- 10 Dec, 2018 1 commit
-
-
Jeenu Viswambharan authored
The Armv8.5 extensions introduces PSTATE.SSBS (Speculation Store Bypass Safe) bit to mitigate against Variant 4 vulnerabilities. Although an Armv8.5 feature, this can be implemented by CPUs implementing earlier version of the architecture. With this patch, when both PSTATE.SSBS is implemented and DYNAMIC_WORKAROUND_CVE_2018_3639 is active, querying for SMCCC_ARCH_WORKAROUND_2 via. SMCCC_ARCH_FEATURES call would return 1 to indicate that mitigation on the PE is either permanently enabled or not required. When SSBS is implemented, SCTLR_EL3.DSSBS is initialized to 0 at reset of every BL stage. This means that EL3 always executes with mitigation applied. For Cortex A76, if the PE implements SSBS, the existing mitigation (by using a different vector table, and tweaking CPU ACTLR2) is not used. Change-Id: Ib0386c5714184144d4747951751c2fc6ba4242b6 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 26 Nov, 2018 1 commit
-
-
Joel Hutton authored
Initial Spectre Variant 1 mitigations (CVE-2017-5753). A potential speculative data leak was found in PSCI code, this depends on a non-robust implementation of the `plat_get_core_pos_by_mpidr()` function. This is considered very low-risk. This patch adds a macro to mitigate this. Note not all code paths could be analyzed with current tools. Add a macro which makes a variable 'speculation safe', using the __builtin_speculation_safe_value function of GCC and llvm. This will be available in GCC 9, and is planned for llvm, but is not currently in mainline GCC or llvm. In order to implement this mitigation the compiler must support this builtin. Support is indicated by the __HAVE_SPECULATION_SAFE_VALUE flag. The -mtrack-speculation option maintains a 'tracker' register, which determines if the processor is in false speculation at any point. This adds instructions and increases code size, but avoids the performance impact of a hard barrier. Without the -mtrack-speculation option, __builtin_speculation_safe_value expands to a ISB DSB SY sequence after a conditional branch, before the speculation safe variable is used. With -mtrack-speculation a CSEL tracker, tracker, XZR, [cond]; AND safeval,tracker; CSDB sequence is added instead, clearing the vulnerable variable by AND'ing it with the tracker register, which is zero during speculative execution. [cond] are the status flags which will only be true during speculative execution. For more information on __builtin_speculation_safe_value and the -mtrack-speculation option see https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/compiler-support-for-mitigations The -mtracking option was not added, as the performance impact of the mitigation is low, and there is only one occurence. Change-Id: Ic9e66d1f4a5155e42e3e4055594974c230bfba3c Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
-
- 23 Nov, 2018 1 commit
-
-
Sathees Balya authored
This patch adds support to build a combined BL1 and ROMLIB binary file with the right page alignment in Juno. When USE_ROMLIB=1 is set for Juno, it generates the combined file bl1_romlib.bin which needs to be used instead of bl1.bin Change-Id: I407efbe48d3e522fa6ef855538a9587193cb1919 Signed-off-by: Sathees Balya <sathees.balya@arm.com>
-
- 22 Nov, 2018 4 commits
-
-
Sathees Balya authored
Change-Id: I1f377d2d94c0fe8d2d9e62614f4a8e2dfcd9e745 Signed-off-by: Sathees Balya <sathees.balya@arm.com>
-
Sathees Balya authored
Register functions have to be added to the jump table to allow patching in the future Change-Id: I57a885f7fc6290ea74a6096aea5b1867b2098eb7 Signed-off-by: Sathees Balya <sathees.balya@arm.com>
-
Sathees Balya authored
This change allows patching of functions in the romlib. This can be done by adding "patch" at the end of the jump table entry for the function that needs to be patched in the file jmptbl.i. Functions patched in the jump table list will be built as part of the BL image and the romlib version will not be used Change-Id: Iefb200cb86e2a4b61ad3ee6180d3ecc39bad537f Signed-off-by: Sathees Balya <sathees.balya@arm.com>
-
Antonio Nino Diaz authored
