1 /*
2 * SPDX-FileCopyrightText: 2015-2022 Espressif Systems (Shanghai) CO LTD
3 *
4 * SPDX-License-Identifier: Apache-2.0
5 */
6
7 #include <stdlib.h>
8
9 #include "spi_flash_mmap.h"
10 #include "esp_ipc_isr.h"
11 #include "esp_private/system_internal.h"
12 #include "esp_private/cache_utils.h"
13
14 #include "soc/soc_memory_layout.h"
15 #include "esp_cpu.h"
16 #include "soc/soc_caps.h"
17 #include "soc/rtc.h"
18
19 #include "hal/soc_hal.h"
20
21 #include "esp_private/cache_err_int.h"
22
23 #include "sdkconfig.h"
24 #include "esp_rom_sys.h"
25
26 #if CONFIG_ESP_SYSTEM_MEMPROT_FEATURE
27 #ifdef CONFIG_IDF_TARGET_ESP32S2
28 #include "esp32s2/memprot.h"
29 #else
30 #include "esp_memprot.h"
31 #endif
32 #endif
33
34 #include "esp_private/panic_internal.h"
35 #include "esp_private/panic_reason.h"
36
37 #include "hal/wdt_types.h"
38 #include "hal/wdt_hal.h"
39
40 extern int _invalid_pc_placeholder;
41
42 extern void esp_panic_handler_reconfigure_wdts(uint32_t timeout_ms);
43
44 extern void esp_panic_handler(panic_info_t *);
45
46 static wdt_hal_context_t wdt0_context = {.inst = WDT_MWDT0, .mwdt_dev = &TIMERG0};
47
48 void *g_exc_frames[SOC_CPU_CORES_NUM] = {NULL};
49
50 /*
51 Panic handlers; these get called when an unhandled exception occurs or the assembly-level
52 task switching / interrupt code runs into an unrecoverable error. The default task stack
53 overflow handler and abort handler are also in here.
54 */
55
56 /*
57 Note: The linker script will put everything in this file in IRAM/DRAM, so it also works with flash cache disabled.
58 */
print_state_for_core(const void * f,int core)59 static void print_state_for_core(const void *f, int core)
60 {
61 /* On Xtensa (with Window ABI), register dump is not required for backtracing.
62 * Don't print it on abort to reduce clutter.
63 * On other architectures, register values need to be known for backtracing.
64 */
65 #if (CONFIG_IDF_TARGET_ARCH_XTENSA && defined(XCHAL_HAVE_WINDOWED)) || \
66 (CONFIG_IDF_TARGET_ARCH_RISCV && CONFIG_ESP_SYSTEM_USE_EH_FRAME)
67 if (!g_panic_abort) {
68 #else
69 if (true) {
70 #endif
71 panic_print_registers(f, core);
72 panic_print_str("\r\n");
73 }
74 panic_print_backtrace(f, core);
75 }
76
77 static void print_state(const void *f)
78 {
79 #if !CONFIG_ESP_SYSTEM_SINGLE_CORE_MODE
80 int err_core = f == g_exc_frames[0] ? 0 : 1;
81 #else
82 int err_core = 0;
83 #endif
84
85 print_state_for_core(f, err_core);
86
87 panic_print_str("\r\n");
88
89 #if !CONFIG_ESP_SYSTEM_SINGLE_CORE_MODE
90 // If there are other frame info, print them as well
91 for (int i = 0; i < SOC_CPU_CORES_NUM; i++) {
92 // `f` is the frame for the offending core, see note above.
93 if (err_core != i && g_exc_frames[i] != NULL) {
94 print_state_for_core(g_exc_frames[i], i);
95 panic_print_str("\r\n");
96 }
97 }
98 #endif
99 }
100
101 static void frame_to_panic_info(void *frame, panic_info_t *info, bool pseudo_excause)
102 {
103 info->core = esp_cpu_get_core_id();
104 info->exception = PANIC_EXCEPTION_FAULT;
105 info->details = NULL;
106 info->reason = "Unknown";
107 info->pseudo_excause = pseudo_excause;
108
109 if (pseudo_excause) {
110 panic_soc_fill_info(frame, info);
111 } else {
112 panic_arch_fill_info(frame, info);
113 }
114
115 info->state = print_state;
116 info->frame = frame;
117 }
118
119 static void panic_handler(void *frame, bool pseudo_excause)
120 {
121 panic_info_t info = { 0 };
122
123 /*
124 * Setup environment and perform necessary architecture/chip specific
125 * steps here prior to the system panic handler.
126 * */
127 int core_id = esp_cpu_get_core_id();
128
129 // If multiple cores arrive at panic handler, save frames for all of them
130 g_exc_frames[core_id] = frame;
131
132 #if !CONFIG_ESP_SYSTEM_SINGLE_CORE_MODE
133 // These are cases where both CPUs both go into panic handler. The following code ensures
134 // only one core proceeds to the system panic handler.
