1. 20 Aug, 2018 1 commit
    • Jeenu Viswambharan's avatar
      AArch64: Enable MPAM for lower ELs · 5f835918
      Jeenu Viswambharan authored
      
      
      Memory Partitioning And Monitoring is an Armv8.4 feature that enables
      various memory system components and resources to define partitions.
      Software running at various ELs can then assign themselves to the
      desired partition to control their performance aspects.
      
      With this patch, when ENABLE_MPAM_FOR_LOWER_ELS is set to 1, EL3 allows
      lower ELs to access their own MPAM registers without trapping to EL3.
      This patch however doesn't make use of partitioning in EL3; platform
      initialisation code should configure and use partitions in EL3 if
      required.
      
      Change-Id: I5a55b6771ccaa0c1cffc05543d2116b60cbbcdcd
      Co-authored-by: default avatarJames Morse <james.morse@arm.com>
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      5f835918
  2. 17 Aug, 2018 1 commit
  3. 19 Jul, 2018 3 commits
    • Jeenu Viswambharan's avatar
      RAS: Introduce handler for EL3 EAs · eaeaa4d0
      Jeenu Viswambharan authored
      
      
      External Aborts while executing in EL3 is fatal in nature. This patch
      allows for the platform to define a handler for External Aborts received
      while executing in EL3. A default implementation is added which falls
      back to platform unhandled exception.
      
      Change-Id: I466f2c8113a33870f2c7d2d8f2bf20437d9fd354
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      eaeaa4d0
    • Jeenu Viswambharan's avatar
      RAS: Introduce handler for Double Faults · d5a23af5
      Jeenu Viswambharan authored
      
      
      Double fault is when the PE receives another error whilst one is being
      handled. To detect double fault condition, a per-CPU flag is introduced
      to track the status of error handling. The flag is checked/modified
      while temporarily masking external aborts on the PE.
      
      This patch routes double faults to a separate platform-defined handler.
      
      Change-Id: I70e9b7ba4c817273c55a0af978d9755ff32cc702
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      d5a23af5
    • Jeenu Viswambharan's avatar
      RAS: Introduce handler for Uncontainable errors · b56dc2a9
      Jeenu Viswambharan authored
      
      
      Uncontainable errors are the most severe form of errors, which typically
      mean that the system state can't be trusted any more. This further means
      that normal error recovery process can't be followed, and an orderly
      shutdown of the system is often desirable.
      
      This patch allows for the platform to define a handler for Uncontainable
      errors received. Due to the nature of Uncontainable error, the handler
      is expected to initiate an orderly shutdown of the system, and therefore
      is not expected to return. A default implementation is added which falls
      back to platform unhandled exception.
      
      Also fix ras_arch.h header guards.
      
      Change-Id: I072e336a391a0b382e77e627eb9e40729d488b55
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      b56dc2a9
  4. 17 Jul, 2018 2 commits
  5. 11 Jul, 2018 2 commits
    • Roberto Vargas's avatar
      Add end_vector_entry assembler macro · a9203eda
      Roberto Vargas authored
      
      
      Check_vector_size checks if the size of the vector fits
      in the size reserved for it. This check creates problems in
      the Clang assembler. A new macro, end_vector_entry, is added
      and check_vector_size is deprecated.
      
      This new macro fills the current exception vector until the next
      exception vector. If the size of the current vector is bigger
      than 32 instructions then it gives an error.
      
      Change-Id: Ie8545cf1003a1e31656a1018dd6b4c28a4eaf671
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      a9203eda
    • Roberto Vargas's avatar
      Use ALIGN instead of NEXT in linker scripts · 5629b2b1
      Roberto Vargas authored
      
      
      Clang linker doesn't support NEXT. As we are not using the MEMORY command
      to define discontinuous memory for the output file in any of the linker
      scripts, ALIGN and NEXT are equivalent.
      
