will use driver model anytime soon,
so we don't want to label them as 'legacy'.
Move them to a new irq_func.h header file. Avoid the name 'irq.h' since it
is widely used in U-Boot already.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Undefined exceptions are treated as reserved. This is not clearly
communicated to the user. Adjust the error message to clarify that a
reserved exception has occurred and add additional details.
Fixes: e8b522b ("riscv: treat undefined exception codes as reserved")
Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
With this change, we can avoid a forward declaration.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
Reviewed-by: Anup Patel <anup@brainfault.org>
This patch adds kconfig option RISCV_SMODE to run U-Boot in
S-mode. When this opition is enabled we use s<xyz> CSRs instead
of m<xyz> CSRs.
It is important to note that there is no equivalent S-mode CSR
for misa and mhartid CSRs so we expect M-mode runtime firmware
(BBL or equivalent) to emulate misa and mhartid CSR read.
In-future, we will have more patches to avoid accessing misa and
mhartid CSRs from S-mode.
Signed-off-by: Anup Patel <anup@brainfault.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
Hang on unhandled exceptions to prevent execution in a faulty state.
Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Rick Chen <rick@andestech.com>
Undefined exception codes currently lead to an out-of-bounds array
access. Prevent this by treating undefined exception codes as
"reserved".
Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Rick Chen <rick@andestech.com>
Only the first four exception codes are defined. Add the missing
exception codes from the definition in RISC-V Privileged Architecture
Version 1.10.
Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Rick Chen <rick@andestech.com>
The RISC-V arch incorrectly uses 32-bit instead of 64-bit variables in
several places. Fix this.
In addition, BITS_PER_LONG is set to 64 on RV64I systems.
Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.
In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.
This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.
Signed-off-by: Tom Rini <trini@konsulko.com>
It is reported by checkpatch.pl
WARNING: static const char * array
should probably be static const char * const
Signed-off-by: Rick Chen <rick@andestech.com>
Signed-off-by: Rick Chen <rickchen36@gmail.com>
Add makefile, interrupts.c and boot.c,... functions
to support RISC-V arch.
Signed-off-by: Rick Chen <rick@andestech.com>
Signed-off-by: Rick Chen <rickchen36@gmail.com>
Signed-off-by: Greentime Hu <green.hu@gmail.com>
Cc: Padmarao Begari <Padmarao.Begari@microsemi.com>
