- 24 Feb, 2020 1 commit
-
-
Petre-Ionut Tudor authored
This patch introduces a build flag which allows the xlat tables to be mapped in a read-only region within BL31 memory. It makes it much harder for someone who has acquired the ability to write to arbitrary secure memory addresses to gain control of the translation tables. The memory attributes of the descriptors describing the tables themselves are changed to read-only secure data. This change happens at the end of BL31 runtime setup. Until this point, the tables have read-write permissions. This gives a window of opportunity for changes to be made to the tables with the MMU on (e.g. reclaiming init code). No changes can be made to the tables with the MMU turned on from this point onwards. This change is also enabled for sp_min and tspd. To make all this possible, the base table was moved to .rodata. The penalty we pay is that now .rodata must be aligned to the size of the base table (512B alignment). Still, this is better than putting the base table with the higher level tables in the xlat_table section, as that would cost us a full 4KB page. Changing the tables from read-write to read-only cannot be done with the MMU on, as the break-before-make sequence would invalidate the descriptor which resolves the level 3 page table where that very descriptor is located. This would make the translation required for writing the changes impossible, generating an MMU fault. The caches are also flushed. Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com> Change-Id: Ibe5de307e6dc94c67d6186139ac3973516430466
-
- 22 Jan, 2020 1 commit
-
-
Masahiro Yamada authored
Use end_va and end_pa defined at the beginning of this function. Change-Id: I0e8b3b35fceb87b5d35397eb892d4fe92ba90b4c Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 12 Nov, 2019 1 commit
-
-
Deepika Bhavnani authored
`unsigned long` should be replaced to 1. `unsigned int` or `unsigned long long` - If fixed, based on the architecture AArch32 or AArch64 2. `u_register_t` - If it is supposed to be 32-bit wide in AArch32 and 64-bit wide in AArch64. Translation descriptors are always 32-bit wide, here `uint32_t` is used to describe the `exact size` of translation descriptors instead of `unsigned int` which guarantees minimum 32-bits Signed-off-by: Deepika Bhavnani <deepika.bhavnani@arm.com> Change-Id: I6a2af2e8b3c71170e2634044e0b887f07a41677e
-
- 18 Oct, 2019 1 commit
-
-
Artsem Artsemenka authored
The WARMBOOT_ENABLE_DCACHE_EARLY allows caches to be turned on early during the boot. But the xlat_change_mem_attributes_ctx() API did not do the required cache maintenance after the mmap tables are modified if WARMBOOT_ENABLE_DCACHE_EARLY is enabled. This meant that when the caches are turned off during power down, the tables in memory are accessed as part of cache maintenance for power down, and the tables are not correct at this point which results in a data abort. This patch removes the optimization within xlat_change_mem_attributes_ctx() when WARMBOOT_ENABLE_DCACHE_EARLY is enabled. Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com> Change-Id: I82de3decba87dd13e9856b5f3620a1c8571c8d87
-
- 01 Aug, 2019 1 commit
-
-
Julius Werner authored
NOTE: AARCH32/AARCH64 macros are now deprecated in favor of __aarch64__. All common C compilers pre-define the same macros to signal which architecture the code is being compiled for: __arm__ for AArch32 (or earlier versions) and __aarch64__ for AArch64. There's no need for TF-A to define its own custom macros for this. In order to unify code with the export headers (which use __aarch64__ to avoid another dependency), let's deprecate the AARCH32 and AARCH64 macros and switch the code base over to the pre-defined standard macro. (Since it is somewhat unintuitive that __arm__ only means AArch32, let's standardize on only using __aarch64__.) Change-Id: Ic77de4b052297d77f38fc95f95f65a8ee70cf200 Signed-off-by: Julius Werner <jwerner@chromium.org>
-
- 24 May, 2019 1 commit
-
-
Alexei Fedorov authored
