cortex-m/hardfault: add secure-fault handler

Signed-off-by: chao.an <anchao@xiaomi.com>
2021-12-21 16:34:42 +08:00 · 2021-12-21 16:34:42 +08:00 · 2737701996
commit 2737701996
parent 6d165506d5
5 changed files with 160 additions and 0 deletions
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@ -739,6 +739,7 @@ config ARCH_CORTEXM33
 	select ARCH_HAVE_MEMFAULT_DEBUG
 	select ARCH_HAVE_BUSFAULT_DEBUG
 	select ARCH_HAVE_USAGEFAULT_DEBUG
+	select ARCH_HAVE_SECUREFAULT_DEBUG if ARCH_TRUSTZONE_SECURE

 config ARCH_CORTEXM35P
 	bool
@ -755,6 +756,7 @@ config ARCH_CORTEXM35P
 	select ARCH_HAVE_MEMFAULT_DEBUG
 	select ARCH_HAVE_BUSFAULT_DEBUG
 	select ARCH_HAVE_USAGEFAULT_DEBUG
+	select ARCH_HAVE_SECUREFAULT_DEBUG if ARCH_TRUSTZONE_SECURE

 config ARCH_CORTEXM55
 	bool
@ -771,6 +773,7 @@ config ARCH_CORTEXM55
 	select ARCH_HAVE_MEMFAULT_DEBUG
 	select ARCH_HAVE_BUSFAULT_DEBUG
 	select ARCH_HAVE_USAGEFAULT_DEBUG
+	select ARCH_HAVE_SECUREFAULT_DEBUG if ARCH_TRUSTZONE_SECURE

 config ARCH_FAMILY
 	string
@ -1006,6 +1009,19 @@ config DEBUG_USAGEFAULT
 		output is sometimes helpful when debugging difficult usage fault problems,
 		but may be more than you typically want to see.

+config ARCH_HAVE_SECUREFAULT_DEBUG
+	bool
+	default n
+
+config DEBUG_SECUREFAULT
+	bool "Verbose Secure-Fault Debug"
+	default n
+	depends on ARCH_HAVE_SECUREFAULT_DEBUG && DEBUG_ALERT
+	---help---
+		Enables verbose debug output when a usage fault is occurs.  This verbose
+		output is sometimes helpful when debugging difficult usage fault problems,
+		but may be more than you typically want to see.
+
 config ARM_SEMIHOSTING_SYSLOG
 	bool "Semihosting SYSLOG support"
 	select ARCH_SYSLOG
--- a/arch/arm/src/armv8-m/arm_hardfault.c
+++ b/arch/arm/src/armv8-m/arm_hardfault.c
@ -34,6 +34,7 @@

 #include "arm_arch.h"
 #include "nvic.h"
+#include "sau.h"
 #include "arm_internal.h"

 /****************************************************************************
@ -75,6 +76,9 @@ int arm_hardfault(int irq, FAR void *context, FAR void *arg)
 {
  uint32_t hfsr = getreg32(NVIC_HFAULTS);
  uint32_t cfsr = getreg32(NVIC_CFAULTS);
+#ifdef CONFIG_DEBUG_SECUREFAULT
+  uint32_t sfsr = getreg32(SAU_SFSR);
+#endif /* CONFIG_DEBUG_SECUREFAULT */

  UNUSED(cfsr);

@ -146,6 +150,13 @@ int arm_hardfault(int irq, FAR void *context, FAR void *arg)
          return arm_usagefault(irq, context, arg);
        }
 #endif /* CONFIG_DEBUG_USAGEFAULT */
+
+#ifdef CONFIG_DEBUG_SECUREFAULT
+      if (sfsr & SAU_SFSR_MASK)
+        {
+          return arm_securefault(irq, context, arg);
+        }
+#endif /* CONFIG_DEBUG_SECUREFAULT */
    }

