Skip to content

GitLab

Switch branch/tag
  1. 24 Jul, 2018 5 commits
  3. 19 Jul, 2018 1 commit
    • Jeenu Viswambharan's avatar
      RAS: Introduce handler for Uncontainable errors · b56dc2a9
      Jeenu Viswambharan authored 
      

Uncontainable errors are the most severe form of errors, which typically
mean that the system state can't be trusted any more. This further means
that normal error recovery process can't be followed, and an orderly
shutdown of the system is often desirable.

This patch allows for the platform to define a handler for Uncontainable
errors received. Due to the nature of Uncontainable error, the handler
is expected to initiate an orderly shutdown of the system, and therefore
is not expected to return. A default implementation is added which falls
back to platform unhandled exception.

Also fix ras_arch.h header guards.

Change-Id: I072e336a391a0b382e77e627eb9e40729d488b55
Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      b56dc2a9
  5. 18 Jul, 2018 10 commits
  7. 15 Jul, 2018 2 commits
  9. 13 Jul, 2018 3 commits
    • Antonio Nino Diaz's avatar
      xlat v2: Turn MMU parameters into 64-bit values · 6563c0be
      Antonio Nino Diaz authored 
      

Most registers are 64-bit wide, even in AArch32 mode:

- MAIR_ELx is equivalent to MAIR0 and MAIR1.
- TTBR is 64 bit in both AArch64 and AArch32.

The only difference is the TCR register, which is 32 bit in AArch32 and
in EL3 in AArch64. For consistency with the rest of ELs in AArch64, it
makes sense to also have it as a 64-bit value.

Change-Id: I2274d66a28876702e7085df5f8aad0e7ec139da9
Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      6563c0be
    • Antonio Nino Diaz's avatar
      xlat v2: Remove IMAGE_EL define · aa1d5f60
      Antonio Nino Diaz authored 
      

The Exception Level is now detected at runtime. This means that it is not
needed to hardcode the EL used by each image.

This doesn't result in a substantial increase of the image size because
the initialization functions that aren't used are garbage-collected by
the linker.

In AArch32 the current EL has been changed from EL3 to EL1 because the
the AArch32 PL1&0 translation regime behaves more like the AArch64 EL1&0
translation regime than the EL3 one.

Change-Id: I941404299ebe7666ca17619207c923b49a55cb73
Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      aa1d5f60
    • Sandrine Bailleux's avatar
      Run compiler on debug macros for type checking · cf24229e
      Sandrine Bailleux authored 
      

Even if the log output is too low for a message to be printed out on
the console by the debug macros, it should still be evaluated by the
compiler to get some type checking and validation of the format
specifiers. To do so, introduce the no_tf_log() macro that encloses
the call to tf_log() in an always-false condition.

This avoids the problem of discovering build issues only when we build
the firmware with the right LOG_LEVEL value.

Change-Id: Ic0fd252ab691d0187fd925756a4837aca1cbfd7b
Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      cf24229e
  11. 12 Jul, 2018 1 commit
  13. 11 Jul, 2018 9 commits
  15. 10 Jul, 2018 1 commit
    • Roberto Vargas's avatar
      Fix MISRA rule 8.3 · c96f297f
      Roberto Vargas authored 
      

Rule 8.3: All declarations of an object or function shall
              use the same names and type qualifiers.

Fixed for:
	make DEBUG=1 PLAT=juno ARCH=aarch32 AARCH32_SP=sp_min RESET_TO_SP_MIN=1 JUNO_AARCH32_EL3_RUNTIME=1 bl32

Change-Id: Ia34f5155e1cdb67161191f69e8d1248cbaa39e1a
Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      c96f297f
  17. 03 Jul, 2018 3 commits
    • Yann Gautier's avatar
      Add MMC framework · ad71d45e
      Yann Gautier authored 
      

This change is largely based on existing eMMC framework by Haojian Zhuang
(@hzhuang1).

The MMC framework supports both eMMC and SD card devices. It was
written as a new framework since breaking few eMMC framework APIs.

At card probe and after the reset to idle command (CMD0), a Send
Interface Condition Command is sent (CMD8) to distinguish between
eMMC and SD card devices. eMMC devices go through the same
sequence as in the former eMMC framework. Else the framework
uses commands dedicated to SD-cards for init or frequency switch.

A structure is created to share info with the driver. It stores:
- the MMC type (eMMC, SD or SD HC)
- the device size
- the max frequency supported by the device
- the block size: 512 for eMMC and SD-HC and read from CSD
 structure for older SD-cards

Restriction to align buffers on block size has been removed.
Cache maintenance was removed and is expected to be done in the platform
or device driver.

The MMC framework includes some MISRA compliance coding style
maybe not yet ported in the existing eMMC framework.

