1. 21 May, 2019 1 commit
    • Madhukar Pappireddy's avatar
      Rework smc_unknown return code path in smc_handler · cc485e27
      Madhukar Pappireddy authored
      
      
      The intention of this patch is to leverage the existing el3_exit() return
      routine for smc_unknown return path rather than a custom set of instructions.
      In order to leverage el3_exit(), the necessary counteraction (i.e., saving the
      system registers apart from GP registers) must be performed. Hence a series of
      instructions which save system registers( like SPSR_EL3, SCR_EL3 etc) to stack
      are moved to the top of group of instructions which essentially decode the OEN
      from the smc function identifier and obtain the specific service handler in
      rt_svc_descs_array. This ensures that the control flow for both known and
      unknown smc calls will be similar.
      
      Change-Id: I67f94cfcba176bf8aee1a446fb58a4e383905a87
      Signed-off-by: default avatarMadhukar Pappireddy <madhukar.pappireddy@arm.com>
      cc485e27
  2. 05 Apr, 2019 1 commit
  3. 18 Mar, 2019 1 commit
  4. 27 Feb, 2019 2 commits
    • Antonio Nino Diaz's avatar
      Add support for pointer authentication · b86048c4
      Antonio Nino Diaz authored
      
      
      The previous commit added the infrastructure to load and save
      ARMv8.3-PAuth registers during Non-secure <-> Secure world switches, but
      didn't actually enable pointer authentication in the firmware.
      
      This patch adds the functionality needed for platforms to provide
      authentication keys for the firmware, and a new option (ENABLE_PAUTH) to
      enable pointer authentication in the firmware itself. This option is
      disabled by default, and it requires CTX_INCLUDE_PAUTH_REGS to be
      enabled.
      
      Change-Id: I35127ec271e1198d43209044de39fa712ef202a5
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      b86048c4
    • Antonio Nino Diaz's avatar
      Add ARMv8.3-PAuth registers to CPU context · 5283962e
      Antonio Nino Diaz authored
      
      
      ARMv8.3-PAuth adds functionality that supports address authentication of
      the contents of a register before that register is used as the target of
      an indirect branch, or as a load.
      
      This feature is supported only in AArch64 state.
      
      This feature is mandatory in ARMv8.3 implementations.
      
      This feature adds several registers to EL1. A new option called
      CTX_INCLUDE_PAUTH_REGS has been added to select if the TF needs to save
      them during Non-secure <-> Secure world switches. This option must be
      enabled if the hardware has the registers or the values will be leaked
      during world switches.
      
      To prevent leaks, this patch also disables pointer authentication in the
      Secure world if CTX_INCLUDE_PAUTH_REGS is 0. Any attempt to use it will
      be trapped in EL3.
      
      Change-Id: I27beba9907b9a86c6df1d0c5bf6180c972830855
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      5283962e
  5. 30 Jan, 2019 1 commit
  6. 04 Jan, 2019 1 commit
    • Antonio Nino Diaz's avatar
      Sanitise includes across codebase · 09d40e0e
      Antonio Nino Diaz authored
      Enforce full include path for includes. Deprecate old paths.
      
      The following folders inside include/lib have been left unchanged:
      
      - include/lib/cpus/${ARCH}
      - include/lib/el3_runtime/${ARCH}
      
      The reason for this change is that having a global namespace for
      includes isn't a good idea. It defeats one of the advantages of having
      folders and it introduces problems that are sometimes subtle (because
      you may not know the header you are actually including if there are two
      of them).
      
      For example, this patch had to be created because two headers were
      called the same way: e0ea0928 ("Fix gpio includes of mt8173 platform
      to avoid collision."). More recently, this patch has had similar
      problems: 46f9b2c3 ("drivers: add tzc380 support").
      
      This problem was introduced in commit 4ecca339
      
       ("Move include and
      source files to logical locations"). At that time, there weren't too
      many headers so it wasn't a real issue. However, time has shown that
      this creates problems.
      
