1. 28 Oct, 2020 1 commit
    • David Horstmann's avatar
      Use constant stack size with RECLAIM_INIT_CODE · 3ed5606b
      David Horstmann authored
      
      
      Currently, when RECLAIM_INIT_CODE is set, the
      stacks are scaled to ensure that the entirety
      of the init section can be reclaimed as stack.
      
      This causes an issue in lib/psci/aarch64/psci_helpers.S,
      where the stack size is used for cache operations in
      psci_do_pwrdown_cache_maintenance(). If the stacks
      are scaled, then the PSCI code may fail to invalidate
      some of the stack memory before power down.
      
      Resizing stacks is also not good for stability in general,
      since code that works with a small number of cores may
      overflow the stack when the number of cores is increased.
      
      Change to make every stack be PLATFORM_STACK_SIZE big,
      and allow the total stack to be smaller than the
      init section.
      
      Any pages of the init section not reclaimed as
      stack will be set to read-only and execute-never,
      for security.
      
      Change-Id: I10b3884981006431f2fcbec3864c81d4a8c246e8
      Signed-off-by: default avatarDavid Horstmann <david.horstmann@arm.com>
      3ed5606b
  2. 09 Oct, 2020 1 commit
    • Jimmy Brisson's avatar
      Don't return error information from console_flush · 831b0e98
      Jimmy Brisson authored
      
      
      And from crash_console_flush.
      
      We ignore the error information return by console_flush in _every_
      place where we call it, and casting the return type to void does not
      work around the MISRA violation that this causes. Instead, we collect
      the error information from the driver (to avoid changing that API), and
      don't return it to the caller.
      
      Change-Id: I1e35afe01764d5c8f0efd04f8949d333ffb688c1
      Signed-off-by: default avatarJimmy Brisson <jimmy.brisson@arm.com>
      831b0e98
  3. 26 Aug, 2020 1 commit
  4. 31 Jul, 2020 1 commit
    • Alexei Fedorov's avatar
      BL31: Fix relocation error for PIE · c2e3b3bb
      Alexei Fedorov authored
      
      
      This patch fixes BL31 linker error
       "relocation R_AARCH64_ABS32 against `a local symbol'
       can not be used when making a shared object"
      when Position Independent Executable (PIE) support
      is enabled with ENABLE_PIE=1 build option.
      
      Change-Id: I2692269676db3f3b27eed499fc029fffb67969be
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      c2e3b3bb
  5. 31 May, 2020 1 commit
    • Alexei Fedorov's avatar
      TF-A: Fix BL31 linker script error · 34dd1e96
      Alexei Fedorov authored
      
      
      The patch fixes BL31 linker script error
      "Init code ends past the end of the stacks"
      for platforms with number of CPUs less than 4,
      which is caused by __STACKS_END__ address being
      lower than __INIT_CODE_END__.
      The modified BL31 linker script detects such cases
      and increases the total amount of stack memory,
      setting __STACKS_END__ = __INIT_CODE_END__, and
      CPUs' stacks are calculated by BL31 'plat_get_my_stack'
      function accordingly. For platforms with more than 4 CPUs
      and __INIT_CODE_END__ < __STACKS_END__ stack memory does not
      increase and allocated CPUs' stacks match the existing
      implementation.
      The patch removes exclusion of PSCI initialization
      functions from the reclaimed .init section in
      'arm_reclaim_init.ld.S' script, which increases the
      size of reclaimed memory region.
      
      Change-Id: I927773e00dd84e1ffe72f9ee534f4f2fc7b6153c
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      34dd1e96
  6. 19 May, 2020 1 commit
    • johpow01's avatar
      Enable v8.6 WFE trap delays · 6cac724d
      johpow01 authored
      
      
      This patch enables the v8.6 extension to add a delay before WFE traps
      are taken. A weak hook plat_arm_set_twedel_scr_el3 has been added in
      plat/common/aarch64/plat_common.c that disables this feature by default
      but platform-specific code can override it when needed.
      
