Skip to content

GitLab

Switch branch/tag
  1. 25 Jul, 2017 3 commits
    • Sandrine Bailleux's avatar
      xlat lib v2: Export translation context as an opaque type · 55c84964
      Sandrine Bailleux authored 
      

At the moment, the translation context type (xlat_ctx_t) is a private
type reserved for the internal usage of the translation table library.
All exported APIs (implemented in xlat_tables_common.c) are wrappers
over the internal implementations that use such a translation context.

These wrappers unconditionally pass the current translation context
representing the memory mappings of the executing BL image. This means
that the caller has no control over which translation context the
library functions act on.

As a first step to make this code more flexible, this patch exports
the 'xlat_ctx_t' type. Note that, although the declaration of this type
is now public, its definition stays private. A macro is introduced to
statically allocate and initialize such a translation context.

The library now internally uses this macro to allocate the default
translation context for the running BL image.

Change-Id: Icece1cde4813fac19452c782b682c758142b1489
Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      55c84964
    • Sandrine Bailleux's avatar
      xlat lib: Reorganize architectural defs · 8933c34b
      Sandrine Bailleux authored 
      

Move the header files that provide translation tables architectural
definitions from the library v2 source files to the library include
directory. This allows to share these definitions between both
versions (v1 and v2) of the library.

Create a new header file that includes the AArch32 or AArch64
definitions based on the AARCH32 build flag, so that the library user
doesn't have to worry about handling it on their side.

Also repurpose some of the definitions the header files provide to
concentrate on the things that differ between AArch32 and AArch64.
As a result they now contain the following information:
 - the first table level that allows block descriptors;
 - the architectural limits of the virtual address space;
 - the initial lookup level to cover the entire address space.

Additionally, move the XLAT_TABLE_LEVEL_MIN macro from
xlat_tables_defs.h to the AArch32/AArch64 architectural definitions.

This new organisation eliminates duplicated information in the AArch32
and AArch64 versions. It also decouples these architectural files from
any platform-specific information. Previously, they were dependent on
the address space size, which is platform-specific.

Finally, for the v2 of the library, move the compatibility code for
ADDR_SPACE_SIZE into a C file as it is not needed outside of this
file. For v1, this code hasn't been changed and stays in a header
file because it's needed by several files.

Change-Id: If746c684acd80eebf918abd3ab6e8481d004ac68
Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      8933c34b
    • Sandrine Bailleux's avatar
      xlat lib v2: Print some debug statistics · 0350bc6d
      Sandrine Bailleux authored 
      

This patch adds some debug prints to display some statistics about page
tables usage. They are printed only if the LOG_LEVEL is at least 50
(i.e. VERBOSE).

Sample output for BL1:

VERBOSE:    Translation tables state:
VERBOSE:      Max allowed PA:  0xffffffff
VERBOSE:      Max allowed VA:  0xffffffff
VERBOSE:      Max mapped PA:   0x7fffffff
VERBOSE:      Max mapped VA:   0x7fffffff
VERBOSE:      Initial lookup level: 1
VERBOSE:      Entries @initial lookup level: 4
VERBOSE:      Used 4 sub-tables out of 5 (spare: 1)

Change-Id: If38956902e9616cdcd6065ecd140fe21482597ea
Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      0350bc6d
  3. 12 Jul, 2017 1 commit
    • Isla Mitchell's avatar
      Fix order of #includes · 2a4b4b71
      Isla Mitchell authored 
      

This fix modifies the order of system includes to meet the ARM TF coding
standard. There are some exceptions in order to retain header groupings,
minimise changes to imported headers, and where there are headers within
the #if and #ifndef statements.

Change-Id: I65085a142ba6a83792b26efb47df1329153f1624
Signed-off-by: default avatarIsla Mitchell <isla.mitchell@arm.com>
      2a4b4b71
  5. 28 Jun, 2017 1 commit
    • Douglas Raillard's avatar
      Introduce TF_LDFLAGS · c2b8806f
      Douglas Raillard authored 
      

Use TF_LDFLAGS from the Makefiles, and still append LDFLAGS as well to
the compiler's invocation. This allows passing extra options from the
make command line using LDFLAGS.

Document new LDFLAGS Makefile option.

Change-Id: I88c5ac26ca12ac2b2d60a6f150ae027639991f27
Signed-off-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      c2b8806f
  7. 27 Jun, 2017 1 commit
    • David Cunado's avatar
      Resolve signed-unsigned comparison issues · 0dd41951
      David Cunado authored 
      A recent commit 030567e6

 added U()/ULL()
macro to TF constants. This has caused some signed-unsigned comparison
warnings / errors in the TF static analysis.