      Platforms that want to preserve the way they include headers may add the
      removed paths to PLAT_INCLUDES, but this is discouraged.
      
      Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      09d40e0e
  7. 11 Dec, 2018 1 commit
  8. 05 Dec, 2018 1 commit
  9. 19 Jul, 2018 1 commit
  10. 17 Jul, 2018 1 commit
  11. 11 Jul, 2018 1 commit
    • Roberto Vargas's avatar
      Add end_vector_entry assembler macro · a9203eda
      Roberto Vargas authored
      
      
      Check_vector_size checks if the size of the vector fits
      in the size reserved for it. This check creates problems in
      the Clang assembler. A new macro, end_vector_entry, is added
      and check_vector_size is deprecated.
      
      This new macro fills the current exception vector until the next
      exception vector. If the size of the current vector is bigger
      than 32 instructions then it gives an error.
      
      Change-Id: Ie8545cf1003a1e31656a1018dd6b4c28a4eaf671
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      a9203eda
  12. 04 May, 2018 3 commits
    • Jeenu Viswambharan's avatar
      AArch64: Introduce RAS handling · 14c6016a
      Jeenu Viswambharan authored
      
      
      RAS extensions are mandatory for ARMv8.2 CPUs, but are also optional
      extensions to base ARMv8.0 architecture.
      
      This patch adds build system support to enable RAS features in ARM
      Trusted Firmware. A boolean build option RAS_EXTENSION is introduced for
      this.
      
      With RAS_EXTENSION, an Exception Synchronization Barrier (ESB) is
      inserted at all EL3 vector entry and exit. ESBs will synchronize pending
      external aborts before entering EL3, and therefore will contain and
      attribute errors to lower EL execution. Any errors thus synchronized are
      detected via. DISR_EL1 register.
      
      When RAS_EXTENSION is set to 1, HANDLE_EL3_EA_FIRST must also be set to 1.
      
      Change-Id: I38a19d84014d4d8af688bd81d61ba582c039383a
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      14c6016a
    • Jeenu Viswambharan's avatar
      AArch64: Introduce External Abort handling · 76454abf
      Jeenu Viswambharan authored
      
      
      At present, any External Abort routed to EL3 is reported as an unhandled
      exception and cause a panic. This patch enables ARM Trusted Firmware to
      handle External Aborts routed to EL3.
      
      With this patch, when an External Abort is received at EL3, its handling
      is delegated to plat_ea_handler() function. Platforms can provide their
      own implementation of this function. This patch adds a weak definition
      of the said function that prints out a message and just panics.
      
      In order to support handling External Aborts at EL3, the build option
      HANDLE_EA_EL3_FIRST must be set to 1.
      
      Before this patch, HANDLE_EA_EL3_FIRST wasn't passed down to
      compilation; this patch fixes that too.
      
      Change-Id: I4d07b7e65eb191ff72d63b909ae9512478cd01a1
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      76454abf
    • Jeenu Viswambharan's avatar
      AArch64: Refactor GP register restore to separate function · ef653d93
      Jeenu Viswambharan authored
      
      
      At present, the function that restores general purpose registers also
      does ERET. Refactor the restore code to restore general purpose
      registers without ERET to complement the save function.
      
      The macro save_x18_to_x29_sp_el0 was used only once, and is therefore
      removed, and its contents expanded inline for readability.
      
      No functional changes, but with this patch:
      
        - The SMC return path will incur an branch-return and an additional
          register load.
      
        - The unknown SMC path restores registers x0 to x3.
      
      Change-Id: I7a1a63e17f34f9cde810685d70a0ad13ca3b7c50
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      ef653d93
  13. 23 Apr, 2018 1 commit
    • Antonio Nino Diaz's avatar
      Add support for the SMC Calling Convention 2.0 · 2f370465
      Antonio Nino Diaz authored
      
      
      Due to differences in the bitfields of the SMC IDs, it is not possible
      to support SMCCC 1.X and 2.0 at the same time.
      
