1. 18 Jul, 2018 3 commits
  2. 15 Jul, 2018 2 commits
  3. 13 Jul, 2018 2 commits
    • Antonio Nino Diaz's avatar
      xlat v2: Turn MMU parameters into 64-bit values · 6563c0be
      Antonio Nino Diaz authored
      
      
      Most registers are 64-bit wide, even in AArch32 mode:
      
      - MAIR_ELx is equivalent to MAIR0 and MAIR1.
      - TTBR is 64 bit in both AArch64 and AArch32.
      
      The only difference is the TCR register, which is 32 bit in AArch32 and
      in EL3 in AArch64. For consistency with the rest of ELs in AArch64, it
      makes sense to also have it as a 64-bit value.
      
      Change-Id: I2274d66a28876702e7085df5f8aad0e7ec139da9
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      6563c0be
    • Antonio Nino Diaz's avatar
      xlat v2: Remove IMAGE_EL define · aa1d5f60
      Antonio Nino Diaz authored
      
      
      The Exception Level is now detected at runtime. This means that it is not
      needed to hardcode the EL used by each image.
      
      This doesn't result in a substantial increase of the image size because
      the initialization functions that aren't used are garbage-collected by
      the linker.
      
      In AArch32 the current EL has been changed from EL3 to EL1 because the
      the AArch32 PL1&0 translation regime behaves more like the AArch64 EL1&0
      translation regime than the EL3 one.
      
      Change-Id: I941404299ebe7666ca17619207c923b49a55cb73
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      aa1d5f60
  4. 11 Jul, 2018 4 commits
  5. 10 Jul, 2018 1 commit
    • Roberto Vargas's avatar
      Fix MISRA rule 8.3 · c96f297f
      Roberto Vargas authored
      
      
      Rule 8.3: All declarations of an object or function shall
                    use the same names and type qualifiers.
      
      Fixed for:
      	make DEBUG=1 PLAT=juno ARCH=aarch32 AARCH32_SP=sp_min RESET_TO_SP_MIN=1 JUNO_AARCH32_EL3_RUNTIME=1 bl32
      
      Change-Id: Ia34f5155e1cdb67161191f69e8d1248cbaa39e1a
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      c96f297f
  6. 03 Jul, 2018 2 commits
    • Sandrine Bailleux's avatar
      Fix incorrect pointer conversion in SMC_UUID_RET() · 43b8fa8e
      Sandrine Bailleux authored
      
      
      Casting a pointer to a struct uuid into a pointer to uint32_t may
      result in a pointer that is not correctly aligned, which constitutes
      an undefined behaviour. In the case of TF, this also generates a data
      abort because alignment fault checking is enabled (through the SCTLR.A
      bit).
      
      This patch modifies the SMC_UUID_RET() macro to read the uuid
      structure without any pointer aliasing. A helper function then
      combines every set of 4 bytes into a 32-bit value suitable to be
      returned through the x0-x3 registers.
      
      This fixes a violation of MISRA rule 11.3.
      
      Change-Id: I53ee73bb4cb332f4d8286055ceceb6f347caa080
      Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      43b8fa8e
    • Antonio Nino Diaz's avatar
      xlat v2: Split code into separate files · fd2299e6
      Antonio Nino Diaz authored
      
      
      Instead of having one big file with all the code, it's better to have
      a few smaller files that are more manageable:
      
      - xlat_tables_core.c: Code related to the core functionality of the
        library (map and unmap regions, initialize xlat context).
      - xlat_tables_context.c: Instantiation of the active image context
        as well as APIs to manipulate it.
      - xlat_tables_utils.c: Helper code that isn't part of the core
        functionality (change attributes, debug print messages).
      
      Change-Id: I3ea956fc1afd7473c0bb5e7c6aab3b2e5d88c711
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      fd2299e6
  7. 27 Jun, 2018 1 commit
    • Jeenu Viswambharan's avatar
      xlat v2: Split MMU setup and enable · 0cc7aa89
      Jeenu Viswambharan authored
      
      
      At present, the function provided by the translation library to enable
      MMU constructs appropriate values for translation library, and programs
      them to the right registers. The construction of initial values,
      however, is only required once as both the primary and secondaries
      program the same values.
      