      Change-Id: I867ffb9c9a76d4e81c9ca7998280b2edf10efea0
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      5629b2b1
  6. 27 Jun, 2018 1 commit
    • Jeenu Viswambharan's avatar
      DynamIQ: Enable MMU without using stack · 64ee263e
      Jeenu Viswambharan authored
      
      
      Having an active stack while enabling MMU has shown coherency problems.
      This patch builds on top of translation library changes that introduces
      MMU-enabling without using stacks.
      
      Previously, with HW_ASSISTED_COHERENCY, data caches were disabled while
      enabling MMU only because of active stack. Now that we can enable MMU
      without using stack, we can enable both MMU and data caches at the same
      time.
      
      NOTE: Since this feature depends on using translation table library v2,
      disallow using translation table library v1 with HW_ASSISTED_COHERENCY.
      
      Fixes ARM-software/tf-issues#566
      
      Change-Id: Ie55aba0c23ee9c5109eb3454cb8fa45d74f8bbb2
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      64ee263e
  7. 21 Jun, 2018 2 commits
    • Jeenu Viswambharan's avatar
      SDEI: Make dispatches synchronous · cdb6ac94
      Jeenu Viswambharan authored
      
      
      SDEI event dispatches currently only sets up the Non-secure context
      before returning to the caller. The actual dispatch only happens upon
      exiting EL3 next time.
      
      However, for various error handling scenarios, it's beneficial to have
      the dispatch happen synchronously. I.e. when receiving SDEI interrupt,
      or for a successful sdei_dispatch_event() call, the event handler is
      executed; and upon the event completion, dispatcher execution resumes
      after the point of dispatch. The jump primitives introduced in the
      earlier patch facilitates this feature.
      
      With this patch:
      
        - SDEI interrupts and calls to sdei_dispatch_event prepares the NS
          context for event dispatch, then sets a jump point, and immediately
          exits EL3. This results in the client handler executing in
          Non-secure.
      
        - When the SDEI client completes the dispatched event, the SDEI
          dispatcher does a longjmp to the jump pointer created earlier. For
          the caller of the sdei_dispatch_event() in particular, this would
          appear as if call returned successfully.
      
      The dynamic workaround for CVE_2018_3639 is slightly shifted around as
      part of related minor refactoring. It doesn't affect the workaround
      functionality.
      
      Documentation updated.
      
      NOTE: This breaks the semantics of the explicit dispatch API, and any
      exiting usages should be carefully reviewed.
      
      Change-Id: Ib9c876d27ea2af7fb22de49832e55a0da83da3f9
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      cdb6ac94
    • Jeenu Viswambharan's avatar
      BL31: Introduce jump primitives · e7b9473e
      Jeenu Viswambharan authored
      
      
      This patch introduces setjmp() and ongjmp() primitives to enable
      standard setjmp/longjmp style execution. Both APIs parameters take a
      pointer to struct jmpbuf type, which hosts CPU registers saved/restored
      during jump.
      
      As per the standard usage:
      
        - setjmp() return 0 when a jump is setup; and a non-zero value when
          returning from jump.
      
        - The caller of setjmp() must not return, or otherwise update stack
          pointer since.
      
      Change-Id: I4af1d32e490cfa547979631b762b4cba188d0551
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      e7b9473e
  8. 13 Jun, 2018 1 commit
    • Sandrine Bailleux's avatar
      SPM: Treat SP xlat tables the same as others · d801a1d0
      Sandrine Bailleux authored
      The translation tables allocated for the Secure Partition do not need
      to be treated as a special case. They can be put amongst the other
      tables mapping BL31's general purpose memory. They will be mapped with
      the same attributes as them, which is fine.
      
      The explicit alignment constraint in BL31's linker script to pad the
      last page of memory allocated to the Secure Partition's translation
      tables is useless too, as page tables are per se pages, thus their
      end address is naturally aligned on a page-boundary.
      