      The behaviour of `SMCCC_MAJOR_VERSION` has changed. Now, it is a build
      option that specifies the major version of the SMCCC that the Trusted
      Firmware supports. The only two allowed values are 1 and 2, and it
      defaults to 1. The value of `SMCCC_MINOR_VERSION` is derived from it.
      
      Note: Support for SMCCC v2.0 is an experimental feature to enable
      prototyping of secure partition specifications. Support for this
      convention is disabled by default and could be removed without notice.
      
      Change-Id: I88abf9ccf08e9c66a13ce55c890edea54d9f16a7
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      2f370465
  14. 15 Feb, 2018 1 commit
    • Antonio Nino Diaz's avatar
      Redefine SMC_UNK as -1 instead of 0xFFFFFFFF · 4abd7fa7
      Antonio Nino Diaz authored
      
      
      According to the SMC Calling Convention (ARM DEN0028B):
      
          The Unknown SMC Function Identifier is a sign-extended value of
          (-1) that is returned in R0, W0 or X0 register.
      
      The value wasn't sign-extended because it was defined as a 32-bit
      unsigned value (0xFFFFFFFF).
      
      SMC_PREEMPT has been redefined as -2 for the same reason.
      
      NOTE: This might be a compatibility break for some AArch64 platforms
      that don't follow the previous version of the SMCCC (ARM DEN0028A)
      correctly. That document specifies that only the bottom 32 bits of the
      returned value must be checked. If a platform relies on the top 32 bits
      of the result being 0 (so that SMC_UNK is 0x00000000FFFFFFFF), it will
      have to fix its code to comply with the SMCCC.
      
      Change-Id: I7f7b109f6b30c114fe570aa0ead3c335383cb54d
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      4abd7fa7
  15. 29 Jan, 2018 1 commit
  16. 11 Jan, 2018 1 commit
    • Dimitris Papastamos's avatar
      Workaround for CVE-2017-5715 on Cortex A57 and A72 · f62ad322
      Dimitris Papastamos authored
      
      
      Invalidate the Branch Target Buffer (BTB) on entry to EL3 by disabling
      and enabling the MMU.  To achieve this without performing any branch
      instruction, a per-cpu vbar is installed which executes the workaround
      and then branches off to the corresponding vector entry in the main
      vector table.  A side effect of this change is that the main vbar is
      configured before any reset handling.  This is to allow the per-cpu
      reset function to override the vbar setting.
      
      This workaround is enabled by default on the affected CPUs.
      
      Change-Id: I97788d38463a5840a410e3cea85ed297a1678265
      Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      f62ad322
  17. 21 Aug, 2017 1 commit
    • Julius Werner's avatar
      Fix x30 reporting for unhandled exceptions · 4d91838b
      Julius Werner authored
      
      
      Some error paths that lead to a crash dump will overwrite the value in
      the x30 register by calling functions with the no_ret macro, which
      resolves to a BL instruction. This is not very useful and not what the
      reader would expect, since a crash dump should usually show all
      registers in the state they were in when the exception happened. This
      patch replaces the offending function calls with a B instruction to
      preserve the value in x30.
      
      Change-Id: I2a3636f2943f79bab0cd911f89d070012e697c2a
      Signed-off-by: default avatarJulius Werner <jwerner@chromium.org>
      4d91838b
  18. 03 May, 2017 1 commit
  19. 05 Dec, 2016 1 commit
    • Jeenu Viswambharan's avatar
      Define and use no_ret macro where no return is expected · a806dad5
      Jeenu Viswambharan authored
      
      
      There are many instances in ARM Trusted Firmware where control is
      transferred to functions from which return isn't expected. Such jumps
      are made using 'bl' instruction to provide the callee with the location
      from which it was jumped to. Additionally, debuggers infer the caller by
      examining where 'lr' register points to. If a 'bl' of the nature
      described above falls at the end of an assembly function, 'lr' will be
      left pointing to a location outside of the function range. This misleads
      the debugger back trace.
      
