1. 04 May, 2018 6 commits
    • Jeenu Viswambharan's avatar
      RAS: Add fault injection support · 1a7c1cfe
      Jeenu Viswambharan authored
      
      
      The ARMv8.4 RAS extensions introduce architectural support for software
      to inject faults into the system in order to test fault-handling
      software. This patch introduces the build option FAULT_HANDLING_SUPPORT
      to allow for lower ELs to use registers in the Standard Error Record to
      inject fault. The build option RAS_EXTENSIONS must also be enabled along
      with fault injection.
      
      This feature is intended for testing purposes only, and is advisable to
      keep disabled for production images.
      
      Change-Id: I6f7a4454b15aec098f9505a10eb188c2f928f7ea
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      1a7c1cfe
    • Jeenu Viswambharan's avatar
      RAS: Allow individual interrupt registration · ca6d9185
      Jeenu Viswambharan authored
      
      
      EHF currently allows for registering interrupt handlers for a defined
      priority ranges. This is primarily targeted at various EL3 dispatchers
      to own ranges of secure interrupt priorities in order to delegate
      execution to lower ELs.
      
      The RAS support added by earlier patches necessitates registering
      handlers based on interrupt number so that error handling agents shall
      receive and handle specific Error Recovery or Fault Handling interrupts
      at EL3.
      
      This patch introduces a macro, RAS_INTERRUPTS() to declare an array of
      interrupt numbers and handlers. Error handling agents can use this macro
      to register handlers for individual RAS interrupts. The array is
      expected to be sorted in the increasing order of interrupt numbers.
      
      As part of RAS initialisation, the list of all RAS interrupts are sorted
      based on their ID so that, given an interrupt, its handler can be looked
      up with a simple binary search.
      
      For an error handling agent that wants to handle a RAS interrupt,
      platform must:
      
        - Define PLAT_RAS_PRI to be the priority of all RAS exceptions.
      
        - Enumerate interrupts to have the GIC driver program individual EL3
          interrupts to the required priority range. This is required by EHF
          even before this patch.
      
      Documentation to follow.
      
      Change-Id: I9471e4887ff541f8a7a63309e9cd8f771f76aeda
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      ca6d9185
    • Jeenu Viswambharan's avatar
      RAS: Add support for node registration · 362599ec
      Jeenu Viswambharan authored
      
      
      Previous patches added frameworks for handling RAS errors. This patch
      introduces features that the platform can use to enumerate and iterate
      RAS nodes:
      
        - The REGISTER_RAS_NODES() can be used to expose an array of
          ras_node_info_t structures. Each ras_node_info_t describes a RAS
          node, along with handlers for probing the node for error, and if
          did record an error, another handler to handle it.
      
        - The macro for_each_ras_node() can be used to iterate over the
          registered RAS nodes, probe for, and handle any errors.
      
      The common platform EA handler has been amended using error handling
      primitives introduced by both this and previous patches.
      
      Change-Id: I2e13f65a88357bc48cd97d608db6c541fad73853
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      362599ec
    • Jeenu Viswambharan's avatar
      RAS: Add helpers to access Standard Error Records · 30d81c36
      Jeenu Viswambharan authored
      
      
      The ARMv8 RAS Extensions introduced Standard Error Records which are a
      set of standard registers through which:
      
        - Platform can configure RAS node policy; e.g., notification
          mechanism;
      
        - RAS nodes can record and expose error information for error handling
          agents.
      
      Standard Error Records can either be accessed via. memory-mapped
      or System registers. This patch adds helper functions to access
      registers and fields within an error record.
      
      Change-Id: I6594ba799f4a1789d7b1e45b3e17fd40e7e0ba5c
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      30d81c36
    • Jeenu Viswambharan's avatar
      AArch64: Introduce RAS handling · 14c6016a
      Jeenu Viswambharan authored
      
      
      RAS extensions are mandatory for ARMv8.2 CPUs, but are also optional
      extensions to base ARMv8.0 architecture.
      
      This patch adds build system support to enable RAS features in ARM
      Trusted Firmware. A boolean build option RAS_EXTENSION is introduced for
      this.
      