Provide new APIs to add new regions without specifying the base VA. - `mmap_add_region_alloc_va` adds a static region to mmap choosing as base VA the first possible address after all the currently mapped regions. It is aligned to an appropriate boundary in relation to the size and base PA of the requested region. No attempt is made to fill any unused VA holes. - `mmap_add_dynamic_region_alloc_va` it adds a region the same way as `mmap_add_region_alloc_va` does, but it's dynamic instead of static. - `mmap_add_alloc_va` takes an array of non const `mmap_region_t`, maps them in the same way as `mmap_add_region_alloc_va` and fills their `base_va` field. A helper macro has been created to help create the array, called `MAP_REGION_ALLOC_VA`. Change-Id: I5ef3f82ca0dfd0013d2e8034aa22f13ca528ba37 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 06 Nov, 2018 2 commits
-
-
Sandrine Bailleux authored
Imported from the LLVM compiler_rt library on master branch as of 30 Oct 2018 (SVN revision: r345645). This is to get the __aeabi_llsr() builtin, which is required by a subsequent patch that uses a logical right shift operator in AArch32. Change-Id: I9884139a12855a8a87206fb572aaa7dd35582b09 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
Sandrine Bailleux authored
Imported from the LLVM compiler_rt library on master branch as of 30 Oct 2018 (SVN revision: r345645). Change-Id: I058cfb5894daf1d12e1ef971c0ba36b0aa089be5 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 02 Nov, 2018 2 commits
-
-
Antonio Nino Diaz authored
Change-Id: I2f5f64aaf90caae936510e1179392a8835f493e0 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
From commit aafd1cf4235d78ce85b76d7da63e9589039344b3: - lib/libc/strlcpy.c Change-Id: Iaa7028fcc26706bdd6ee3f1e4bd55dd5873a30c6 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 01 Nov, 2018 2 commits
-
-
Antonio Nino Diaz authored
Change-Id: I600bc13522ae977db355b6dc5a1695bce39ec130 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
The macro EL_IMPLEMENTED() has been deprecated in favour of the new function el_implemented(). Change-Id: Ic9b1b81480b5e019b50a050e8c1a199991bf0ca9 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 30 Oct, 2018 1 commit
-
-
Antonio Nino Diaz authored
Version 1.4.7 introduces a big performance hit to functions that access the FDT. Downgrade the library to version 1.4.6-9, before the changes that introduce the problem. Version 1.4.6 isn't used because one of the libfdt files (fdt_overlay.c) is missing the license header. This problem is also fixed in 1.4.6-9. This version corresponds to commit <aadd0b65c987> checks: centralize printing of property names in failure messages. Fixes ARM-software/tf-issues#643 Change-Id: I73c05f2b1f994bcdcc4366131ce0647553cdcfb8 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 29 Oct, 2018 6 commits
-
-
Antonio Nino Diaz authored
No functional changes. Change-Id: I64abd72026082218a40b1a4b8f7dc26ff2478ba6 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
No functional changes. Change-Id: Iaab0310848be587b635ce5339726e92a50f534e0 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
No functional changes. Change-Id: I2f28f20944f552447ac4e9e755493cd7c0ea1192 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Soby Mathew authored
This patch introduces Position Independant Executable(PIE) support in TF-A. As a initial prototype, only BL31 can support PIE. A trivial dynamic linker is implemented which supports fixing up Global Offset Table(GOT) and Dynamic relocations(.rela.dyn). The fixup_gdt_reloc() helper function implements this linker and this needs to be called early in the boot sequence prior to invoking C functions. The GOT is placed in the RO section of BL31 binary for improved security and the BL31 linker script is modified to export the appropriate symbols required for the dynamic linker. The C compiler always generates PC relative addresses to linker symbols and hence referencing symbols exporting constants are a problem when relocating the binary. Hence the reference to the `__PERCPU_TIMESTAMP_SIZE__` symbol in PMF is removed and is now calculated at runtime based on start and end addresses. Change-Id: I1228583ff92cf432963b7cef052e95d995cca93d Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
Soby Mathew authored
