- 06 Feb, 2017 1 commit
-
-
Douglas Raillard authored
Replace all use of memset by zeromem when zeroing moderately-sized structure by applying the following transformation: memset(x, 0, sizeof(x)) => zeromem(x, sizeof(x)) As the Trusted Firmware is compiled with -ffreestanding, it forbids the compiler from using __builtin_memset and forces it to generate calls to the slow memset implementation. Zeromem is a near drop in replacement for this use case, with a more efficient implementation on both AArch32 and AArch64. Change-Id: Ia7f3a90e888b96d056881be09f0b4d65b41aa79e Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
- 23 Dec, 2016 1 commit
-
-
Douglas Raillard authored
Standard SMC requests that are handled in the secure-world by the Secure Payload can be preempted by interrupts that must be handled in the normal world. When the TSP is preempted the secure context is stored and control is passed to the normal world to handle the non-secure interrupt. Once completed the preempted secure context is restored. When restoring the preempted context, the dispatcher assumes that the TSP preempted context is still stored as the SECURE context by the context management library. However, PSCI power management operations causes synchronous entry into TSP. This overwrites the preempted SECURE context in the context management library. When restoring back the SECURE context, the Secure Payload crashes because this context is not the preempted context anymore. This patch avoids corruption of the preempted SECURE context by aborting any preempted SMC during PSCI power management calls. The abort_std_smc_entry hook of the TSP is called when aborting the SMC request. It also exposes this feature as a FAST SMC callable from normal world to abort preempted SMC with FID TSP_FID_ABORT. Change-Id: I7a70347e9293f47d87b5de20484b4ffefb56b770 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
- 21 Dec, 2015 1 commit
-
-
Sandrine Bailleux authored
Change-Id: I6f49bd779f2a4d577c6443dd160290656cdbc59b
-
- 09 Dec, 2015 1 commit
-
-
Soby Mathew authored
Earlier the TSP only ever expected to be preempted during Standard SMC processing. If a S-EL1 interrupt triggered while in the normal world, it will routed to S-EL1 `synchronously` for handling. The `synchronous` S-EL1 interrupt handler `tsp_sel1_intr_entry` used to panic if this S-EL1 interrupt was preempted by another higher priority pending interrupt which should be handled in EL3 e.g. Group0 interrupt in GICv3. With this patch, the `tsp_sel1_intr_entry` now expects `TSP_PREEMPTED` as the return code from the `tsp_common_int_handler` in addition to 0 (interrupt successfully handled) and in both cases it issues an SMC with id `TSP_HANDLED_S_EL1_INTR`. The TSPD switches the context and returns back to normal world. In case a higher priority EL3 interrupt was pending, the execution will be routed to EL3 where interrupt will be handled. On return back to normal world, the pending S-EL1 interrupt which was preempted will get routed to S-EL1 to be handled `synchronously` via `tsp_sel1_intr_entry`. Change-Id: I2087c7fedb37746fbd9200cdda9b6dba93e16201
-
- 04 Dec, 2015 2 commits
-
-
Soby Mathew authored
On a GICv2 system, interrupts that should be handled in the secure world are typically signalled as FIQs. On a GICv3 system, these interrupts are signalled as IRQs instead. The mechanism for handling both types of interrupts is the same in both cases. This patch enables the TSP to run on a GICv3 system by: 1. adding support for handling IRQs in the exception handling code. 2. removing use of "fiq" in the names of data structures, macros and functions. The build option TSPD_ROUTE_IRQ_TO_EL3 is deprecated and is replaced with a new build flag TSP_NS_INTR_ASYNC_PREEMPT. For compatibility reasons, if the former build flag is defined, it will be used to define the value for the new build flag. The documentation is also updated accordingly. Change-Id: I1807d371f41c3656322dd259340a57649833065e
-
Soby Mathew authored