      In fact, this patch does not change the existing behaviour. Since
      patch 22282bb6
      
       ("SPM: Move all SP-related info to SP context
      struct"), the secure_partition.c file has been renamed into sp_xlat.c
      but the linker script has not been properly updated. As a result, the
      SP translation tables are not specifically put at the start of the
      xlat_table linker section, the __SP_IMAGE_XLAT_TABLES_START__/_END__
      symbols have the same value, the size of the resulting mmap_region
      covering these xlat tables is 0 and so it is ignored.
      
      Change-Id: I4cf0a4cc090298811cca53fc9cee74df0f2b1512
      Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      d801a1d0
  9. 23 May, 2018 1 commit
  10. 04 May, 2018 3 commits
    • Jeenu Viswambharan's avatar
      AArch64: Introduce RAS handling · 14c6016a
      Jeenu Viswambharan authored
      
      
      RAS extensions are mandatory for ARMv8.2 CPUs, but are also optional
      extensions to base ARMv8.0 architecture.
      
      This patch adds build system support to enable RAS features in ARM
      Trusted Firmware. A boolean build option RAS_EXTENSION is introduced for
      this.
      
      With RAS_EXTENSION, an Exception Synchronization Barrier (ESB) is
      inserted at all EL3 vector entry and exit. ESBs will synchronize pending
      external aborts before entering EL3, and therefore will contain and
      attribute errors to lower EL execution. Any errors thus synchronized are
      detected via. DISR_EL1 register.
      
      When RAS_EXTENSION is set to 1, HANDLE_EL3_EA_FIRST must also be set to 1.
      
      Change-Id: I38a19d84014d4d8af688bd81d61ba582c039383a
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      14c6016a
    • Jeenu Viswambharan's avatar
      AArch64: Introduce External Abort handling · 76454abf
      Jeenu Viswambharan authored
      
      
      At present, any External Abort routed to EL3 is reported as an unhandled
      exception and cause a panic. This patch enables ARM Trusted Firmware to
      handle External Aborts routed to EL3.
      
      With this patch, when an External Abort is received at EL3, its handling
      is delegated to plat_ea_handler() function. Platforms can provide their
      own implementation of this function. This patch adds a weak definition
      of the said function that prints out a message and just panics.
      
      In order to support handling External Aborts at EL3, the build option
      HANDLE_EA_EL3_FIRST must be set to 1.
      
      Before this patch, HANDLE_EA_EL3_FIRST wasn't passed down to
      compilation; this patch fixes that too.
      
      Change-Id: I4d07b7e65eb191ff72d63b909ae9512478cd01a1
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      76454abf
    • Jeenu Viswambharan's avatar
      AArch64: Refactor GP register restore to separate function · ef653d93
      Jeenu Viswambharan authored
      
      
      At present, the function that restores general purpose registers also
      does ERET. Refactor the restore code to restore general purpose
      registers without ERET to complement the save function.
      
      The macro save_x18_to_x29_sp_el0 was used only once, and is therefore
      removed, and its contents expanded inline for readability.
      
      No functional changes, but with this patch:
      
        - The SMC return path will incur an branch-return and an additional
          register load.
      
        - The unknown SMC path restores registers x0 to x3.
      
      Change-Id: I7a1a63e17f34f9cde810685d70a0ad13ca3b7c50
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      ef653d93
  11. 23 Apr, 2018 1 commit
    • Antonio Nino Diaz's avatar
      Add support for the SMC Calling Convention 2.0 · 2f370465
      Antonio Nino Diaz authored
      
      
      Due to differences in the bitfields of the SMC IDs, it is not possible
      to support SMCCC 1.X and 2.0 at the same time.
      
      The behaviour of `SMCCC_MAJOR_VERSION` has changed. Now, it is a build
      option that specifies the major version of the SMCCC that the Trusted
      Firmware supports. The only two allowed values are 1 and 2, and it
      defaults to 1. The value of `SMCCC_MINOR_VERSION` is derived from it.
      
      Note: Support for SMCCC v2.0 is an experimental feature to enable
      prototyping of secure partition specifications. Support for this
      convention is disabled by default and could be removed without notice.
      