      Additionally, the MMU-enabling function is written in C, which means
      there's an active stack at the time of enabling MMU. On some systems,
      like Arm DynamIQ, having active stack while enabling MMU during warm
      boot might lead to coherency problems.
      
      This patch addresses both the above problems by:
      
        - Splitting the MMU-enabling function into two: one that sets up
          values to be programmed into the registers, and another one that
          takes the pre-computed values and writes to the appropriate
          registers. With this, the primary effectively calls both functions
          to have the MMU enabled, but secondaries only need to call the
          latter.
      
        - Rewriting the function that enables MMU in assembly so that it
          doesn't use stack.
      
      This patch fixes a bunch of MISRA issues on the way.
      
      Change-Id: I0faca97263a970ffe765f0e731a1417e43fbfc45
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      0cc7aa89
  8. 22 Jun, 2018 1 commit
    • Antonio Nino Diaz's avatar
      xlat: Remove mmap_attr_t enum type · 3a1b7b10
      Antonio Nino Diaz authored
      
      
      The values defined in this type are used in logical operations, which
      goes against MISRA Rule 10.1: "Operands shall not be of an inappropriate
      essential type".
      
      Now, `unsigned int` is used instead. This also allows us to move the
      dynamic mapping bit from 30 to 31. It was an undefined behaviour in the
      past because an enum is signed by default, and bit 31 corresponds to the
      sign bit. It is undefined behaviour to modify the sign bit. Now, bit 31
      is free to use as it was originally meant to be.
      
      mmap_attr_t is now defined as an `unsigned int` for backwards
      compatibility.
      
      Change-Id: I6b31218c14b9c7fdabebe432de7fae6e90a97f34
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      3a1b7b10
  9. 21 Jun, 2018 1 commit
    • Jeenu Viswambharan's avatar
      BL31: Introduce jump primitives · e7b9473e
      Jeenu Viswambharan authored
      
      
      This patch introduces setjmp() and ongjmp() primitives to enable
      standard setjmp/longjmp style execution. Both APIs parameters take a
      pointer to struct jmpbuf type, which hosts CPU registers saved/restored
      during jump.
      
      As per the standard usage:
      
        - setjmp() return 0 when a jump is setup; and a non-zero value when
          returning from jump.
      
        - The caller of setjmp() must not return, or otherwise update stack
          pointer since.
      
      Change-Id: I4af1d32e490cfa547979631b762b4cba188d0551
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      e7b9473e
  10. 20 Jun, 2018 1 commit
    • Soby Mathew's avatar
      ARM Platforms: Update CNTFRQ register in CNTCTLBase frame · 342d6220
      Soby Mathew authored
      
      
      Currently TF-A doesn't initialise CNTFRQ register in CNTCTLBase
      frame of the system timer. ARM ARM states that "The instance of
      the register in the CNTCTLBase frame must be programmed with this
      value as part of system initialization."
      
      The psci_arch_setup() updates the CNTFRQ system register but
      according to the ARM ARM, this instance of the register is
      independent of the memory mapped instance. This is only an issue
      for Normal world software which relies on the memory mapped
      instance rather than the system register one.
      
      This patch resolves the issue for ARM platforms.
      
      The patch also solves a related issue on Juno, wherein
      CNTBaseN.CNTFRQ can be written and does not reflect the value of
      the register in CNTCTLBase frame. Hence this patch additionally
      updates CNTFRQ register in the Non Secure frame of the CNTBaseN.
      