This patch addresses these issues by migrating impacted variables from
signed ints to unsigned ints and vice verse where applicable.

Change-Id: I4b4c739a3fa64aaf13b69ad1702c66ec79247e53
Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      0dd41951
  9. 23 Jun, 2017 1 commit
  11. 22 Jun, 2017 4 commits
    • Etienne Carriere's avatar
      psci: minor fixes in lib · c283e05a
      Etienne Carriere authored 
      

Call svc_suspend_finish if registered.
psci_get_stat() is static to psci_stat.c
Fix types used in comparison.
Fix coding style (empty line between variable definition and instructions
block).
Signed-off-by: default avatarEtienne Carriere <etienne.carriere@st.com>
      c283e05a
    • Douglas Raillard's avatar
      Apply workarounds for A53 Cat A Errata 835769 and 843419 · a94cc374
      Douglas Raillard authored 
      These errata are only applicable to AArch64 state. See the errata notice
for more details:
http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.epm048406/index.html



Introduce the build options ERRATA_A53_835769 and ERRATA_A53_843419.
Enable both of them for Juno.

Apply the 835769 workaround as following:
* Compile with -mfix-cortex-a53-835769
* Link with --fix-cortex-a53-835769

Apply the 843419 workaround as following:
* Link with --fix-cortex-a53-843419

The erratum 843419 workaround can lead the linker to create new sections
suffixed with "*.stub*" and 4KB aligned. The erratum 835769 can lead the
linker to create new "*.stub" sections with no particular alignment.

Also add support for LDFLAGS_aarch32 and LDFLAGS_aarch64 in Makefile for
architecture-specific linker options.

Change-Id: Iab3337e338b7a0a16b0d102404d9db98c154f8f8
Signed-off-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      a94cc374
    • Dimitris Papastamos's avatar
      aarch32: Apply workaround for errata 813419 of Cortex-A57 · 6f512a3d
      Dimitris Papastamos authored 
      

TLBI instructions for monitor mode won't have the desired effect under
specific circumstances in Cortex-A57 r0p0. The workaround is to
execute DSB and TLBI twice each time.

Even though this errata is only needed in r0p0, the current errata
framework is not prepared to apply run-time workarounds. The current one
is always applied if compiled in, regardless of the CPU or its revision.

The `DSB` instruction used when initializing the translation tables has
been changed to `DSB ISH` as an optimization and to be consistent with
the barriers used for the workaround.

NOTE: This workaround is present in AArch64 TF and already enabled by
default on Juno.

Change-Id: I10b0baa304ed64b13b7b26ea766e61461e759dfa
Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      6f512a3d
    • dp-arm's avatar
      aarch64: Enable Statistical Profiling Extensions for lower ELs · d832aee9
      dp-arm authored 
      

SPE is only supported in non-secure state.  Accesses to SPE specific
registers from SEL1 will trap to EL3.  During a world switch, before
`TTBR` is modified the SPE profiling buffers are drained.  This is to
avoid a potential invalid memory access in SEL1.

SPE is architecturally specified only for AArch64.

Change-Id: I04a96427d9f9d586c331913d815fdc726855f6b0
Signed-off-by: default avatardp-arm <dimitris.papastamos@arm.com>
      d832aee9
  13. 21 Jun, 2017 2 commits
    • David Cunado's avatar
      Fully initialise essential control registers · 18f2efd6
      David Cunado authored 
      

This patch updates the el3_arch_init_common macro so that it fully
initialises essential control registers rather then relying on hardware
to set the reset values.

The context management functions are also updated to fully initialise
the appropriate control registers when initialising the non-secure and
secure context structures and when preparing to leave EL3 for a lower
EL.

This gives better alignement with the ARM ARM which states that software
must initialise RES0 and RES1 fields with 0 / 1.

This patch also corrects the following typos:

"NASCR definitions" -> "NSACR definitions"

Change-Id: Ia8940b8351dc27bc09e2138b011e249655041cfc
Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      18f2efd6
    • Soby Mathew's avatar
      Exit early if size zero for cache helpers · 3ec5204c
      Soby Mathew authored 
      

This patch enables cache helper functions `flush_dcache_range`,
`clean_dcache_range` and `invalidate_dcache_range` to exit early
if the size argument specified is zero

Change-Id: I0b63e8f4bd3d47ec08bf2a0b0b9a7ff8a269a9b0
Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      3ec5204c
  15. 20 Jun, 2017 4 commits
  17. 14 Jun, 2017 2 commits
  19. 01 Jun, 2017 1 commit
  21. 24 May, 2017 2 commits
  23. 18 May, 2017 1 commit
  25. 16 May, 2017 1 commit
    • Antonio Nino Diaz's avatar
      Simplify assert() to reduce memory usage · 0da2fe7e
      Antonio Nino Diaz authored 
      

The behaviour of assert() now depends on the value of the new optional
platform define `PLAT_LOG_LEVEL_ASSERT`. This defaults to `LOG_LEVEL` if
not defined by the platform.