      Change-Id: I88abf9ccf08e9c66a13ce55c890edea54d9f16a7
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      2f370465
  12. 14 Mar, 2018 1 commit
    • Dimitris Papastamos's avatar
      Fixup `SMCCC_ARCH_FEATURES` semantics · a205a56e
      Dimitris Papastamos authored
      
      
      When querying `SMCCC_ARCH_WORKAROUND_1` through `SMCCC_ARCH_FEATURES`,
      return either:
        * -1 to indicate the PE on which `SMCCC_ARCH_FEATURES` is called
          requires firmware mitigation for CVE-2017-5715 but the mitigation
          is not compiled in.
        * 0 to indicate that firmware mitigation is required, or
        * 1 to indicate that no firmware mitigation is required.
      
      This patch complies with v1.2 of the firmware interfaces
      specification (ARM DEN 0070A).
      
      Change-Id: Ibc32d6620efdac6c340758ec502d95554a55f02a
      Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      a205a56e
  13. 01 Mar, 2018 1 commit
    • Dan Handley's avatar
      Suppress spurious deprecated declaration warnings · 97924e45
      Dan Handley authored
      
      
      Some generic compatibility functions emit deprecated declaration warnings
      even when platforms do not use the deprecated functions directly. This
      can be confusing. Suppress these warnings by using:
      `#pragma GCC diagnostic ignored "-Wdeprecated-declarations"`
      
      Also emit a runtime warning if the weak plat/common implemntation of
      plat_get_syscnt_freq2() is used, as this implies the platform has not
      migrated from plat_get_syscnt_freq(). The deprecated  declaration warnings
      only help detect when platforms are calling deprecated functions, not when
      they are defining deprecated functions.
      
      Fixes ARM-software/tf-issues#550
      
      Change-Id: Id14a92279c2634c1e76db8ef210da8affdbb2a5d
      Signed-off-by: default avatarDan Handley <dan.handley@arm.com>
      97924e45
  14. 28 Feb, 2018 2 commits
  15. 27 Feb, 2018 2 commits
    • Jeenu Viswambharan's avatar
      EHF: Introduce preempted return code parameter to ehf_allow_ns_preemption() · af34cd72
      Jeenu Viswambharan authored
      
      
      When a Yielding SMC is preempted, it's possible that Non-secure world is
      resumed afterwards. In this case, Non-secure execution would find itself
      in a state where the SMC has returned. However, the dispatcher might not
      get an opportunity to populate the corrected return code for having
      been preempted, and therefore the caller of the Yielding SMC cannot
      reliably determine whether the SMC had successfully completed or had
      been preempted.
      
      To solve this, this patch introduces a new parameter to the
      ehf_allow_ns_preemption() API. An SPD, through this parameter, would
      provide the expected error code when a Yielding SMC is preempted. EHF
      can then populate the specified value in x0 of the Non-secure context so
      that the caller of the Yielding SMC correctly identifies the SMC return
      as a preemption.
      
      Documentation updates to follow.
      
      Change-Id: Ia9c3f8f03f9d72d81aa235eaae2ee0374b972e1e
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      af34cd72
    • Antonio Nino Diaz's avatar
      Add comments about mismatched TCR_ELx and xlat tables · 883d1b5d
      Antonio Nino Diaz authored
      
      
      When the MMU is enabled and the translation tables are mapped, data
      read/writes to the translation tables are made using the attributes
      specified in the translation tables themselves. However, the MMU
      performs table walks with the attributes specified in TCR_ELx. They are
      completely independent, so special care has to be taken to make sure
      that they are the same.
      
      This has to be done manually because it is not practical to have a test
      in the code. Such a test would need to know the virtual memory region
      that contains the translation tables and check that for all of the
      tables the attributes match the ones in TCR_ELx. As the tables may not
      even be mapped at all, this isn't a test that can be made generic.
      
      The flags used by enable_mmu_xxx() have been moved to the same header
      where the functions are.
      
      Also, some comments in the linker scripts related to the translation
      tables have been fixed.
      