Previously the errata reporting was optional for CPU operation files and this was achieved by making use of weak reference to resolve to 0 if the symbol is not defined. This is error prone when adding new CPU operation files and weak references are problematic when fixing up dynamic relocations. Hence this patch removes the weak reference and makes it mandatory for the CPU operation files to define the errata reporting function. Change-Id: I8af192e19b85b7cd8c7579e52f8f05a4294e5396 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
Soby Mathew authored
This patch fixes up the AArch64 assembly code to use adrp/adr instructions instead of ldr instruction for reference to symbols. This allows these assembly sequences to be Position Independant. Note that the the reference to sizes have been replaced with calculation of size at runtime. This is because size is a constant value and does not depend on execution address and using PC relative instructions for loading them makes them relative to execution address. Also we cannot use `ldr` instruction to load size as it generates a dynamic relocation entry which must *not* be fixed up and it is difficult for a dynamic loader to differentiate which entries need to be skipped. Change-Id: I8bf4ed5c58a9703629e5498a27624500ef40a836 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 26 Oct, 2018 1 commit
-
-
Antonio Nino Diaz authored
There are several platforms using arm_setup_page_tables(), which is supposed to be Arm platform only. This creates several dependency problems between platforms. This patch adds the definition XLAT_TABLES_LIB_V2 to the xlat tables lib v2 makefile. This way it is possible to detect from C code which version is being used and include the correct header. The file arm_xlat_tables.h has been renamed to xlat_tables_compat.h and moved to a common folder. This way, when in doubt, this header can be used to guarantee compatibility, as it includes the correct header based on XLAT_TABLES_LIB_V2. This patch also removes the usage of ARM_XLAT_TABLES_V1 from QEMU (so that is now locked in xlat lib v2) and ZynqMP (where it was added as a workaround). Change-Id: Ie1e22a23b44c549603d1402a237a70d0120d3e04 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 23 Oct, 2018 4 commits
-
-
Antonio Nino Diaz authored
Change-Id: Iad7adaf0b16a3d086594cb3432210ac2c4e207f8 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
The current version of libfdt (1.4.2) has been modified to integrate it in this repository. In order to do a clean import it is needed to remove the current version first. Change-Id: I2cab8c8e5632280d282fa7a2f2339768a0ad1e0f Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Change-Id: I3ddc07cb02d73cd7614af7a5b21827aae155f9a0 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Imported from lib/libc/string/strrchr.c from commit: 59fd2fb98e4cc7e9bfc89598e28e21d405fd470c Change-Id: I898206c6f0372d4d211c149ec0fb9522d0a5b01c Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 16 Oct, 2018 2 commits
-
-
Andrew F. Davis authored
Leave the caches on and explicitly flush any data that may be stale when the core is powered down. This prevents non-coherent interconnect access which has negative side- effects on AM65x. Signed-off-by: Andrew F. Davis <afd@ti.com>
-
Jeenu Viswambharan authored
Pointer authentication is an Armv8.3 feature that introduces instructions that can be used to authenticate and verify pointers. Pointer authentication instructions are allowed to be accessed from all ELs but only when EL3 explicitly allows for it; otherwise, their usage will trap to EL3. Since EL3 doesn't have trap handling in place, this patch unconditionally disables all related traps to EL3 to avoid potential misconfiguration leading to an unhandled EL3 exception. Fixes ARM-software/tf-issues#629 Change-Id: I9bd2efe0dc714196f503713b721ffbf05672c14d Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 11 Oct, 2018 1 commit
-
-
ldts authored
Some platforms can only resume from system suspend from the boot CPU, hence they should only enter that state from that same core. The following commit presents an interface that allows the platform to reject system suspend entry near its very last stage (last CPU).