The TSP is expected to pass control back to EL3 if it gets preempted due to an interrupt while handling a Standard SMC in the following scenarios: 1. An FIQ preempts Standard SMC execution and that FIQ is not a TSP Secure timer interrupt or is preempted by a higher priority interrupt by the time the TSP acknowledges it. In this case, the TSP issues an SMC with the ID as `TSP_EL3_FIQ`. Currently this case is never expected to happen as only the TSP Secure Timer is expected to generate FIQ. 2. An IRQ preempts Standard SMC execution and in this case the TSP issues an SMC with the ID as `TSP_PREEMPTED`. In both the cases, the TSPD hands control back to the normal world and returns returns an error code to the normal world to indicate that the standard SMC it had issued has been preempted but not completed. This patch unifies the handling of these two cases in the TSPD and ensures that the TSP only uses TSP_PREEMPTED instead of separate SMC IDs. Also instead of 2 separate error codes, SMC_PREEMPTED and TSP_EL3_FIQ, only SMC_PREEMPTED is returned as error code back to the normal world. Background information: On a GICv3 system, when the secure world has affinity routing enabled, in 2. an FIQ will preempt TSP execution instead of an IRQ. The FIQ could be a result of a Group 0 or a Group 1 NS interrupt. In both case, the TSPD passes control back to the normal world upon receipt of the TSP_PREEMPTED SMC. A Group 0 interrupt will immediately preempt execution to EL3 where it will be handled. This allows for unified interrupt handling in TSP for both GICv3 and GICv2 systems. Change-Id: I9895344db74b188021e3f6a694701ad272fb40d4
-
- 26 Nov, 2015 1 commit
-
-
Soby Mathew authored
The IMF_READ_INTERRUPT_ID build option enables a feature where the interrupt ID of the highest priority pending interrupt is passed as a parameter to the interrupt handler registered for that type of interrupt. This additional read of highest pending interrupt id from GIC is problematic as it is possible that the original interrupt may get deasserted and another interrupt of different type maybe become the highest pending interrupt. Hence it is safer to prevent such behaviour by removing the IMF_READ_INTERRUPT_ID build option. The `id` parameter of the interrupt handler `interrupt_type_handler_t` is now made a reserved parameter with this patch. It will always contain INTR_ID_UNAVAILABLE. Fixes ARM-software/tf-issues#307 Change-Id: I2173aae1dd37edad7ba6bdfb1a99868635fa34de
-
- 10 Sep, 2015 1 commit
-
-
Achin Gupta authored
In certain Trusted OS implementations it is a requirement to pass them the highest power level which will enter a power down state during a PSCI CPU_SUSPEND or SYSTEM_SUSPEND API invocation. This patch passes this power level to the SPD in the "max_off_pwrlvl" parameter of the svc_suspend() hook. Currently, the highest power level which was requested to be placed in a low power state (retention or power down) is passed to the SPD svc_suspend_finish() hook. This hook is called after emerging from the low power state. It is more useful to pass the highest power level which was powered down instead. This patch does this by changing the semantics of the parameter passed to an SPD's svc_suspend_finish() hook. The name of the parameter has been changed from "suspend_level" to "max_off_pwrlvl" as well. Same changes have been made to the parameter passed to the tsp_cpu_resume_main() function. NOTE: THIS PATCH CHANGES THE SEMANTICS OF THE EXISTING "svc_suspend_finish()" API BETWEEN THE PSCI AND SPD/SP IMPLEMENTATIONS. THE LATTER MIGHT NEED UPDATES TO ENSURE CORRECT BEHAVIOUR. Change-Id: If3a9d39b13119bbb6281f508a91f78a2f46a8b90
-
- 13 Aug, 2015 1 commit
-
-
Soby Mathew authored
The new PSCI frameworks mandates that the platform APIs and the various frameworks in Trusted Firmware migrate away from MPIDR based core identification to one based on core index. Deprecated versions of the old APIs are still present to provide compatibility but their implementations are not optimal. This patch migrates the various SPDs exisiting within Trusted Firmware tree and TSP to the new APIs. Change-Id: Ifc37e7071c5769b5ded21d0b6a071c8c4cab7836
-
- 08 Apr, 2015 1 commit
-
-
Kévin Petit authored