      With RAS_EXTENSION, an Exception Synchronization Barrier (ESB) is
      inserted at all EL3 vector entry and exit. ESBs will synchronize pending
      external aborts before entering EL3, and therefore will contain and
      attribute errors to lower EL execution. Any errors thus synchronized are
      detected via. DISR_EL1 register.
      
      When RAS_EXTENSION is set to 1, HANDLE_EL3_EA_FIRST must also be set to 1.
      
      Change-Id: I38a19d84014d4d8af688bd81d61ba582c039383a
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      14c6016a
    • Jeenu Viswambharan's avatar
      AArch64: Introduce External Abort handling · 76454abf
      Jeenu Viswambharan authored
      
      
      At present, any External Abort routed to EL3 is reported as an unhandled
      exception and cause a panic. This patch enables ARM Trusted Firmware to
      handle External Aborts routed to EL3.
      
      With this patch, when an External Abort is received at EL3, its handling
      is delegated to plat_ea_handler() function. Platforms can provide their
      own implementation of this function. This patch adds a weak definition
      of the said function that prints out a message and just panics.
      
      In order to support handling External Aborts at EL3, the build option
      HANDLE_EA_EL3_FIRST must be set to 1.
      
      Before this patch, HANDLE_EA_EL3_FIRST wasn't passed down to
      compilation; this patch fixes that too.
      
      Change-Id: I4d07b7e65eb191ff72d63b909ae9512478cd01a1
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      76454abf
  2. 02 May, 2018 1 commit
  3. 27 Apr, 2018 2 commits
    • Masahiro Yamada's avatar
      types: use int-ll64 for both aarch32 and aarch64 · 0a2d5b43
      Masahiro Yamada authored
      Since commit 031dbb12
      
       ("AArch32: Add essential Arch helpers"),
      it is difficult to use consistent format strings for printf() family
      between aarch32 and aarch64.
      
      For example, uint64_t is defined as 'unsigned long long' for aarch32
      and as 'unsigned long' for aarch64.  Likewise, uintptr_t is defined
      as 'unsigned int' for aarch32, and as 'unsigned long' for aarch64.
      
      A problem typically arises when you use printf() in common code.
      
      One solution could be, to cast the arguments to a type long enough
      for both architectures.  For example, if 'val' is uint64_t type,
      like this:
      
        printf("val = %llx\n", (unsigned long long)val);
      
      Or, somebody may suggest to use a macro provided by <inttypes.h>,
      like this:
      
        printf("val = %" PRIx64 "\n", val);
      
      But, both would make the code ugly.
      
      The solution adopted in Linux kernel is to use the same typedefs for
      all architectures.  The fixed integer types in the kernel-space have
      been unified into int-ll64, like follows:
      
          typedef signed char           int8_t;
          typedef unsigned char         uint8_t;
      
          typedef signed short          int16_t;
          typedef unsigned short        uint16_t;
      
          typedef signed int            int32_t;
          typedef unsigned int          uint32_t;
      
          typedef signed long long      int64_t;
          typedef unsigned long long    uint64_t;
      
      [ Linux commit: 0c79a8e29b5fcbcbfd611daf9d500cfad8370fcf ]
      
      This gets along with the codebase shared between 32 bit and 64 bit,
      with the data model called ILP32, LP64, respectively.
      
      The width for primitive types is defined as follows:
      
                         ILP32           LP64
          int            32              32
          long           32              64
          long long      64              64
          pointer        32              64
      
      'long long' is 64 bit for both, so it is used for defining uint64_t.
      'long' has the same width as pointer, so for uintptr_t.
      
      We still need an ifdef conditional for (s)size_t.
      
      All 64 bit architectures use "unsigned long" size_t, and most 32 bit
      architectures use "unsigned int" size_t.  H8/300, S/390 are known as
      exceptions; they use "unsigned long" size_t despite their architecture
      is 32 bit.
      