-
- 10 Oct, 2018 2 commits
-
-
Andrew F. Davis authored
When a platform enables its caches before it accesses the psci_non_cpu_pd_nodes structure then explicit cache maintenance is not needed. Signed-off-by: Andrew F. Davis <afd@ti.com>
-
Andrew F. Davis authored
The MMU is not disabled in this path, update the comment to reflect this. Also clarify that both paths call prepare_cpu_pwr_dwn(), but the second path does stack cache maintenance. Signed-off-by: Andrew F. Davis <afd@ti.com>
-
- 08 Oct, 2018 1 commit
-
-
Antonio Nino Diaz authored
Commit 79621f00 broke sgi575. It is possible to have a region with 0 as value for the attributes. It means device memory, read only, secure, executable. This is legitimate if the code is in flash and the code is executed from there. This is the case for SGI_MAP_FLASH0_RO, defined in the file plat/arm/css/sgi/sgi_plat.c. This problem is solved by checking both size and attributes in xlat v1. In xlat v2, it is enough to check the granularity, as it can never be 0. Change-Id: I7be11f1b0e51c4c2ffd560b4a6cdfbf15de2c276 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 03 Oct, 2018 3 commits
-
-
Daniel Boulby authored
Mark the xlat tables code only used in BL31 initialization as __init to be reclaimed once no longer needed Change-Id: I3106bfd994706a57c578624573bcfa525fbbd3c4 Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
-
Daniel Boulby authored
Mark the initialization functions in BL31, such as context management, EHF, RAS and PSCI as __init so that they can be reclaimed by the platform when no longer needed Change-Id: I7446aeee3dde8950b0f410cb766b7a2312c20130 Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
-
Daniel Boulby authored
Depending on the build flags it is possible that some of the memory regions mapped in page table setup could have a size of 0. In this case we simply want to do nothing but still wish to map the other regions in the array. Therefore we cannot only use size == 0 as the termination logic for the loop. Since an attributes field with value 0 means that the region is device memory, read only, secure and executable. Device memory can't be executable, so this combination should never be used and it is safe to use as a terminator value. Therefore by changing the termination logic to use attributes instead of size we prevent terminating the loop when we don't intend to. Change-Id: I92fc7f689ab08543497be6be4896dace2ed7b66a Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
-
- 28 Sep, 2018 4 commits
-
-
Antonio Nino Diaz authored
Change-Id: Icd1cdd42afdc78895a9be6c46b414b0a155cfa63 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Change-Id: I83de2ae3e0795e6fec3c1e5b37c441b64b0c9cb6 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Change-Id: I9fd8016527ad7706494f34356fdae8efacef5f72 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Roberto Vargas authored
Change-Id: I40d040aa05bcbf11536a96ce59827711456b93a8 Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com> Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 21 Sep, 2018 1 commit
-
-
Daniel Boulby authored
Ensure case clauses: * Terminate with an unconditional break, return or goto statement. * Use conditional break, return or goto statements as long as the end of the case clause is unreachable; such case clauses must terminate with assert(0) /* Unreachable */ or an unconditional __dead2 function call * Only fallthough when doing otherwise would result in less readable/maintainable code; such case clauses must terminate with a /* Fallthrough */ comment to make it clear this is the case and indicate that a fallthrough is intended. This reduces the chance of bugs appearing due to unintended flow through a switch statement Change-Id: I70fc2d1f4fd679042397dec12fd1982976646168 Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
-
- 10 Sep, 2018 1 commit
-
-
Soby Mathew authored
This patch fixes the name of the Cortex-ares errata function which was previously named `cortex_a72_errata_report` which was an error. Change-Id: Ia124df4628261021baa8d9a30308bc286d45712b Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-