      Change-Id: I1754768bffdae75f53561b1c4a5baf043b45a304
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      883d1b5d
  16. 26 Feb, 2018 1 commit
    • Soby Mathew's avatar
      Introduce the new BL handover interface · a6f340fe
      Soby Mathew authored
      
      
      This patch introduces a new BL handover interface. It essentially allows
      passing 4 arguments between the different BL stages. Effort has been made
      so as to be compatible with the previous handover interface. The previous
      blx_early_platform_setup() platform API is now deprecated and the new
      blx_early_platform_setup2() variant is introduced. The weak compatiblity
      implementation for the new API is done in the `plat_bl_common.c` file.
      Some of the new arguments in the new API will be reserved for generic
      code use when dynamic configuration support is implemented. Otherwise
      the other registers are available for platform use.
      
      Change-Id: Ifddfe2ea8e32497fe1beb565cac155ad9d50d404
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      a6f340fe
  17. 15 Feb, 2018 1 commit
    • Antonio Nino Diaz's avatar
      Redefine SMC_UNK as -1 instead of 0xFFFFFFFF · 4abd7fa7
      Antonio Nino Diaz authored
      
      
      According to the SMC Calling Convention (ARM DEN0028B):
      
          The Unknown SMC Function Identifier is a sign-extended value of
          (-1) that is returned in R0, W0 or X0 register.
      
      The value wasn't sign-extended because it was defined as a 32-bit
      unsigned value (0xFFFFFFFF).
      
      SMC_PREEMPT has been redefined as -2 for the same reason.
      
      NOTE: This might be a compatibility break for some AArch64 platforms
      that don't follow the previous version of the SMCCC (ARM DEN0028A)
      correctly. That document specifies that only the bottom 32 bits of the
      returned value must be checked. If a platform relies on the top 32 bits
      of the result being 0 (so that SMC_UNK is 0x00000000FFFFFFFF), it will
      have to fix its code to comply with the SMCCC.
      
      Change-Id: I7f7b109f6b30c114fe570aa0ead3c335383cb54d
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      4abd7fa7
  18. 12 Feb, 2018 1 commit
  19. 29 Jan, 2018 2 commits
  20. 11 Jan, 2018 3 commits
    • Dimitris Papastamos's avatar
      AMU: Add configuration helpers for aarch64 · 0767d50e
      Dimitris Papastamos authored
      
      
      Add some AMU helper functions to allow configuring, reading and
      writing of the Group 0 and Group 1 counters.  Documentation for these
      helpers will come in a separate patch.
      
      Change-Id: I656e070d2dae830c22414f694aa655341d4e2c40
      Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      0767d50e
    • Dimitris Papastamos's avatar
      Workaround for CVE-2017-5715 on Cortex A73 and A75 · a1781a21
      Dimitris Papastamos authored
      
      
      Invalidate the Branch Target Buffer (BTB) on entry to EL3 by
      temporarily dropping into AArch32 Secure-EL1 and executing the
      `BPIALL` instruction.
      
      This is achieved by using 3 vector tables.  There is the runtime
      vector table which is used to handle exceptions and 2 additional
      tables which are required to implement this workaround.  The
      additional tables are `vbar0` and `vbar1`.
      
      The sequence of events for handling a single exception is
      as follows:
      
      1) Install vector table `vbar0` which saves the CPU context on entry
         to EL3 and sets up the Secure-EL1 context to execute in AArch32 mode
         with the MMU disabled and I$ enabled.  This is the default vector table.
      
      2) Before doing an ERET into Secure-EL1, switch vbar to point to
         another vector table `vbar1`.  This is required to restore EL3 state
         when returning from the workaround, before proceeding with normal EL3
         exception handling.
      
      3) While in Secure-EL1, the `BPIALL` instruction is executed and an
         SMC call back to EL3 is performed.
      
      4) On entry to EL3 from Secure-EL1, the saved context from step 1) is
         restored.  The vbar is switched to point to `vbar0` in preparation to
         handle further exceptions.  Finally a branch to the runtime vector
         table entry is taken to complete the handling of the original
         exception.
      