      One idea for simplification might be to define size_t as 'unsigned long'
      across architectures, then forbid the use of "%z" string format.
      However, this would cause a distortion between size_t and sizeof()
      operator.  We have unknowledge about the native type of sizeof(), so
      we need a guess of it anyway.  I want the following formula to always
      return 1:
      
        __builtin_types_compatible_p(size_t, typeof(sizeof(int)))
      
      Fortunately, ARM is probably a majority case.  As far as I know, all
      32 bit ARM compilers use "unsigned int" size_t.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      0a2d5b43
    • Masahiro Yamada's avatar
      arch_helpers: use u_register_t for register read/write · 8f4dbaab
      Masahiro Yamada authored
      
      
      u_register_t is preferred rather than uint64_t.  This is more
      consistent with the aarch32 implementation.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      8f4dbaab
  4. 26 Apr, 2018 1 commit
    • Antonio Nino Diaz's avatar
      xlat: Set AP[1] to 1 when it is RES1 · 01c0a38e
      Antonio Nino Diaz authored
      
      
      According to the ARMv8 ARM issue C.a:
      
          AP[1] is valid only for stage 1 of a translation regime that can
          support two VA ranges. It is RES 1 when stage 1 translations can
          support only one VA range.
      
      This means that, even though this bit is ignored, it should be set to 1
      in the EL3 and EL2 translation regimes.
      
      For translation regimes consisting on EL0 and a higher regime this bit
      selects between control at EL0 or at the higher Exception level. The
      regimes that support two VA ranges are EL1&0 and EL2&0 (the later one
      is only available since ARMv8.1).
      
      This fix has to be applied to both versions of the translation tables
      library.
      
      Change-Id: If19aaf588551bac7aeb6e9a686cf0c2068e7c181
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      01c0a38e
  5. 23 Apr, 2018 1 commit
    • Antonio Nino Diaz's avatar
      Add support for the SMC Calling Convention 2.0 · 2f370465
      Antonio Nino Diaz authored
      
      
      Due to differences in the bitfields of the SMC IDs, it is not possible
      to support SMCCC 1.X and 2.0 at the same time.
      
      The behaviour of `SMCCC_MAJOR_VERSION` has changed. Now, it is a build
      option that specifies the major version of the SMCCC that the Trusted
      Firmware supports. The only two allowed values are 1 and 2, and it
      defaults to 1. The value of `SMCCC_MINOR_VERSION` is derived from it.
      
      Note: Support for SMCCC v2.0 is an experimental feature to enable
      prototyping of secure partition specifications. Support for this
      convention is disabled by default and could be removed without notice.
      
      Change-Id: I88abf9ccf08e9c66a13ce55c890edea54d9f16a7
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      2f370465
  6. 17 Apr, 2018 1 commit
  7. 13 Apr, 2018 3 commits
    • Roberto Vargas's avatar
      Fix MISRA rule 8.4 Part 4 · 3b94189a
      Roberto Vargas authored
      
      
      Rule 8.4: A compatible declaration shall be visible when
                an object or function with external linkage is defined
      
      Fixed for:
      	make DEBUG=1 PLAT=fvp SPD=tspd TRUSTED_BOARD_BOOT=1 \
      	     GENERATE_COT=1 ARM_ROTPK_LOCATION=devel_rsa \
      	     ROT_KEY=arm_rotprivk_rsa.pem MBEDTLS_DIR=mbedtls all
      
      Change-Id: Ie4cd6011b3e4fdcdd94ccb97a7e941f3b5b7aeb8
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      3b94189a
    • Roberto Vargas's avatar
      Fix MISRA rule 8.3 Part 4 · 735181b6
      Roberto Vargas authored
      
      
      Rule 8.3: All declarations of an object or function shall
                use the same names and type qualifiers
      
      Fixed for:
      	make DEBUG=1 PLAT=fvp SPD=tspd TRUSTED_BOARD_BOOT=1 \
      	     GENERATE_COT=1 ARM_ROTPK_LOCATION=devel_rsa \
      	     ROT_KEY=arm_rotprivk_rsa.pem MBEDTLS_DIR=mbedtls all
      
      Change-Id: Ia34fe1ae1f142e89c9a6c19831e3daf4d28f5831
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      735181b6
    • Roberto Vargas's avatar
      Fix MISRA rule 8.5 in common code · c28b7658
      Roberto Vargas authored
      
      
      Rule 8.5: An external object or function shall be declared
                once in one and only one file.
      