      This patch defines a 'no_ret' macro to be used when jumping to functions
      from which return isn't expected. The macro ensures to use 'bl'
      instruction for the jump, and also, for debug builds, places a 'nop'
      instruction immediately thereafter (unless instructed otherwise) so as
      to leave 'lr' pointing within the function range.
      
      Change-Id: Ib34c69fc09197cfd57bc06e147cc8252910e01b0
      Co-authored-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      a806dad5
  20. 14 Nov, 2016 1 commit
    • Douglas Raillard's avatar
      Cosmetic change to exception table · a6ef4393
      Douglas Raillard authored
      
      
      * Move comments on unhandled exceptions at the right place.
      * Reformat the existing comments to highlight the start of
        each block of 4 entries in the exception table to ease
        navigation (lines of dash reserved for head comments).
      * Reflow comments to 80 columns.
      
      Change-Id: I5ab88a93d0628af8e151852cb5b597eb34437677
      Signed-off-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      a6ef4393
  21. 12 Oct, 2016 1 commit
    • dp-arm's avatar
      Add PMF instrumentation points in TF · 872be88a
      dp-arm authored
      
      
      In order to quantify the overall time spent in the PSCI software
      implementation, an initial collection of PMF instrumentation points
      has been added.
      
      Instrumentation has been added to the following code paths:
      
      - Entry to PSCI SMC handler.  The timestamp is captured as early
        as possible during the runtime exception and stored in memory
        before entering the PSCI SMC handler.
      
      - Exit from PSCI SMC handler.  The timestamp is captured after
        normal return from the PSCI SMC handler or if a low power state
        was requested it is captured in the bl31 warm boot path before
        return to normal world.
      
      - Entry to low power state.  The timestamp is captured before entry
        to a low power state which implies either standby or power down.
        As these power states are mutually exclusive, only one timestamp
        is defined to describe both.  It is possible to differentiate between
        the two power states using the PSCI STAT interface.
      
      - Exit from low power state.  The timestamp is captured after a standby
        or power up operation has completed.
      
      To calculate the number of cycles spent running code in Trusted Firmware
      one can perform the following calculation:
      
      (exit_psci - enter_psci) - (exit_low_pwr - enter_low_pwr).
      
      The resulting number of cycles can be converted to time given the
      frequency of the counter.
      
      Change-Id: Ie3b8f3d16409b6703747093b3a2d5c7429ad0166
      Signed-off-by: default avatardp-arm <dimitris.papastamos@arm.com>
      872be88a
  22. 26 May, 2016 1 commit
    • Sandrine Bailleux's avatar
      Introduce some helper macros for exception vectors · e0ae9fab
      Sandrine Bailleux authored
      This patch introduces some assembler macros to simplify the
      declaration of the exception vectors. It abstracts the section
      the exception code is put into as well as the alignments
      constraints mandated by the ARMv8 architecture. For all TF images,
      the exception code has been updated to make use of these macros.
      
      This patch also updates some invalid comments in the exception
      vector code.
      
      Change-Id: I35737b8f1c8c24b6da89b0a954c8152a4096fa95
      e0ae9fab
  23. 09 Dec, 2015 1 commit
    • Yatharth Kochar's avatar
      Move context management code to common location · bbf8f6f9
      Yatharth Kochar authored
      The upcoming Firmware Update feature needs transitioning across
      Secure/Normal worlds to complete the FWU process and hence requires
      context management code to perform this task.
      
      Currently context management code is part of BL31 stage only.
      This patch moves the code from (include)/bl31 to (include)/common.
      Some function declarations/definitions and macros have also moved
      to different files to help code sharing.
      