      The only hook provided sets the TWED fields in SCR_EL3, there are similar
      fields in HCR_EL2, SCTLR_EL2, and SCTLR_EL1 to control WFE trap delays in
      lower ELs but these should be configured by code running at EL2 and/or EL1
      depending on the platform configuration and is outside the scope of TF-A.
      Signed-off-by: default avatarJohn Powell <john.powell@arm.com>
      Change-Id: I0a9bb814205efeab693a3d0a0623e62144abba2d
      6cac724d
  7. 06 Mar, 2020 1 commit
  8. 19 Aug, 2019 1 commit
  9. 28 Jun, 2019 1 commit
  10. 03 Apr, 2019 1 commit
  11. 28 Feb, 2019 1 commit
  12. 07 Feb, 2019 1 commit
  13. 04 Jan, 2019 1 commit
    • Antonio Nino Diaz's avatar
      Sanitise includes across codebase · 09d40e0e
      Antonio Nino Diaz authored
      Enforce full include path for includes. Deprecate old paths.
      
      The following folders inside include/lib have been left unchanged:
      
      - include/lib/cpus/${ARCH}
      - include/lib/el3_runtime/${ARCH}
      
      The reason for this change is that having a global namespace for
      includes isn't a good idea. It defeats one of the advantages of having
      folders and it introduces problems that are sometimes subtle (because
      you may not know the header you are actually including if there are two
      of them).
      
      For example, this patch had to be created because two headers were
      called the same way: e0ea0928 ("Fix gpio includes of mt8173 platform
      to avoid collision."). More recently, this patch has had similar
      problems: 46f9b2c3 ("drivers: add tzc380 support").
      
      This problem was introduced in commit 4ecca339
      
       ("Move include and
      source files to logical locations"). At that time, there weren't too
      many headers so it wasn't a real issue. However, time has shown that
      this creates problems.
      
      Platforms that want to preserve the way they include headers may add the
      removed paths to PLAT_INCLUDES, but this is discouraged.
      
      Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      09d40e0e
  14. 07 Dec, 2018 2 commits
    • Julius Werner's avatar
      plat/common/crash_console_helpers.S: Fix MULTI_CONSOLE_API support · 63c52d00
      Julius Werner authored
      Crash reporting via the default consoles registered by MULTI_CONSOLE_API
      has been broken since commit d35cc347
      
       (Console: Use callee-saved
      registers), which was introduced to allow console drivers written in C.
      It's not really possible with the current crash reporting framework to
      support console drivers in C, however we should make sure that the
      existing assembly drivers that do support crash reporting continue to
      work through the MULTI_CONSOLE_API.
      
      This patch fixes the problem by creating custom console_putc() and
      console_flush() implementations for the crash reporting case that do not
      use the stack. Platforms that want to use this feature will have to link
      plat/common/aarch64/crash_console_helpers.S explicitly.
      
      Also update the documentation to better reflect the new reality (of this
      being an option rather than the expected default for most platforms).
      
      Change-Id: Id0c761e5e2fddaf25c277bc7b8ab603946ca73cb
      Signed-off-by: default avatarJulius Werner <jwerner@chromium.org>
      63c52d00
    • Julius Werner's avatar
      plat/common: Remove duplication of plat_crash_console functions/stubs · b2f7c9dd
      Julius Werner authored
      Commit e74afb65 (Deprecate weak crash console functions) deprecated the
      default inclusion of weak definitions for plat_crash_console functions
      in plat/common/aarch64/platform_helpers.S. The code was later copied out
      to plat/common/aarch64/crash_console_helpers.S so platforms can link it
      explicitly if they want to. However, since deprecation does not mean
      removal, the same code is also still duplicated in platform_helpers.S.
      
      The duplicated code contains both empty stubs for the !MULTI_CONSOLE_API
      case, and a real implementation that used to work but was broken by
      commit d35cc347
      
       (Console: Use callee-saved registers) for
      MULTI_CONSOLE_API. It's not great to have both of these duplicated in
      two files, so this patch splits them up: in platform_helpers.S we'll
      only keep the empty stubs (guarded by !ERROR_DEPRECATED), which should
      not regress functionality since the MULTI_CONSOLE_API implementation was
      already broken anyway. In crash_console_helpers.S, we'll only keep the
      MULTI_CONSOLE_API version, which is enough both as an implementation in
      itself and as a sample for how to reimplement these functions in a
      platform-specific file.
      
      Change-Id: I83d95a90ab6aac597dc2ea2f2797ac2c8ed075d4
      Signed-off-by: default avatarJulius Werner <jwerner@chromium.org>
      b2f7c9dd
  15. 25 Oct, 2018 2 commits
    • Antonio Nino Diaz's avatar
      Deprecate weak crash console functions · e74afb65
      Antonio Nino Diaz authored
      
      
      The default behaviour of the plat_crash_console_xxx functions isn't
      obvious to someone that hasn't read all the documentation. As they are
      not mandatory, it is unlikely that the code will be checked when doing a
      platform port, which may mean that some platforms may not have crash
      console support at all.
      