In order for the symbol table in the ELF file to contain the size of functions written in assembly, it is necessary to report it to the assembler using the .size directive. To fulfil the above requirements, this patch introduces an 'endfunc' macro which contains the .endfunc and .size directives. It also adds a .func directive to the 'func' assembler macro. The .func/.endfunc have been used so the assembler can fail if endfunc is omitted. Fixes ARM-Software/tf-issues#295 Change-Id: If8cb331b03d7f38fe7e3694d4de26f1075b278fc Signed-off-by: Kévin Petit <kevin.petit@arm.com>
-
- 26 Jan, 2015 1 commit
-
-
Soby Mathew authored
This patch provides an option to specify a interrupt routing model where non-secure interrupts (IRQs) are routed to EL3 instead of S-EL1. When such an interrupt occurs, the TSPD arranges a return to the normal world after saving any necessary context. The interrupt routing model to route IRQs to EL3 is enabled only during STD SMC processing. Thus the pre-emption of S-EL1 is disabled during Fast SMC and Secure Interrupt processing. A new build option TSPD_ROUTE_NS_INT_EL3 is introduced to change the non secure interrupt target execution level to EL3. Fixes ARM-software/tf-issues#225 Change-Id: Ia1e779fbbb6d627091e665c73fa6315637cfdd32
-
- 23 Jan, 2015 1 commit
-
-
Soby Mathew authored
This patch adds support to save the "power state" parameter before the affinity level specific handlers are called in a CPU_SUSPEND call. This avoids the need to pass the power_state as a parameter to the handlers and Secure Payload Dispatcher (SPD) suspend spd_pm_ops. The power_state arguments in the spd_pm_ops operations are now reserved and must not be used. The SPD can query the relevant power_state fields by using the psci_get_suspend_afflvl() & psci_get_suspend_stateid() APIs. NOTE: THIS PATCH WILL BREAK THE SPD_PM_OPS INTERFACE. HENCE THE SECURE PAYLOAD DISPATCHERS WILL NEED TO BE REWORKED TO USE THE NEW INTERFACE. Change-Id: I1293d7dc8cf29cfa6a086a009eee41bcbf2f238e
-
- 19 Aug, 2014 2 commits
-
-
Juan Castillo authored
This patch adds support for SYSTEM_OFF and SYSTEM_RESET PSCI operations. A platform should export handlers to complete the requested operation. The FVP port exports fvp_system_off() and fvp_system_reset() as an example. If the SPD provides a power management hook for system off and system reset, then the SPD is notified about the corresponding operation so it can do some bookkeeping. The TSPD exports tspd_system_off() and tspd_system_reset() for that purpose. Versatile Express shutdown and reset methods have been removed from the FDT as new PSCI sys_poweroff and sys_reset services have been added. For those kernels that do not support yet these PSCI services (i.e. GICv3 kernel), the original dtsi files have been renamed to *-no_psci.dtsi. Fixes ARM-software/tf-issues#218 Change-Id: Ic8a3bf801db979099ab7029162af041c4e8330c8
-
Dan Handley authored
* Move TSP platform porting functions to new file: include/bl32/tsp/platform_tsp.h. * Create new TSP_IRQ_SEC_PHY_TIMER definition for use by the generic TSP interrupt handling code, instead of depending on the FVP specific definition IRQ_SEC_PHY_TIMER. * Rename TSP platform porting functions from bl32_* to tsp_*, and definitions from BL32_* to TSP_*. * Update generic TSP code to use new platform porting function names and definitions. * Update FVP port accordingly and move all TSP source files to: plat/fvp/tsp/. * Update porting guide with above changes. Note: THIS CHANGE REQUIRES ALL PLATFORM PORTS OF THE TSP TO BE UPDATED Fixes ARM-software/tf-issues#167 Change-Id: Ic0ff8caf72aebb378d378193d2f017599fc6b78f
-
- 01 Aug, 2014 2 commits
-
-
Vikram Kanigiri authored
This patch adds support for BL3-2 initialization by asynchronous method where BL3-1 transfers control to BL3-2 using world switch. After BL3-2 initialization, it transfers control to BL3-3 via SPD service handler. The SPD service handler initializes the CPU context to BL3-3 entrypoint depending on the return function indentifier from TSP initialization. Fixes ARM-software/TF-issues#184 Change-Id: I7b135c2ceeb356d3bb5b6a287932e96ac67c7a34
-
Vikram Kanigiri authored