      This workaround is enabled by default on the affected CPUs.
      
      NOTE
      ====
      
      There are 4 different stubs in Secure-EL1.  Each stub corresponds to
      an exception type such as Sync/IRQ/FIQ/SError.  Each stub will move a
      different value in `R0` before doing an SMC call back into EL3.
      Without this piece of information it would not be possible to know
      what the original exception type was as we cannot use `ESR_EL3` to
      distinguish between IRQs and FIQs.
      
      Change-Id: I90b32d14a3735290b48685d43c70c99daaa4b434
      Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      a1781a21
    • Dimitris Papastamos's avatar
      Workaround for CVE-2017-5715 on Cortex A57 and A72 · f62ad322
      Dimitris Papastamos authored
      
      
      Invalidate the Branch Target Buffer (BTB) on entry to EL3 by disabling
      and enabling the MMU.  To achieve this without performing any branch
      instruction, a per-cpu vbar is installed which executes the workaround
      and then branches off to the corresponding vector entry in the main
      vector table.  A side effect of this change is that the main vbar is
      configured before any reset handling.  This is to allow the per-cpu
      reset function to override the vbar setting.
      
      This workaround is enabled by default on the affected CPUs.
      
      Change-Id: I97788d38463a5840a410e3cea85ed297a1678265
      Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      f62ad322
  21. 12 Dec, 2017 1 commit
    • Julius Werner's avatar
      utils_def: Add REGSZ and make BIT() assembly-compatible · 155a1006
      Julius Werner authored
      
      
      In assembly code it can be useful to have a constant for the width of a
      register in the current architecture, so this patch adds one to
      <utils_def.h> and replaces the existing custom one in crash_reporting.S
      with that. It also fixes up the BIT() macro in the same file so that it
      can be safely used in assembly code.
      
      Change-Id: I10513a311f3379e767396e6ddfbae8d2d8201464
      Signed-off-by: default avatarJulius Werner <jwerner@chromium.org>
      155a1006
  22. 30 Nov, 2017 1 commit
    • David Cunado's avatar
      Enable SVE for Non-secure world · 1a853370
      David Cunado authored
      
      
      This patch adds a new build option, ENABLE_SVE_FOR_NS, which when set
      to one EL3 will check to see if the Scalable Vector Extension (SVE) is
      implemented when entering and exiting the Non-secure world.
      
      If SVE is implemented, EL3 will do the following:
      
      - Entry to Non-secure world: SIMD, FP and SVE functionality is enabled.
      
      - Exit from Non-secure world: SIMD, FP and SVE functionality is
        disabled. As SIMD and FP registers are part of the SVE Z-registers
        then any use of SIMD / FP functionality would corrupt the SVE
        registers.
      
      The build option default is 1. The SVE functionality is only supported
      on AArch64 and so the build option is set to zero when the target
      archiecture is AArch32.
      
      This build option is not compatible with the CTX_INCLUDE_FPREGS - an
      assert will be raised on platforms where SVE is implemented and both
      ENABLE_SVE_FOR_NS and CTX_INCLUDE_FPREGS are set to 1.
      
      Also note this change prevents secure world use of FP&SIMD registers on
      SVE-enabled platforms. Existing Secure-EL1 Payloads will not work on
      such platforms unless ENABLE_SVE_FOR_NS is set to 0.
      
      Additionally, on the first entry into the Non-secure world the SVE
      functionality is enabled and the SVE Z-register length is set to the
      maximum size allowed by the architecture. This includes the use case
      where EL2 is implemented but not used.
      
      Change-Id: Ie2d733ddaba0b9bef1d7c9765503155188fe7dae
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      1a853370
  23. 29 Nov, 2017 2 commits
  24. 20 Nov, 2017 1 commit
    • Dimitris Papastamos's avatar
      Refactor Statistical Profiling Extensions implementation · 281a08cc
      Dimitris Papastamos authored
      
      
      Factor out SPE operations in a separate file.  Use the publish
      subscribe framework to drain the SPE buffers before entering secure
      world.  Additionally, enable SPE before entering normal world.
      