      The idea of this patch is to force platform maintainers to decide how
      the crash console has to behave so that the final behaviour isn't
      unexpected.
      
      Change-Id: I40b2a7b56c5530c1dcd63eace5bd37ae6335056e
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      e74afb65
    • Antonio Nino Diaz's avatar
      Add sample crash console functions · 6c9ada31
      Antonio Nino Diaz authored
      
      
      Platforms that wish to use the sample functions have to add the file to
      their Makefile. It is not included by default.
      
      Change-Id: I713617bb58dc218967199248f68da86241d7ec40
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      6c9ada31
  16. 28 Sep, 2018 4 commits
  17. 19 Jul, 2018 3 commits
    • Jeenu Viswambharan's avatar
      RAS: Introduce handler for EL3 EAs · eaeaa4d0
      Jeenu Viswambharan authored
      
      
      External Aborts while executing in EL3 is fatal in nature. This patch
      allows for the platform to define a handler for External Aborts received
      while executing in EL3. A default implementation is added which falls
      back to platform unhandled exception.
      
      Change-Id: I466f2c8113a33870f2c7d2d8f2bf20437d9fd354
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      eaeaa4d0
    • Jeenu Viswambharan's avatar
      RAS: Introduce handler for Double Faults · d5a23af5
      Jeenu Viswambharan authored
      
      
      Double fault is when the PE receives another error whilst one is being
      handled. To detect double fault condition, a per-CPU flag is introduced
      to track the status of error handling. The flag is checked/modified
      while temporarily masking external aborts on the PE.
      
      This patch routes double faults to a separate platform-defined handler.
      
      Change-Id: I70e9b7ba4c817273c55a0af978d9755ff32cc702
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      d5a23af5
    • Jeenu Viswambharan's avatar
      RAS: Introduce handler for Uncontainable errors · b56dc2a9
      Jeenu Viswambharan authored
      
      
      Uncontainable errors are the most severe form of errors, which typically
      mean that the system state can't be trusted any more. This further means
      that normal error recovery process can't be followed, and an orderly
      shutdown of the system is often desirable.
      
      This patch allows for the platform to define a handler for Uncontainable
      errors received. Due to the nature of Uncontainable error, the handler
      is expected to initiate an orderly shutdown of the system, and therefore
      is not expected to return. A default implementation is added which falls
      back to platform unhandled exception.
      
      Also fix ras_arch.h header guards.
      
      Change-Id: I072e336a391a0b382e77e627eb9e40729d488b55
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      b56dc2a9
  18. 27 Jun, 2018 1 commit
    • Jeenu Viswambharan's avatar
      DynamIQ: Enable MMU without using stack · 64ee263e
      Jeenu Viswambharan authored
      
      
      Having an active stack while enabling MMU has shown coherency problems.
      This patch builds on top of translation library changes that introduces
      MMU-enabling without using stacks.
      
      Previously, with HW_ASSISTED_COHERENCY, data caches were disabled while
      enabling MMU only because of active stack. Now that we can enable MMU
      without using stack, we can enable both MMU and data caches at the same
      time.
      
      NOTE: Since this feature depends on using translation table library v2,
      disallow using translation table library v1 with HW_ASSISTED_COHERENCY.
      
      Fixes ARM-software/tf-issues#566
      
      Change-Id: Ie55aba0c23ee9c5109eb3454cb8fa45d74f8bbb2
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      64ee263e
  19. 15 May, 2018 1 commit
  20. 04 May, 2018 2 commits
    • Jeenu Viswambharan's avatar
      RAS: Add support for node registration · 362599ec
      Jeenu Viswambharan authored
      
      
      Previous patches added frameworks for handling RAS errors. This patch
      introduces features that the platform can use to enumerate and iterate
      RAS nodes:
      
        - The REGISTER_RAS_NODES() can be used to expose an array of
          ras_node_info_t structures. Each ras_node_info_t describes a RAS
          node, along with handlers for probing the node for error, and if
          did record an error, another handler to handle it.
      
        - The macro for_each_ras_node() can be used to iterate over the
          registered RAS nodes, probe for, and handle any errors.
      
      The common platform EA handler has been amended using error handling
      primitives introduced by both this and previous patches.
      