      Change-Id: I7c3d4ec7d3ba763fdb4600008ba10b4b93ecdfce
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      c28b7658
  8. 12 Apr, 2018 1 commit
  9. 10 Apr, 2018 1 commit
    • Summer Qin's avatar
      plat/arm: Allow override of default TZC regions · 23411d2c
      Summer Qin authored
      
      
      This patch allows the ARM Platforms to specify the TZC regions to be
      specified to the ARM TZC helpers in arm_tzc400.c and arm_tzc_dmc500.c.
      If the regions are not specified then the default TZC region will be
      configured by these helpers.
      
      This override mechanism allows specifying special regions for TZMP1
      usecase.
      Signed-off-by: default avatarSummer Qin <summer.qin@arm.com>
      23411d2c
  10. 09 Apr, 2018 1 commit
  11. 07 Apr, 2018 2 commits
    • Jiafei Pan's avatar
      fix instruction address range limitation · b4ad9768
      Jiafei Pan authored
      
      
      For the adr instruction, it require the label's offset from the
      address of this instruction must be in the range +/-1MB. If the
      option "BL2_IN_XIP_MEM" is set to '1', in some cases, BL2's RW
      memory will not in the range of +/-1MB from BL2's RO memory region.
      so we need to use ldr instruction to cover this case.
      Signed-off-by: default avatarJiafei Pan <Jiafei.Pan@nxp.com>
      b4ad9768
    • Jiafei Pan's avatar
      Add support for BL2 in XIP memory · 7d173fc5
      Jiafei Pan authored
      
      
      In some use-cases BL2 will be stored in eXecute In Place (XIP) memory,
      like BL1. In these use-cases, it is necessary to initialize the RW sections
      in RAM, while leaving the RO sections in place. This patch enable this
      use-case with a new build option, BL2_IN_XIP_MEM. For now, this option
      is only supported when BL2_AT_EL3 is 1.
      Signed-off-by: default avatarJiafei Pan <Jiafei.Pan@nxp.com>
      7d173fc5
  12. 31 Mar, 2018 1 commit
    • Michalis Pappas's avatar
      qemu: don't use C functions for the crash console callbacks · 0e24ea81
      Michalis Pappas authored
      
      
      Use the console_pl011_core_* functions directly in the crash console
      callbacks.
      
      This bypasses the MULTI_CONSOLE_API for the crash console (UART1), but
      allows using the crash console before the C runtime has been initialized
      (eg to call ASM_ASSERT). This retains backwards compatibility with respect
      to functionality when the old API is used.
      
      Use the MULTI_CONSOLE_API to register UART0 as the boot and runtime
      console.
      
      Fixes ARM-software/tf-issues#572
      Signed-off-by: default avatarMichalis Pappas <mpappas@fastmail.fm>
      0e24ea81
  13. 27 Mar, 2018 1 commit
    • Joel Hutton's avatar
      Clean usage of void pointers to access symbols · 9f85f9e3
      Joel Hutton authored
      
      
      Void pointers have been used to access linker symbols, by declaring an
      extern pointer, then taking the address of it. This limits symbols
      values to aligned pointer values. To remove this restriction an
      IMPORT_SYM macro has been introduced, which declares it as a char
      pointer and casts it to the required type.
      
      Change-Id: I89877fc3b13ed311817bb8ba79d4872b89bfd3b0
      Signed-off-by: default avatarJoel Hutton <Joel.Hutton@Arm.com>
      9f85f9e3
  14. 26 Mar, 2018 2 commits
  15. 24 Mar, 2018 1 commit
  16. 21 Mar, 2018 1 commit
    • Antonio Nino Diaz's avatar
      Rename 'smcc' to 'smccc' · 085e80ec
      Antonio Nino Diaz authored
      
      
      When the source code says 'SMCC' it is talking about the SMC Calling
      Convention. The correct acronym is SMCCC. This affects a few definitions
      and file names.
      