      A side effect of this change is that the profiling buffers are now
      only drained when a transition from normal world to secure world
      happens.  Previously they were drained also on return from secure
      world, which is unnecessary as SPE is not supported in S-EL1.
      
      Change-Id: I17582c689b4b525770dbb6db098b3a0b5777b70a
      Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      281a08cc
  25. 15 Nov, 2017 1 commit
    • David Cunado's avatar
      Move FPEXC32_EL2 to FP Context · 91089f36
      David Cunado authored
      
      
      The FPEXC32_EL2 register controls SIMD and FP functionality when the
      lower ELs are executing in AArch32 mode. It is architecturally mapped
      to AArch32 system register FPEXC.
      
      This patch removes FPEXC32_EL2 register from the System Register context
      and adds it to the floating-point context. EL3 only saves / restores the
      floating-point context if the build option CTX_INCLUDE_FPREGS is set to 1.
      
      The rationale for this change is that if the Secure world is using FP
      functionality and EL3 is not managing the FP context, then the Secure
      world will save / restore the appropriate FP registers.
      
      NOTE - this is a break in behaviour in the unlikely case that
      CTX_INCLUDE_FPREGS is set to 0 and the platform contains an AArch32
      Secure Payload that modifies FPEXC, but does not save and restore
      this register
      
      Change-Id: Iab80abcbfe302752d52b323b4abcc334b585c184
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      91089f36
  26. 13 Nov, 2017 2 commits
    • Jeenu Viswambharan's avatar
      BL31: Add SDEI dispatcher · b7cb133e
      Jeenu Viswambharan authored
      The implementation currently supports only interrupt-based SDEI events,
      and supports all interfaces as defined by SDEI specification version
      1.0 [1].
      
      Introduce the build option SDEI_SUPPORT to include SDEI dispatcher in
      BL31.
      
      Update user guide and porting guide. SDEI documentation to follow.
      
      [1] http://infocenter.arm.com/help/topic/com.arm.doc.den0054a/ARM_DEN0054A_Software_Delegated_Exception_Interface.pdf
      
      
      
      Change-Id: I758b733084e4ea3b27ac77d0259705565842241a
      Co-authored-by: default avatarYousuf A <yousuf.sait@arm.com>
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      b7cb133e
    • Jeenu Viswambharan's avatar
      BL31: Program Priority Mask for SMC handling · 3d732e23
      Jeenu Viswambharan authored
      
      
      On GICv3 systems, as a side effect of adding provision to handle EL3
      interrupts (unconditionally routing FIQs to EL3), pending Non-secure
      interrupts (signalled as FIQs) may preempt execution in lower Secure ELs
      [1]. This will inadvertently disrupt the semantics of Fast SMC
      (previously called Atomic SMC) calls.
      
      To retain semantics of Fast SMCs, the GIC PMR must be programmed to
      prevent Non-secure interrupts from preempting Secure execution. To that
      effect, two new functions in the Exception Handling Framework subscribe
      to events introduced in an earlier commit:
      
        - Upon 'cm_exited_normal_world', the Non-secure PMR is stashed, and
          the PMR is programmed to the highest Non-secure interrupt priority.
      
        - Upon 'cm_entering_normal_world', the previously stashed Non-secure
          PMR is restored.
      
      The above sequence however prevents Yielding SMCs from being preempted
      by Non-secure interrupts as intended. To facilitate this, the public API
      exc_allow_ns_preemption() is introduced that programs the PMR to the
      original Non-secure PMR value. Another API
      exc_is_ns_preemption_allowed() is also introduced to check if
      exc_allow_ns_preemption() had been called previously.
      
      API documentation to follow.
      
      [1] On GICv2 systems, this isn't a problem as, unlike GICv3, pending NS
          IRQs during Secure execution are signalled as IRQs, which aren't
          routed to EL3.
      
      Change-Id: Ief96b162b0067179b1012332cd991ee1b3051dd0
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      3d732e23