      Change-Id: I2e13f65a88357bc48cd97d608db6c541fad73853
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      362599ec
    • Jeenu Viswambharan's avatar
      AArch64: Introduce External Abort handling · 76454abf
      Jeenu Viswambharan authored
      
      
      At present, any External Abort routed to EL3 is reported as an unhandled
      exception and cause a panic. This patch enables ARM Trusted Firmware to
      handle External Aborts routed to EL3.
      
      With this patch, when an External Abort is received at EL3, its handling
      is delegated to plat_ea_handler() function. Platforms can provide their
      own implementation of this function. This patch adds a weak definition
      of the said function that prints out a message and just panics.
      
      In order to support handling External Aborts at EL3, the build option
      HANDLE_EA_EL3_FIRST must be set to 1.
      
      Before this patch, HANDLE_EA_EL3_FIRST wasn't passed down to
      compilation; this patch fixes that too.
      
      Change-Id: I4d07b7e65eb191ff72d63b909ae9512478cd01a1
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      76454abf
  21. 27 Apr, 2018 1 commit
    • Masahiro Yamada's avatar
      types: use int-ll64 for both aarch32 and aarch64 · 0a2d5b43
      Masahiro Yamada authored
      Since commit 031dbb12
      
       ("AArch32: Add essential Arch helpers"),
      it is difficult to use consistent format strings for printf() family
      between aarch32 and aarch64.
      
      For example, uint64_t is defined as 'unsigned long long' for aarch32
      and as 'unsigned long' for aarch64.  Likewise, uintptr_t is defined
      as 'unsigned int' for aarch32, and as 'unsigned long' for aarch64.
      
      A problem typically arises when you use printf() in common code.
      
      One solution could be, to cast the arguments to a type long enough
      for both architectures.  For example, if 'val' is uint64_t type,
      like this:
      
        printf("val = %llx\n", (unsigned long long)val);
      
      Or, somebody may suggest to use a macro provided by <inttypes.h>,
      like this:
      
        printf("val = %" PRIx64 "\n", val);
      
      But, both would make the code ugly.
      
      The solution adopted in Linux kernel is to use the same typedefs for
      all architectures.  The fixed integer types in the kernel-space have
      been unified into int-ll64, like follows:
      
          typedef signed char           int8_t;
          typedef unsigned char         uint8_t;
      
          typedef signed short          int16_t;
          typedef unsigned short        uint16_t;
      
          typedef signed int            int32_t;
          typedef unsigned int          uint32_t;
      
          typedef signed long long      int64_t;
          typedef unsigned long long    uint64_t;
      
      [ Linux commit: 0c79a8e29b5fcbcbfd611daf9d500cfad8370fcf ]
      
      This gets along with the codebase shared between 32 bit and 64 bit,
      with the data model called ILP32, LP64, respectively.
      
      The width for primitive types is defined as follows:
      
                         ILP32           LP64
          int            32              32
          long           32              64
          long long      64              64
          pointer        32              64
      
      'long long' is 64 bit for both, so it is used for defining uint64_t.
      'long' has the same width as pointer, so for uintptr_t.
      
      We still need an ifdef conditional for (s)size_t.
      
      All 64 bit architectures use "unsigned long" size_t, and most 32 bit
      architectures use "unsigned int" size_t.  H8/300, S/390 are known as
      exceptions; they use "unsigned long" size_t despite their architecture
      is 32 bit.
      
      One idea for simplification might be to define size_t as 'unsigned long'
      across architectures, then forbid the use of "%z" string format.
      However, this would cause a distortion between size_t and sizeof()
      operator.  We have unknowledge about the native type of sizeof(), so
      we need a guess of it anyway.  I want the following formula to always
      return 1:
      
        __builtin_types_compatible_p(size_t, typeof(sizeof(int)))
      
      Fortunately, ARM is probably a majority case.  As far as I know, all
      32 bit ARM compilers use "unsigned int" size_t.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      0a2d5b43
  22. 01 Mar, 2018 1 commit
    • Dan Handley's avatar
      Suppress spurious deprecated declaration warnings · 97924e45
      Dan Handley authored
      
      
      Some generic compatibility functions emit deprecated declaration warnings
      even when platforms do not use the deprecated functions directly. This
      can be confusing. Suppress these warnings by using:
      `#pragma GCC diagnostic ignored "-Wdeprecated-declarations"`
      
      Also emit a runtime warning if the weak plat/common implemntation of
      plat_get_syscnt_freq2() is used, as this implies the platform has not
      migrated from plat_get_syscnt_freq(). The deprecated  declaration warnings
      only help detect when platforms are calling deprecated functions, not when
      they are defining deprecated functions.
      