      Fixes ARM-Software/tf-issues#593
      
      Change-Id: I09cebb6633688b34d5b1bc349fbde4751025b350
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      342d6220
  11. 14 Jun, 2018 3 commits
    • Yann Gautier's avatar
      utils: Add BIT_32 and BIT_64 macros · 167c5f80
      Yann Gautier authored
      
      
      When applying some MISRA rules, lots of issues are raised with BIT macro
      on AARCH32, and cast on uint32_t would be required (Rule 10.3).
      The macros BIT_32 and BIT_64 are then created for 32bit and 64bit.
      Then the BIT macro defaults on BIT_64 on AARCH64,
      and on BIT_32 on AARCH32.
      Signed-off-by: default avatarYann Gautier <yann.gautier@st.com>
      167c5f80
    • Yann Gautier's avatar
      Add GENMASK macros · 39676357
      Yann Gautier authored
      
      
      Import GENMASK_32 and GENMASK_64 macros from optee-os (permissive license).
      And default GENMASK is set to GENMASK_32 for AARCH32,
      and to GENMASK_64 for 64bit arch.
      
      fixes arm-software/tf-issues#596
      Signed-off-by: default avatarYann Gautier <yann.gautier@st.com>
      Signed-off-by: default avatarNicolas Le Bayon <nicolas.le.bayon@st.com>
      39676357
    • Roberto Vargas's avatar
      Make TF UUID RFC 4122 compliant · 03364865
      Roberto Vargas authored
      
      
      RFC4122 defines that fields are stored in network order (big endian),
      but TF-A stores them in machine order (little endian by default in TF-A).
      We cannot change the future UUIDs that are already generated, but we can store
      all the bytes using arrays and modify fiptool to generate the UUIDs with
      the correct byte order.
      
      Change-Id: I97be2d3168d91f4dee7ccfafc533ea55ff33e46f
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      03364865
  12. 13 Jun, 2018 1 commit
    • Antonio Nino Diaz's avatar
      xlat v2: Introduce xlat granule size helpers · a0b9bb79
      Antonio Nino Diaz authored
      
      
      The function xlat_arch_is_granule_size_supported() can be used to check
      if a specific granule size is supported. In Armv8, AArch32 only supports
      4 KiB pages. AArch64 supports 4 KiB, 16 KiB or 64 KiB depending on the
      implementation, which is detected at runtime.
      
      The function xlat_arch_get_max_supported_granule_size() returns the max
      granule size supported by the implementation.
      
      Even though right now they are only used by SPM, they may be useful in
      other places in the future. This patch moves the code currently in SPM
      to the xlat tables lib so that it can be reused.
      
      Change-Id: If54624a5ecf20b9b9b7f38861b56383a03bbc8a4
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      a0b9bb79
  13. 12 Jun, 2018 1 commit
    • Daniel Boulby's avatar
      Fix MISRA Rule 5.3 Part 2 · 896a5902
      Daniel Boulby authored
      
      
      Use a _ prefix for Macro arguments to prevent that argument from
      hiding variables of the same name in the outer scope
      
      Rule 5.3: An identifier declared in an inner scope shall not
                hide an identifier declared in an outer scope
      
      Fixed For:
          make LOG_LEVEL=50 PLAT=fvp
      
      Change-Id: I67b6b05cbad4aeca65ce52981b4679b340604708
      Signed-off-by: default avatarDaniel Boulby <daniel.boulby@arm.com>
      896a5902
  14. 08 Jun, 2018 5 commits
  15. 23 May, 2018 5 commits
    • Antonio Nino Diaz's avatar
      context_mgmt: Make cm_init_context_common public · 1634cae8
      Antonio Nino Diaz authored
      
      
      This function can be currently accessed through the wrappers
      cm_init_context_by_index() and cm_init_my_context(). However, they only
      work on contexts that are associated to a CPU.
      
      By making this function public, it is possible to set up a context that
      isn't associated to any CPU. For consistency, it has been renamed to
      cm_setup_context().
      
      Change-Id: Ib2146105abc8137bab08745a8adb30ca2c4cedf4
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      1634cae8
    • Dimitris Papastamos's avatar
      Add support for dynamic mitigation for CVE-2018-3639 · fe007b2e
      Dimitris Papastamos authored
      
      
      Some CPUS may benefit from using a dynamic mitigation approach for
      CVE-2018-3639.  A new SMC interface is defined to allow software
      executing in lower ELs to enable or disable the mitigation for their
      execution context.
      
      It should be noted that regardless of the state of the mitigation for
      lower ELs, code executing in EL3 is always mitigated against
      CVE-2018-3639.
      