135 if (pseudo_excause) {
136 #define BUSY_WAIT_IF_TRUE(b) { if (b) while(1); }
137 // For WDT expiry, pause the non-offending core - offending core handles panic
138 BUSY_WAIT_IF_TRUE(panic_get_cause(frame) == PANIC_RSN_INTWDT_CPU0 && core_id == 1);
139 BUSY_WAIT_IF_TRUE(panic_get_cause(frame) == PANIC_RSN_INTWDT_CPU1 && core_id == 0);
140
141 // For cache error, pause the non-offending core - offending core handles panic
142 if (panic_get_cause(frame) == PANIC_RSN_CACHEERR && core_id != esp_cache_err_get_cpuid()) {
143 // Only print the backtrace for the offending core in case of the cache error
144 g_exc_frames[core_id] = NULL;
145 while (1) {
146 ;
147 }
148 }
149 }
150
151 // Need to reconfigure WDTs before we stall any other CPU
152 esp_panic_handler_reconfigure_wdts(1000);
153
154 esp_rom_delay_us(1);
155 // Stall all other cores
156 for (uint32_t i = 0; i < SOC_CPU_CORES_NUM; i++) {
157 if (i != core_id) {
158 esp_cpu_stall(i);
159 }
160 }
161 #endif // !CONFIG_ESP_SYSTEM_SINGLE_CORE_MODE
162
163 esp_ipc_isr_stall_abort();
164
165 if (esp_cpu_dbgr_is_attached()) {
166 #if __XTENSA__
167 if (!(esp_ptr_executable(esp_cpu_pc_to_addr(panic_get_address(frame))) && (panic_get_address(frame) & 0xC0000000U))) {
168 /* Xtensa ABI sets the 2 MSBs of the PC according to the windowed call size
169 * Incase the PC is invalid, GDB will fail to translate addresses to function names
170 * Hence replacing the PC to a placeholder address in case of invalid PC
171 */
172 panic_set_address(frame, (uint32_t)&_invalid_pc_placeholder);
173 }
174 #endif
175 if (panic_get_cause(frame) == PANIC_RSN_INTWDT_CPU0
176 #if !CONFIG_ESP_SYSTEM_SINGLE_CORE_MODE
177 || panic_get_cause(frame) == PANIC_RSN_INTWDT_CPU1
178 #endif
179 ) {
180 wdt_hal_write_protect_disable(&wdt0_context);
181 wdt_hal_handle_intr(&wdt0_context);
182 wdt_hal_write_protect_enable(&wdt0_context);
183 }
184 }
185
186 // Convert architecture exception frame into abstracted panic info
187 frame_to_panic_info(frame, &info, pseudo_excause);
188
189 // Call the system panic handler
190 esp_panic_handler(&info);
191 }
192
193 /**
194 * This function must always be in IRAM as it is required to
195 * re-enable the flash cache.
196 */
197 #if !CONFIG_APP_BUILD_TYPE_PURE_RAM_APP
198 static void IRAM_ATTR panic_enable_cache(void)
199 {
200 int core_id = esp_cpu_get_core_id();
201 if (!spi_flash_cache_enabled()) {
202 esp_ipc_isr_stall_abort();
203 spi_flash_enable_cache(core_id);
204 }
205 }
206 #endif
207
208 void IRAM_ATTR panicHandler(void *frame)
209 {
210 #if !CONFIG_APP_BUILD_TYPE_PURE_RAM_APP
211 panic_enable_cache();
212 #endif
213 // This panic handler gets called for when the double exception vector,
214 // kernel exception vector gets used; as well as handling interrupt-based
215 // faults cache error, wdt expiry. EXCAUSE register gets written with
216 // one of PANIC_RSN_* values.
217 panic_handler(frame, true);
218 }
219
220 void IRAM_ATTR xt_unhandled_exception(void *frame)
221 {
222 #if !CONFIG_APP_BUILD_TYPE_PURE_RAM_APP
223 panic_enable_cache();
224 #endif
225 panic_handler(frame, false);
226 }
227
228 void __attribute__((noreturn)) panic_restart(void)
229 {
230 bool digital_reset_needed = false;
231 #ifdef CONFIG_IDF_TARGET_ESP32
232 // On the ESP32, cache error status can only be cleared by system reset
233 if (esp_cache_err_get_cpuid() != -1) {
234 digital_reset_needed = true;
235 }
236 #endif
237 #if CONFIG_ESP_SYSTEM_MEMPROT_FEATURE
238 #if CONFIG_IDF_TARGET_ESP32S2
239 if (esp_memprot_is_intr_ena_any() || esp_memprot_is_locked_any()) {
240 digital_reset_needed = true;
241 }
242 #else
243 bool is_on = false;
244 if (esp_mprot_is_intr_ena_any(&is_on) != ESP_OK || is_on) {
245 digital_reset_needed = true;
246 } else if (esp_mprot_is_conf_locked_any(&is_on) != ESP_OK || is_on) {
247 digital_reset_needed = true;
248 }
249 #endif
250 #endif
251 if (digital_reset_needed) {
252 esp_restart_noos_dig();
253 }
254 esp_restart_noos();
255 }
256
