GitLab

No functional changes.

Change-Id: Iaab0310848be587b635ce5339726e92a50f534e0
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

No functional changes.

Change-Id: I2f28f20944f552447ac4e9e755493cd7c0ea1192
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

Previously the errata reporting was optional for CPU operation
files and this was achieved by making use of weak reference to
resolve to 0 if the symbol is not defined. This is error prone
when adding new CPU operation files and weak references are
problematic when fixing up dynamic relocations. Hence this patch
removes the weak reference and makes it mandatory for the CPU
operation files to define the errata reporting function.

Change-Id: I8af192e19b85b7cd8c7579e52f8f05a4294e5396
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

macro jump_if_cpu_midr is used commonly by many arm platform.
It has now been relocated to common place to remove duplication
of code.

Change-Id: Ic0876097dbc085df4f90eadb4b7687dde7c726da
Signed-off-by: Deepak Pandey <Deepak.Pandey@arm.com>

Change-Id: Icd1cdd42afdc78895a9be6c46b414b0a155cfa63
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

For Denver CPUs, this approach enables the mitigation during EL3
initialization, following every PE reset. No mechanism is provided to
disable the mitigation at runtime.

This approach permanently mitigates the EL3 software stack only. Other
software components are responsible to enable it for their exception
levels.

TF-A implements this approach for the Denver CPUs with DENVER_MIDR_PN3
and earlier:

*   By setting bit 11 (Disable speculative store buffering) of
    `ACTLR_EL3`

*   By setting bit 9 (Disable speculative memory disambiguation) of
    `ACTLR_EL3`

TF-A implements this approach for the Denver CPUs with DENVER_MIDR_PN4
and later:

*   By setting bit 18 (Disable speculative store buffering) of
    `ACTLR_EL3`

*   By setting bit 17 (Disable speculative memory disambiguation) of
    `ACTLR_EL3`

Change-Id: If1de96605ce3f7b0aff5fab2c828e5aecb687555
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

Denver CPUs expect the power state field to be reset to 'C1'
during boot. This patch updates the reset handler to reset the
ACTLR_.PMSTATE field to 'C1' state during CPU boot.

Change-Id: I7cb629627a4dd1a30ec5cbb3a5e90055244fe30c
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

If the system is in near idle conditions, this erratum could cause a
deadlock or data corruption. This patch applies the workaround that
prevents this.

This DSU erratum affects only the DSUs that contain the ACP interface
and it was fixed in r2p0. The workaround is applied only to the DSUs
that are actually affected.

Link to respective Arm documentation:
http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.epm138168/index.html



Change-Id: I033213b3077685130fc1e3f4f79c4d15d7483ec9
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>

Add definition of EL1 L2 Auxilary Control register to
Cortex A72 library headers.
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>

Change-Id: Ic0486131c493632eadf329f80b0b5904aed5e4ef
Signed-off-by: Joel Hutton <joel.hutton@arm.com>
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

Change-Id: I2c4b06423fcd96af9351b88a5e2818059f981f1b
Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

This check was added to ensure the correct behaviour of fill_constants
macro. This macro has been verified and it is known his correct
behaviour. The check generates an error when the clang assembler is
used, so it is better to remove the check.

Change-Id: I3447ff9e9e5ee5cf0502f65e53c3d105d9396b8b
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>

This directive is not implemented by clang assembler. The traditional
way to implement structs in assembly is using two macros for every field,
one for the offset, and another one for the size. For every field, the
offset can be calculated using the size and offset of the previous field.

Change-Id: Iacc6781e8f302fb925898737b8e85ab4e88a51cc
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>

The Cortex-A76 implements SMCCC_ARCH_WORKAROUND_2 as defined in
"Firmware interfaces for mitigating cache speculation vulnerabilities
System Software on Arm Systems"[0].

Dynamic mitigation for CVE-2018-3639 is enabled/disabled by
setting/clearning bit 16 (Disable load pass store) of `CPUACTLR2_EL1`.

NOTE: The generic code that implements dynamic mitigation does not
currently implement the expected semantics when dispatching an SDEI
event to a lower EL.  This will be fixed in a separate patch.

[0] https://developer.arm.com/cache-speculation-vulnerability-firmware-specification



Change-Id: I8fb2862b9ab24d55a0e9693e48e8be4df32afb5a
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

The workaround uses the instruction patching feature of the Ares cpu.