      Some files have been renamed (smcc.h, smcc_helpers.h and smcc_macros.S)
      but the old files have been kept for compatibility, they include the
      new ones with an ERROR_DEPRECATED guard.
      
      Change-Id: I78f94052a502436fdd97ca32c0fe86bd58173f2f
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      085e80ec
  17. 14 Mar, 2018 2 commits
  18. 02 Mar, 2018 1 commit
    • Soby Mathew's avatar
      Remove sp_min functions from plat_common.c · 0ed8c001
      Soby Mathew authored
      
      
      This patch removes default platform implementations of sp_min
      platform APIs from plat/common/aarch32/plat_common.c. The APIs
      are now implemented in `plat_sp_min_common.c` file within the
      same folder.
      
      The ARM platform layer had a weak definition of sp_min_platform_setup2()
      which conflicted with the weak definition in the common file. Hence this
      patch fixes that by introducing a `plat_arm_` version of the API thus
      allowing individual boards within ARM platforms to override it if they
      wish to.
      
      Fixes ARM-software/tf-issues#559
      
      Change-Id: I11a74ecae8191878ccc7ea03f12bdd5ae88faba5
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      0ed8c001
  19. 01 Mar, 2018 2 commits
    • Dan Handley's avatar
      Emit warnings when using deprecated GIC init · dcf01a0a
      Dan Handley authored
      
      
      Emit runtime warnings when intializing the GIC drivers using the
      deprecated method of defining integer interrupt arrays in the GIC driver
      data structures; interrupt_prop_t arrays should be used instead. This
      helps platforms detect that they have migration work to do. Previously,
      no warning was emitted in this case. This affects both the GICv2 and GICv3
      drivers.
      
      Also use the __deprecated attribute to emit a build time warning if these
      deprecated fields are used. These warnings are suppressed in the GIC
      driver compatibility functions but will be visible if platforms use them.
      
      Change-Id: I6b6b8f6c3b4920c448b6dcb82fc18442cfdf6c7a
      Signed-off-by: default avatarDan Handley <dan.handley@arm.com>
      dcf01a0a
    • Dan Handley's avatar
      Improve MULTI_CONSOLE_API deprecation warnings · bc1a03c7
      Dan Handley authored
      
      
      For platforms that have not migrated to MULTI_CONSOLE_API == 1, there
      are a lot of confusing deprecated declaration warnings relating to
      use of console_init() and console_uninit(). Some of these relate to use
      by the generic code, not the platform code. These functions are not really
      deprecated but *removed* when MULTI_CONSOLE_API == 1.
      
      This patch consolidates these warnings into a single preprocessor warning.
      The __deprecated attribute is removed from the console_init() and
      console_uninit() declarations.
      
      For preprocessor warnings like this to not cause fatal build errors,
      this patch adds -Wno-error=cpp to the build flags when
      ERROR_DEPRECATED == 0.
      This option (and -Wno-error=deprecated-declarations) is now added to
      CPPFLAGS instead of TF_CFLAGS to ensure the build flags are used in the
      assembler as well as the compiler.
      
      This patch also disentangles the MULTI_CONSOLE_API and ERROR_DEPRECATED
      build flags by defaulting MULTI_CONSOLE_API to 0 instead of
      ERROR_DEPRECATED. This allows platforms that have not migrated to
      MULTI_CONSOLE_API to use ERROR_DEPRECATED == 1 to emit a more meaningful
      build error.
      
      Finally, this patch bans use of MULTI_CONSOLE_API == 1 and AARCH32, since
      the AArch32 console implementation does not support
      MULTI_CONSOLE_API == 1.
      
      Change-Id: If762165ddcb90c28aa7a4951aba70cb15c2b709c
      Signed-off-by: default avatarDan Handley <dan.handley@arm.com>
      bc1a03c7
  20. 28 Feb, 2018 5 commits
  21. 27 Feb, 2018 4 commits