1. 13 Nov, 2017 7 commits
    • Jeenu Viswambharan's avatar
      ARM platforms: Make arm_validate_ns_entrypoint() common · 71e7a4e5
      Jeenu Viswambharan authored
      
      
      The function arm_validate_ns_entrypoint() validates a given non-secure
      physical address. This function however specifically returns PSCI error
      codes.
      
      Non-secure physical address validation is potentially useful across ARM
      platforms, even for non-PSCI use cases. Therefore make this function
      common by returning 0 for success or -1 otherwise.
      
      Having made the function common, make arm_validate_psci_entrypoint() a
      wrapper around arm_validate_ns_entrypoint() which only translates return
      value into PSCI error codes. This wrapper is now used where
      arm_validate_ns_entrypoint() was currently used for PSCI entry point
      validation.
      
      Change-Id: Ic781fc3105d6d199fd8f53f01aba5baea0ebc310
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      71e7a4e5
    • Jeenu Viswambharan's avatar
      BL31: Add SDEI dispatcher · b7cb133e
      Jeenu Viswambharan authored
      The implementation currently supports only interrupt-based SDEI events,
      and supports all interfaces as defined by SDEI specification version
      1.0 [1].
      
      Introduce the build option SDEI_SUPPORT to include SDEI dispatcher in
      BL31.
      
      Update user guide and porting guide. SDEI documentation to follow.
      
      [1] http://infocenter.arm.com/help/topic/com.arm.doc.den0054a/ARM_DEN0054A_Software_Delegated_Exception_Interface.pdf
      
      
      
      Change-Id: I758b733084e4ea3b27ac77d0259705565842241a
      Co-authored-by: default avatarYousuf A <yousuf.sait@arm.com>
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      b7cb133e
    • Jeenu Viswambharan's avatar
      BL31: Program Priority Mask for SMC handling · 3d732e23
      Jeenu Viswambharan authored
      
      
      On GICv3 systems, as a side effect of adding provision to handle EL3
      interrupts (unconditionally routing FIQs to EL3), pending Non-secure
      interrupts (signalled as FIQs) may preempt execution in lower Secure ELs
      [1]. This will inadvertently disrupt the semantics of Fast SMC
      (previously called Atomic SMC) calls.
      
      To retain semantics of Fast SMCs, the GIC PMR must be programmed to
      prevent Non-secure interrupts from preempting Secure execution. To that
      effect, two new functions in the Exception Handling Framework subscribe
      to events introduced in an earlier commit:
      
        - Upon 'cm_exited_normal_world', the Non-secure PMR is stashed, and
          the PMR is programmed to the highest Non-secure interrupt priority.
      
        - Upon 'cm_entering_normal_world', the previously stashed Non-secure
          PMR is restored.
      
      The above sequence however prevents Yielding SMCs from being preempted
      by Non-secure interrupts as intended. To facilitate this, the public API
      exc_allow_ns_preemption() is introduced that programs the PMR to the
      original Non-secure PMR value. Another API
      exc_is_ns_preemption_allowed() is also introduced to check if
      exc_allow_ns_preemption() had been called previously.
      
      API documentation to follow.
      
      [1] On GICv2 systems, this isn't a problem as, unlike GICv3, pending NS
          IRQs during Secure execution are signalled as IRQs, which aren't
          routed to EL3.
      
      Change-Id: Ief96b162b0067179b1012332cd991ee1b3051dd0
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      3d732e23
    • Jeenu Viswambharan's avatar
      BL31: Introduce Exception Handling Framework · 21b818c0
      Jeenu Viswambharan authored
      
      
      EHF is a framework that allows dispatching of EL3 interrupts to their
      respective handlers in EL3.
      
      This framework facilitates the firmware-first error handling policy in
      which asynchronous exceptions may be routed to EL3. Such exceptions may
      be handed over to respective exception handlers. Individual handlers
      might further delegate exception handling to lower ELs.
      
      The framework associates the delegated execution to lower ELs with a
      priority value. For interrupts, this corresponds to the priorities
      programmed in GIC; for other types of exceptions, viz. SErrors or
      Synchronous External Aborts, individual dispatchers shall explicitly
      associate delegation to a secure priority. In order to prevent lower
      priority interrupts from preempting higher priority execution, the
      framework provides helpers to control preemption by virtue of
      programming Priority Mask register in the interrupt controller.
      
      This commit allows for handling interrupts targeted at EL3. Exception
      handlers own interrupts by assigning them a range of secure priorities,
      and registering handlers for each priority range it owns.
      
      Support for exception handling in BL31 image is enabled by setting the
      build option EL3_EXCEPTION_HANDLING=1.
      
      Documentation to follow.
      
      NOTE: The framework assumes the priority scheme supported by platform
      interrupt controller is compliant with that of ARM GIC architecture (v2
      or later).
      
      Change-Id: I7224337e4cea47c6ca7d7a4ca22a3716939f7e42
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      21b818c0
    • Jeenu Viswambharan's avatar
      GIC: Introduce API to get interrupt ID · 4ee8d0be
      Jeenu Viswambharan authored
      
      
      Acknowledging interrupt shall return a raw value from the interrupt
      controller in which the actual interrupt ID may be encoded. Add a
      platform API to extract the actual interrupt ID from the raw value
      obtained from interrupt controller.
      