      Fixes ARM-software/tf-issues#550
      
      Change-Id: Id14a92279c2634c1e76db8ef210da8affdbb2a5d
      Signed-off-by: default avatarDan Handley <dan.handley@arm.com>
      97924e45
  23. 26 Feb, 2018 1 commit
    • Soby Mathew's avatar
      Introduce the new BL handover interface · a6f340fe
      Soby Mathew authored
      
      
      This patch introduces a new BL handover interface. It essentially allows
      passing 4 arguments between the different BL stages. Effort has been made
      so as to be compatible with the previous handover interface. The previous
      blx_early_platform_setup() platform API is now deprecated and the new
      blx_early_platform_setup2() variant is introduced. The weak compatiblity
      implementation for the new API is done in the `plat_bl_common.c` file.
      Some of the new arguments in the new API will be reserved for generic
      code use when dynamic configuration support is implemented. Otherwise
      the other registers are available for platform use.
      
      Change-Id: Ifddfe2ea8e32497fe1beb565cac155ad9d50d404
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      a6f340fe
  24. 01 Feb, 2018 1 commit
  25. 19 Jan, 2018 1 commit
    • Julius Werner's avatar
      Add default crash console code to hook up to new console API · 17cd67d2
      Julius Werner authored
      
      
      This patch expands the weak stubs for the plat_crash_console_xxx
      functions in common platform code to use the new console API for crash
      output. This should make crash console output "just work" for most cases
      without the need for the platform to explicitly set up a crash console.
      For cases where the normal console framework doesn't work (e.g. very
      early crashes, before the platform can register any consoles), platforms
      are still able to override the functions just like before.
      
      This feature requires the MULTI_CONSOLE_API compile-time flag to work.
      For builds which don't have it set, this patch has no practical effect.
      
      Change-Id: I80dd161cb43f9db59a0bad2dae33c6560cfac584
      Signed-off-by: default avatarJulius Werner <jwerner@chromium.org>
      17cd67d2
  26. 12 Dec, 2017 1 commit
    • Julius Werner's avatar
      Add new function-pointer-based console API · 9536bae6
      Julius Werner authored
      
      
      This patch overhauls the console API to allow for multiple console
      instances of different drivers that are active at the same time. Instead
      of binding to well-known function names (like console_core_init),
      consoles now provide a register function (e.g. console_16550_register())
      that will hook them into the list of active consoles. All console
      operations will be dispatched to all consoles currently in the list.
      
      The new API will be selected by the build-time option MULTI_CONSOLE_API,
      which defaults to ${ERROR_DEPRECATED} for now. The old console API code
      will be retained to stay backwards-compatible to older platforms, but
      should no longer be used for any newly added platforms and can hopefully
      be removed at some point in the future.
      
      The new console API is intended to be used for both normal (bootup) and
      crash use cases, freeing platforms of the need to set up the crash
      console separately. Consoles can be individually configured to be active
      active at boot (until first handoff to EL2), at runtime (after first
      handoff to EL2), and/or after a crash. Console drivers should set a sane
      default upon registration that can be overridden with the
      console_set_scope() call. Code to hook up the crash reporting mechanism
      to this framework will be added with a later patch.
      
      This patch only affects AArch64, but the new API could easily be ported
      to AArch32 as well if desired.
      
      Change-Id: I35c5aa2cb3f719cfddd15565eb13c7cde4162549
      Signed-off-by: default avatarJulius Werner <jwerner@chromium.org>
      9536bae6
  27. 13 Nov, 2017 1 commit
  28. 24 Oct, 2017 1 commit
  29. 03 May, 2017 1 commit
  30. 20 Apr, 2017 1 commit
    • Antonio Nino Diaz's avatar
      Remove build option `ASM_ASSERTION` · 044bb2fa
      Antonio Nino Diaz authored
      
      
      The build option `ENABLE_ASSERTIONS` should be used instead. That way
      both C and ASM assertions can be enabled or disabled together.
      
      All occurrences of `ASM_ASSERTION` in common code and ARM platforms have
      been replaced by `ENABLE_ASSERTIONS`.
      
      ASM_ASSERTION has been removed from the user guide.
      
      Change-Id: I51f1991f11b9b7ff83e787c9a3270c274748ec6f
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      044bb2fa
  31. 31 Mar, 2017 1 commit
  32. 20 Mar, 2017 1 commit