This patch adds the functionality needed for platforms to provide Branch Target Identification (BTI) extension, introduced to AArch64 in Armv8.5-A by adding BTI instruction used to mark valid targets for indirect branches. The patch sets new GP bit [50] to the stage 1 Translation Table Block and Page entries to denote guarded EL3 code pages which will cause processor to trap instructions in protected pages trying to perform an indirect branch to any instruction other than BTI. BTI feature is selected by BRANCH_PROTECTION option which supersedes the previous ENABLE_PAUTH used for Armv8.3-A Pointer Authentication and is disabled by default. Enabling BTI requires compiler support and was tested with GCC versions 9.0.0, 9.0.1 and 10.0.0. The assembly macros and helpers are modified to accommodate the BTI instruction. This is an experimental feature. Note. The previous ENABLE_PAUTH build option to enable PAuth in EL3 is now made as an internal flag and BRANCH_PROTECTION flag should be used instead to enable Pointer Authentication. Note. USE_LIBROM=1 option is currently not supported. Change-Id: Ifaf4438609b16647dc79468b70cd1f47a623362e Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 03 Apr, 2019 1 commit
-
-
Antonio Nino Diaz authored
This gives each Secure Partition complete freedom on its address space. Previously, the memory used by the exception vectors was reserved and couldn't be used. Also, it always had to be mapped, forcing SPM to generate translation tables that included the exception vectors as well as the Partition memory regions. With this change, partitions can reduce their address space size easily. Change-Id: I67fb5e9bdf2870b73347f23bff702fab0a8f8711 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 19 Mar, 2019 1 commit
-
-
Antonio Nino Diaz authored
This commit reverts the following commits: - c54c7fc3 ("xlat_tables_v2: print xlat tables without recursion") - db8cac2d ("xlat_tables_v2: unmap region without recursion.") - 0ffe2692 ("xlat_tables_v2: map region without recursion.") This was part of PR#1843. A problem has been detected in one of our test run configurations involving dynamic mapping of regions and it is blocking the next release. Until the problem can be solved, it is safer to revert the changes. Change-Id: I3d5456e4dbebf291c8b74939c6fb02a912e0903b Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 05 Mar, 2019 3 commits
-
-
David Pu authored
This patch uses an array on stack to save parent xlat table information when traversing the xlat tables. It keeps exactly same xlat table traversal order compared to recursive version. fixes arm-software/tf-issues#664 Signed-off-by: David Pu <dpu@nvidia.com>
-
David Pu authored
This patch uses an array on stack to save parent xlat table information when traversing the xlat tables. It keeps exactly same xlat table traversal order compared to recursive version. fixes arm-software/tf-issues#664 Signed-off-by: David Pu <dpu@nvidia.com>
-
David Pu authored
This patch uses an array on stack to save parent xlat table information when traversing the xlat tables. It keeps exactly same xlat table traversal order compared to recursive version. fixes arm-software/tf-issues#664 Signed-off-by: David Pu <dpu@nvidia.com>
-
- 28 Feb, 2019 2 commits
-
-
David Pu authored
This patch introduces 2 helper functions 'xlat_tables_find_start_va' and 'xlat_tables_va_to_index' to find the first VA and table index affected by the specified mmap region. it reduces code duplication and cyclomatic code complexity in xlat_tables_map/unmap_region functions. Cyclomatic complexity calculated using 'Coverity' fixes arm-software/tf-issues#673 Signed-off-by: David Pu <dpu@nvidia.com>
-
David Pu authored
This patch introduces helper function 'xlat_tables_unmap_region_action' to get the required action type from given arguments when unmapping the specified region. it reduces cyclomatic code complexity in xlat_tables_unmap_region function. Cyclomatic complexity calculated using 'Coverity' fixes arm-software/tf-issues#673 Signed-off-by: David Pu <dpu@nvidia.com>
-
- 07 Feb, 2019 1 commit
-
-
Varun Wadekar authored
The armclang compiler can warn if a variable is declared but is never referenced. The '__attribute__((unused))' attribute informs the compiler to expect an unused variable, and tells it not to issue a warning. This patch marks the 'xlat_clean_dcache_range' function as "unused" to fix this armclang compiler warning. Change-Id: I7623f61c2975a01db4d1b80554dd4f9a9e0f7eb6 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 01 Feb, 2019 1 commit
-
-
Antonio Nino Diaz authored
Change-Id: Id7c22d76b896d1dcac18cdb0e564ce4e02583e33 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 30 Jan, 2019 1 commit
-
-
Sathees Balya authored