  /* Dump some hard fault info */
--- a/arch/arm/src/armv8-m/arm_securefault.c
+++ b/arch/arm/src/armv8-m/arm_securefault.c
@ -0,0 +1,119 @@
+/****************************************************************************
+ * arch/arm/src/armv8-m/arm_securefault.c
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.  The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <nuttx/config.h>
+
+#include <stdint.h>
+#include <string.h>
+#include <assert.h>
+#include <debug.h>
+
+#include <arch/irq.h>
+
+#include "arm_arch.h"
+#include "nvic.h"
+#include "sau.h"
+#include "arm_internal.h"
+
+/****************************************************************************
+ * Pre-processor Definitions
+ ****************************************************************************/
+
+#ifdef CONFIG_DEBUG_SECUREFAULT
+#  define sfalert(format, ...)  _alert(format, ##__VA_ARGS__)
+#else
+#  define sfalert(...)
+#endif
+
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+/****************************************************************************
+ * Name: arm_securefault
+ *
+ * Description:
+ *   This is Secure Fault exception handler.  It also catches SVC call
+ *   exceptions that are performed in bad contexts.
+ *
+ ****************************************************************************/
+
+int arm_securefault(int irq, FAR void *context, FAR void *arg)
+{
+  uint32_t sfsr = getreg32(SAU_SFSR);
+
+  sfalert("PANIC!!! Secure Fault:\n");
+  sfalert("\tIRQ: %d regs: %p\n", irq, context);
+  sfalert("\tBASEPRI: %08x PRIMASK: %08x IPSR: %08x CONTROL: %08x\n",
+          getbasepri(), getprimask(), getipsr(), getcontrol());
+  sfalert("\tCFSR: %08x HFSR: %08x DFSR: %08x\n", getreg32(NVIC_CFAULTS),
+          getreg32(NVIC_HFAULTS), getreg32(NVIC_DFAULTS));
+  sfalert("\tBFAR: %08x AFSR: %08x SFAR: %08x\n",
+          getreg32(NVIC_BFAULT_ADDR), getreg32(NVIC_AFAULTS),
+          getreg32(SAU_SFAR));
+
+  sfalert("Secure Fault Reason:\n");
+  if (sfsr & SAU_SFSR_INVEP)
+    {
+      sfalert("\tInvalid entry point\n");
+    }
+
+  if (sfsr & SAU_SFSR_INVIS)
+    {
+      sfalert("\tInvalid integrity signature\n");
+    }
+
+  if (sfsr & SAU_SFSR_INVER)
+    {
+      sfalert("\tInvalid exception return\n");
+    }
+
+  if (sfsr & SAU_SFSR_AUVIOL)
+    {
+      sfalert("\tAttribution unit violation\n");
+    }
+
+  if (sfsr & SAU_SFSR_INVTRAN)
+    {
+      sfalert("\tInvalid transition\n");
+    }
+
+  if (sfsr & SAU_SFSR_LSPERR)
+    {
+      sfalert("\tLazy state preservation\n");
+    }
+
+  if (sfsr & SAU_SFSR_LSERR)
+    {
+      sfalert("\tLazy state error\n");
+    }
+
+  /* clear SFSR sticky bits */
+
+  putreg32(0xff, SAU_SFSR);
+
+  up_irq_save();
+  PANIC();
+  return OK;
+}
--- a/arch/arm/src/armv8-m/sau.h
+++ b/arch/arm/src/armv8-m/sau.h
@ -81,6 +81,19 @@
 #define SAU_RLAR_NSC            (1 << 1)   /* Bit 1: Non-secure callable */
 #define SAU_RLAR_LIMIT_MASK     0xffffffe0 /* Bits 5-31: Region limit address */

+/* Secure Fault Status Register Definitions */
+
+#define SAU_SFSR_MASK           (0xf)      /* Secure Fault Status Register Mask */
+
+#define SAU_SFSR_INVEP          (1 << 0)   /* Bit 0: INVEP Mask */
+#define SAU_SFSR_INVIS          (1 << 1)   /* Bit 1: INVIS Mask */
+#define SAU_SFSR_INVER          (1 << 2)   /* Bit 2: INVER Mask */
+#define SAU_SFSR_AUVIOL         (1 << 3)   /* Bit 3: AUVIOL Mask */
+#define SAU_SFSR_INVTRAN        (1 << 4)   /* Bit 4: INVTRAN Mask */
+#define SAU_SFSR_LSPERR         (1 << 5)   /* Bit 5: LSPERR Mask */
+#define SAU_SFSR_SFARVALID      (1 << 6)   /* Bit 6: SFARVALID Mask */
+#define SAU_SFSR_LSERR          (1 << 7)   /* Bit 7: LSERR Mask */
+
 /****************************************************************************
 * Public Function Prototypes
 ****************************************************************************/
--- a/arch/arm/src/common/arm_internal.h
+++ b/arch/arm/src/common/arm_internal.h
@ -345,6 +345,7 @@ int  arm_hardfault(int irq, FAR void *context, FAR void *arg);
 int  arm_memfault(int irq, FAR void *context, FAR void *arg);
 int  arm_busfault(int irq, FAR void *context, FAR void *arg);
 int  arm_usagefault(int irq, FAR void *context, FAR void *arg);
+int  arm_securefault(int irq, FAR void *context, FAR void *arg);

 #  endif /* CONFIG_ARCH_CORTEXM3,4,7 */