Change-Id: I868fce0dc0e8e41853dcce311f01ee3867aabb59
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

Change-Id: Ia170c12d3929a616ba80eb7645c301066641f5cc
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

Both Cortex-Ares and Cortex-A76 CPUs use the ARM DynamIQ Shared Unit
(DSU).  The power-down and power-up sequences are therefore mostly
managed in hardware, and required software operations are simple.

Change-Id: I3a9447b5bdbdbc5ed845b20f6564d086516fa161
Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>

Some CPUS may benefit from using a dynamic mitigation approach for
CVE-2018-3639.  A new SMC interface is defined to allow software
executing in lower ELs to enable or disable the mitigation for their
execution context.

It should be noted that regardless of the state of the mitigation for
lower ELs, code executing in EL3 is always mitigated against
CVE-2018-3639.

NOTE: This change is a compatibility break for any platform using
the declare_cpu_ops_workaround_cve_2017_5715 macro.  Migrate to
the declare_cpu_ops_wa macro instead.

Change-Id: I3509a9337ad217bbd96de9f380c4ff8bf7917013
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

For affected CPUs, this approach enables the mitigation during EL3
initialization, following every PE reset. No mechanism is provided to
disable the mitigation at runtime.

This approach permanently mitigates the entire software stack and no
additional mitigation code is required in other software components.

TF-A implements this approach for the following affected CPUs:

*   Cortex-A57 and Cortex-A72, by setting bit 55 (Disable load pass store) of
    `CPUACTLR_EL1` (`S3_1_C15_C2_0`).

*   Cortex-A73, by setting bit 3 of `S3_0_C15_C0_0` (not documented in the
    Technical Reference Manual (TRM)).

*   Cortex-A75, by setting bit 35 (reserved in TRM) of `CPUACTLR_EL1`
    (`S3_0_C15_C1_0`).

Additionally, a new SMC interface is implemented to allow software
executing in lower ELs to discover whether the system is mitigated
against CVE-2018-3639.

Refer to "Firmware interfaces for mitigating cache speculation
vulnerabilities System Software on Arm Systems"[0] for more
information.

[0] https://developer.arm.com/cache-speculation-vulnerability-firmware-specification



Change-Id: I084aa7c3bc7c26bf2df2248301270f77bed22ceb
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

A fix for errata 843419 may be available in revision r0p4 of the
Cortex-A53 processor. The presence of the fix is determined by checking
bit 8 in the REVIDR register.

If the fix is present we report ERRATA_NOT_APPLIES which silences the
erroneous 'missing workaround' warning.

Change-Id: Ibd2a478df3e2a6325442a6a48a0bb0259dcfc1d7
Signed-off-by: Jonathan Wright <jonathan.wright@arm.com>

When querying `SMCCC_ARCH_WORKAROUND_1` through `SMCCC_ARCH_FEATURES`,
return either:
  * -1 to indicate the PE on which `SMCCC_ARCH_FEATURES` is called
    requires firmware mitigation for CVE-2017-5715 but the mitigation
    is not compiled in.
  * 0 to indicate that firmware mitigation is required, or
  * 1 to indicate that no firmware mitigation is required.

This patch complies with v1.2 of the firmware interfaces
specification (ARM DEN 0070A).

Change-Id: Ibc32d6620efdac6c340758ec502d95554a55f02a
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

If the CSV2 field reads as 1 then branch targets trained in one
context cannot affect speculative execution in a different context.
In that case skip the workaround on Cortex A72 and A73.

Change-Id: Ide24fb6efc77c548e4296295adc38dca87d042ee
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

Change-Id: I61c9fdfda0c0b3c3ec6249519db23602cf4c2100
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

This patch also fixes the assumption that the counters are disabled on
the resume path.  This is incorrect as the AMU counters are enabled
early in the CPU reset function before `cpuamu_context_restore()`
runs.

Change-Id: I38a94eb166a523f00de18e86860434ffccff2131
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

This patch also fixes `cpuamu_write_cpuamcntenclr_el0()` to use an MSR
instruction instead of an MRS instruction.

Change-Id: Ia6531f64b5ebc60ba432124eaa8d8eaccba40ed0
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

This patch enables BL2 to execute at the highest exception level
without any dependancy on TF BL1. This enables platforms which already
have a non-TF Boot ROM to directly load and execute BL2 and subsequent BL
stages without need for BL1.  This is not currently possible because
BL2 executes at S-EL1 and cannot jump straight to EL3.