Fixes ARM-software/tf-issues#597
Signed-off-by: default avatarYann Gautier <yann.gautier@st.com>
      ad71d45e
    • Sandrine Bailleux's avatar
      Fix incorrect pointer conversion in SMC_UUID_RET() · 43b8fa8e
      Sandrine Bailleux authored 
      

Casting a pointer to a struct uuid into a pointer to uint32_t may
result in a pointer that is not correctly aligned, which constitutes
an undefined behaviour. In the case of TF, this also generates a data
abort because alignment fault checking is enabled (through the SCTLR.A
bit).

This patch modifies the SMC_UUID_RET() macro to read the uuid
structure without any pointer aliasing. A helper function then
combines every set of 4 bytes into a 32-bit value suitable to be
returned through the x0-x3 registers.

This fixes a violation of MISRA rule 11.3.

Change-Id: I53ee73bb4cb332f4d8286055ceceb6f347caa080
Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      43b8fa8e
    • Antonio Nino Diaz's avatar
      xlat v2: Split code into separate files · fd2299e6
      Antonio Nino Diaz authored 
      

Instead of having one big file with all the code, it's better to have
a few smaller files that are more manageable:

- xlat_tables_core.c: Code related to the core functionality of the
  library (map and unmap regions, initialize xlat context).
- xlat_tables_context.c: Instantiation of the active image context
  as well as APIs to manipulate it.
- xlat_tables_utils.c: Helper code that isn't part of the core
  functionality (change attributes, debug print messages).

Change-Id: I3ea956fc1afd7473c0bb5e7c6aab3b2e5d88c711
Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      fd2299e6
  19. 27 Jun, 2018 1 commit
    • Jeenu Viswambharan's avatar
      xlat v2: Split MMU setup and enable · 0cc7aa89
      Jeenu Viswambharan authored 
      

At present, the function provided by the translation library to enable
MMU constructs appropriate values for translation library, and programs
them to the right registers. The construction of initial values,
however, is only required once as both the primary and secondaries
program the same values.

Additionally, the MMU-enabling function is written in C, which means
there's an active stack at the time of enabling MMU. On some systems,
like Arm DynamIQ, having active stack while enabling MMU during warm
boot might lead to coherency problems.

This patch addresses both the above problems by:

  - Splitting the MMU-enabling function into two: one that sets up
    values to be programmed into the registers, and another one that
    takes the pre-computed values and writes to the appropriate
    registers. With this, the primary effectively calls both functions
    to have the MMU enabled, but secondaries only need to call the
    latter.

  - Rewriting the function that enables MMU in assembly so that it
    doesn't use stack.

This patch fixes a bunch of MISRA issues on the way.

Change-Id: I0faca97263a970ffe765f0e731a1417e43fbfc45
Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      0cc7aa89
  21. 26 Jun, 2018 1 commit
  23. 23 Jun, 2018 1 commit
  25. 22 Jun, 2018 1 commit
    • Antonio Nino Diaz's avatar
      xlat: Remove mmap_attr_t enum type · 3a1b7b10
      Antonio Nino Diaz authored 
      

The values defined in this type are used in logical operations, which
goes against MISRA Rule 10.1: "Operands shall not be of an inappropriate
essential type".

Now, `unsigned int` is used instead. This also allows us to move the
dynamic mapping bit from 30 to 31. It was an undefined behaviour in the
past because an enum is signed by default, and bit 31 corresponds to the
sign bit. It is undefined behaviour to modify the sign bit. Now, bit 31
is free to use as it was originally meant to be.

mmap_attr_t is now defined as an `unsigned int` for backwards
compatibility.

Change-Id: I6b31218c14b9c7fdabebe432de7fae6e90a97f34
Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      3a1b7b10
  27. 21 Jun, 2018 1 commit
    • Jeenu Viswambharan's avatar
      SDEI: Make dispatches synchronous · cdb6ac94
      Jeenu Viswambharan authored 
      

SDEI event dispatches currently only sets up the Non-secure context
before returning to the caller. The actual dispatch only happens upon
exiting EL3 next time.

However, for various error handling scenarios, it's beneficial to have
the dispatch happen synchronously. I.e. when receiving SDEI interrupt,
or for a successful sdei_dispatch_event() call, the event handler is
executed; and upon the event completion, dispatcher execution resumes
after the point of dispatch. The jump primitives introduced in the
earlier patch facilitates this feature.

With this patch:

  - SDEI interrupts and calls to sdei_dispatch_event prepares the NS
    context for event dispatch, then sets a jump point, and immediately
    exits EL3. This results in the client handler executing in
    Non-secure.

  - When the SDEI client completes the dispatched event, the SDEI
    dispatcher does a longjmp to the jump pointer created earlier. For
    the caller of the sdei_dispatch_event() in particular, this would
    appear as if call returned successfully.

The dynamic workaround for CVE_2018_3639 is slightly shifted around as
part of related minor refactoring. It doesn't affect the workaround
functionality.

Documentation updated.

NOTE: This breaks the semantics of the explicit dispatch API, and any
exiting usages should be carefully reviewed.

Change-Id: Ib9c876d27ea2af7fb22de49832e55a0da83da3f9
Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      cdb6ac94