      Change-Id: I3858b08aecdb76d390765ab2b099f457873f7b0c
      bbf8f6f9
  24. 26 Nov, 2015 1 commit
    • Soby Mathew's avatar
      Remove the IMF_READ_INTERRUPT_ID build option · 54718418
      Soby Mathew authored
      The IMF_READ_INTERRUPT_ID build option enables a feature where the interrupt
      ID of the highest priority pending interrupt is passed as a parameter to the
      interrupt handler registered for that type of interrupt. This additional read
      of highest pending interrupt id from GIC is problematic as it is possible that
      the original interrupt may get deasserted and another interrupt of different
      type maybe become the highest pending interrupt. Hence it is safer to prevent
      such behaviour by removing the IMF_READ_INTERRUPT_ID build option.
      
      The `id` parameter of the interrupt handler `interrupt_type_handler_t` is
      now made a reserved parameter with this patch. It will always contain
      INTR_ID_UNAVAILABLE.
      
      Fixes ARM-software/tf-issues#307
      
      Change-Id: I2173aae1dd37edad7ba6bdfb1a99868635fa34de
      54718418
  25. 13 May, 2015 1 commit
    • Achin Gupta's avatar
      Fix handling of spurious interrupts in BL3_1 · 5717aae1
      Achin Gupta authored
      There are couple of issues with how the interrupt routing framework in BL3_1
      handles spurious interrupts.
      
      1. In the macro 'handle_interrupt_exception', if a spurious interrupt is
         detected by plat_ic_get_pending_interrupt_type(), then execution jumps to
         'interrupt_exit_\label'. This macro uses the el3_exit() function to return to
         the original exception level. el3_exit() attempts to restore the SPSR_EL3 and
         ELR_EL3 registers with values from the current CPU context. Since these
         registers were not saved in this code path, it programs stale values into
         these registers. This leads to unpredictable behaviour after the execution of
         the ERET instruction.
      
      2. When an interrupt is routed to EL3, it could be de-asserted before the
         GICC_HPPIR is read in plat_ic_get_pending_interrupt_type(). There could be
         another interrupt pending at the same time e.g. a non-secure interrupt. Its
         type will be returned instead of the original interrupt. This would result in
         a call to get_interrupt_type_handler(). The firmware will panic if the
         handler for this type of interrupt has not been registered.
      
      This patch fixes the first problem by saving SPSR_EL3 and ELR_EL3 early in the
      'handle_interrupt_exception' macro, instead of only doing so once the validity
      of the interrupt has been determined.
      
      The second problem is fixed by returning execution back to the lower exception
      level through the 'interrupt_exit_\label' label instead of treating it as an
      error condition. The 'interrupt_error_\label' label has been removed since it is
      no longer used.
      
      Fixes ARM-software/tf-issues#305
      
      Change-Id: I81c729a206d461084db501bb81b44dff435021e8
      5717aae1
  26. 08 Apr, 2015 1 commit
    • Kévin Petit's avatar
      Add support to indicate size and end of assembly functions · 8b779620
      Kévin Petit authored
      
      
      In order for the symbol table in the ELF file to contain the size of
      functions written in assembly, it is necessary to report it to the
      assembler using the .size directive.
      
      To fulfil the above requirements, this patch introduces an 'endfunc'
      macro which contains the .endfunc and .size directives. It also adds
      a .func directive to the 'func' assembler macro.
      
      The .func/.endfunc have been used so the assembler can fail if
      endfunc is omitted.
      
      Fixes ARM-Software/tf-issues#295
      
      Change-Id: If8cb331b03d7f38fe7e3694d4de26f1075b278fc
      Signed-off-by: default avatarKévin Petit <kevin.petit@arm.com>
      8b779620
  27. 27 Aug, 2014 1 commit
  28. 15 Aug, 2014 1 commit
    • Achin Gupta's avatar
      Unmask SError interrupt and clear SCR_EL3.EA bit · 0c8d4fef
      Achin Gupta authored
      This patch disables routing of external aborts from lower exception levels to
      EL3 and ensures that a SError interrupt generated as a result of execution in
      EL3 is taken locally instead of a lower exception level.
      