      NOTE: This change is a compatibility break for any platform using
      the declare_cpu_ops_workaround_cve_2017_5715 macro.  Migrate to
      the declare_cpu_ops_wa macro instead.
      
      Change-Id: I3509a9337ad217bbd96de9f380c4ff8bf7917013
      Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      fe007b2e
    • Dimitris Papastamos's avatar
      aarch32: Implement static workaround for CVE-2018-3639 · e0865708
      Dimitris Papastamos authored
      
      
      Implement static mitigation for CVE-2018-3639 on
      Cortex A57 and A72.
      
      Change-Id: I83409a16238729b84142b19e258c23737cc1ddc3
      Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      e0865708
    • Dimitris Papastamos's avatar
      Implement static workaround for CVE-2018-3639 · b8a25bbb
      Dimitris Papastamos authored
      For affected CPUs, this approach enables the mitigation during EL3
      initialization, following every PE reset. No mechanism is provided to
      disable the mitigation at runtime.
      
      This approach permanently mitigates the entire software stack and no
      additional mitigation code is required in other software components.
      
      TF-A implements this approach for the following affected CPUs:
      
      *   Cortex-A57 and Cortex-A72, by setting bit 55 (Disable load pass store) of
          `CPUACTLR_EL1` (`S3_1_C15_C2_0`).
      
      *   Cortex-A73, by setting bit 3 of `S3_0_C15_C0_0` (not documented in the
          Technical Reference Manual (TRM)).
      
      *   Cortex-A75, by setting bit 35 (reserved in TRM) of `CPUACTLR_EL1`
          (`S3_0_C15_C1_0`).
      
      Additionally, a new SMC interface is implemented to allow software
      executing in lower ELs to discover whether the system is mitigated
      against CVE-2018-3639.
      
      Refer to "Firmware interfaces for mitigating cache speculation
      vulnerabilities System Software on Arm Systems"[0] for more
      information.
      
      [0] https://developer.arm.com/cache-speculation-vulnerability-firmware-specification
      
      
      
      Change-Id: I084aa7c3bc7c26bf2df2248301270f77bed22ceb
      Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      b8a25bbb
    • Dimitris Papastamos's avatar
      Rename symbols and files relating to CVE-2017-5715 · 2c3a1078
      Dimitris Papastamos authored
      
      
      This patch renames symbols and files relating to CVE-2017-5715 to make
      it easier to introduce new symbols and files for new CVE mitigations.
      
      Change-Id: I24c23822862ca73648c772885f1690bed043dbc7
      Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      2c3a1078
  16. 09 May, 2018 1 commit
  17. 04 May, 2018 6 commits
    • Jeenu Viswambharan's avatar
      RAS: Add fault injection support · 1a7c1cfe
      Jeenu Viswambharan authored
      
      
      The ARMv8.4 RAS extensions introduce architectural support for software
      to inject faults into the system in order to test fault-handling
      software. This patch introduces the build option FAULT_HANDLING_SUPPORT
      to allow for lower ELs to use registers in the Standard Error Record to
      inject fault. The build option RAS_EXTENSIONS must also be enabled along
      with fault injection.
      
      This feature is intended for testing purposes only, and is advisable to
      keep disabled for production images.
      
      Change-Id: I6f7a4454b15aec098f9505a10eb188c2f928f7ea
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      1a7c1cfe
    • Jeenu Viswambharan's avatar
      RAS: Allow individual interrupt registration · ca6d9185
      Jeenu Viswambharan authored
      
      
      EHF currently allows for registering interrupt handlers for a defined
      priority ranges. This is primarily targeted at various EL3 dispatchers
      to own ranges of secure interrupt priorities in order to delegate
      execution to lower ELs.
      
      The RAS support added by earlier patches necessitates registering
      handlers based on interrupt number so that error handling agents shall
      receive and handle specific Error Recovery or Fault Handling interrupts
      at EL3.
      
      This patch introduces a macro, RAS_INTERRUPTS() to declare an array of
      interrupt numbers and handlers. Error handling agents can use this macro
      to register handlers for individual RAS interrupts. The array is
      expected to be sorted in the increasing order of interrupt numbers.
      
