commit b56dc2a98cab0ea618cce83b3702814b7fcafd7d
author Jeenu Viswambharan <jeenu.viswambharan@arm.com> Thu May 17 09:52:36 2018 +0100
committer Jeenu Viswambharan <jeenu.viswambharan@arm.com> Thu Jul 19 10:13:17 2018 +0100
tree 95bda829c02e8a2f2089abd58dd102d84d7ac012
parent ee6ff1bb37e67df2e080cf49a03dfc8310dbc733

RAS: Introduce handler for Uncontainable errors

Uncontainable errors are the most severe form of errors, which typically
mean that the system state can't be trusted any more. This further means
that normal error recovery process can't be followed, and an orderly
shutdown of the system is often desirable.

This patch allows for the platform to define a handler for Uncontainable
errors received. Due to the nature of Uncontainable error, the handler
is expected to initiate an orderly shutdown of the system, and therefore
is not expected to return. A default implementation is added which falls
back to platform unhandled exception.

Also fix ras_arch.h header guards.

Change-Id: I072e336a391a0b382e77e627eb9e40729d488b55
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

bl31/aarch64/ea_delegate.S

diff --git a/bl31/aarch64/ea_delegate.S b/bl31/aarch64/ea_delegate.S
index d18f9e5..9faa503 100644
--- a/bl31/aarch64/ea_delegate.S
+++ b/bl31/aarch64/ea_delegate.S
@@ -9,6 +9,7 @@
 #include <assert_macros.S>
 #include <context.h>
 #include <ea_handle.h>
+#include <ras_arch.h>
 
 
 	.globl	handle_lower_el_ea_esb
@@ -70,7 +71,7 @@
 	mov	x0, #ERROR_EA_SYNC
 	mrs	x1, esr_el3
 	adr	x30, el3_exit
-	b	ea_proceed
+	b	delegate_sync_ea
 
 2:
 	/* Synchronous exceptions other than the above are assumed to be EA */
@@ -100,11 +101,77 @@
 	mov	x0, #ERROR_EA_ASYNC
 	mrs	x1, esr_el3
 	adr	x30, el3_exit
-	b	ea_proceed
+	b	delegate_async_ea
 endfunc enter_lower_el_async_ea
 
 
 /*
+ * Prelude for Synchronous External Abort handling. This function assumes that
+ * all GP registers have been saved by the caller.
+ *
+ * x0: EA reason
+ * x1: EA syndrome
+ */
+func delegate_sync_ea
+#if RAS_EXTENSION
+	/*
+	 * Check for Uncontainable error type. If so, route to the platform
+	 * fatal error handler rather than the generic EA one.
+	 */
+	ubfx    x2, x1, #EABORT_SET_SHIFT, #EABORT_SET_WIDTH
+	cmp     x2, #ERROR_STATUS_SET_UC
+	b.ne    1f
+
+	/* Check fault status code */
+	ubfx    x3, x1, #EABORT_DFSC_SHIFT, #EABORT_DFSC_WIDTH
+	cmp     x3, #SYNC_EA_FSC
+	b.ne    1f
+
+	no_ret  plat_handle_uncontainable_ea
+1:
+#endif
+
+	b       ea_proceed
+endfunc delegate_sync_ea
+
+
+/*
+ * Prelude for Asynchronous External Abort handling. This function assumes that
+ * all GP registers have been saved by the caller.
+ *
+ * x0: EA reason
+ * x1: EA syndrome
+ */
+func delegate_async_ea
+#if RAS_EXTENSION
+	/*
+	 * Check for Implementation Defined Syndrome. If so, skip checking
+	 * Uncontainable error type from the syndrome as the format is unknown.
+	 */
+	tbnz	x1, #SERROR_IDS_BIT, 1f
+
+	/*
+	 * Check for Uncontainable error type. If so, route to the platform
+	 * fatal error handler rather than the generic EA one.
+	 */
+	ubfx	x2, x1, #EABORT_AET_SHIFT, #EABORT_AET_WIDTH
+	cmp	x2, #ERROR_STATUS_UET_UC
+	b.ne	1f
+
+	/* Check DFSC for SError type */
+	ubfx	x3, x1, #EABORT_DFSC_SHIFT, #EABORT_DFSC_WIDTH
+	cmp	x3, #DFSC_SERROR
+	b.ne	1f
+
+	no_ret	plat_handle_uncontainable_ea
+1:
+#endif
+
+	b	ea_proceed
+endfunc delegate_async_ea
+
+
+/*
  * Delegate External Abort handling to platform's EA handler. This function
  * assumes that all GP registers have been saved by the caller.
  *