      The SError interrupt is enabled in the TSP code only when the operation has not
      been directly initiated by the normal world. This is to prevent the possibility
      of an asynchronous external abort which originated in normal world from being
      taken when execution is in S-EL1.
      
      Fixes ARM-software/tf-issues#153
      
      Change-Id: I157b996c75996d12fd86d27e98bc73dd8bce6cd5
      0c8d4fef
  29. 28 Jul, 2014 1 commit
    • Soby Mathew's avatar
      Rework the crash reporting in BL3-1 to use less stack · 626ed510
      Soby Mathew authored
      This patch reworks the crash reporting mechanism to further
      optimise the stack and code size. The reporting makes use
      of assembly console functions to avoid calling C Runtime
      to report the CPU state. The crash buffer requirement is
      reduced to 64 bytes with this implementation. The crash
      buffer is now part of per-cpu data which makes retrieving
      the crash buffer trivial.
      
      Also now panic() will use crash reporting if
      invoked from BL3-1.
      
      Fixes ARM-software/tf-issues#199
      
      Change-Id: I79d27a4524583d723483165dc40801f45e627da5
      626ed510
  30. 19 Jul, 2014 1 commit
    • Achin Gupta's avatar
      Remove coherent stack usage from the warm boot path · b51da821
      Achin Gupta authored
      This patch uses stacks allocated in normal memory to enable the MMU early in the
      warm boot path thus removing the dependency on stacks allocated in coherent
      memory. Necessary cache and stack maintenance is performed when a cpu is being
      powered down and up. This avoids any coherency issues that can arise from
      reading speculatively fetched stale stack memory from another CPUs cache. These
      changes affect the warm boot path in both BL3-1 and BL3-2.
      
      The EL3 system registers responsible for preserving the MMU state are not saved
      and restored any longer. Static values are used to program these system
      registers when a cpu is powered on or resumed from suspend.
      
      Change-Id: I8357e2eb5eb6c5f448492c5094b82b8927603784
      b51da821
  31. 29 May, 2014 2 commits
    • Soby Mathew's avatar
      Fix compilation issue for IMF_READ_INTERRUPT_ID build flag · a3781085
      Soby Mathew authored
      This patch fixes the compilation issue for trusted firmware when the
      IMF_READ_INTERRUPT_ID is enabled.
      
      Change-Id: I94ab613b9bc96a7c1935796c674dc42246aaafee
      a3781085
    • Soby Mathew's avatar
      Pass 'cookie' parameter to interrupt handler in BL3-1 · b460b8bf
      Soby Mathew authored
      The interrupt handling routine in BL3-1 expects a cookie as its last
      parameter which was not being passed when invoking the interrupt
      handler in BL3-1. This patch fixes that by passing a dummy cookie
      parameter in the x3 register.
      
      Fixes ARM-software/tf-issues#171
      
      Change-Id: Ic98abbbd9f849e6f1c55343e865b5e0a4904a1c5
      b460b8bf
  32. 27 May, 2014 1 commit
    • Dan Handley's avatar
      Further renames of platform porting functions · 9865ac15
      Dan Handley authored
      Rename the ic_* platform porting functions to plat_ic_* to be
      consistent with the other functions in platform.h. Also rename
      bl31_get_next_image_info() to bl31_plat_get_next_image_ep_info()
      and remove the duplicate declaration in bl31.h.
      