      As part of RAS initialisation, the list of all RAS interrupts are sorted
      based on their ID so that, given an interrupt, its handler can be looked
      up with a simple binary search.
      
      For an error handling agent that wants to handle a RAS interrupt,
      platform must:
      
        - Define PLAT_RAS_PRI to be the priority of all RAS exceptions.
      
        - Enumerate interrupts to have the GIC driver program individual EL3
          interrupts to the required priority range. This is required by EHF
          even before this patch.
      
      Documentation to follow.
      
      Change-Id: I9471e4887ff541f8a7a63309e9cd8f771f76aeda
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      ca6d9185
    • Jeenu Viswambharan's avatar
      RAS: Add support for node registration · 362599ec
      Jeenu Viswambharan authored
      
      
      Previous patches added frameworks for handling RAS errors. This patch
      introduces features that the platform can use to enumerate and iterate
      RAS nodes:
      
        - The REGISTER_RAS_NODES() can be used to expose an array of
          ras_node_info_t structures. Each ras_node_info_t describes a RAS
          node, along with handlers for probing the node for error, and if
          did record an error, another handler to handle it.
      
        - The macro for_each_ras_node() can be used to iterate over the
          registered RAS nodes, probe for, and handle any errors.
      
      The common platform EA handler has been amended using error handling
      primitives introduced by both this and previous patches.
      
      Change-Id: I2e13f65a88357bc48cd97d608db6c541fad73853
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      362599ec
    • Jeenu Viswambharan's avatar
      RAS: Add helpers to access Standard Error Records · 30d81c36
      Jeenu Viswambharan authored
      
      
      The ARMv8 RAS Extensions introduced Standard Error Records which are a
      set of standard registers through which:
      
        - Platform can configure RAS node policy; e.g., notification
          mechanism;
      
        - RAS nodes can record and expose error information for error handling
          agents.
      
      Standard Error Records can either be accessed via. memory-mapped
      or System registers. This patch adds helper functions to access
      registers and fields within an error record.
      
      Change-Id: I6594ba799f4a1789d7b1e45b3e17fd40e7e0ba5c
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      30d81c36
    • Jeenu Viswambharan's avatar
      AArch64: Introduce RAS handling · 14c6016a
      Jeenu Viswambharan authored
      
      
      RAS extensions are mandatory for ARMv8.2 CPUs, but are also optional
      extensions to base ARMv8.0 architecture.
      
      This patch adds build system support to enable RAS features in ARM
      Trusted Firmware. A boolean build option RAS_EXTENSION is introduced for
      this.
      
      With RAS_EXTENSION, an Exception Synchronization Barrier (ESB) is
      inserted at all EL3 vector entry and exit. ESBs will synchronize pending
      external aborts before entering EL3, and therefore will contain and
      attribute errors to lower EL execution. Any errors thus synchronized are
      detected via. DISR_EL1 register.
      
      When RAS_EXTENSION is set to 1, HANDLE_EL3_EA_FIRST must also be set to 1.
      
      Change-Id: I38a19d84014d4d8af688bd81d61ba582c039383a
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      14c6016a
    • Jeenu Viswambharan's avatar
      AArch64: Introduce External Abort handling · 76454abf
      Jeenu Viswambharan authored
      
      
      At present, any External Abort routed to EL3 is reported as an unhandled
      exception and cause a panic. This patch enables ARM Trusted Firmware to
      handle External Aborts routed to EL3.
      
      With this patch, when an External Abort is received at EL3, its handling
      is delegated to plat_ea_handler() function. Platforms can provide their
      own implementation of this function. This patch adds a weak definition
      of the said function that prints out a message and just panics.
      
      In order to support handling External Aborts at EL3, the build option
      HANDLE_EA_EL3_FIRST must be set to 1.
      
      Before this patch, HANDLE_EA_EL3_FIRST wasn't passed down to
      compilation; this patch fixes that too.
      
      Change-Id: I4d07b7e65eb191ff72d63b909ae9512478cd01a1
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      76454abf