ARMv8.4-TTST (Small Translation tables) relaxes the lower limit on the size of translation tables by increasing the maximum permitted value of the T1SZ and T0SZ fields in TCR_EL1, TCR_EL2, TCR_EL3, VTCR_EL2 and VSTCR_EL2. This feature is supported in AArch64 state only. This patch adds support for this feature to both versions of the translation tables library. It also removes the static build time checks for virtual address space size checks to runtime assertions. Change-Id: I4e8cebc197ec1c2092dc7d307486616786e6c093 Signed-off-by: Sathees Balya <sathees.balya@arm.com>
-
- 11 Jan, 2019 1 commit
-
-
Antonio Nino Diaz authored
ARMv8.2-TTCNP is mandatory from ARMv8.2 onwards, but it can be implemented in CPUs that don't implement all mandatory 8.2 features (and so have to claim to be a lower version). This patch removes usage of the ARM_ARCH_AT_LEAST() macro and uses system ID registers to detect whether it is needed to set the bit or not. Change-Id: I7bcbf0c7c937590dfc2ca668cfd9267c50f7d52c Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 04 Jan, 2019 1 commit
-
-
Antonio Nino Diaz authored
Enforce full include path for includes. Deprecate old paths. The following folders inside include/lib have been left unchanged: - include/lib/cpus/${ARCH} - include/lib/el3_runtime/${ARCH} The reason for this change is that having a global namespace for includes isn't a good idea. It defeats one of the advantages of having folders and it introduces problems that are sometimes subtle (because you may not know the header you are actually including if there are two of them). For example, this patch had to be created because two headers were called the same way: e0ea0928 ("Fix gpio includes of mt8173 platform to avoid collision."). More recently, this patch has had similar problems: 46f9b2c3 ("drivers: add tzc380 support"). This problem was introduced in commit 4ecca339 ("Move include and source files to logical locations"). At that time, there weren't too many headers so it wasn't a real issue. However, time has shown that this creates problems. Platforms that want to preserve the way they include headers may add the removed paths to PLAT_INCLUDES, but this is discouraged. Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 11 Dec, 2018 1 commit
-
-
Antonio Nino Diaz authored
Change-Id: Ib7c2529b85bb5930d44907edfc8ead13d3b1ef4d Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com> Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 22 Nov, 2018 1 commit
-
-
Antonio Nino Diaz authored
Provide new APIs to add new regions without specifying the base VA. - `mmap_add_region_alloc_va` adds a static region to mmap choosing as base VA the first possible address after all the currently mapped regions. It is aligned to an appropriate boundary in relation to the size and base PA of the requested region. No attempt is made to fill any unused VA holes. - `mmap_add_dynamic_region_alloc_va` it adds a region the same way as `mmap_add_region_alloc_va` does, but it's dynamic instead of static. - `mmap_add_alloc_va` takes an array of non const `mmap_region_t`, maps them in the same way as `mmap_add_region_alloc_va` and fills their `base_va` field. A helper macro has been created to help create the array, called `MAP_REGION_ALLOC_VA`. Change-Id: I5ef3f82ca0dfd0013d2e8034aa22f13ca528ba37 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 29 Oct, 2018 1 commit
-
-
Soby Mathew authored
This patch fixes up the AArch64 assembly code to use adrp/adr instructions instead of ldr instruction for reference to symbols. This allows these assembly sequences to be Position Independant. Note that the the reference to sizes have been replaced with calculation of size at runtime. This is because size is a constant value and does not depend on execution address and using PC relative instructions for loading them makes them relative to execution address. Also we cannot use `ldr` instruction to load size as it generates a dynamic relocation entry which must *not* be fixed up and it is difficult for a dynamic loader to differentiate which entries need to be skipped. Change-Id: I8bf4ed5c58a9703629e5498a27624500ef40a836 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 26 Oct, 2018 1 commit
-
-
Antonio Nino Diaz authored