      Change-Id: I4851842069d3cff14c0a468daacc0a891a7ede84
      9865ac15
  33. 23 May, 2014 1 commit
    • Dan Handley's avatar
      Split platform.h into separate headers · 5f0cdb05
      Dan Handley authored
      Previously, platform.h contained many declarations and definitions
      used for different purposes. This file has been split so that:
      
      * Platform definitions used by common code that must be defined
        by the platform are now in platform_def.h. The exact include
        path is exported through $PLAT_INCLUDES in the platform makefile.
      
      * Platform definitions specific to the FVP platform are now in
        /plat/fvp/fvp_def.h.
      
      * Platform API declarations specific to the FVP platform are now
        in /plat/fvp/fvp_private.h.
      
      * The remaining platform API declarations that must be ported by
        each platform are still in platform.h but this file has been
        moved to /include/plat/common since this can be shared by all
        platforms.
      
      Change-Id: Ieb3bb22fbab3ee8027413c6b39a783534aee474a
      5f0cdb05
  34. 22 May, 2014 1 commit
    • Achin Gupta's avatar
      Introduce interrupt handling framework in BL3-1 · dce74b89
      Achin Gupta authored
      This patch adds a common handler for FIQ and IRQ exceptions in the
      BL3-1 runtime exception vector table. This function determines the
      interrupt type and calls its handler. A crash is reported if an
      inconsistency in the interrupt management framework is detected. In
      the event of a spurious interrupt, execution resumes from the
      instruction where the interrupt was generated.
      
      This patch also removes 'cm_macros.S' as its contents have been moved
      to 'runtime_exceptions.S'
      
      Change-Id: I3c85ecf8eaf43a3fac429b119ed0bd706d2e2093
      dce74b89
  35. 16 May, 2014 1 commit
    • Soby Mathew's avatar
      Rework BL3-1 unhandled exception handling and reporting · a43d431b
      Soby Mathew authored
      This patch implements the register reporting when unhandled exceptions are
      taken in BL3-1. Unhandled exceptions will result in a dump of registers
      to the console, before halting execution by that CPU. The Crash Stack,
      previously called the Exception Stack, is used for this activity.
      This stack is used to preserve the CPU context and runtime stack
      contents for debugging and analysis.
      
      This also introduces the per_cpu_ptr_cache, referenced by tpidr_el3,
      to provide easy access to some of BL3-1 per-cpu data structures.
      Initially, this is used to provide a pointer to the Crash stack.
      
      panic() now prints the the error file and line number in Debug mode
      and prints the PC value in release mode.
      
      The Exception Stack is renamed to Crash Stack with this patch.
      The original intention of exception stack is no longer valid
      since we intend to support several valid exceptions like IRQ
      and FIQ in the trusted firmware context. This stack is now
      utilized for dumping and reporting the system state when a
      crash happens and hence the rename.
      
      Fixes ARM-software/tf-issues#79 Improve reporting of unhandled exception
      
      Change-Id: I260791dc05536b78547412d147193cdccae7811a
      a43d431b
  36. 08 May, 2014 1 commit
    • Soby Mathew's avatar
      Preserve x19-x29 across world switch for exception handling · c3260f9b
      Soby Mathew authored
      Previously exception handlers in BL3-1, X19-X29 were not saved
      and restored on every SMC/trap into EL3. Instead these registers
      were 'saved as needed' as a side effect of the A64 ABI used by the C
      compiler.
      
      That approach failed when world switching but was not visible
      with the TSP/TSPD code because the TSP is 64-bit, did not
      clobber these registers when running and did not support pre-emption
      by normal world interrupts. These scenarios showed
      that the values in these registers can be passed through a world
      switch, which broke the normal and trusted world assumptions
      about these registers being preserved.
      
      The Ideal solution saves and restores these registers when a
      world switch occurs - but that type of implementation is more complex.
      So this patch always saves and restores these registers on entry and
      exit of EL3.
      
      Fixes ARM-software/tf-issues#141
      
      Change-Id: I9a727167bbc594454e81cf78a97ca899dfb11c27
      c3260f9b