- If `PLAT_LOG_LEVEL_ASSERT` >= `LOG_LEVEL_VERBOSE`, it prints the file
  name, line and asserted expression.
- If `PLAT_LOG_LEVEL_ASSERT` >= `LOG_LEVEL_INFO`, it prints the file
  name and line.
- If not, it doesn't print anything.

Note the old behaviour was to print the function name whereas now it
prints the file name. This reduces memory usage because the file name is
shared between all assert calls in a given file. Also, the default
behaviour in debug builds is to no longer print the asserted expression,
greatly reducing the string usage.

For FVP debug builds this change saves approximately:

              No TBBR    TBBR
        BL1    1.6 KB   2.2 KB
        BL2    1.7 KB   2.1 KB
        BL31   2.6 KB   3.3 KB

Change-Id: I2947569d593df0b25611dc3c7a6096f42155c115
Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      0da2fe7e
  27. 12 May, 2017 2 commits
  29. 09 May, 2017 1 commit
  31. 04 May, 2017 1 commit
    • Jeenu Viswambharan's avatar
      Introduce ARM SiP service to switch execution state · b10d4499
      Jeenu Viswambharan authored 
      

In AArch64, privileged exception levels control the execution state
(a.k.a. register width) of the immediate lower Exception Level; i.e.
whether the lower exception level executes in AArch64 or AArch32 state.
For an exception level to have its execution state changed at run time,
it must request the change by raising a synchronous exception to the
higher exception level.

This patch implements and adds such a provision to the ARM SiP service,
by which an immediate lower exception level can request to switch its
execution state. The execution state is switched if the request is:

  - raised from non-secure world;

  - raised on the primary CPU, before any secondaries are brought online
    with CPU_ON PSCI call;

  - raised from an exception level immediately below EL3: EL2, if
    implemented; otherwise NS EL1.

If successful, the SMC doesn't return to the caller, but to the entry
point supplied with the call. Otherwise, the caller will observe the SMC
returning with STATE_SW_E_DENIED code. If ARM Trusted Firmware is built
for AArch32, the feature is not supported, and the call will always
fail.

For the ARM SiP service:

  - Add SMC function IDs for both AArch32 and AArch64;
  - Increment the SiP service minor version to 2;
  - Adjust the number of supported SiP service calls.

Add documentation for ARM SiP service.

Fixes ARM-software/tf-issues#436

Change-Id: I4347f2d6232e69fbfbe333b340fcd0caed0a4cea
Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      b10d4499
  33. 03 May, 2017 1 commit
  35. 02 May, 2017 3 commits
    • Jeenu Viswambharan's avatar
      Add macro to check whether the CPU implements an EL · f4c8aa90
      Jeenu Viswambharan authored 
      

Replace all instances of checks with the new macro.

Change-Id: I0eec39b9376475a1a9707a3115de9d36f88f8a2a
Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      f4c8aa90
    • Antonio Nino Diaz's avatar
      Fix execute-never permissions in xlat tables libs · a5640252
      Antonio Nino Diaz authored 
      

Translation regimes that only support one virtual address space (such as
the ones for EL2 and EL3) can flag memory regions as execute-never by
setting to 1 the XN bit in the Upper Attributes field in the translation
tables descriptors. Translation regimes that support two different
virtual address spaces (such as the one shared by EL1 and EL0) use bits
PXN and UXN instead.

The Trusted Firmware runs at EL3 and EL1, it has to handle translation
tables of both translation regimes, but the previous code handled both
regimes the same way, as if both had only 1 VA range.

When trying to set a descriptor as execute-never it would set the XN
bit correctly in EL3, but it would set the XN bit in EL1 as well. XN is
at the same bit position as UXN, which means that EL0 was being
prevented from executing code at this region, not EL1 as the code
intended. Therefore, the PXN bit was unset to 0 all the time. The result
is that, in AArch64 mode, read-only data sections of BL2 weren't
protected from being executed.