      Document the new function. Also clarify the semantics of interrupt
      acknowledge.
      
      Change-Id: I818dad7be47661658b16f9807877d259eb127405
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      4ee8d0be
    • Jeenu Viswambharan's avatar
      GIC: Fix Group 0 enabling · 385f1dbb
      Jeenu Viswambharan authored
      
      
      At present, the GIC drivers enable Group 0 interrupts only if there are
      Secure SPIs listed in the interrupt properties/list. This means that,
      even if there are Group 0 SGIs/PPIs configured, the group remained
      disabled in the absence of a Group 0 SPI.
      
      Modify both GICv2 and GICv3 SGI/PPI configuration to enable Group 0 when
      corresponding SGIs/PPIs are present.
      
      Change-Id: Id123e8aaee0c22b476eebe3800340906d83bbc6d
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      385f1dbb
    • Jeenu Viswambharan's avatar
      GICv2: Fix populating PE target data · 058efeef
      Jeenu Viswambharan authored
      
      
      This patch brings in the following fixes:
      
        - The per-PE target data initialized during power up needs to be
          flushed so as to be visible to other PEs.
      
        - Setup per-PE target data for the primary PE as well. At present,
          this was only setup for secondary PEs when they were powered on.
      
      Change-Id: Ibe3a57c14864e37b2326dd7ab321a5c7bf80e8af
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      058efeef
  2. 10 Nov, 2017 2 commits
  3. 09 Nov, 2017 2 commits
  4. 08 Nov, 2017 4 commits
    • Antonio Nino Diaz's avatar
      SPM: Introduce Secure Partition Manager · 2fccb228
      Antonio Nino Diaz authored
      
      
      A Secure Partition is a software execution environment instantiated in
      S-EL0 that can be used to implement simple management and security
      services. Since S-EL0 is an unprivileged exception level, a Secure
      Partition relies on privileged firmware e.g. ARM Trusted Firmware to be
      granted access to system and processor resources. Essentially, it is a
      software sandbox that runs under the control of privileged software in
      the Secure World and accesses the following system resources:
      
      - Memory and device regions in the system address map.
      - PE system registers.
      - A range of asynchronous exceptions e.g. interrupts.
      - A range of synchronous exceptions e.g. SMC function identifiers.
      
      A Secure Partition enables privileged firmware to implement only the
      absolutely essential secure services in EL3 and instantiate the rest in
      a partition. Since the partition executes in S-EL0, its implementation
      cannot be overly complex.
      
      The component in ARM Trusted Firmware responsible for managing a Secure
      Partition is called the Secure Partition Manager (SPM). The SPM is
      responsible for the following:
      
      - Validating and allocating resources requested by a Secure Partition.
      - Implementing a well defined interface that is used for initialising a
        Secure Partition.
      - Implementing a well defined interface that is used by the normal world
        and other secure services for accessing the services exported by a
        Secure Partition.
      - Implementing a well defined interface that is used by a Secure
        Partition to fulfil service requests.
      - Instantiating the software execution environment required by a Secure
        Partition to fulfil a service request.
      
      Change-Id: I6f7862d6bba8732db5b73f54e789d717a35e802f
      Co-authored-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      Co-authored-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      Co-authored-by: default avatarAchin Gupta <achin.gupta@arm.com>
      Co-authored-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      2fccb228
    • Antonio Nino Diaz's avatar
      xlat: Make function to calculate TCR PA bits public · ad02a759
      Antonio Nino Diaz authored
      
      
      This function can be useful to setup TCR_ELx by callers that don't use
      the translation tables library to setup the system registers related
      to them. By making it common, it can be reused whenever it is needed
      without duplicating code.
      
      Change-Id: Ibfada9e846d2a6cd113b1925ac911bb27327d375
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      ad02a759
    • Antonio Nino Diaz's avatar
      spd: Use `ENABLE_ASSERTIONS` instead of `DEBUG` · 92cad5fa
      Antonio Nino Diaz authored
      A line in the upstream SPDs is only compiled in in `DEBUG` builds. This
      line is used to help with assertions and so assertion failures can
      happen in release builds with assertions enabled. Use
      `ENABLE_ASSERTIONS` instead of `DEBUG`.
      
      This bug was introduced in commit aa61368e
      
      , which introduced the build
      option `ENABLE_ASSERTIONS`.
      
      Change-Id: I7977df9c89c68677b00099b2a1926fa3cb0937c6
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      92cad5fa
    • davidcunado-arm's avatar
      Merge pull request #1154 from soby-mathew/sm/fix_psci_stat · 8705ec89
      davidcunado-arm authored
      Fix PSCI STAT time stamp collection
      8705ec89
  5. 07 Nov, 2017 1 commit
  6. 06 Nov, 2017 3 commits
  7. 03 Nov, 2017 4 commits
  8. 02 Nov, 2017 1 commit
  9. 01 Nov, 2017 4 commits
  10. 31 Oct, 2017 5 commits
  11. 30 Oct, 2017 1 commit
  12. 27 Oct, 2017 1 commit
  13. 26 Oct, 2017 3 commits
  14. 25 Oct, 2017 2 commits