There are several platforms using arm_setup_page_tables(), which is supposed to be Arm platform only. This creates several dependency problems between platforms. This patch adds the definition XLAT_TABLES_LIB_V2 to the xlat tables lib v2 makefile. This way it is possible to detect from C code which version is being used and include the correct header. The file arm_xlat_tables.h has been renamed to xlat_tables_compat.h and moved to a common folder. This way, when in doubt, this header can be used to guarantee compatibility, as it includes the correct header based on XLAT_TABLES_LIB_V2. This patch also removes the usage of ARM_XLAT_TABLES_V1 from QEMU (so that is now locked in xlat lib v2) and ZynqMP (where it was added as a workaround). Change-Id: Ie1e22a23b44c549603d1402a237a70d0120d3e04 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 08 Oct, 2018 1 commit
-
-
Antonio Nino Diaz authored
Commit 79621f00 broke sgi575. It is possible to have a region with 0 as value for the attributes. It means device memory, read only, secure, executable. This is legitimate if the code is in flash and the code is executed from there. This is the case for SGI_MAP_FLASH0_RO, defined in the file plat/arm/css/sgi/sgi_plat.c. This problem is solved by checking both size and attributes in xlat v1. In xlat v2, it is enough to check the granularity, as it can never be 0. Change-Id: I7be11f1b0e51c4c2ffd560b4a6cdfbf15de2c276 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 03 Oct, 2018 2 commits
-
-
Daniel Boulby authored
Mark the xlat tables code only used in BL31 initialization as __init to be reclaimed once no longer needed Change-Id: I3106bfd994706a57c578624573bcfa525fbbd3c4 Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
-
Daniel Boulby authored
Depending on the build flags it is possible that some of the memory regions mapped in page table setup could have a size of 0. In this case we simply want to do nothing but still wish to map the other regions in the array. Therefore we cannot only use size == 0 as the termination logic for the loop. Since an attributes field with value 0 means that the region is device memory, read only, secure and executable. Device memory can't be executable, so this combination should never be used and it is safe to use as a terminator value. Therefore by changing the termination logic to use attributes instead of size we prevent terminating the loop when we don't intend to. Change-Id: I92fc7f689ab08543497be6be4896dace2ed7b66a Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
-
- 28 Sep, 2018 1 commit
-
-
Antonio Nino Diaz authored
Change-Id: I83de2ae3e0795e6fec3c1e5b37c441b64b0c9cb6 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 22 Aug, 2018 2 commits
-
-
Antonio Nino Diaz authored
tf_printf and tf_snprintf are now called printf and snprintf, so the code needs to be updated. Change-Id: Iffeee97afcd6328c4c2d30830d4923b964682d71 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
The codebase was using non-standard headers. It is needed to replace them by the correct ones so that we can use the new libc headers. Change-Id: I530f71d9510cb036e69fe79823c8230afe890b9d Acked-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 10 Aug, 2018 1 commit
-
-
Antonio Nino Diaz authored
The translation library is useful elsewhere. Even though this repository doesn't exercise the EL2 support of the library, it is better to have it here as well to make it easier to maintain. enable_mmu_secure() and enable_mmu_direct() have been deprecated. The functions are still present, but they are behind ERROR_DEPRECATED and they call the new functions enable_mmu_svc_mon() and enable_mmu_direct_svc_mon(). Change-Id: I13ad10cd048d9cc2d55e0fff9a5133671b67dcba Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 07 Aug, 2018 1 commit
-
-
Antonio Nino Diaz authored
During cold boot, the initial translation tables are created with data caches disabled, so all modifications go to memory directly. After the MMU is enabled and data cache is enabled, any modification to the tables goes to data cache, and eventually may get flushed to memory. If CPU0 modifies the tables while CPU1 is off, CPU0 will have the modified tables in its data cache. When CPU1 is powered on, the MMU is enabled, then it enables coherency, and then it enables the data cache. Until this is done, CPU1 isn't in coherency, and the translation tables it sees can be outdated if CPU0 still has some modified entries in its data cache. This can be a problem in some cases. For example, the warm boot code uses only the tables