This patch adds support of translation regimes with two virtual address
spaces to both versions of the translation tables library, fixing the
execute-never permissions for translation tables in EL1.

The library currently does not support initializing translation tables
for EL0 software, therefore it does not set/unset the UXN bit. If EL1
software needs to initialize translation tables for EL0 software, it
should use a different library instead.

Change-Id: If27588f9820ff42988851d90dc92801c8ecbe0c9
Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      a5640252
    • Nishanth Menon's avatar
      xlat lib: Don't set mmap_attr_t enum to be -1 · 7055e6fa
      Nishanth Menon authored 
      -1 is not a defined mmap_attr_t type. Instead of using invalid enum
types, we can either choose to define a INVALID type OR handle the
condition specifically.

Since the usage of mmap_region_attr is limited, it is easier to just
handle the error condition specifically and return 0 or -1 depending
on success or fail.

Fixes: ARM-Software/tf-issues#473
Fixes: 28fa2e9e

 ("xlat lib: Use mmap_attr_t type consistently")
Signed-off-by: default avatarNishanth Menon <nm@ti.com>
      7055e6fa
  37. 29 Apr, 2017 1 commit
    • Scott Branden's avatar
      Move defines in utils.h to utils_def.h to fix shared header compile issues · 53d9c9c8
      Scott Branden authored 
      

utils.h is included in various header files for the defines in it.
Some of the other header files only contain defines.  This allows the
header files to be shared between host and target builds for shared defines.

Recently types.h has been included in utils.h as well as some function
prototypes.

Because of the inclusion of types.h conflicts exist building host tools
abd these header files now.  To solve this problem,
move the defines to utils_def.h and have this included by utils.h and
change header files to only include utils_def.h and not pick up the new
types.h being introduced.

Fixes ARM-software/tf-issues#461
Signed-off-by: default avatarScott Branden <scott.branden@broadcom.com>

Remove utils_def.h from utils.h

This patch removes utils_def.h from utils.h as it is not required.
And also makes a minor change to ensure Juno platform compiles.

Change-Id: I10cf1fb51e44a8fa6dcec02980354eb9ecc9fa29
      53d9c9c8
  39. 20 Apr, 2017 4 commits
  41. 19 Apr, 2017 2 commits
    • Antonio Nino Diaz's avatar
      Add `ENABLE_ASSERTIONS` build option · cc8b5632
      Antonio Nino Diaz authored 
      

Add the new build option `ENABLE_ASSERTIONS` that controls whether or
not assert functions are compiled out. It defaults to 1 for debug builds
and to 0 for release builds.

Additionally, a following patch will be done to allow this build option
to hide auxiliary code used for the checks done in an `assert()`. This
code is is currently under the DEBUG build flag.

Assert messages are now only printed if LOG_LEVEL >= LOG_LEVEL_INFO,
which is the default for debug builds.

This patch also updates the User Guide.

Change-Id: I1401530b56bab25561bb0f274529f1d12c5263bc
Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      cc8b5632
    • Soby Mathew's avatar
      PSCI: Build option to enable D-Caches early in warmboot · bcc3c49c
      Soby Mathew authored 
      

This patch introduces a build option to enable D-cache early on the CPU
after warm boot. This is applicable for platforms which do not require
interconnect programming to enable cache coherency (eg: single cluster
platforms). If this option is enabled, then warm boot path enables
D-caches immediately after enabling MMU.

Fixes ARM-Software/tf-issues#456

Change-Id: I44c8787d116d7217837ced3bcf0b1d3441c8d80e
Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      bcc3c49c
  43. 31 Mar, 2017 1 commit
    • Douglas Raillard's avatar
      Add support for GCC stack protection · 51faada7
      Douglas Raillard authored 
      

Introduce new build option ENABLE_STACK_PROTECTOR. It enables
compilation of all BL images with one of the GCC -fstack-protector-*
options.

A new platform function plat_get_stack_protector_canary() is introduced.
It returns a value that is used to initialize the canary for stack
corruption detection. Returning a random value will prevent an attacker
from predicting the value and greatly increase the effectiveness of the
protection.

A message is printed at the ERROR level when a stack corruption is
detected.

To be effective, the global data must be stored at an address
lower than the base of the stacks. Failure to do so would allow an
attacker to overwrite the canary as part of an attack which would void
the protection.

FVP implementation of plat_get_stack_protector_canary is weak as
there is no real source of entropy on the FVP. It therefore relies on a
timer's value, which could be predictable.

Change-Id: Icaaee96392733b721fa7c86a81d03660d3c1bc06
Signed-off-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      51faada7