There is no mechanism which allows the TSPD to specify what SPSR to use when entering BL3-2 instead of BL3-3. This patch divides the responsibility between tspd_setup() and tspd_init() for initializing the TSPD and TSP to support the alternate BL3-2 initialization flow where BL3-1 handsover control to BL3-2 instead of BL3-3. SPSR generated by TSPD for TSP is preserved due the new division of labour which fixes #174. This patch also moves the cpu_context initialization code from tspd_setup() to tspd_init() immediately before entering the TSP. Instead tspd_setup() updates the BL3-2 entrypoint info structure with the state required for initializing the TSP later. Fixes ARM-software/TF-issues#174 Change-Id: Ida0a8a48d466c71d5b07b8c7f2af169b73f96940
-
- 28 Jul, 2014 1 commit
-
-
Juan Castillo authored
Assert a valid security state using the macro sec_state_is_valid(). Replace assert() with panic() in those cases that might arise because of runtime errors and not programming errors. Replace panic() with assert() in those cases that might arise because of programming errors. Fixes ARM-software/tf-issues#96 Change-Id: I51e9ef0439fd5ff5e0edfef49050b69804bf14d5
-
- 23 Jun, 2014 1 commit
-
-
Andrew Thoelke authored
Consolidate all BL3-1 CPU context initialization for cold boot, PSCI and SPDs into two functions: * The first uses entry_point_info to initialize the relevant cpu_context for first entry into a lower exception level on a CPU * The second populates the EL1 and EL2 system registers as needed from the cpu_context to ensure correct entry into the lower EL This patch alters the way that BL3-1 determines which exception level is used when first entering EL1 or EL2 during cold boot - this is now fully determined by the SPSR value in the entry_point_info for BL3-3, as set up by the platform code in BL2 (or otherwise provided to BL3-1). In the situation that EL1 (or svc mode) is selected for a processor that supports EL2, the context management code will now configure all essential EL2 register state to ensure correct execution of EL1. This allows the platform code to run non-secure EL1 payloads directly without requiring a small EL2 stub or OS loader. Change-Id: If9fbb2417e82d2226e47568203d5a369f39d3b0f
-
- 11 Jun, 2014 1 commit
-
-
Andrew Thoelke authored
All callers of cm_get_context() pass the calling CPU MPIDR to the function. Providing a specialised version for the current CPU results in a reduction in code size and better readability. The current function has been renamed to cm_get_context_by_mpidr() and the existing name is now used for the current-CPU version. The same treatment has been done to cm_set_context(), although only both forms are used at present in the PSCI and TSPD code. Change-Id: I91cb0c2f7bfcb950a045dbd9ff7595751c0c0ffb
-
- 29 May, 2014 1 commit
-
-
Soby Mathew authored
This patch fixes the compilation issue for trusted firmware when the IMF_READ_INTERRUPT_ID is enabled. Change-Id: I94ab613b9bc96a7c1935796c674dc42246aaafee
-
- 27 May, 2014 2 commits
-
-
Dan Handley authored
Rename the ic_* platform porting functions to plat_ic_* to be consistent with the other functions in platform.h. Also rename bl31_get_next_image_info() to bl31_plat_get_next_image_ep_info() and remove the duplicate declaration in bl31.h. Change-Id: I4851842069d3cff14c0a468daacc0a891a7ede84
-
Soby Mathew authored
This patch fixes a missed return and code alignment issues in TSP_FID_RESUME handling. Change-Id: Icf8aeb76dfd6898745653ce039e3bac45e0a9b3a
-
- 23 May, 2014 4 commits
-
-
Dan Handley authored
Previously, platform.h contained many declarations and definitions used for different purposes. This file has been split so that: * Platform definitions used by common code that must be defined by the platform are now in platform_def.h. The exact include path is exported through $PLAT_INCLUDES in the platform makefile. * Platform definitions specific to the FVP platform are now in /plat/fvp/fvp_def.h. * Platform API declarations specific to the FVP platform are now in /plat/fvp/fvp_private.h. * The remaining platform API declarations that must be ported by each platform are still in platform.h but this file has been moved to /include/plat/common since this can be shared by all platforms. Change-Id: Ieb3bb22fbab3ee8027413c6b39a783534aee474a
-
Dan Handley authored