Change-Id: Ief1efca4598560b1b8c8e61fbe26d1f44e929d69
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>

Change-Id: I504d3f65ca5829bc1f4ebadb764931f8379ee81f
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

The Cortex A75 has 5 AMU counters.  The first three counters are fixed
and the remaining two are programmable.

A new build option is introduced, `ENABLE_AMU`.  When set, the fixed
counters will be enabled for use by lower ELs.  The programmable
counters are currently disabled.

Change-Id: I4bd5208799bb9ed7d2596e8b0bfc87abbbe18740
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

Erratum 855971 applies to revision r0p3 or earlier Cortex-A72 CPUs. The
recommended workaround is to disable instruction prefetch.

Change-Id: I7fde74ee2a8a23b2a8a1891b260f0eb909fad4bf
Signed-off-by: Eleanor Bonnici <Eleanor.bonnici@arm.com>
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

Erratum 855972 applies to revision r1p3 or earlier Cortex-A57 CPUs. The
recommended workaround is to disable instruction prefetch.

Change-Id: I56eeac0b753eb1432bd940083372ad6f7e93b16a
Signed-off-by: Eleanor Bonnici <Eleanor.bonnici@arm.com>
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

At present, various CPU register macros that refer to CPUACTLR are named
ACTLR. This patch fixes that.

The previous register names are retained, but guarded by the
ERROR_DEPRECATED macro, so as not to break platforms that continue using
the old names.

Change-Id: Ia872196d81803f8f390b887d149e0fd054df519b
Signed-off-by: Eleanor Bonnici <Eleanor.bonnici@arm.com>

In order to avoid Undefined behavior, left operand in left-shift
expressions needs to be unsigned, and of sufficient size. The safest and
most consistent approach is to use unsigned long long type.

Change-Id: I9612f16a6e6ea4c7df62a02497d862abf19b8e1b
Signed-off-by: Eleanor Bonnici <Eleanor.bonnici@arm.com>

This patch uses the U() and ULL() macros for constants, to fix some
of the signed-ness defects flagged by the MISRA scanner.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

This patch makes all the defines in the CPU libraries unique,
by prefixing them with the CPU name.

NOTE: PLATFORMS USING THESE MACROS WILL HAVE TO UPDATE THEIR CODE
TO START USING THE UPDATED NAMES
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

Both Cortex-A75 and Cortex-A55 CPUs use the ARM DynamIQ Shared Unit
(DSU). The power-down and power-up sequences are therefore mostly
managed in hardware, and required software operations are considerably
simpler.

Change-Id: I68b30e6e1ebe7c041d5e67f39c59f08575fc7ecc
Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

Add some bit definitions of CPUACTLR register in Cortex-A53
CPU library.

Change-Id: I142fd8ac4b06dd651a32e22951e71cdebbea123a
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
Signed-off-by: Dan Handley <dan.handley@arm.com>

To make software license auditing simpler, use SPDX[0] license
identifiers instead of duplicating the license text in every file.

NOTE: Files that have been imported by FreeBSD have not been modified.

[0]: https://spdx.org/



Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>

ARM erratum 855873 applies to all Cortex-A53 CPUs.
The recommended workaround is to promote "data cache clean"
instructions to "data cache clean and invalidate" instructions.
For core revisions of r0p3 and later this can be done by setting a bit
in the CPUACTLR_EL1 register, so that hardware takes care of the promotion.
As CPUACTLR_EL1 is both IMPLEMENTATION DEFINED and can be trapped to EL3,
we set the bit in firmware.
Also we dump this register upon crashing to provide more debug
information.

Enable the workaround for the Juno boards.

Change-Id: I3840114291958a406574ab6c49b01a9d9847fec8
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

This patch enables L2 ECC and Parity Protection for ARM Cortex-A57 CPUs
for Tegra SoCs.

Change-Id: I038fcd529991d0201a4951ce2730ab71b1c980f9
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

This patch moves the code to disable DCO operations out from common
CPU files. This allows the platform code to call thsi API as and
when required. There are certain CPU power down states which require
the DCO to be kept ON and platforms can decide selectively now.

Change-Id: Icb946fe2545a7d8c5903c420d1ee169c4921a2d1
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>