mapped during cold boot, which don't normally change. However, if they are modified (and a RO page is made RW, or a XN page is made executable) the CPU will see the old attributes and crash when it tries to access it. This doesn't happen in systems with HW_ASSISTED_COHERENCY or WARMBOOT_ENABLE_DCACHE_EARLY. In these systems, the data cache is enabled at the same time as the MMU. As soon as this happens, the CPU is in coherency. There was an attempt of a fix in psci_helpers.S, but it didn't solve the problem. That code has been deleted. The code was introduced in commit <26441030 > ("Invalidate TLB entries during warm boot"). Now, during a map or unmap operation, the memory associated to each modified table is flushed. Traversing a table will also flush it's memory, as there is no way to tell in the current implementation if the table that has been traversed has also been modified. Change-Id: I4b520bca27502f1018878061bc5fb82af740bb92 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 06 Aug, 2018 1 commit
-
-
Antonio Nino Diaz authored
Changed the names for consistency with the rest of the library. Introduced new helpers that manipulate the active translation tables context. Change-Id: Icaca56b67fcf6a96e88aa3c7e47411162e8e6856 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 02 Aug, 2018 1 commit
-
-
Antonio Nino Diaz authored
Change-Id: I35d5b6a7c219f6f38983b30f157c1ed3808af17f Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 30 Jul, 2018 1 commit
-
-
Antonio Nino Diaz authored
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6, 14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9. Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 15 Jul, 2018 2 commits
-
-
Antonio Nino Diaz authored
This library can be used in other projects. All comments that talk about the Trusted Firmware should be talking about the library itself. Change-Id: I3b98d42f7132be72c1f8a4900acfaa78dbd2daa2 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
This allows other parts of the code to reuse it. No functional changes. Change-Id: Ib052ae235c422d9179958bd3016c3e678779ae9b Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 13 Jul, 2018 4 commits
-
-
Antonio Nino Diaz authored
Most registers are 64-bit wide, even in AArch32 mode: - MAIR_ELx is equivalent to MAIR0 and MAIR1. - TTBR is 64 bit in both AArch64 and AArch32. The only difference is the TCR register, which is 32 bit in AArch32 and in EL3 in AArch64. For consistency with the rest of ELs in AArch64, it makes sense to also have it as a 64-bit value. Change-Id: I2274d66a28876702e7085df5f8aad0e7ec139da9 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
The Exception Level is now detected at runtime. This means that it is not needed to hardcode the EL used by each image. This doesn't result in a substantial increase of the image size because the initialization functions that aren't used are garbage-collected by the linker. In AArch32 the current EL has been changed from EL3 to EL1 because the the AArch32 PL1&0 translation regime behaves more like the AArch64 EL1&0 translation regime than the EL3 one. Change-Id: I941404299ebe7666ca17619207c923b49a55cb73 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
xlat_arch_tlbi_va_regime() isn't used, so it has been renamed to xlat_arch_tlbi_va() and the previous implementation has been removed. Change-Id: Ic118bed3fb68234748d86b2e9e95b25650289276 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
They only contained one function that is easily integrated in the private library header and the existing architectural C files. This also helps making the library more portable, as the Makefile of the library now doesn't use the variable INCLUDES, which is specific to this codebase and doesn't respect the namespace of the library. Change-Id: I22228e6a97e9b4f346f5cd8947609263e8df71d8 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 03 Jul, 2018 1 commit
-
-
Antonio Nino Diaz authored
It is useful to have LOG_LEVEL_VERBOSE because it prints the memory map of each image, but that also means that the change_mem_attributes and get_mem_attributes functions have verbose prints, and generate a too long text output that hides other useful information. As they were mostly there for debug purposes, this patch removes them. Change-Id: I2986537377d1f78be2b79cc8a6cf230c380bdb55 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-