Function declarations implicitly have external linkage so do not need the extern keyword. Change-Id: Ia0549786796d8bf5956487e8996450a0b3d79f32
-
Andrew Thoelke authored
The TSP has a number of entrypoints used by the TSP on different occasions. These were provided to the TSPD as a table of function pointers, and required the TSPD to read the entry in the table, which is in TSP memory, in order to program the exception return address. Ideally, the TSPD has no access to the TSP memory. This patch changes the table of function pointers into a vector table of single instruction entrypoints. This allows the TSPD to calculate the entrypoint address instead of read it. Fixes ARM-software/tf-issues#160 Change-Id: Iec6e055d537ade78a45799fbc6f43765a4725ad3
-
Soby Mathew authored
Implements support for Non Secure Interrupts preempting the Standard SMC call in EL1. Whenever an IRQ is trapped in the Secure world we securely handover to the Normal world to process the interrupt. The normal world then issues "resume" smc call to resume the previous interrupted SMC call. Fixes ARM-software/tf-issues#105 Change-Id: I72b760617dee27438754cdfc9fe9bcf4cc024858
-
- 22 May, 2014 7 commits
-
-
Achin Gupta authored
This patch adds support in the TSPD for registering a handler for S-EL1 interrupts. This handler ferries the interrupts generated in the non-secure state to the TSP at 'tsp_fiq_entry'. Support has been added to the smc handler to resume execution in the non-secure state once interrupt handling has been completed by the TSP. There is also support for resuming execution in the normal world if the TSP receives a EL3 interrupt. This code is currently unused. Change-Id: I816732595a2635e299572965179f11aa0bf93b69
-
Achin Gupta authored
This patch adds support in the TSP to program the secure physical generic timer to generate a EL-1 interrupt every half second. It also adds support for maintaining the timer state across power management operations. The TSPD ensures that S-EL1 can access the timer by programming the SCR_EL3.ST bit. This patch does not actually enable the timer. This will be done in a subsequent patch once the complete framework for handling S-EL1 interrupts is in place. Change-Id: I1b3985cfb50262f60824be3a51c6314ce90571bc
-
Achin Gupta authored
This patch adds an API to write to any bit in the SCR_EL3 member of the 'cpu_context' structure of the current CPU for a specified security state. This API will be used in subsequent patches which introduce interrupt management in EL3 to specify the interrupt routing model when execution is not in EL3. It also renames the cm_set_el3_elr() function to cm_set_elr_el3() which is more in line with the system register name being targeted by the API. Change-Id: I310fa7d8f827ad3f350325eca2fb28cb350a85ed
-
Achin Gupta authored
This patch lays the foundation for using the per-cpu 'state' field in the 'tsp_context' structure for other flags apart from the power state of the TSP. It allocates 2 bits for the power state, introduces the necessary macros to manipulate the power state in the 'state' field and accordingly reworks all use of the TSP_STATE_* states. It also allocates a flag bit to determine if the TSP is handling a standard SMC. If this flag is set then the TSP was interrupted due to non-secure or EL3 interupt depending upon the chosen routing model. Macros to get, set and clear this flag have been added as well. This flag will be used by subsequent patches. Change-Id: Ic6ee80bd5895812c83b35189cf2c3be70a9024a6
-
Vikram Kanigiri authored
The issues addressed in this patch are: 1. Remove meminfo_t from the common interfaces in BL3-x, expecting that platform code will find a suitable mechanism to determine the memory extents in these images and provide it to the BL3-x images. 2. Remove meminfo_t and bl31_plat_params_t from all FVP BL3-x code as the images use link-time information to determine memory extents. meminfo_t is still used by common interface in BL1/BL2 for loading images Change-Id: I4e825ebf6f515b59d84dc2bdddf6edbf15e2d60f
-
Vikram Kanigiri authored
This patch is based on spec published at https://github.com/ARM-software/tf-issues/issues/133 It rearranges the bl31_args struct into bl31_params and bl31_plat_params which provide the information needed for Trusted firmware and platform specific data via x0 and x1 On the FVP platform BL3-1 params and BL3-1 plat params and its constituents are stored at the start of TZDRAM. The information about memory availability and size for BL3-1, BL3-2 and BL3-3 is moved into platform specific data. Change-Id: I8b32057a3d0dd3968ea26c2541a0714177820da9
-
Vikram Kanigiri authored
This patch introduces macros (SPSR_64 and SPSR_32) to create a SPSR for both aarch32 and aarch64 execution states. These macros allow the user to set fields in the SPSR depending upon its format. The make_spsr() function which did not allow manipulation of all the fields in the aarch32 SPSR has been replaced by these new macros. Change-Id: I9425dda0923e8d5f03d03ddb8fa0e28392c4c61e
-
- 16 May, 2014 1 commit
-
-
Soby Mathew authored
This patch implements the register reporting when unhandled exceptions are taken in BL3-1. Unhandled exceptions will result in a dump of registers to the console, before halting execution by that CPU. The Crash Stack, previously called the Exception Stack, is used for this activity. This stack is used to preserve the CPU context and runtime stack contents for debugging and analysis. This also introduces the per_cpu_ptr_cache, referenced by tpidr_el3, to provide easy access to some of BL3-1 per-cpu data structures. Initially, this is used to provide a pointer to the Crash stack. panic() now prints the the error file and line number in Debug mode and prints the PC value in release mode. The Exception Stack is renamed to Crash Stack with this patch. The original intention of exception stack is no longer valid since we intend to support several valid exceptions like IRQ and FIQ in the trusted firmware context. This stack is now utilized for dumping and reporting the system state when a crash happens and hence the rename. Fixes ARM-software/tf-issues#79 Improve reporting of unhandled exception Change-Id: I260791dc05536b78547412d147193cdccae7811a
-
- 06 May, 2014 6 commits
-
-
Dan Handley authored
Reduce the number of header files included from other header files as much as possible without splitting the files. Use forward declarations where possible. This allows removal of some unnecessary "#ifndef __ASSEMBLY__" statements. Also, review the .c and .S files for which header files really need including and reorder the #include statements alphabetically. Fixes ARM-software/tf-issues#31 Change-Id: Iec92fb976334c77453e010b60bcf56f3be72bd3e
-
Dan Handley authored
Add tag names to all unnamed structs in header files. This allows forward declaration of structs, which is necessary to reduce header file nesting (to be implemented in a subsequent commit). Also change the typedef names across the codebase to use the _t suffix to be more conformant with the Linux coding style. The coding style actually prefers us not to use typedefs at all but this is considered a step too far for Trusted Firmware. Also change the IO framework structs defintions to use typedef'd structs to be consistent with the rest of the codebase. Change-Id: I722b2c86fc0d92e4da3b15e5cab20373dd26786f
-
Dan Handley authored
Separate out the CASSERT macro out of bl_common.h into its own header to allow more efficient header inclusion. Change-Id: I291be0b6b8f9879645e839a8f0dd1ec9b3db9639
-
Dan Handley authored
Remove all usage of the vpath keyword in makefiles as it was prone to mistakes. Specify the relative paths to source files instead. Also reorder source files in makefiles alphabetically. Fixes ARM-software/tf-issues#121 Change-Id: Id15f60655444bae60e0e2165259efac71a50928b
-
Dan Handley authored
Make codebase consistent in its use of #include "" syntax for user includes and #include <> syntax for system includes. Fixes ARM-software/tf-issues#65 Change-Id: If2f7c4885173b1fd05ac2cde5f1c8a07000c7a33
-
Dan Handley authored
Move almost all system include files to a logical sub-directory under ./include. The only remaining system include directories not under ./include are specific to the platform. Move the corresponding source files to match the include directory structure. Also remove pm.h as it is no longer used. Change-Id: Ie5ea6368ec5fad459f3e8a802ad129135527f0b3
-